forked from extern/shorewall_code
Final 1.2.13 Update
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@15 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9ba6a48354
commit
4f01c2b3ed
@ -2,7 +2,10 @@ Changes since 1.2.12
|
||||
|
||||
1. Added whitelist support
|
||||
2. Added SYN Flood Protection
|
||||
|
||||
3. Make aliases added under ADD_IP_ALIASES and ADD_SNAT_ALIASES look more
|
||||
like what people expect.
|
||||
4. Merged shorewall.conf file patch that adds the kernel config help
|
||||
text for TCPMSS to the description of the Shorewall parameter.
|
||||
|
||||
|
||||
|
||||
|
@ -1096,7 +1096,7 @@ setup_nat() {
|
||||
#
|
||||
# Now get the VLSM, "brd" and the broadcast address
|
||||
#
|
||||
val=`echo $val | cut -d' ' -f1,2,3`
|
||||
val=${val%% scope*}
|
||||
fi
|
||||
|
||||
run_ip addr add ${external}${val} dev $interface
|
||||
@ -2006,7 +2006,7 @@ setup_masq()
|
||||
val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
|
||||
if [ -n "$val" ] ; then
|
||||
val="/${val#*/}"
|
||||
val=`echo $val | cut -d' ' -f1,2,3`
|
||||
val=${val%% scope*}
|
||||
fi
|
||||
run_ip addr add ${address}${val} dev $interface
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
||||
#
|
||||
# EXTERNAL External IP Address - this should NOT be the primary
|
||||
# IP address of the interface named in the next
|
||||
# column
|
||||
# column.
|
||||
# INTERFACE Interface that we want to EXTERNAL address to appear
|
||||
# on
|
||||
# INTERNAL Internal Address
|
||||
|
@ -3,14 +3,10 @@ This is a minor release of Shorewall.
|
||||
In this release:
|
||||
|
||||
1. Whitelist support has been added.
|
||||
2. Optional SYN Flood protection is now available
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. Optional SYN Flood protection is now available.
|
||||
3. Aliases added under ADD_IP_ALIASES and ADD_SNAT_ALIASES
|
||||
now use the VLSM and broadcast address of the interface's
|
||||
primary address.
|
||||
4. Port forwarding rules may now optionally override the
|
||||
contents of the /etc/shorewall/nat file.
|
||||
|
||||
|
@ -165,6 +165,24 @@ BLACKLIST_LOGLEVEL=
|
||||
# Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU"
|
||||
# option. This option is most commonly required when your internet
|
||||
# interface is some variant of PPP (PPTP or PPPoE). Your kernel must
|
||||
# have CONFIG_IP_NF_TARGET_TCPMSS set.
|
||||
#
|
||||
# [From the kernel help:
|
||||
#
|
||||
# This option adds a `TCPMSS' target, which allows you to alter the
|
||||
# MSS value of TCP SYN packets, to control the maximum size for that
|
||||
# connection (usually limiting it to your outgoing interface's MTU
|
||||
# minus 40).
|
||||
#
|
||||
# This is used to overcome criminally braindead ISPs or servers which
|
||||
# block ICMP Fragmentation Needed packets. The symptoms of this
|
||||
# problem are that everything works fine from your Linux
|
||||
# firewall/router, but machines behind it can never exchange large
|
||||
# packets:
|
||||
# 1) Web browsers connect, then hang with no data received.
|
||||
# 2) Small mail works fine, but large emails hang.
|
||||
# 3) ssh works fine, but scp hangs after initial handshaking.
|
||||
# ]
|
||||
#
|
||||
# If left blank, or set to "No" or "no", the option is not enabled.
|
||||
#
|
||||
@ -176,6 +194,8 @@ CLAMPMSS="No"
|
||||
# Set this variable to "Yes" or "yes" if you want kernel route filtering on all
|
||||
# interfaces (anti-spoofing measure).
|
||||
#
|
||||
# If this variable is not set or is set to the empty value, "No" is assumed.
|
||||
|
||||
ROUTE_FILTER="No"
|
||||
|
||||
#
|
||||
@ -183,6 +203,8 @@ ROUTE_FILTER="No"
|
||||
#
|
||||
# Shorewall has traditionally processed static NAT rules before port forwarding
|
||||
# rules. If you would like to reverse the order, set this variable to "No".
|
||||
#
|
||||
# If this variable is not set or is set to the empty value, "Yes" is assumed.
|
||||
|
||||
NAT_BEFORE_RULES="Yes"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user