holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Shorewall 2.0.0 Beta3

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1153 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-17 22:34:48 +00:00
parent 36fb7fa62b
commit b1a544a107
4 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -46,3 +46,5 @@ Changes since 1.4.10
22) Added DISABLE_IPV6 option. 22) Added DISABLE_IPV6 option.
23) Allow rate limiting on CONTINUE and REJECT. 23) Allow rate limiting on CONTINUE and REJECT.
24) Move rfc1918 to /usr/share/shorewall

6
Shorewall2/firewall
View File

@ -926,7 +926,8 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"' eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"'
;; ;;
*) *)
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"' eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level \
--log-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"'
;; ;;
esac esac
@ -943,7 +944,8 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"' eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"'
;; ;;
*) *)
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"' eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level \
--log-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"'
;; ;;
esac esac

21
Shorewall2/releasenotes.txt
View File

@ -1,9 +1,16 @@
Shorewall 2.0.0-Beta2 Shorewall 2.0.0-Beta3
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since prior version. Problems Corrected since prior version.
None - this is the initial release. 1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
a [re]start error.
2) The 'fgrep' utility is no longer required (caused startup problems
on LEAF/Bering).
3) The "shorewall add" command no longer inserts rules before checking
of the blacklist.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
@ -27,7 +34,8 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
/etc/shorewall/common.def /etc/shorewall/common.def
/etc/shorewall/common /etc/shorewall/common
/etc/shorewall/icmpdef /etc/shorewall/icmpdef
/etc/shorewall/action.template /etc/shorewall/action.template (Moved to /usr/share/shorewall)
/etc/shorewall/rfc1918 (Moved to /usr/share/shorewall).
The /etc/shorewall/action file now allows an action to be The /etc/shorewall/action file now allows an action to be
designated as the "common" action for a particular policy type by designated as the "common" action for a particular policy type by
@ -132,6 +140,13 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
column of /etc/shorewall/rules -- you must use the RATE LIMIT column of /etc/shorewall/rules -- you must use the RATE LIMIT
column. column.
7) Depending on which method you use to upgrade, if you have your own
version of /etc/shorewall/rfc1918, you may have to take special
action to restore it after the upgrade. Look for
/etc/shorewall/rfc1918*, locate the proper file and rename it back
to /etc/shorewall/rfc1918. The contents of that file will supercede
the contents of /usr/share/shorewall/rfc1918.
New Features: New Features:
1) The INCLUDE directive now allows absolute file names. 1) The INCLUDE directive now allows absolute file names.

25
Shorewall2/rules
View File

@ -54,29 +54,11 @@
# <action> -- The name of an action defined in # <action> -- The name of an action defined in
# /etc/shorewall/actions. # /etc/shorewall/actions.
# #
# You may rate-limit the rule by optionally # The ACTION may optionally be followed
# following ACCEPT, DNAT[-], REDIRECT[-] or LOG with
#
# < <rate>/<interval>[:<burst>] >
#
# where <rate> is the number of connections per
# <interval> ("sec" or "min") and <burst> is the
# largest burst permitted. If no <burst> is given,
# a value of 5 is assumed. There may be no
# no whitespace embedded in the specification.
#
# Example: ACCEPT<10/sec:20>
#
# The ACTION (and rate limit) may optionally be followed
# by ":" and a syslog log level (e.g, REJECT:info or # by ":" and a syslog log level (e.g, REJECT:info or
# DNAT<4/sec:8>:debugging). This causes the packet to be # DNAT:debug). This causes the packet to be
# logged at the specified level. # logged at the specified level.
# #
# NOTE: For those of you who prefer to place the
# rate limit in a separate column, see the RATE LIMIT
# column below. If you specify a value in that column,
# you must not include a rate limit in the ACTION column
#
# You may also specify ULOG (must be in upper case) as a # You may also specify ULOG (must be in upper case) as a
# log level.This will log to the ULOG target for routing # log level.This will log to the ULOG target for routing
# to a separate log through use of ulogd # to a separate log through use of ulogd
@ -232,9 +214,6 @@
# #
# Example: 10/sec:20 # Example: 10/sec:20
# #
# If you place a rate limit in this column, you may not
# place a similar limit in the ACTION column.
#
# USER/GROUP This column may only be non-empty if the SOURCE is # USER/GROUP This column may only be non-empty if the SOURCE is
# the firewall itself. # the firewall itself.
# #