forked from extern/shorewall_code
Console-friendly shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3163 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
9d61e79412
commit
98f828f1c9
@ -1,3 +1,7 @@
|
||||
Changes in 3.0.4
|
||||
|
||||
1) Console-friendly version of shorewall.conf.
|
||||
|
||||
Changes in 3.0.3
|
||||
|
||||
1) Implement "shorewall show macros"
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
Shorewall 3.0.3
|
||||
Shorewall 3.0.4
|
||||
|
||||
Note to users upgrading from Shorewall 2.x
|
||||
|
||||
@ -46,71 +46,10 @@ Note to users upgrading from Shorewall 2.x
|
||||
Please see the "Migration Considerations" below for additional upgrade
|
||||
information.
|
||||
|
||||
Problems Corrected in 3.0.3
|
||||
Problems Corrected in 3.0.4
|
||||
|
||||
1) The comments in the /etc/shorewall/shorewall.conf and
|
||||
/etc/shorewall/hosts files have been changed to clarify when
|
||||
BRIDGING=Yes is required when dealing with bridges.
|
||||
|
||||
2) Thanks to Tuomo Soini, formatting of the comments in the tcdevices
|
||||
and tcclasses files has been cleaned up.
|
||||
|
||||
3) Specifying 'trace' on the 'safe-start' and 'safe-restart' command no
|
||||
longer fails.
|
||||
|
||||
4) The output of "shorewall help restore" has been corrected. It previously
|
||||
printed incorrect syntax for that command.
|
||||
|
||||
5) The README.txt file in the tarball was stale and contained incorrect
|
||||
information. It has been corrected.
|
||||
|
||||
6) The shorewall.conf default setting of CLEAR_TC was previously "No". Given
|
||||
that the default setting of TC_ENABLED is "Internal", the setting of
|
||||
CLREAR_TC has been changed to the more appropriate value of "Yes".
|
||||
|
||||
7) Specifying an interface name in the SOURCE column of /etc/shorewall/tcrules
|
||||
resulted in a startup error.
|
||||
|
||||
8) When the 'install.sh' script is used on Debian, it now creates
|
||||
/var/log/shorewall-init.log. And if perl is installed on the system then
|
||||
STARTUP_ENABLED=Yes is specified in shorewall.conf (the user must still
|
||||
set startup=1 in /etc/default/shorewall).
|
||||
|
||||
New Features in 3.0.3
|
||||
|
||||
1) A "shorewall show macros" command has been added. This command displays
|
||||
a list of the standard macros along with a brief description of each.
|
||||
|
||||
2) The '-q' option is now supported with 'safe-start' and 'safe-restart'.
|
||||
|
||||
3) The value "-" is now allowed in the ADDRESS/SUBNET column of
|
||||
/etc/shorewall/blacklist. That value is equivalent to specifying
|
||||
0.0.0.0/0 in that column.
|
||||
|
||||
4) The output of "shorewall show tc" and "shorewall show classifiers" is
|
||||
now included in the output from "shorewall dump". This will aid us in
|
||||
analyzing traffic shaping problems.
|
||||
|
||||
5) You can now specify 'none' in the COPY column of /etc/shorewall/providers
|
||||
to signal that you want Shorewall to only copy routes through the interface
|
||||
listed in the INTERFACE column.
|
||||
|
||||
Note: This works on older versions of Shorewall as well. It is
|
||||
now documented.
|
||||
|
||||
6) An 'ipdecimal' command has been added to /sbin/shorewall. This command
|
||||
converts between dot-quad and decimal.
|
||||
|
||||
Example:
|
||||
|
||||
gateway:/etc/openvpn# shorewall ipdecimal 192.168.1.4
|
||||
3232235780
|
||||
gateway:/etc/openvpn# shorewall ipdecimal 3232235780
|
||||
192.168.1.4
|
||||
gateway:/etc/openvpn#
|
||||
|
||||
7) /etc/init.d/shorewall now supports a 'reload' command which is
|
||||
synonymous with the 'restart' command.
|
||||
1) The shorewall.conf file is once again "console friendly". Patch is
|
||||
courtesy of Tuomo Soini.
|
||||
|
||||
Migration Considerations for Users upgrading from Shorewall 2.x.
|
||||
|
||||
@ -794,3 +733,40 @@ New Features in 3.0.2
|
||||
|
||||
1) A new Webmin macro has been added. This macro assumes that Webmin is
|
||||
running on its default port (10000).
|
||||
|
||||
New Features in 3.0.3
|
||||
|
||||
1) A "shorewall show macros" command has been added. This command displays
|
||||
a list of the standard macros along with a brief description of each.
|
||||
|
||||
2) The '-q' option is now supported with 'safe-start' and 'safe-restart'.
|
||||
|
||||
3) The value "-" is now allowed in the ADDRESS/SUBNET column of
|
||||
/etc/shorewall/blacklist. That value is equivalent to specifying
|
||||
0.0.0.0/0 in that column.
|
||||
|
||||
4) The output of "shorewall show tc" and "shorewall show classifiers" is
|
||||
now included in the output from "shorewall dump". This will aid us in
|
||||
analyzing traffic shaping problems.
|
||||
|
||||
5) You can now specify 'none' in the COPY column of /etc/shorewall/providers
|
||||
to signal that you want Shorewall to only copy routes through the interface
|
||||
listed in the INTERFACE column.
|
||||
|
||||
Note: This works on older versions of Shorewall as well. It is
|
||||
now documented.
|
||||
|
||||
6) An 'ipdecimal' command has been added to /sbin/shorewall. This command
|
||||
converts between dot-quad and decimal.
|
||||
|
||||
Example:
|
||||
|
||||
gateway:/etc/openvpn# shorewall ipdecimal 192.168.1.4
|
||||
3232235780
|
||||
gateway:/etc/openvpn# shorewall ipdecimal 3232235780
|
||||
192.168.1.4
|
||||
gateway:/etc/openvpn#
|
||||
|
||||
7) /etc/init.d/shorewall now supports a 'reload' command which is
|
||||
synonymous with the 'restart' command.
|
||||
|
||||
|
||||
@ -395,9 +395,9 @@ IP_FORWARDING=On
|
||||
# for each NAT external address that you give in /etc/shorewall/nat. If you say
|
||||
# "No" or "no", you must add these aliases youself.
|
||||
#
|
||||
# WARNING: Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added during
|
||||
# processing of the "shorewall restart" command. As a consequence, connections
|
||||
# using those addresses may be severed.
|
||||
# WARNING: Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added
|
||||
# during processing of the "shorewall restart" command. As a consequence,
|
||||
# connections using those addresses may be severed.
|
||||
#
|
||||
|
||||
ADD_IP_ALIASES=Yes
|
||||
@ -410,9 +410,9 @@ ADD_IP_ALIASES=Yes
|
||||
# say "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No"
|
||||
# unless you are sure that you need it -- most people don't!!!
|
||||
#
|
||||
# WARNING: Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added during
|
||||
# processing of the "shorewall restart" command. As a consequence, connections
|
||||
# using those addresses may be severed.
|
||||
# WARNING: Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added
|
||||
# during processing of the "shorewall restart" command. As a consequence,
|
||||
# connections using those addresses may be severed.
|
||||
#
|
||||
|
||||
ADD_SNAT_ALIASES=No
|
||||
@ -688,11 +688,12 @@ DISABLE_IPV6=Yes
|
||||
#
|
||||
# BRIDGING
|
||||
#
|
||||
# If you wish to restrict connections through a bridge (see http://bridge.sf.net),
|
||||
# then set BRIDGING=Yes. Your kernel must have the physdev match option
|
||||
# enabled; that option is available at the above URL for 2.4 kernels and
|
||||
# is included as a standard part of the 2.6 series kernels. If not
|
||||
# specified or specified as empty (BRIDGING="") then "No" is assumed.
|
||||
# If you wish to restrict connections through a bridge
|
||||
# (see http://bridge.sf.net), then set BRIDGING=Yes. Your kernel must have
|
||||
# the physdev match option enabled; that option is available at the above URL
|
||||
# for 2.4 kernels and is included as a standard part of the 2.6 series
|
||||
# kernels. If not specified or specified as empty (BRIDGING="") then "No" is
|
||||
# assumed.
|
||||
#
|
||||
|
||||
BRIDGING=No
|
||||
|
||||
Loading…
Reference in New Issue
Block a user