From 6f0f82e8c183897328333c42bedf0250b5d6029a Mon Sep 17 00:00:00 2001 From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb> Date: Fri, 13 Feb 2004 17:30:24 +0000 Subject: [PATCH] Add action.AllowPCA and a comment for the terminally stupid git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1138 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/actions.std | 1 + Shorewall2/changelog.txt | 2 ++ Shorewall2/rules | 5 ++++- Shorewall2/shorewall.spec | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Shorewall2/actions.std b/Shorewall2/actions.std index 7c461c186..b0762caec 100644 --- a/Shorewall2/actions.std +++ b/Shorewall2/actions.std @@ -35,6 +35,7 @@ AllowRdate #Allow remote time (rdate). AllowNNTP #Allow network news (Usenet). AllowTrcrt #Allows Traceroute (20 hops) AllowSNMP #Allows SNMP (including traps) +AllowPCA #Allows PCAnywhere (tm) Drop:DROP #Common Action for DROP policy Reject:REJECT #Common Action for REJECT policy diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index c2fd56bdb..0c8dee73d 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -36,3 +36,5 @@ Changes since 1.4.10 17) Make "trace" a synonym for "debug" 18) Add the ":noah" option to IPSEC tunnels. + +19) Added a comment to the rules file to aid users who are terminally stupid. diff --git a/Shorewall2/rules b/Shorewall2/rules index 8311cfc25..294bb3fc9 100755 --- a/Shorewall2/rules +++ b/Shorewall2/rules @@ -4,7 +4,10 @@ # /etc/shorewall/rules # # Rules in this file govern connection establishment. Requests and -# responses are automatically allowed using connection tracking. +# responses are automatically allowed using connection tracking. For any +# particular (source,dest) pair of zones, the rules are evaluated in the +# order in which they appear in this file and the first match is the one +# that determines the disposition of the request. # # In most places where an IP address or subnet is allowed, you # can preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index 5ffdcbdab..a2e3f04b9 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -104,6 +104,7 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowIMAP %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNNTP %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNTP +%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPCA %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPing %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPOP3 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowRdate @@ -135,6 +136,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Thu Feb 12 2004 Tom Eastep <tom@shorewall.net> +- Added action.AllowPCA * Sun Feb 08 2004 Tom Eastep <tom@shorewall.net> - Updates for Shorewall 2.0.0. * Mon Dec 29 2003 Tom Eastep <tom@shorewall.net>