diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 6036bb6c0..903d176b4 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -28,7 +28,7 @@ package Shorewall::Chains; require Exporter; use Scalar::Util 'reftype'; -use Digest::SHA1 qw(sha1); +use Digest::SHA qw(sha1); use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Zones; use Shorewall::IPAddrs; @@ -565,6 +565,7 @@ my %aliases = ( protocol => 'p', my @unique_options = ( qw/p dport sport icmp-type icmpv6-type s d i o/ ); +our %isocodes; # # Rather than initializing globals in an INIT block or during declaration, # we initialize them in a function. This is done for two reasons: @@ -633,6 +634,455 @@ sub initialize( $$$ ) { sip => UDP, snmp => UDP, tftp => UDP); + + if ( $family == F_IPV4 ) { + %isocodes = ( + A1 => "Anonymous Proxy" , + A2 => "Satellite Provider" , + AD => "Andorra" , + AE => "United Arab Emirates" , + AF => "Afghanistan" , + AG => "Antigua and Barbuda" , + AI => "Anguilla" , + AL => "Albania" , + AM => "Armenia" , + AN => "Netherlands Antilles" , + AO => "Angola" , + AP => "Asia/Pacific Region" , + AQ => "Antarctica" , + AR => "Argentina" , + AS => "American Samoa" , + AT => "Austria" , + AU => "Australia" , + AW => "Aruba" , + AX => "Aland Islands" , + AZ => "Azerbaijan" , + BA => "Bosnia and Herzegovina" , + BB => "Barbados" , + BD => "Bangladesh" , + BE => "Belgium" , + BF => "Burkina Faso" , + BG => "Bulgaria" , + BH => "Bahrain" , + BI => "Burundi" , + BJ => "Benin" , + BM => "Bermuda" , + BN => "Brunei Darussalam" , + BO => "Bolivia" , + BR => "Brazil" , + BS => "Bahamas" , + BT => "Bhutan" , + BV => "Bouvet Island" , + BW => "Botswana" , + BY => "Belarus" , + BZ => "Belize" , + CA => "Canada" , + CC => "Cocos (Keeling) Islands" , + CD => "Congo, The Democratic Republic of the" , + CF => "Central African Republic" , + CG => "Congo" , + CH => "Switzerland" , + CI => "Cote D'Ivoire" , + CK => "Cook Islands" , + CL => "Chile" , + CM => "Cameroon" , + CN => "China" , + CO => "Colombia" , + CR => "Costa Rica" , + CU => "Cuba" , + CV => "Cape Verde" , + CX => "Christmas Island" , + CY => "Cyprus" , + CZ => "Czech Republic" , + DE => "Germany" , + DJ => "Djibouti" , + DK => "Denmark" , + DM => "Dominica" , + DO => "Dominican Republic" , + DZ => "Algeria" , + EC => "Ecuador" , + EE => "Estonia" , + EG => "Egypt" , + EH => "Western Sahara" , + ER => "Eritrea" , + ES => "Spain" , + ET => "Ethiopia" , + EU => "Europe" , + FI => "Finland" , + FJ => "Fiji" , + FK => "Falkland Islands (Malvinas)" , + FM => "Micronesia, Federated States of" , + FO => "Faroe Islands" , + FR => "France" , + GA => "Gabon" , + GB => "United Kingdom" , + GD => "Grenada" , + GE => "Georgia" , + GF => "French Guiana" , + GG => "Guernsey" , + GH => "Ghana" , + GI => "Gibraltar" , + GL => "Greenland" , + GM => "Gambia" , + GN => "Guinea" , + GP => "Guadeloupe" , + GQ => "Equatorial Guinea" , + GR => "Greece" , + GS => "South Georgia and the South Sandwich Islands" , + GT => "Guatemala" , + GU => "Guam" , + GW => "Guinea-Bissau" , + GY => "Guyana" , + HK => "Hong Kong" , + HN => "Honduras" , + HR => "Croatia" , + HT => "Haiti" , + HU => "Hungary" , + ID => "Indonesia" , + IE => "Ireland" , + IL => "Israel" , + IM => "Isle of Man" , + IN => "India" , + IO => "British Indian Ocean Territory" , + IQ => "Iraq" , + IR => "Iran, Islamic Republic of" , + IS => "Iceland" , + IT => "Italy" , + JE => "Jersey" , + JM => "Jamaica" , + JO => "Jordan" , + JP => "Japan" , + KE => "Kenya" , + KG => "Kyrgyzstan" , + KH => "Cambodia" , + KI => "Kiribati" , + KM => "Comoros" , + KN => "Saint Kitts and Nevis" , + KP => "Korea, Democratic People's Republic of" , + KR => "Korea, Republic of" , + KW => "Kuwait" , + KY => "Cayman Islands" , + KZ => "Kazakhstan" , + LA => "Lao People's Democratic Republic" , + LB => "Lebanon" , + LC => "Saint Lucia" , + LI => "Liechtenstein" , + LK => "Sri Lanka" , + LR => "Liberia" , + LS => "Lesotho" , + LT => "Lithuania" , + LU => "Luxembourg" , + LV => "Latvia" , + LY => "Libyan Arab Jamahiriya" , + MA => "Morocco" , + MC => "Monaco" , + MD => "Moldova, Republic of" , + ME => "Montenegro" , + MG => "Madagascar" , + MH => "Marshall Islands" , + MK => "Macedonia" , + ML => "Mali" , + MM => "Myanmar" , + MN => "Mongolia" , + MO => "Macau" , + MP => "Northern Mariana Islands" , + MQ => "Martinique" , + MR => "Mauritania" , + MS => "Montserrat" , + MT => "Malta" , + MU => "Mauritius" , + MV => "Maldives" , + MW => "Malawi" , + MX => "Mexico" , + MY => "Malaysia" , + MZ => "Mozambique" , + NA => "Namibia" , + NC => "New Caledonia" , + NE => "Niger" , + NF => "Norfolk Island" , + NG => "Nigeria" , + NI => "Nicaragua" , + NL => "Netherlands" , + NO => "Norway" , + NP => "Nepal" , + NR => "Nauru" , + NU => "Niue" , + NZ => "New Zealand" , + OM => "Oman" , + PA => "Panama" , + PE => "Peru" , + PF => "French Polynesia" , + PG => "Papua New Guinea" , + PH => "Philippines" , + PK => "Pakistan" , + PL => "Poland" , + PM => "Saint Pierre and Miquelon" , + PR => "Puerto Rico" , + PS => "Palestinian Territory, Occupied" , + PT => "Portugal" , + PW => "Palau" , + PY => "Paraguay" , + QA => "Qatar" , + RE => "Reunion" , + RO => "Romania" , + RS => "Serbia" , + RU => "Russian Federation" , + RW => "Rwanda" , + SA => "Saudi Arabia" , + SB => "Solomon Islands" , + SC => "Seychelles" , + SD => "Sudan" , + SE => "Sweden" , + SG => "Singapore" , + SH => "Saint Helena" , + SI => "Slovenia" , + SJ => "Svalbard and Jan Mayen" , + SK => "Slovakia" , + SL => "Sierra Leone" , + SM => "San Marino" , + SN => "Senegal" , + SO => "Somalia" , + SR => "Suriname" , + ST => "Sao Tome and Principe" , + SV => "El Salvador" , + SY => "Syrian Arab Republic" , + SZ => "Swaziland" , + TC => "Turks and Caicos Islands" , + TD => "Chad" , + TF => "French Southern Territories" , + TG => "Togo" , + TH => "Thailand" , + TJ => "Tajikistan" , + TK => "Tokelau" , + TL => "Timor-Leste" , + TM => "Turkmenistan" , + TN => "Tunisia" , + TO => "Tonga" , + TR => "Turkey" , + TT => "Trinidad and Tobago" , + TV => "Tuvalu" , + TW => "Taiwan" , + TZ => "Tanzania, United Republic of" , + UA => "Ukraine" , + UG => "Uganda" , + UM => "United States Minor Outlying Islands" , + US => "United States" , + UY => "Uruguay" , + UZ => "Uzbekistan" , + VA => "Holy See (Vatican City State)" , + VC => "Saint Vincent and the Grenadines" , + VE => "Venezuela" , + VG => "Virgin Islands, British" , + VI => "Virgin Islands, U.S." , + VN => "Vietnam" , + VU => "Vanuatu" , + WF => "Wallis and Futuna" , + WS => "Samoa" , + YE => "Yemen" , + YT => "Mayotte" , + ZA => "South Africa" , + ZM => "Zambia" , + ZW => "Zimbabwe" , + ) + } else { + %isocodes = ( + AD => "Andorra" , + AE => "United Arab Emirates" , + AF => "Afghanistan" , + AL => "Albania" , + AM => "Armenia" , + AO => "Angola" , + AP => "Asia/Pacific Region" , + AR => "Argentina" , + AS => "American Samoa" , + AT => "Austria" , + AU => "Australia" , + AW => "Aruba" , + AZ => "Azerbaijan" , + BA => "Bosnia and Herzegovina" , + BD => "Bangladesh" , + BE => "Belgium" , + BF => "Burkina Faso" , + BG => "Bulgaria" , + BH => "Bahrain" , + BI => "Burundi" , + BJ => "Benin" , + BM => "Bermuda" , + BN => "Brunei Darussalam" , + BO => "Bolivia" , + BR => "Brazil" , + BS => "Bahamas" , + BT => "Bhutan" , + BW => "Botswana" , + BY => "Belarus" , + BZ => "Belize" , + CA => "Canada" , + CD => "Congo, The Democratic Republic of the" , + CH => "Switzerland" , + CI => "Cote D'Ivoire" , + CK => "Cook Islands" , + CL => "Chile" , + CM => "Cameroon" , + CN => "China" , + CO => "Colombia" , + CR => "Costa Rica" , + CU => "Cuba" , + CW => "" , + CY => "Cyprus" , + CZ => "Czech Republic" , + DE => "Germany" , + DJ => "Djibouti" , + DK => "Denmark" , + DO => "Dominican Republic" , + DZ => "Algeria" , + EC => "Ecuador" , + EE => "Estonia" , + EG => "Egypt" , + ES => "Spain" , + EU => "Europe" , + FI => "Finland" , + FJ => "Fiji" , + FM => "Micronesia, Federated States of" , + FO => "Faroe Islands" , + FR => "France" , + GB => "United Kingdom" , + GD => "Grenada" , + GE => "Georgia" , + GG => "Guernsey" , + GH => "Ghana" , + GI => "Gibraltar" , + GL => "Greenland" , + GM => "Gambia" , + GP => "Guadeloupe" , + GR => "Greece" , + GT => "Guatemala" , + GU => "Guam" , + GY => "Guyana" , + HK => "Hong Kong" , + HN => "Honduras" , + HR => "Croatia" , + HT => "Haiti" , + HU => "Hungary" , + ID => "Indonesia" , + IE => "Ireland" , + IL => "Israel" , + IM => "Isle of Man" , + IN => "India" , + IQ => "Iraq" , + IR => "Iran, Islamic Republic of" , + IS => "Iceland" , + IT => "Italy" , + JE => "Jersey" , + JM => "Jamaica" , + JO => "Jordan" , + JP => "Japan" , + KE => "Kenya" , + KG => "Kyrgyzstan" , + KH => "Cambodia" , + KN => "Saint Kitts and Nevis" , + KR => "Korea, Republic of" , + KW => "Kuwait" , + KY => "Cayman Islands" , + KZ => "Kazakhstan" , + LA => "Lao People's Democratic Republic" , + LB => "Lebanon" , + LI => "Liechtenstein" , + LK => "Sri Lanka" , + LS => "Lesotho" , + LT => "Lithuania" , + LU => "Luxembourg" , + LV => "Latvia" , + LY => "Libyan Arab Jamahiriya" , + MA => "Morocco" , + MC => "Monaco" , + MD => "Moldova, Republic of" , + ME => "Montenegro" , + MG => "Madagascar" , + MH => "Marshall Islands" , + MK => "Macedonia" , + ML => "Mali" , + MM => "Myanmar" , + MN => "Mongolia" , + MO => "Macau" , + MT => "Malta" , + MU => "Mauritius" , + MV => "Maldives" , + MW => "Malawi" , + MX => "Mexico" , + MY => "Malaysia" , + MZ => "Mozambique" , + NA => "Namibia" , + NC => "New Caledonia" , + NF => "Norfolk Island" , + NG => "Nigeria" , + NI => "Nicaragua" , + NL => "Netherlands" , + NO => "Norway" , + NP => "Nepal" , + NR => "Nauru" , + NU => "Niue" , + NZ => "New Zealand" , + OM => "Oman" , + PA => "Panama" , + PE => "Peru" , + PF => "French Polynesia" , + PG => "Papua New Guinea" , + PH => "Philippines" , + PK => "Pakistan" , + PL => "Poland" , + PR => "Puerto Rico" , + PS => "Palestinian Territory" , + PT => "Portugal" , + PW => "Palau" , + PY => "Paraguay" , + QA => "Qatar" , + RO => "Romania" , + RS => "Serbia" , + RU => "Russian Federation" , + RW => "Rwanda" , + SA => "Saudi Arabia" , + SB => "Solomon Islands" , + SC => "Seychelles" , + SD => "Sudan" , + SE => "Sweden" , + SG => "Singapore" , + SI => "Slovenia" , + SK => "Slovakia" , + SL => "Sierra Leone" , + SM => "San Marino" , + SN => "Senegal" , + SO => "Somalia" , + ST => "Sao Tome and Principe" , + SV => "El Salvador" , + SY => "Syrian Arab Republic" , + SZ => "Swaziland" , + TH => "Thailand" , + TK => "Tokelau" , + TN => "Tunisia" , + TO => "Tonga" , + TR => "Turkey" , + TT => "Trinidad and Tobago" , + TV => "Tuvalu" , + TW => "Taiwan" , + TZ => "Tanzania, United Republic of" , + UA => "Ukraine" , + UG => "Uganda" , + US => "United States" , + UY => "Uruguay" , + UZ => "Uzbekistan" , + VA => "Holy See (Vatican City State)" , + VE => "Venezuela" , + VI => "Virgin Islands, U.S." , + VN => "Vietnam" , + VU => "Vanuatu" , + WS => "Samoa" , + YE => "Yemen" , + ZA => "South Africa" , + ZM => "Zambia" , + ZW => "Zimbabwe" , + ); + } + # # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined. # @@ -4659,6 +5109,16 @@ sub match_source_net( $;$\$ ) { return $result; } + if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) { + require_capability 'GEOIP_MATCH', 'A country-code', ''; + + for ( split_list $2, 'cc' ) { + fatal_error "Unknown or invalid Country Code" unless $isocodes{$_}; + } + + return join( '', '-m geoip ', $1 ? '! ' : '', '--src-cc ', $2 , ' '); + } + if ( $net =~ s/^!// ) { if ( $net =~ /^([&%])(.+)/ ) { return '! -s ' . record_runtime_address $1, $2; @@ -4713,6 +5173,16 @@ sub imatch_source_net( $;$\$ ) { return \@result; } + if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) { + require_capability 'GEOIP_MATCH', 'A country-code', ''; + + for ( split_list $2, 'cc' ) { + fatal_error "Unknown or invalid Country Code" unless $isocodes{$_}; + } + + return ( geoip => , join( '', $1 ? '! ' : '', '--src-cc ', $2 ) ); + } + if ( $net =~ s/^!// ) { if ( $net =~ /^([&%])(.+)/ ) { return ( s => '! ' . record_runtime_address( $1, $2, 1 ) ); @@ -4762,6 +5232,16 @@ sub match_dest_net( $ ) { return $result; } + if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) { + require_capability 'GEOIP_MATCH', 'A country-code', ''; + + for ( split_list $2, 'cc' ) { + fatal_error "Unknown or invalid Country Code" unless $isocodes{$_}; + } + + return join( '', '-m geoip ', $1 ? '! ' : '', '--dst-cc ', $2, ' ' ); + } + if ( $net =~ s/^!// ) { if ( $net =~ /^([&%])(.+)/ ) { return '! -d ' . record_runtime_address $1, $2; @@ -4809,6 +5289,16 @@ sub imatch_dest_net( $ ) { return \@result; } + if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) { + require_capability 'GEOIP_MATCH', 'A country-code', ''; + + for ( split_list $2, 'cc' ) { + fatal_error "Unknown or invalid Country Code" unless $isocodes{$_}; + } + + return ( geoip => , join( '', $1 ? '! ' : '', '--dst-cc ', $2 ) ); + } + if ( $net =~ s/^!// ) { if ( $net =~ /^([&%])(.+)/ ) { return ( d => '! ' . record_runtime_address( $1, $2, 1 ) ); @@ -5607,7 +6097,8 @@ sub expand_rule( $$$$$$$$$$;$ ) } elsif ( $source =~ /^(.+?):(.+)$/ ) { $iiface = $1; $inets = $2; - } elsif ( $source =~ /\+|&|~|\..*\./ ) { + } elsif ( $source =~ /\+|&|~|\..*\./ || + ( ! ( $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT ) ) && $source =~ /^!?{/ ) ) { $inets = $source; } else { $iiface = $source; @@ -5621,7 +6112,8 @@ sub expand_rule( $$$$$$$$$$;$ ) } else { $inets = $source; } - } elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ ) { + } elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ || + ( ! ( $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT ) ) && $source =~ /^!?{/ ) ) { $inets = $source; } else { $iiface = $source; @@ -5706,7 +6198,8 @@ sub expand_rule( $$$$$$$$$$;$ ) if ( $dest =~ /^(.+?):(.+)$/ ) { $diface = $1; $dnets = $2; - } elsif ( $dest =~ /\+|&|%|~|\..*\./ ) { + } elsif ( $dest =~ /\+|&|%|~|\..*\./ || + ( ! ( $restriction & ( PREROUTE_RESTRICT | INPUT_RESTRICT ) ) && $dest =~ /^!?{/ ) ) { $dnets = $dest; } else { $diface = $dest; @@ -5720,7 +6213,8 @@ sub expand_rule( $$$$$$$$$$;$ ) } else { $dnets = $dest; } - } elsif ( $dest =~ /(?:\+|&|\..*\.)/ ) { + } elsif ( $dest =~ /(?:\+|&|\..*\.)/ || + ( ! ( $restriction & ( PREROUTE_RESTRICT | INPUT_RESTRICT ) ) && $dest =~ /^!?{/ ) ) { $dnets = $dest; } else { $diface = $dest; diff --git a/Shorewall/action.GeoIP b/Shorewall/action.GeoIP deleted file mode 100644 index b06abdb54..000000000 --- a/Shorewall/action.GeoIP +++ /dev/null @@ -1,339 +0,0 @@ -# -# Shorewall 4 - GeoIP Action -# -# /usr/share/shorewall/action.GeoIP -# -# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] -# -# (c) 2012- Tom Eastep (teastep@shorewall.net) -# -# Complete documentation is available at http://shorewall.net -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# GeoIP[([,{|-}][,{src|dst}][,{audit|-}])] -# -# Where is a list of one or more ISO 3166 Country Codes (see table -# below). -# -# Default action is to do nothing, so either an must be specified or -# the parameter list must be followed by : to generate a logging rule. -# (e.g., GeoIP(US):info). -# -########################################################################################## -FORMAT 2 - -DEFAULTS -,-,src,- - -BEGIN PERL; - -use strict; -use Shorewall::Chains qw(:DEFAULT :internal); - -my ( $countries, $action, $srcdst, $audit ) = get_action_params( 4 ); - -our %isocodes = ( - A1 => "Anonymous Proxy" , - A2 => "Satellite Provider" , - AD => "Andorra" , - AE => "United Arab Emirates" , - AF => "Afghanistan" , - AG => "Antigua and Barbuda" , - AI => "Anguilla" , - AL => "Albania" , - AM => "Armenia" , - AN => "Netherlands Antilles" , - AO => "Angola" , - AP => "Asia/Pacific Region" , - AQ => "Antarctica" , - AR => "Argentina" , - AS => "American Samoa" , - AT => "Austria" , - AU => "Australia" , - AW => "Aruba" , - AX => "Aland Islands" , - AZ => "Azerbaijan" , - BA => "Bosnia and Herzegovina" , - BB => "Barbados" , - BD => "Bangladesh" , - BE => "Belgium" , - BF => "Burkina Faso" , - BG => "Bulgaria" , - BH => "Bahrain" , - BI => "Burundi" , - BJ => "Benin" , - BM => "Bermuda" , - BN => "Brunei Darussalam" , - BO => "Bolivia" , - BR => "Brazil" , - BS => "Bahamas" , - BT => "Bhutan" , - BV => "Bouvet Island" , - BW => "Botswana" , - BY => "Belarus" , - BZ => "Belize" , - CA => "Canada" , - CC => "Cocos (Keeling) Islands" , - CD => "Congo, The Democratic Republic of the" , - CF => "Central African Republic" , - CG => "Congo" , - CH => "Switzerland" , - CI => "Cote D'Ivoire" , - CK => "Cook Islands" , - CL => "Chile" , - CM => "Cameroon" , - CN => "China" , - CO => "Colombia" , - CR => "Costa Rica" , - CU => "Cuba" , - CV => "Cape Verde" , - CX => "Christmas Island" , - CY => "Cyprus" , - CZ => "Czech Republic" , - DE => "Germany" , - DJ => "Djibouti" , - DK => "Denmark" , - DM => "Dominica" , - DO => "Dominican Republic" , - DZ => "Algeria" , - EC => "Ecuador" , - EE => "Estonia" , - EG => "Egypt" , - EH => "Western Sahara" , - ER => "Eritrea" , - ES => "Spain" , - ET => "Ethiopia" , - EU => "Europe" , - FI => "Finland" , - FJ => "Fiji" , - FK => "Falkland Islands (Malvinas)" , - FM => "Micronesia, Federated States of" , - FO => "Faroe Islands" , - FR => "France" , - GA => "Gabon" , - GB => "United Kingdom" , - GD => "Grenada" , - GE => "Georgia" , - GF => "French Guiana" , - GG => "Guernsey" , - GH => "Ghana" , - GI => "Gibraltar" , - GL => "Greenland" , - GM => "Gambia" , - GN => "Guinea" , - GP => "Guadeloupe" , - GQ => "Equatorial Guinea" , - GR => "Greece" , - GS => "South Georgia and the South Sandwich Islands" , - GT => "Guatemala" , - GU => "Guam" , - GW => "Guinea-Bissau" , - GY => "Guyana" , - HK => "Hong Kong" , - HN => "Honduras" , - HR => "Croatia" , - HT => "Haiti" , - HU => "Hungary" , - ID => "Indonesia" , - IE => "Ireland" , - IL => "Israel" , - IM => "Isle of Man" , - IN => "India" , - IO => "British Indian Ocean Territory" , - IQ => "Iraq" , - IR => "Iran, Islamic Republic of" , - IS => "Iceland" , - IT => "Italy" , - JE => "Jersey" , - JM => "Jamaica" , - JO => "Jordan" , - JP => "Japan" , - KE => "Kenya" , - KG => "Kyrgyzstan" , - KH => "Cambodia" , - KI => "Kiribati" , - KM => "Comoros" , - KN => "Saint Kitts and Nevis" , - KP => "Korea, Democratic People's Republic of" , - KR => "Korea, Republic of" , - KW => "Kuwait" , - KY => "Cayman Islands" , - KZ => "Kazakhstan" , - LA => "Lao People's Democratic Republic" , - LB => "Lebanon" , - LC => "Saint Lucia" , - LI => "Liechtenstein" , - LK => "Sri Lanka" , - LR => "Liberia" , - LS => "Lesotho" , - LT => "Lithuania" , - LU => "Luxembourg" , - LV => "Latvia" , - LY => "Libyan Arab Jamahiriya" , - MA => "Morocco" , - MC => "Monaco" , - MD => "Moldova, Republic of" , - ME => "Montenegro" , - MG => "Madagascar" , - MH => "Marshall Islands" , - MK => "Macedonia" , - ML => "Mali" , - MM => "Myanmar" , - MN => "Mongolia" , - MO => "Macau" , - MP => "Northern Mariana Islands" , - MQ => "Martinique" , - MR => "Mauritania" , - MS => "Montserrat" , - MT => "Malta" , - MU => "Mauritius" , - MV => "Maldives" , - MW => "Malawi" , - MX => "Mexico" , - MY => "Malaysia" , - MZ => "Mozambique" , - NA => "Namibia" , - NC => "New Caledonia" , - NE => "Niger" , - NF => "Norfolk Island" , - NG => "Nigeria" , - NI => "Nicaragua" , - NL => "Netherlands" , - NO => "Norway" , - NP => "Nepal" , - NR => "Nauru" , - NU => "Niue" , - NZ => "New Zealand" , - OM => "Oman" , - PA => "Panama" , - PE => "Peru" , - PF => "French Polynesia" , - PG => "Papua New Guinea" , - PH => "Philippines" , - PK => "Pakistan" , - PL => "Poland" , - PM => "Saint Pierre and Miquelon" , - PR => "Puerto Rico" , - PS => "Palestinian Territory, Occupied" , - PT => "Portugal" , - PW => "Palau" , - PY => "Paraguay" , - QA => "Qatar" , - RE => "Reunion" , - RO => "Romania" , - RS => "Serbia" , - RU => "Russian Federation" , - RW => "Rwanda" , - SA => "Saudi Arabia" , - SB => "Solomon Islands" , - SC => "Seychelles" , - SD => "Sudan" , - SE => "Sweden" , - SG => "Singapore" , - SH => "Saint Helena" , - SI => "Slovenia" , - SJ => "Svalbard and Jan Mayen" , - SK => "Slovakia" , - SL => "Sierra Leone" , - SM => "San Marino" , - SN => "Senegal" , - SO => "Somalia" , - SR => "Suriname" , - ST => "Sao Tome and Principe" , - SV => "El Salvador" , - SY => "Syrian Arab Republic" , - SZ => "Swaziland" , - TC => "Turks and Caicos Islands" , - TD => "Chad" , - TF => "French Southern Territories" , - TG => "Togo" , - TH => "Thailand" , - TJ => "Tajikistan" , - TK => "Tokelau" , - TL => "Timor-Leste" , - TM => "Turkmenistan" , - TN => "Tunisia" , - TO => "Tonga" , - TR => "Turkey" , - TT => "Trinidad and Tobago" , - TV => "Tuvalu" , - TW => "Taiwan" , - TZ => "Tanzania, United Republic of" , - UA => "Ukraine" , - UG => "Uganda" , - UM => "United States Minor Outlying Islands" , - US => "United States" , - UY => "Uruguay" , - UZ => "Uzbekistan" , - VA => "Holy See (Vatican City State)" , - VC => "Saint Vincent and the Grenadines" , - VE => "Venezuela" , - VG => "Virgin Islands, British" , - VI => "Virgin Islands, U.S." , - VN => "Vietnam" , - VU => "Vanuatu" , - WF => "Wallis and Futuna" , - WS => "Samoa" , - YE => "Yemen" , - YT => "Mayotte" , - ZA => "South Africa" , - ZM => "Zambia" , - ZW => "Zimbabwe" , - ); - -require_capability 'GEOIP_MATCH', 'The GeoIP action', 's'; - -fatal_error "Missing Country Code(s)" unless $countries; -fatal_error "Invalid parameter ($audit) to action GeoIP" if supplied $audit && $audit ne 'audit'; -fatal_error "Invalid SRC/DST ($srcdst)" if supplied $srcdst && $srcdst !~ /^(src|dst)$/; - -my $chainref = get_action_chain; -my ( $level, $tag ) = get_action_logging; -my $target = require_audit ( $action , $audit ); -my $origcountries = $countries; - -$countries =~ s/\|/,/g; - -my @countries = split_list $countries, 'cc', $origcountries; - -for ( @countries ) { - fatal_error "Unknown ISO 3661 Country Code ($_)" unless $isocodes{$_}; -} - -$tag = $countries[0] unless $tag || @countries > 1; - -if ( $target ne '' ) { - my $targettype = $targets{$target} || 0; - fatal_error "Unknown ACTION ($target)" unless $targettype; - fatal_error "The $target action may not be passed to GeoIP" unless ( $targettype & (STANDARD | CHAIN | ACTION ) ) && ! ( $targettype & ( NATRULE | NONAT ) ); - - if ( $level ne '' ) { - my $chain1ref = ensure_filter_chain( newlogchain('filter' ), 0 ); - log_rule_limit $level, $chain1ref, $chainref->{name}, $target ? $target : 'LOG' , '', $tag, 'add', ''; - add_ijump( $chain1ref, j => $target ); - $target = $chain1ref->{name}; - } - - add_ijump $chainref , j => $target, geoip => "--${srcdst}-cc $countries"; -} elsif ( $level ne '' ) { - log_rule_limit $level, $chainref, 'GeoIP' , $target ? $target : 'LOG' , '', $tag, 'add', "-m geoip --${srcdst}-cc $countries"; -} else { - fatal_error "Either an action or a log level must be specified"; -} - -allow_optimize( $chainref ); - -1; - -END PERL; diff --git a/Shorewall/actions.std b/Shorewall/actions.std index f9ca100e3..d0996931a 100644 --- a/Shorewall/actions.std +++ b/Shorewall/actions.std @@ -38,7 +38,6 @@ A_Reject # Audited Default action for REJECT policy Broadcast # Handles Broadcast/Multicast/Anycast Drop # Default Action for DROP policy DropSmurfs # Drop smurf packets -GeoIP # Match packets by ISO 3166 Country Code Invalid # Handles packets in the INVALID conntrack state NotSyn # Handles TCP packets which do not have SYN=1 and ACK=0 Reject # Default Action for REJECT policy diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index e81de9f04..a2262da51 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -563,7 +563,7 @@ role="bold">-]}[:interface][:{address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset} + role="bold">+ipset|countrycode-list} Source hosts to which the rule applies. May be a @@ -639,6 +639,16 @@ url="shorewall-interfaces.html">shorewall-interfaces (5). + Beginning with Shorewall 4.5.4, A + countrycode-list may be specified. A + countrycode-list is a comma-separated list of two-character ISO-3661 + country codes enclosed in curly braces ('{...}'). A list of country + codes supported by Shorewall may be found at http://www.shorewall.net/ISO-3661.html. + Specifying a countrycode-list requires + GeoIP Match support in your iptables and + Kernel. + You may exclude certain hosts from the set already defined through use of an exclusion (see shorewall-exclusion(5)). @@ -726,7 +736,7 @@ role="bold">+][-]}[:{interface|address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset}][port[:+ipset|countrycode-list}][port[:random]] @@ -744,6 +754,16 @@ "+" to indicate that the rule is to apply to intra-zone traffic as well as inter-zone traffic. + Beginning with Shorewall 4.5.4, A + countrycode-list may be specified. A + countrycode-list is a comma-separated list of two-character ISO-3661 + country codes enclosed in curly braces ('{...}'). A list of country + codes supported by Shorewall may be found at http://www.shorewall.net/ISO-3661.html. + Specifying a countrycode-list requires + GeoIP Match support in your iptables and + Kernel. + When none is used either in the SOURCE or DEST column, the rule is ignored. @@ -1505,7 +1525,7 @@ SSH connection to the ipset S: #ACTION SOURCE DEST PROTO DEST - # PORT(S) + # PORT(S) ADD(+S:dst,src,dst) net fw tcp 22 @@ -1535,6 +1555,19 @@ DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down + + + Example 13: + + + Drop all email from the Anonymous Proxy + and Satellite Provider address ranges: + + #ACTION SOURCE DEST PROTO DEST + # PORT(S) + DROP net:{A1,A2} fw tcp 22 + + diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml index 2974ed61f..3e542b92d 100644 --- a/Shorewall6/manpages/shorewall6-rules.xml +++ b/Shorewall6/manpages/shorewall6-rules.xml @@ -422,7 +422,7 @@ role="bold">-]}[:interface][:{address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset} + role="bold">+ipset|countrycode-list} Source hosts to which the rule applies. May be a zone declared @@ -490,6 +490,16 @@ url="shorewall-interfaces.html">shorewall6-interfaces (5). + Beginning with Shorewall 4.5.4, A + countrycode-list may be specified. A + countrycode-list is a comma-separated list of two-character ISO-3661 + country codes enclosed in curly braces ('{...}'). A list of country + codes supported by Shorewall may be found at http://www.shorewall.net/ISO-3661.html. + Specifying a countrycode-list requires + GeoIP Match support in your ip6tables and + Kernel. + When an interface is not specified, you may omit the angled brackets ('<' and '>') around the address(es) or you may supply them to improve readability. @@ -586,7 +596,7 @@ role="bold">-]}[:interface][:{address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset} + role="bold">+ipset|countrycode-list} Location of Server. May be a zone declared in shorewall6-interfaces (5). + Beginning with Shorewall 4.5.4, A + countrycode-list may be specified. A + countrycode-list is a comma-separated list of two-character ISO-3661 + country codes enclosed in curly braces ('{...}'). A list of country + codes supported by Shorewall may be found at http://www.shorewall.net/ISO-3661.html. + Specifying a countrycode-list requires + GeoIP Match support in your ip6tables and + Kernel. + When none is used either in the SOURCE or DEST column, the rule is ignored. @@ -1215,6 +1235,19 @@ DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down + + + Example 7: + + + Drop all email from IP addresses in the country whose ISO-3661 + country code is ZZ. + + #ACTION SOURCE DEST PROTO DEST + # PORT(S) + DROP net:{ZZ} fw tcp 22 + + diff --git a/docs/ISO-3661.xml b/docs/ISO-3661.xml new file mode 100644 index 000000000..815521e9b --- /dev/null +++ b/docs/ISO-3661.xml @@ -0,0 +1,510 @@ + + +
+ + + + ISO 3661 Country Codes recognized by Shorewall + + + + Tom + + Eastep + + + + + + + 2012 + + Thomas M. Eastep + + + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, Version + 1.2 or any later version published by the Free Software Foundation; with + no Invariant Sections, with no Front-Cover, and with no Back-Cover + Texts. A copy of the license is included in the section entitled + GNU Free Documentation + License. + + + +
+ Introduction + + Beginning with Shorewall 4.5.4, Shorewall allows matching packet + SOURCE and/or DEST IP addresses by their corresponding country. That is + dont by specifying a comma-separated list of ISO-3661 2-character Country + Codes enclosed in curly braces ('{...}'). + + Example - Drop email from the Anonymous Proxy and Satellite Provider + networks. + + /etc/shorewall/tcrules: + + #ACTION SOURCE DEST PROTO DEST + # PORT(S) + DROP:info net:{A1,A2} dmz tcp 25 + + + The country codes recognized by Shorewall as of Shorewall 4.5.4 are + shown in the following two sections. +
+ +
+ IPv4 + + A1 => "Anonymous Proxy" , + A2 => "Satellite Provider" , + AD => "Andorra" , + AE => "United Arab Emirates" , + AF => "Afghanistan" , + AG => "Antigua and Barbuda" , + AI => "Anguilla" , + AL => "Albania" , + AM => "Armenia" , + AN => "Netherlands Antilles" , + AO => "Angola" , + AP => "Asia/Pacific Region" , + AQ => "Antarctica" , + AR => "Argentina" , + AS => "American Samoa" , + AT => "Austria" , + AU => "Australia" , + AW => "Aruba" , + AX => "Aland Islands" , + AZ => "Azerbaijan" , + BA => "Bosnia and Herzegovina" , + BB => "Barbados" , + BD => "Bangladesh" , + BE => "Belgium" , + BF => "Burkina Faso" , + BG => "Bulgaria" , + BH => "Bahrain" , + BI => "Burundi" , + BJ => "Benin" , + BM => "Bermuda" , + BN => "Brunei Darussalam" , + BO => "Bolivia" , + BR => "Brazil" , + BS => "Bahamas" , + BT => "Bhutan" , + BV => "Bouvet Island" , + BW => "Botswana" , + BY => "Belarus" , + BZ => "Belize" , + CA => "Canada" , + CC => "Cocos (Keeling) Islands" , + CD => "Congo, The Democratic Republic of the" , + CF => "Central African Republic" , + CG => "Congo" , + CH => "Switzerland" , + CI => "Cote D'Ivoire" , + CK => "Cook Islands" , + CL => "Chile" , + CM => "Cameroon" , + CN => "China" , + CO => "Colombia" , + CR => "Costa Rica" , + CU => "Cuba" , + CV => "Cape Verde" , + CX => "Christmas Island" , + CY => "Cyprus" , + CZ => "Czech Republic" , + DE => "Germany" , + DJ => "Djibouti" , + DK => "Denmark" , + DM => "Dominica" , + DO => "Dominican Republic" , + DZ => "Algeria" , + EC => "Ecuador" , + EE => "Estonia" , + EG => "Egypt" , + EH => "Western Sahara" , + ER => "Eritrea" , + ES => "Spain" , + ET => "Ethiopia" , + EU => "Europe" , + FI => "Finland" , + FJ => "Fiji" , + FK => "Falkland Islands (Malvinas)" , + FM => "Micronesia, Federated States of" , + FO => "Faroe Islands" , + FR => "France" , + GA => "Gabon" , + GB => "United Kingdom" , + GD => "Grenada" , + GE => "Georgia" , + GF => "French Guiana" , + GG => "Guernsey" , + GH => "Ghana" , + GI => "Gibraltar" , + GL => "Greenland" , + GM => "Gambia" , + GN => "Guinea" , + GP => "Guadeloupe" , + GQ => "Equatorial Guinea" , + GR => "Greece" , + GS => "South Georgia and the South Sandwich Islands" , + GT => "Guatemala" , + GU => "Guam" , + GW => "Guinea-Bissau" , + GY => "Guyana" , + HK => "Hong Kong" , + HN => "Honduras" , + HR => "Croatia" , + HT => "Haiti" , + HU => "Hungary" , + ID => "Indonesia" , + IE => "Ireland" , + IL => "Israel" , + IM => "Isle of Man" , + IN => "India" , + IO => "British Indian Ocean Territory" , + IQ => "Iraq" , + IR => "Iran, Islamic Republic of" , + IS => "Iceland" , + IT => "Italy" , + JE => "Jersey" , + JM => "Jamaica" , + JO => "Jordan" , + JP => "Japan" , + KE => "Kenya" , + KG => "Kyrgyzstan" , + KH => "Cambodia" , + KI => "Kiribati" , + KM => "Comoros" , + KN => "Saint Kitts and Nevis" , + KP => "Korea, Democratic People's Republic of" , + KR => "Korea, Republic of" , + KW => "Kuwait" , + KY => "Cayman Islands" , + KZ => "Kazakhstan" , + LA => "Lao People's Democratic Republic" , + LB => "Lebanon" , + LC => "Saint Lucia" , + LI => "Liechtenstein" , + LK => "Sri Lanka" , + LR => "Liberia" , + LS => "Lesotho" , + LT => "Lithuania" , + LU => "Luxembourg" , + LV => "Latvia" , + LY => "Libyan Arab Jamahiriya" , + MA => "Morocco" , + MC => "Monaco" , + MD => "Moldova, Republic of" , + ME => "Montenegro" , + MG => "Madagascar" , + MH => "Marshall Islands" , + MK => "Macedonia" , + ML => "Mali" , + MM => "Myanmar" , + MN => "Mongolia" , + MO => "Macau" , + MP => "Northern Mariana Islands" , + MQ => "Martinique" , + MR => "Mauritania" , + MS => "Montserrat" , + MT => "Malta" , + MU => "Mauritius" , + MV => "Maldives" , + MW => "Malawi" , + MX => "Mexico" , + MY => "Malaysia" , + MZ => "Mozambique" , + NA => "Namibia" , + NC => "New Caledonia" , + NE => "Niger" , + NF => "Norfolk Island" , + NG => "Nigeria" , + NI => "Nicaragua" , + NL => "Netherlands" , + NO => "Norway" , + NP => "Nepal" , + NR => "Nauru" , + NU => "Niue" , + NZ => "New Zealand" , + OM => "Oman" , + PA => "Panama" , + PE => "Peru" , + PF => "French Polynesia" , + PG => "Papua New Guinea" , + PH => "Philippines" , + PK => "Pakistan" , + PL => "Poland" , + PM => "Saint Pierre and Miquelon" , + PR => "Puerto Rico" , + PS => "Palestinian Territory, Occupied" , + PT => "Portugal" , + PW => "Palau" , + PY => "Paraguay" , + QA => "Qatar" , + RE => "Reunion" , + RO => "Romania" , + RS => "Serbia" , + RU => "Russian Federation" , + RW => "Rwanda" , + SA => "Saudi Arabia" , + SB => "Solomon Islands" , + SC => "Seychelles" , + SD => "Sudan" , + SE => "Sweden" , + SG => "Singapore" , + SH => "Saint Helena" , + SI => "Slovenia" , + SJ => "Svalbard and Jan Mayen" , + SK => "Slovakia" , + SL => "Sierra Leone" , + SM => "San Marino" , + SN => "Senegal" , + SO => "Somalia" , + SR => "Suriname" , + ST => "Sao Tome and Principe" , + SV => "El Salvador" , + SY => "Syrian Arab Republic" , + SZ => "Swaziland" , + TC => "Turks and Caicos Islands" , + TD => "Chad" , + TF => "French Southern Territories" , + TG => "Togo" , + TH => "Thailand" , + TJ => "Tajikistan" , + TK => "Tokelau" , + TL => "Timor-Leste" , + TM => "Turkmenistan" , + TN => "Tunisia" , + TO => "Tonga" , + TR => "Turkey" , + TT => "Trinidad and Tobago" , + TV => "Tuvalu" , + TW => "Taiwan" , + TZ => "Tanzania, United Republic of" , + UA => "Ukraine" , + UG => "Uganda" , + UM => "United States Minor Outlying Islands" , + US => "United States" , + UY => "Uruguay" , + UZ => "Uzbekistan" , + VA => "Holy See (Vatican City State)" , + VC => "Saint Vincent and the Grenadines" , + VE => "Venezuela" , + VG => "Virgin Islands, British" , + VI => "Virgin Islands, U.S." , + VN => "Vietnam" , + VU => "Vanuatu" , + WF => "Wallis and Futuna" , + WS => "Samoa" , + YE => "Yemen" , + YT => "Mayotte" , + ZA => "South Africa" , + ZM => "Zambia" , + ZW => "Zimbabwe" , + +
+ +
+ IPv6 + + AD => "Andorra" , + AE => "United Arab Emirates" , + AF => "Afghanistan" , + AL => "Albania" , + AM => "Armenia" , + AO => "Angola" , + AP => "Asia/Pacific Region" , + AR => "Argentina" , + AS => "American Samoa" , + AT => "Austria" , + AU => "Australia" , + AW => "Aruba" , + AZ => "Azerbaijan" , + BA => "Bosnia and Herzegovina" , + BD => "Bangladesh" , + BE => "Belgium" , + BF => "Burkina Faso" , + BG => "Bulgaria" , + BH => "Bahrain" , + BI => "Burundi" , + BJ => "Benin" , + BM => "Bermuda" , + BN => "Brunei Darussalam" , + BO => "Bolivia" , + BR => "Brazil" , + BS => "Bahamas" , + BT => "Bhutan" , + BW => "Botswana" , + BY => "Belarus" , + BZ => "Belize" , + CA => "Canada" , + CD => "Congo, The Democratic Republic of the" , + CH => "Switzerland" , + CI => "Cote D'Ivoire" , + CK => "Cook Islands" , + CL => "Chile" , + CM => "Cameroon" , + CN => "China" , + CO => "Colombia" , + CR => "Costa Rica" , + CU => "Cuba" , + CW => "" , + CY => "Cyprus" , + CZ => "Czech Republic" , + DE => "Germany" , + DJ => "Djibouti" , + DK => "Denmark" , + DO => "Dominican Republic" , + DZ => "Algeria" , + EC => "Ecuador" , + EE => "Estonia" , + EG => "Egypt" , + ES => "Spain" , + EU => "Europe" , + FI => "Finland" , + FJ => "Fiji" , + FM => "Micronesia, Federated States of" , + FO => "Faroe Islands" , + FR => "France" , + GB => "United Kingdom" , + GD => "Grenada" , + GE => "Georgia" , + GG => "Guernsey" , + GH => "Ghana" , + GI => "Gibraltar" , + GL => "Greenland" , + GM => "Gambia" , + GP => "Guadeloupe" , + GR => "Greece" , + GT => "Guatemala" , + GU => "Guam" , + GY => "Guyana" , + HK => "Hong Kong" , + HN => "Honduras" , + HR => "Croatia" , + HT => "Haiti" , + HU => "Hungary" , + ID => "Indonesia" , + IE => "Ireland" , + IL => "Israel" , + IM => "Isle of Man" , + IN => "India" , + IQ => "Iraq" , + IR => "Iran, Islamic Republic of" , + IS => "Iceland" , + IT => "Italy" , + JE => "Jersey" , + JM => "Jamaica" , + JO => "Jordan" , + JP => "Japan" , + KE => "Kenya" , + KG => "Kyrgyzstan" , + KH => "Cambodia" , + KN => "Saint Kitts and Nevis" , + KR => "Korea, Republic of" , + KW => "Kuwait" , + KY => "Cayman Islands" , + KZ => "Kazakhstan" , + LA => "Lao People's Democratic Republic" , + LB => "Lebanon" , + LI => "Liechtenstein" , + LK => "Sri Lanka" , + LS => "Lesotho" , + LT => "Lithuania" , + LU => "Luxembourg" , + LV => "Latvia" , + LY => "Libyan Arab Jamahiriya" , + MA => "Morocco" , + MC => "Monaco" , + MD => "Moldova, Republic of" , + ME => "Montenegro" , + MG => "Madagascar" , + MH => "Marshall Islands" , + MK => "Macedonia" , + ML => "Mali" , + MM => "Myanmar" , + MN => "Mongolia" , + MO => "Macau" , + MT => "Malta" , + MU => "Mauritius" , + MV => "Maldives" , + MW => "Malawi" , + MX => "Mexico" , + MY => "Malaysia" , + MZ => "Mozambique" , + NA => "Namibia" , + NC => "New Caledonia" , + NF => "Norfolk Island" , + NG => "Nigeria" , + NI => "Nicaragua" , + NL => "Netherlands" , + NO => "Norway" , + NP => "Nepal" , + NR => "Nauru" , + NU => "Niue" , + NZ => "New Zealand" , + OM => "Oman" , + PA => "Panama" , + PE => "Peru" , + PF => "French Polynesia" , + PG => "Papua New Guinea" , + PH => "Philippines" , + PK => "Pakistan" , + PL => "Poland" , + PR => "Puerto Rico" , + PS => "Palestinian Territory" , + PT => "Portugal" , + PW => "Palau" , + PY => "Paraguay" , + QA => "Qatar" , + RO => "Romania" , + RS => "Serbia" , + RU => "Russian Federation" , + RW => "Rwanda" , + SA => "Saudi Arabia" , + SB => "Solomon Islands" , + SC => "Seychelles" , + SD => "Sudan" , + SE => "Sweden" , + SG => "Singapore" , + SI => "Slovenia" , + SK => "Slovakia" , + SL => "Sierra Leone" , + SM => "San Marino" , + SN => "Senegal" , + SO => "Somalia" , + ST => "Sao Tome and Principe" , + SV => "El Salvador" , + SY => "Syrian Arab Republic" , + SZ => "Swaziland" , + TH => "Thailand" , + TK => "Tokelau" , + TN => "Tunisia" , + TO => "Tonga" , + TR => "Turkey" , + TT => "Trinidad and Tobago" , + TV => "Tuvalu" , + TW => "Taiwan" , + TZ => "Tanzania, United Republic of" , + UA => "Ukraine" , + UG => "Uganda" , + US => "United States" , + UY => "Uruguay" , + UZ => "Uzbekistan" , + VA => "Holy See (Vatican City State)" , + VE => "Venezuela" , + VI => "Virgin Islands, U.S." , + VN => "Vietnam" , + VU => "Vanuatu" , + WS => "Samoa" , + YE => "Yemen" , + ZA => "South Africa" , + ZM => "Zambia" , + ZW => "Zimbabwe" , + +
+
diff --git a/docs/template.xml b/docs/template.xml index b18cb0482..6d6ffe4d9 100644 --- a/docs/template.xml +++ b/docs/template.xml @@ -5,7 +5,7 @@ - + <authorgroup> <author> @@ -18,7 +18,7 @@ <pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <copyright> - <year>2011</year> + <year>2012</year> <holder>Thomas M. Eastep</holder> </copyright> @@ -35,8 +35,8 @@ </articleinfo> <section> - <title> + - <para></para> + <para/> </section> </article>