changed to LEAF (leaf.sourceforge.net) standard

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
kapeka 2004-05-18 16:47:39 +00:00
parent e80a35c5f7
commit 82c91230da
6 changed files with 40 additions and 12 deletions

View File

@ -190,5 +190,6 @@
# net ppp0 - # net ppp0 -
############################################################################## ##############################################################################
#ZONE INTERFACE BROADCAST OPTIONS #ZONE INTERFACE BROADCAST OPTIONS
# net eth0 detect dhcp,routefilter,norfc1918
loc eth1 detect
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

View File

@ -130,4 +130,5 @@
# #
############################################################################### ###############################################################################
#INTERFACE SUBNET ADDRESS PROTO PORT(S) #INTERFACE SUBNET ADDRESS PROTO PORT(S)
eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

View File

@ -77,9 +77,13 @@
#SOURCE DEST POLICY LOG LIMIT:BURST #SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL # LEVEL
loc net ACCEPT loc net ACCEPT
net all DROP info net all DROP ULOG
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
#fw net ACCEPT
# #
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
# #
all all REJECT info all all REJECT ULOG
#LAST LINE -- DO NOT REMOVE #LAST LINE -- DO NOT REMOVE

View File

@ -302,4 +302,25 @@
#################################################################################################### ####################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
# PORT PORT(S) DEST LIMIT
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8
#
# Bering specific rules:
# allow loc to fw udp/53 for dnscache to work
# allow loc to fw tcp/80 for weblet to work
#
ACCEPT loc fw udp 53
ACCEPT loc fw tcp 80
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

View File

@ -52,7 +52,7 @@
# #
# http://www.shorewall.net/shorewall_logging.html # http://www.shorewall.net/shorewall_logging.html
LOGFILE=/var/log/messages LOGFILE=/var/log/shorewall.log
# #
# LOG FORMAT # LOG FORMAT
@ -136,7 +136,7 @@ BLACKLIST_LOGLEVEL=
# Example: LOGNEWNOTSYN=debug # Example: LOGNEWNOTSYN=debug
LOGNEWNOTSYN=info LOGNEWNOTSYN=ULOG
# #
# MAC List Log Level # MAC List Log Level
@ -148,7 +148,7 @@ LOGNEWNOTSYN=info
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
MACLIST_LOG_LEVEL=info MACLIST_LOG_LEVEL=ULOG
# #
# TCP FLAGS Log Level # TCP FLAGS Log Level
@ -160,7 +160,7 @@ MACLIST_LOG_LEVEL=info
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
TCP_FLAGS_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=ULOG
# #
# RFC1918 Log Level # RFC1918 Log Level
@ -172,7 +172,7 @@ TCP_FLAGS_LOG_LEVEL=info
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
RFC1918_LOG_LEVEL=info RFC1918_LOG_LEVEL=ULOG
# #
# SMURF Log Level # SMURF Log Level
@ -186,7 +186,7 @@ RFC1918_LOG_LEVEL=info
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
SMURF_LOG_LEVEL=info SMURF_LOG_LEVEL=ULOG
# #
# BOGON Log Level # BOGON Log Level
@ -200,7 +200,7 @@ SMURF_LOG_LEVEL=info
# See the comment at the top of this section for a description of log levels # See the comment at the top of this section for a description of log levels
# #
BOGON_LOG_LEVEL=info BOGON_LOG_LEVEL=ULOG
################################################################################ ################################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
################################################################################ ################################################################################
@ -564,8 +564,9 @@ MODULE_SUFFIX=
# exploited by users who do. Setting DISABLE_IPV6=Yes will cause # exploited by users who do. Setting DISABLE_IPV6=Yes will cause
# Shorewall to disable IPV6 traffic to/from and through your # Shorewall to disable IPV6 traffic to/from and through your
# firewall system. This requires that you have ip6tables installed. # firewall system. This requires that you have ip6tables installed.
# Should be set to "No" for LEAF/LRP
DISABLE_IPV6=Yes DISABLE_IPV6=No
# #
# BRIDGING # BRIDGING

View File

@ -15,5 +15,5 @@
#ZONE DISPLAY COMMENTS #ZONE DISPLAY COMMENTS
net Net Internet net Net Internet
loc Local Local networks loc Local Local networks
dmz DMZ Demilitarized zone #dmz DMZ Demilitarized zone
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE