holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Shorewall 2.0.2

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-14 13:40:31 +00:00
parent 9def7cde17
commit ab3d3e0ce9
14 changed files with 750 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Lrp2/etc/shorewall/hosts
View File

@ -14,6 +14,11 @@
# individual IP addresses. Most simple setups don't need to
# (should not) place anything in this file.
#
# The order of entries in this file is not significant in
# determining zone composition. Rather, the order that the zones
# are defined in /etc/shorewall/zones determines the order in
# which the records in this file are interpreted.
#
# ZONE - The name of a zone defined in /etc/shorewall/zones
#
# HOST(S) - The name of an interface defined in the
@ -49,10 +54,10 @@
# an ethernet NIC and must be up before
# Shorewall is started.
#
# routeback - Shorewall show set up the infrastructure
# routeback - Shorewall should set up the infrastructure
# to pass packets from this/these
# address(es) back to themselves. This is
# necessary of hosts in this group use the
# necessary if hosts in this group use the
# services of a transparent proxy that is
# a member of the group or if DNAT is used
# to send requests originating from this

12
Lrp2/etc/shorewall/interfaces
View File

@ -115,11 +115,21 @@
# established connection will be accepted
# from this interface, even if
# NEWNOTSYN=No has been specified in
# /etc/shorewall/shorewall.conf.
# /etc/shorewall/shorewall.conf. In other
# words, packets coming in on this interface
# are processed as if NEWNOTSYN=Yes had been
# specified in /etc/shorewall/shorewall.conf.
#
# This option has no effect if
# NEWNOTSYN=Yes.
#
# It is the opinion of the author that
# NEWNOTSYN=No creates more problems than
# it solves and I recommend against using
# that setting in shorewall.conf (hence
# making the use of the 'newnotsyn'
# interface option unnecessary).
#
# routeback - If specified, indicates that Shorewall
# should include rules that allow filtering
# traffic arriving on this interface back

38
Lrp2/etc/shorewall/masq
View File

@ -55,6 +55,27 @@
#
# This column may not contain DNS Names.
#
# If you want to leave this column empty
# but you need to specify the next column then
# place a hyphen ("-") here.
#
# PROTO -- (Optional) If you wish to restrict this entry to a
# particular protocol then enter the protocol
# name (from /etc/protocols) or number here.
#
# PORT(S) -- (Optional) If the PROTO column specifies TCP (protocol 6)
# or UDP (protocol 17) then you may list one
# or more port numbers (or names from
# /etc/services) separated by commas or you
# may list a single port range
# (<low port>:<high port>).
#
# Where a comma-separated list is given, your
# kernel and iptables must have multiport match
# support and a maximum of 15 ports may be
# listed.
#
#
# Example 1:
#
# You have a simple masquerading setup where eth0 connects to
@ -94,6 +115,19 @@
#
# eth0:0 192.168.1.0/24 206.124.146.176
#
##############################################################################
#INTERFACE SUBNET ADDRESS
# Example 5:
#
# You want all outgoing SMTP traffic entering the firewall
# on eth1 to be sent from eth0 with source IP address
# 206.124.146.177. You want all other outgoing traffic
# from eth1 to be sent from eth0 with source IP address
# 206.124.146.176.
#
# eth0 eth1 206.124.146.177 tcp smtp
# eth0 eth1 206.124.146.176
#
# THE ORDER OF THE ABOVE TWO RULES IS SIGNIFICANT!!!!!
#
###############################################################################
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

3
Lrp2/etc/shorewall/nat
View File

@ -29,8 +29,7 @@
# If No or no (or left empty) then NAT will be effective
# only through the interface named in the INTERFACE
# column
# LOCAL If Yes or yes and the ALL INTERFACES column contains
# Yes or yes, NAT will be effective from the firewall
# LOCAL If Yes or yes, NAT will be effective from the firewall
# system
##############################################################################
#EXTERNAL INTERFACE INTERNAL ALL LOCAL

16
Lrp2/etc/shorewall/rules
View File

@ -25,6 +25,13 @@
# LOG, QUEUE or an <action>.
#
# ACCEPT -- allow the connection request
# ACCEPT+ -- like ACCEPT but also excludes the
# connection from any subsequent
# DNAT[-] or REDIRECT[-] rules
# NONAT -- Excludes the connection from any
# subsequent DNAT[-] or REDIRECT[-]
# rules but doesn't generate a rule
# to accept the traffic.
# DROP -- ignore the request
# REJECT -- disallow the request and return an
# icmp-unreachable or an RST packet.
@ -70,6 +77,15 @@
# to a separate log through use of ulogd
# (http://www.gnumonks.org/projects/ulogd).
#
# Actions specifying logging may be followed by a
# log tag (a string of alphanumeric characters)
# are appended to the string generated by the
# LOGPREFIX (in /etc/shorewall/shorewall.conf).
#
# Example: ACCEPT:info:ftp would include 'ftp '
# at the end of the log prefix generated by the
# LOGPREFIX setting.
#
# SOURCE Source hosts to which the rule applies. May be a zone
# defined in /etc/shorewall/zones, $FW to indicate the
# firewall itself, or "all" If the ACTION is DNAT or

62
Lrp2/etc/shorewall/shorewall.conf
View File

@ -90,12 +90,21 @@ LOGFORMAT="Shorewall:%s:%s:"
# maximum initial burst size that will be logged. If set empty, the default
# value of 5 will be used.
#
# If BOTH variables are set empty then logging will not be rate-limited.
#
# Example:
#
# LOGRATE=10/minute
# LOGBURST=5
#
# If BOTH variables are set empty then logging will not be rate-limited.
# For each logging rule, the first time the rule is reached, the packet
# will be logged; in fact, since the burst is 5, the first five packets
# will be logged. After this, it will be 6 seconds (1 minute divided by
# the rate of 10) before a message will be logged from the rule, regardless
# of how many packets reach it. Also, every 6 seconds which passes without
# matching a packet, one of the bursts will be regained; if no packets hit
# the rule for 30 seconds, the burst will be fully recharged; back where
# we started.
#
LOGRATE=
@ -169,8 +178,10 @@ RFC1918_LOG_LEVEL=info
# SMURF Log Level
#
# Specifies the logging level for smurf packets dropped by the
#'nosmurfs' interface option in /etc/shorewall/interfaces. If set to the empty
# value ( SMURF_LOG_LEVEL="" ) then dropped smurfs are not logged.
#'nosmurfs' interface option in /etc/shorewall/interfaces and in
# /etc/shorewall/hosts. If set to the empty value ( SMURF_LOG_LEVEL=""
# ) then dropped smurfs are not logged.
#
# See the comment at the top of this section for a description of log levels
#
@ -181,8 +192,9 @@ SMURF_LOG_LEVEL=info
# BOGON Log Level
#
# Specifies the logging level for bogon packets dropped by the
#'nobogons' interface option in /etc/shorewall/interfaces. If set to the empty
# value ( BOGON_LOG_LEVEL="" ) then packets whose TARGET is 'logdrop'
#'nobogons' interface option in /etc/shorewall/interfaces and in
# /etc/shorewall/hosts. If set to the empty value
# ( BOGON_LOG_LEVEL="" ) then packets whose TARGET is 'logdrop'
# in /usr/share/shorewall/bogons are logged at the 'info' level.
#
# See the comment at the top of this section for a description of log levels
@ -222,7 +234,7 @@ SUBSYSLOCK=/var/run/shorewall
# it is running
#
STATEDIR=/tmp/shorewall
STATEDIR=/var/state/shorewall
#
# KERNEL MODULE DIRECTORY
@ -233,6 +245,19 @@ STATEDIR=/tmp/shorewall
MODULESDIR=
#
# CONFIGURATION SEARCH PATH
#
# This option holds a list of directory names separated by colons
# (":"). Shorewall will search each directory in turn when looking for a
# configuration file. When processing a 'try' command or a command
# containing the "-c" option, Shorewall will automatically add the
# directory specified in the command to the front of this list.
#
# If not specified or specified as null ("CONFIG_PATH=""),
# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
################################################################################
# F I R E W A L L O P T I O N S
################################################################################
@ -432,7 +457,7 @@ MUTEX_TIMEOUT=60
# established connection.
#
# If NEWNOTSYN is set to "No" or "no", then non-SYN packets that are not
# part of an already established connection, it will be dropped by the
# part of an already established connection will be dropped by the
# firewall. The setting of LOGNEWNOTSYN above determines if these packets are
# logged before they are dropped.
#
@ -444,7 +469,9 @@ MUTEX_TIMEOUT=60
# also need to select NEWNOTSYN=Yes.
#
# The behavior of NEWNOTSYN=Yes may also be enabled on a per-interface basis
# using the 'newnotsyn' option in /etc/shorewall/interfaces.
# using the 'newnotsyn' option in /etc/shorewall/interfaces and on a
# network or host basis using the same option in /etc/shorewall/hosts.
#
# I find that NEWNOTSYN=No tends to result in lots of "stuck"
# connections because any network timeout during TCP session tear down
@ -510,9 +537,9 @@ BLACKLISTNEWONLY=Yes
#
# When loading a module named in /etc/shorewall/modules, Shorewall normally
# looks in the MODULES DIRECTORY (see MODULESDIR above) for files whose names
# end in ".o", ".ko", ".gz" or "o.gz". If your distribution uses a different
# naming convention then you can specify the suffix (extension) for module
# names in this variable.
# end in ".o", ".ko", ".gz", "o.gz" or "ko.gz" . If your distribution uses a
# different naming convention then you can specify the suffix (extension) for
# module names in this variable.
#
# To see what suffix is used by your distribution:
#
@ -551,6 +578,14 @@ DISABLE_IPV6=Yes
#
BRIDGING=No
#
# DYNAMIC ZONES
#
# If you need to be able to add and delete hosts from zones dynamically then
# set DYNAMIC_ZONES=Yes. Otherwise, set DYNAMIC_ZONES=No.
DYNAMIC_ZONES=No
################################################################################
# P A C K E T D I S P O S I T I O N
################################################################################
@ -580,8 +615,9 @@ MACLIST_DISPOSITION=REJECT
#
# This variable determins the disposition of packets having an invalid
# combination of TCP flags that are received on interfaces having the
# 'tcpflags' option specified in /etc/shorewall/interfaces. If not specified
# or specified as empty (TCP_FLAGS_DISPOSITION="") then DROP is assumed.
# 'tcpflags' option specified in /etc/shorewall/interfaces or in
# /etc/shorewall/hosts. If not specified or specified as empty
# (TCP_FLAGS_DISPOSITION="") then DROP is assumed.
TCP_FLAGS_DISPOSITION=DROP

132
Lrp2/sbin/shorewall
View File

@ -80,6 +80,10 @@
# "dropped" addresses so that it will
# be automatically reinstated the
# next time that Shorewall starts.
# Save the current state so that 'shorewall
# restore' can be used.
#
# shorewall forget Discard the data saved by 'shorewall save'
#
# shorewall ipaddr [ <address>/<cidr> | <address> <netmask> ]
#
@ -160,6 +164,7 @@ get_config() {
exit 2
fi
fi
}
#
@ -530,7 +535,7 @@ help()
#
usage() # $1 = exit status
{
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] <command>"
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] <command>"
echo "where <command> is one of:"
echo " add <interface>[:<host>] <zone>"
echo " allow <address> ..."
@ -538,6 +543,7 @@ usage() # $1 = exit status
echo " clear"
echo " delete <interface>[:<host>] <zone>"
echo " drop <address> ..."
echo " forget"
echo " help [ <command > | host | address ]"
echo " hits"
echo " ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
@ -548,6 +554,7 @@ usage() # $1 = exit status
echo " reject <address> ..."
echo " reset"
echo " restart"
echo " restore"
echo " save"
echo " show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
echo " start"
@ -585,34 +592,60 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
fi
SHOREWALL_DIR=
QUIET=
IPT_OPTIONS="-nv"
FAST=
done=0
while [ $done -eq 0 ]; do
[ $# -eq 0 ] && usage 1
case $1 in
-c)
[ $# -eq 1 ] && usage 1
option=$1
case $option in
-*)
option=${option#-}
if [ ! -d $2 ]; then
if [ -e $2 ]; then
echo "$2 is not a directory" >&2 && exit 2
else
echo "Directory $2 does not exist" >&2 && exit 2
fi
fi
[ -z "$option" ] && usage 1
while [ -n "$option" ]; do
case $option in
c)
[ $# -eq 1 ] && usage 1
SHOREWALL_DIR=$2
shift
shift
;;
-x)
IPT_OPTIONS="-xnv"
shift
;;
*)
done=1
;;
if [ ! -d $2 ]; then
if [ -e $2 ]; then
echo "$2 is not a directory" >&2 && exit 2
else
echo "Directory $2 does not exist" >&2 && exit 2
fi
fi
SHOREWALL_DIR=$2
option=
shift
;;
x*)
IPT_OPTIONS="-xnv"
option=${option#x}
;;
q*)
QUIET=Yes
option=${option#q}
;;
f*)
FAST=Yes
option=${option#f}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
done=1
;;
esac
done
@ -621,6 +654,7 @@ if [ $# -eq 0 ]; then
fi
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
[ -n "$QUIET" ] && export QUIET
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
MUTEX_TIMEOUT=
@ -638,6 +672,8 @@ else
exit 2
fi
ensure_config_path
config=$(find_file shorewall.conf)
if [ -f $config ]; then
@ -647,6 +683,10 @@ else
exit 2
fi
ensure_config_path
export CONFIG_PATH
[ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
if [ ! -f $FIREWALL ]; then
@ -691,7 +731,23 @@ case $(echo -n "Testing") in
esac
case "$1" in
start|stop|restart|reset|clear|refresh|check)
start)
[ $# -ne 1 ] && usage 1
get_config
if [ -n "$FAST" ]; then
if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall...
. /var/lib/shorewall/restore
date > $STATEDIR/restarted
echo Shorewall restored
else
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
fi
else
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
fi
;;
stop|restart|reset|clear|refresh|check)
[ $# -ne 1 ] && usage 1
get_config
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
@ -909,11 +965,24 @@ case "$1" in
[ -n "$debugging" ] && set -x
[ $# -ne 1 ] && usage 1
mutex_on
if qt iptables -L shorewall -n; then
[ -d /var/lib/shorewall ] || mkdir /var/lib/shorewall
if iptables -L dynamic -n > /var/lib/shorewall/save; then
echo "Dynamic Rules Saved"
echo " Dynamic Rules Saved"
if [ -f /var/lib/shorewall/restore-base ]; then
cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
if iptables-save >> /var/lib/shorewall/restore-$$ ; then
echo EOF >> /var/lib/shorewall/restore-$$
mv -f /var/lib/shorewall/restore-$$ /var/lib/shorewall/restore
chmod +x /var/lib/shorewall/restore
echo " Currently-running Configuration Saved"
else
rm -f /var/lib/shorewall/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
fi
else
echo "Error Saving the Dynamic Rules"
fi
@ -922,6 +991,11 @@ case "$1" in
fi
mutex_off
;;
forget)
rm -f /var/lib/shorewall/restore
rm -f /var/lib/shorewall/save
echo " Previously saved information discarded"
;;
ipcalc)
[ -n "$debugging" ] && set -x
if [ $# -eq 2 ]; then
@ -957,6 +1031,16 @@ case "$1" in
;;
esac
;;
restore)
if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall...
. /var/lib/shorewall/restore
echo Shorewall restored
else
echo "File /var/lib/shorewall/restore: file not found"
exit 2
fi
;;
call)
[ -n "$debugging" ] && set -x
#

14
Lrp2/usr/share/shorewall/bogons
View File

@ -46,13 +46,19 @@
49.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98
50.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98
58.0.0.0/7 logdrop # Reserved
70.0.0.0/7 logdrop # Reserved
71.0.0.0/8 logdrop # Reserved
72.0.0.0/5 logdrop # Reserved
85.0.0.0/8 logdrop # Reserved
86.0.0.0/7 logdrop # Reserved
88.0.0.0/5 logdrop # Reserved
89.0.0.0/8 logdrop # Reserved
90.0.0.0/7 logdrop # Reserved
92.0.0.0/6 logdrop # Reserved
96.0.0.0/3 logdrop # Reserved
127.0.0.0/8 logdrop # Loopback
173.0.0.0/8 logdrop # Reserved
174.0.0.0/7 logdrop # Reserved
176.0.0.0/5 logdrop # Reserved
184.0.0.0/6 logdrop # Reserved
189.0.0.0/8 logdrop # Reserved
190.0.0.0/8 logdrop # Reserved
197.0.0.0/8 logdrop # Reserved
198.18.0.0/15 logdrop # Reserved
223.0.0.0/8 logdrop # Reserved - Returned by APNIC in 2003

719
Lrp2/usr/share/shorewall/firewall
View File

File diff suppressed because it is too large Load Diff

35
Lrp2/usr/share/shorewall/functions
View File

@ -82,11 +82,24 @@ fix_bang() {
done
}
#
# Set default config path
#
ensure_config_path() {
local F=/usr/share/shorewall/configpath
if [ -z "$CONFIG_PATH" ]; then
[ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
. $F
fi
}
#
# Find a File -- For relative file name, look first in $SHOREWALL_DIR then in /etc/shorewall
#
find_file()
{
local saveifs= directory
case $1 in
/*)
echo $1
@ -94,11 +107,19 @@ find_file()
*)
if [ -n "$SHOREWALL_DIR" -a -f $SHOREWALL_DIR/$1 ]; then
echo $SHOREWALL_DIR/$1
elif [ -f /etc/shorewall/$1 ]; then
echo /etc/shorewall/$1
elif [ -f /usr/share/shorewall/$1 ]; then
echo /usr/share/shorewall/$1
else
saveifs=$IFS
IFS=:
for directory in $CONFIG_PATH; do
if [ -f $directory/$1 ]; then
echo $directory/$1
IFS=$saveifs
return
fi
done
IFS=$saveifs
echo /etc/shorewall/$1
fi
;;
@ -485,14 +506,14 @@ in_network() # $1 = IP address, $2 = CIDR network
ip_vlsm() {
local mask=$(decodeaddr $1)
local vlsm=0
local x=$(( 128 $LEFTSHIFT 24 ))
local x=$(( 128 $LEFTSHIFT 24 )) # 0x80000000
while [ $(( $x & $mask )) -ne 0 ]; do
[ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Don't Ask...
[ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Not all shells shift 0x80000000 left properly.
vlsm=$(($vlsm + 1))
done
if [ $(( $mask & 2147483647)) -ne 0 ]; then
if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff
echo "Invalid net mask: $1" >&2
else
echo $vlsm

68
Lrp2/usr/share/shorewall/help
View File

@ -116,6 +116,14 @@ drop)
See also \"help address\""
;;
forget)
echo "forget: forget
Deletes /var/lib/shorewall/save and /var/lib/shorewall/restore. Those
files are created by the 'shorewall save' command
See also \"help save\""
;;
help)
echo "help: help [<command> | host | address ]
Display helpful information about the shorewall commands."
@ -147,15 +155,21 @@ logwatch)
monitor)
echo "monitor: monitor [<refresh_interval>]
shorewall [-x] monitor [<refresh_interval>]
Continuously display the firewall status, last 20 log entries and nat.
When the log entry display changes, an audible alarm is sounded."
When the log entry display changes, an audible alarm is sounded.
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
refresh)
echo "refresh: refresh
echo "refresh: [ -q ] refresh
The rules involving the broadcast addresses of firewall interfaces,
the black list, traffic control rules and ECN control rules are recreated
to reflect any changes made. Existing connections are untouched"
to reflect any changes made. Existing connections are untouched
If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
;;
reject)
@ -173,26 +187,41 @@ reset)
;;
restart)
echo "restart: restart [ -c <configuration-directory> ]
echo "restart: restart [ -q ] [ -c <configuration-directory> ]
Restart is the same as a shorewall stop && shorewall start.
Existing connections are dropped."
Existing connections are maintained.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
;;
restore)
echo "restore: restore
Restore Shorewall to its last state saved using the 'save' command
Existing connections are maintained.
See also \"help save\" and \"help forget\""
;;
save)
echo "save: save
The dynamic data is stored in /var/lib/shorewall/save
Shorewall allow, drop, rejct and save implement dynamic blacklisting."
The dynamic data is stored in /var/lib/shorewall/save. The state of the
firewall is stored in /var/lib/shorewall/restore for use by the 'shorewall restore'
and 'shorewall -f start' commands.
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
See also \"help restore\" and \"help forget\""
;;
show)
echo "show: show [<chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
shorewall show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
(iptables -L chain -n -v)
shorewall show nat - produce a verbose report about the nat table.
shorewall [-x] show nat - produce a verbose report about the nat table.
(iptables -t nat -L -n -v)
shorewall show tos - produce a verbose report about the mangle table.
shorewall [-x] show tos - produce a verbose report about the mangle table.
(iptables -t mangle -L -n -v)
shorewall show log - display the last 20 packet log entries.
@ -201,14 +230,18 @@ show)
being tracked by the firewall.
shorewall show tc - displays information about the traffic
control/shaping configuration."
control/shaping configuration.
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
start)
echo "start: start [ -c <configuration-directory> ]
echo "start: [ -q ] [ -f ] [ -c <configuration-directory> ] start
Start shorewall. Existing connections through shorewall managed
interfaces are untouched. New connections will be allowed only
if they are allowed by the firewall rules or policies."
if they are allowed by the firewall rules or policies.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings
If \"-f\" is specified, the last saved configuraton if any will be restored"
;;
stop)
@ -221,9 +254,14 @@ stop)
status)
echo "status: status
shorewall [-x] status
Produce a verbose report about the firewall.
(iptables -L -n -v)"
(iptables -L -n -)
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
trace)

2
Lrp2/usr/share/shorewall/version
View File

@ -1 +1 @@
2.0.1
2.0.2

1
Lrp2/var/lib/lrpkg/shorwall.list
View File

@ -2,4 +2,5 @@ etc/init.d/shorewall
etc/shorewall
sbin/shorewall
usr/share/shorewall
var/lib/shorewall
var/lib/lrpkg/shorwall.*

2
Lrp2/var/lib/lrpkg/shorwall.version
View File

@ -1 +1 @@
2.0.0-RC1
2.0.2