Add default action specifications to /etc/shorewall/actions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4483 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-08-30 18:20:08 +00:00 · 2006-08-30 18:20:08 +00:00 · dc77b9ca6b
commit dc77b9ca6b
parent 4a4403029f
3 changed files with 11 additions and 43 deletions
--- a/Shorewall/actions
+++ b/Shorewall/actions
@ -30,4 +30,6 @@
 #
 ###############################################################################
 #ACTION
+Drop:DROP	# Default action for DROP
+Reject:REJECT	# Default action for REJECT
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall/policy
+++ b/Shorewall/policy
@ -60,13 +60,12 @@
 #					  "all".
 #
 #			If the policy is ACCEPT, DROP, REJECT or QUEUE then
-#			the policy may be followed by ":" and one of the
+#			the policy should be followed by ":" and one of the
 #			following:
 #			
 #			a) The word "None" or "none". This causes any default
-#			   action define in /etc/shorewall/actions.std or
-#			   /etc/shorewall/actions to be omitted for this
-#			   policy.
+#			   action define in /etc/shorewall/actions to be
+#			   omitted for this policy.
 #			b) The name of an action (requires that USE_ACTIONS=Yes
 #			   in shorewall.conf). That action will be invoked 
 #			   before the policy is enforced.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -71,49 +71,16 @@ Migration Considerations:
       Features section below), we need a way to define default rules
       for a policy.

-    The solution is to extend the POLICY column in
-    /etc/shorewall/policy and to remove the specification of 
-    a default action in /etc/shorewall/actions.std.
-
-    When the POLICY is ACCEPT, DROP, REJECT or QUEUE then the policy
-    may be followed by ":" and one of the following:
-			
-	a) The word "None" or "none". This causes any default
-	   action define in /etc/shorewall/actions to be omitted for
-	   this policy.
-	b) The name of an action (requires that USE_ACTIONS=Yes
-	   in shorewall.conf). That action will be invoked 
-	   before the policy is enforced.
-	c) The name of a macro. The rules in that macro will
-	   be applied before the policy is enforced. This
-	   does not require USE_ACTIONS=Yes.
-
-    Example:
-
-	#SOURCE		DEST		POLICY		LOG
-	#						LEVEL
-	loc		net		ACCEPT
-	net		all		DROP:Drop	info
-	#
-	# THE FOLLOWING POLICY MUST BE LAST
-	#
-	all		all		REJECT:Reject	info
-
-    With USE_ACTIONS=Yes, the above will work the same way that the
-    pre-3.3 setup did. The 'Drop' and 'Reject' actions will be invoked
-    before the DROP and REJECT policies are enforced.
-
-    With USE_ACTION=No, there will be no Drop or Reject actions so 
-    Shorewall will look for macros by that name; as described in item
-    2) above, these macros are provided as part of the Shorewall 3.3
-    release.
-
    If you are happy with the way that things worked in prior releases,
-    then simply add these two lines to your /etc/shorewall/actions:
+    then simply add these two lines to your /etc/shorewall/actions file
+    if they are not already there (and you have not defined different
+    default actions for DROP and/or REJECT):

 	 Drop:DROP
 	 Reject:REJECT
-  	 
+
+    Otherwise, please read item 3) in the New Features section below.
+
 New Features:

 1)  In order to accomodate small embedded applications, Shorewall 3.3