forked from extern/shorewall_code
changed to LEAF (leaf.sourceforge.net) standard
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e80a35c5f7
commit
82c91230da
@ -190,5 +190,6 @@
|
|||||||
# net ppp0 -
|
# net ppp0 -
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#ZONE INTERFACE BROADCAST OPTIONS
|
#ZONE INTERFACE BROADCAST OPTIONS
|
||||||
#
|
net eth0 detect dhcp,routefilter,norfc1918
|
||||||
|
loc eth1 detect
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -130,4 +130,5 @@
|
|||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
|
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
|
||||||
|
eth0 eth1
|
||||||
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
|
||||||
|
@ -77,9 +77,13 @@
|
|||||||
#SOURCE DEST POLICY LOG LIMIT:BURST
|
#SOURCE DEST POLICY LOG LIMIT:BURST
|
||||||
# LEVEL
|
# LEVEL
|
||||||
loc net ACCEPT
|
loc net ACCEPT
|
||||||
net all DROP info
|
net all DROP ULOG
|
||||||
|
# If you want open access to the Internet from your Firewall
|
||||||
|
# remove the comment from the following line.
|
||||||
|
#fw net ACCEPT
|
||||||
|
|
||||||
#
|
#
|
||||||
# THE FOLLOWING POLICY MUST BE LAST
|
# THE FOLLOWING POLICY MUST BE LAST
|
||||||
#
|
#
|
||||||
all all REJECT info
|
all all REJECT ULOG
|
||||||
#LAST LINE -- DO NOT REMOVE
|
#LAST LINE -- DO NOT REMOVE
|
||||||
|
@ -302,4 +302,25 @@
|
|||||||
####################################################################################################
|
####################################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
|
||||||
# PORT PORT(S) DEST LIMIT GROUP
|
# PORT PORT(S) DEST LIMIT GROUP
|
||||||
|
# PORT PORT(S) DEST LIMIT
|
||||||
|
# Accept DNS connections from the firewall to the network
|
||||||
|
#
|
||||||
|
ACCEPT fw net tcp 53
|
||||||
|
ACCEPT fw net udp 53
|
||||||
|
# Accept SSH connections from the local network for administration
|
||||||
|
#
|
||||||
|
ACCEPT loc fw tcp 22
|
||||||
|
# Allow Ping To And From Firewall
|
||||||
|
#
|
||||||
|
ACCEPT loc fw icmp 8
|
||||||
|
ACCEPT net fw icmp 8
|
||||||
|
ACCEPT fw loc icmp 8
|
||||||
|
ACCEPT fw net icmp 8
|
||||||
|
#
|
||||||
|
# Bering specific rules:
|
||||||
|
# allow loc to fw udp/53 for dnscache to work
|
||||||
|
# allow loc to fw tcp/80 for weblet to work
|
||||||
|
#
|
||||||
|
ACCEPT loc fw udp 53
|
||||||
|
ACCEPT loc fw tcp 80
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -52,7 +52,7 @@
|
|||||||
#
|
#
|
||||||
# http://www.shorewall.net/shorewall_logging.html
|
# http://www.shorewall.net/shorewall_logging.html
|
||||||
|
|
||||||
LOGFILE=/var/log/messages
|
LOGFILE=/var/log/shorewall.log
|
||||||
|
|
||||||
#
|
#
|
||||||
# LOG FORMAT
|
# LOG FORMAT
|
||||||
@ -136,7 +136,7 @@ BLACKLIST_LOGLEVEL=
|
|||||||
# Example: LOGNEWNOTSYN=debug
|
# Example: LOGNEWNOTSYN=debug
|
||||||
|
|
||||||
|
|
||||||
LOGNEWNOTSYN=info
|
LOGNEWNOTSYN=ULOG
|
||||||
|
|
||||||
#
|
#
|
||||||
# MAC List Log Level
|
# MAC List Log Level
|
||||||
@ -148,7 +148,7 @@ LOGNEWNOTSYN=info
|
|||||||
# See the comment at the top of this section for a description of log levels
|
# See the comment at the top of this section for a description of log levels
|
||||||
#
|
#
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=info
|
MACLIST_LOG_LEVEL=ULOG
|
||||||
|
|
||||||
#
|
#
|
||||||
# TCP FLAGS Log Level
|
# TCP FLAGS Log Level
|
||||||
@ -160,7 +160,7 @@ MACLIST_LOG_LEVEL=info
|
|||||||
# See the comment at the top of this section for a description of log levels
|
# See the comment at the top of this section for a description of log levels
|
||||||
#
|
#
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=info
|
TCP_FLAGS_LOG_LEVEL=ULOG
|
||||||
|
|
||||||
#
|
#
|
||||||
# RFC1918 Log Level
|
# RFC1918 Log Level
|
||||||
@ -172,7 +172,7 @@ TCP_FLAGS_LOG_LEVEL=info
|
|||||||
# See the comment at the top of this section for a description of log levels
|
# See the comment at the top of this section for a description of log levels
|
||||||
#
|
#
|
||||||
|
|
||||||
RFC1918_LOG_LEVEL=info
|
RFC1918_LOG_LEVEL=ULOG
|
||||||
|
|
||||||
#
|
#
|
||||||
# SMURF Log Level
|
# SMURF Log Level
|
||||||
@ -186,7 +186,7 @@ RFC1918_LOG_LEVEL=info
|
|||||||
# See the comment at the top of this section for a description of log levels
|
# See the comment at the top of this section for a description of log levels
|
||||||
#
|
#
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=info
|
SMURF_LOG_LEVEL=ULOG
|
||||||
|
|
||||||
#
|
#
|
||||||
# BOGON Log Level
|
# BOGON Log Level
|
||||||
@ -200,7 +200,7 @@ SMURF_LOG_LEVEL=info
|
|||||||
# See the comment at the top of this section for a description of log levels
|
# See the comment at the top of this section for a description of log levels
|
||||||
#
|
#
|
||||||
|
|
||||||
BOGON_LOG_LEVEL=info
|
BOGON_LOG_LEVEL=ULOG
|
||||||
################################################################################
|
################################################################################
|
||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
################################################################################
|
################################################################################
|
||||||
@ -564,8 +564,9 @@ MODULE_SUFFIX=
|
|||||||
# exploited by users who do. Setting DISABLE_IPV6=Yes will cause
|
# exploited by users who do. Setting DISABLE_IPV6=Yes will cause
|
||||||
# Shorewall to disable IPV6 traffic to/from and through your
|
# Shorewall to disable IPV6 traffic to/from and through your
|
||||||
# firewall system. This requires that you have ip6tables installed.
|
# firewall system. This requires that you have ip6tables installed.
|
||||||
|
# Should be set to "No" for LEAF/LRP
|
||||||
|
|
||||||
DISABLE_IPV6=Yes
|
DISABLE_IPV6=No
|
||||||
|
|
||||||
#
|
#
|
||||||
# BRIDGING
|
# BRIDGING
|
||||||
|
@ -15,5 +15,5 @@
|
|||||||
#ZONE DISPLAY COMMENTS
|
#ZONE DISPLAY COMMENTS
|
||||||
net Net Internet
|
net Net Internet
|
||||||
loc Local Local networks
|
loc Local Local networks
|
||||||
dmz DMZ Demilitarized zone
|
#dmz DMZ Demilitarized zone
|
||||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||||
|
Loading…
Reference in New Issue
Block a user