forked from extern/shorewall_code
Compare commits
1 Commits
5.0.2-Beta
...
4.6.13.2
| Author | SHA1 | Date | |
|---|---|---|---|
|
266863713d |
@@ -1,4 +1,4 @@
|
|||||||
Shoreline Firewall (Shorewall) Version 5
|
Shoreline Firewall (Shorewall) Version 4
|
||||||
----- ----
|
----- ----
|
||||||
|
|
||||||
-----------------------------------------------------------------------------
|
-----------------------------------------------------------------------------
|
||||||
|
|||||||
2
Shorewall-core/configure
vendored
2
Shorewall-core/configure
vendored
@@ -28,7 +28,7 @@
|
|||||||
#
|
#
|
||||||
# Build updates this
|
# Build updates this
|
||||||
#
|
#
|
||||||
VERSION=4.6.12
|
VERSION=4.5.2.1
|
||||||
|
|
||||||
case "$BASH_VERSION" in
|
case "$BASH_VERSION" in
|
||||||
[4-9].*)
|
[4-9].*)
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ use strict;
|
|||||||
# Build updates this
|
# Build updates this
|
||||||
#
|
#
|
||||||
use constant {
|
use constant {
|
||||||
VERSION => '4.6.12'
|
VERSION => '4.5.2.1'
|
||||||
};
|
};
|
||||||
|
|
||||||
my %params;
|
my %params;
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 5.0 -- /usr/share/shorewall/lib.base
|
# Shorewall 4.5 -- /usr/share/shorewall/lib.base
|
||||||
#
|
#
|
||||||
# (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
|
# (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
|
||||||
#
|
#
|
||||||
# Complete documentation is available at http://shorewall.net
|
# Complete documentation is available at http://shorewall.net
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 5.0 -- /usr/share/shorewall/lib.cli.
|
# Shorewall 4.5 -- /usr/share/shorewall/lib.cli.
|
||||||
#
|
#
|
||||||
# (c) 1999-2015 - Tom Eastep (teastep@shorewall.net)
|
# (c) 1999-2014 - Tom Eastep (teastep@shorewall.net)
|
||||||
#
|
#
|
||||||
# Complete documentation is available at http://shorewall.net
|
# Complete documentation is available at http://shorewall.net
|
||||||
#
|
#
|
||||||
@@ -388,16 +388,30 @@ do_save() {
|
|||||||
status=0
|
status=0
|
||||||
|
|
||||||
if [ -f ${VARDIR}/firewall ]; then
|
if [ -f ${VARDIR}/firewall ]; then
|
||||||
if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
|
if [ -n "$WORKAROUNDS" ]; then
|
||||||
cp -f ${VARDIR}/firewall $g_restorepath
|
if $iptables_save | iptablesbug | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
|
||||||
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
|
cp -f ${VARDIR}/firewall $g_restorepath
|
||||||
chmod +x $g_restorepath
|
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
|
||||||
echo " Currently-running Configuration Saved to $g_restorepath"
|
chmod +x $g_restorepath
|
||||||
run_user_exit save
|
echo " Currently-running Configuration Saved to $g_restorepath"
|
||||||
|
run_user_exit save
|
||||||
|
else
|
||||||
|
rm -f ${VARDIR}/restore-$$
|
||||||
|
echo " ERROR: Currently-running Configuration Not Saved" >&2
|
||||||
|
status=1
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
rm -f ${VARDIR}/restore-$$
|
if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
|
||||||
echo " ERROR: Currently-running Configuration Not Saved" >&2
|
cp -f ${VARDIR}/firewall $g_restorepath
|
||||||
status=1
|
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
|
||||||
|
chmod +x $g_restorepath
|
||||||
|
echo " Currently-running Configuration Saved to $g_restorepath"
|
||||||
|
run_user_exit save
|
||||||
|
else
|
||||||
|
rm -f ${VARDIR}/restore-$$
|
||||||
|
echo " ERROR: Currently-running Configuration Not Saved" >&2
|
||||||
|
status=1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo " ERROR: ${VARDIR}/firewall does not exist" >&2
|
echo " ERROR: ${VARDIR}/firewall does not exist" >&2
|
||||||
@@ -409,11 +423,24 @@ do_save() {
|
|||||||
resolve_arptables
|
resolve_arptables
|
||||||
|
|
||||||
if [ -n "$arptables" ]; then
|
if [ -n "$arptables" ]; then
|
||||||
if ${arptables}-save > ${VARDIR}/restore-$$; then
|
if [ -n "$WORKAROUNDS" ]; then
|
||||||
if grep -q '^-A' ${VARDIR}/restore-$$; then
|
#
|
||||||
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
|
# 'sed' command is a hack to work around broken arptables_jf
|
||||||
else
|
#
|
||||||
rm -f ${VARDIR}/restore-$$
|
if ${arptables}-save | sed 's/-p[[:space:]]\+0\([[:digit:]]\)00\/ffff/-p 000\1\/ffff/' > ${VARDIR}/restore-$$; then
|
||||||
|
if grep -q '^-A' ${VARDIR}/restore-$$; then
|
||||||
|
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
|
||||||
|
else
|
||||||
|
rm -f ${VARDIR}/restore-$$
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if ${arptables}-save > ${VARDIR}/restore-$$; then
|
||||||
|
if grep -q '^-A' ${VARDIR}/restore-$$; then
|
||||||
|
mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
|
||||||
|
else
|
||||||
|
rm -f ${VARDIR}/restore-$$
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -454,12 +481,28 @@ do_save() {
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -n "$IPSET" ]; then
|
if [ -n "$IPSET" ]; then
|
||||||
if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
|
if [ -n "$WORKAROUNDS" ]; then
|
||||||
#
|
if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
|
||||||
# Don't save an 'empty' file
|
#
|
||||||
#
|
# The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
|
||||||
grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
|
#
|
||||||
|
hack='| grep -v /31'
|
||||||
|
else
|
||||||
|
hack=
|
||||||
|
fi
|
||||||
|
|
||||||
|
if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
|
||||||
|
#
|
||||||
|
# Don't save an 'empty' file
|
||||||
|
#
|
||||||
|
grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
elif eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
|
||||||
|
#
|
||||||
|
# Don't save an 'empty' file
|
||||||
|
#
|
||||||
|
grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
[Nn]o|ipv4|ipv6)
|
[Nn]o|ipv4|ipv6)
|
||||||
@@ -3590,13 +3633,7 @@ get_config() {
|
|||||||
VERBOSITY=2
|
VERBOSITY=2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if qt mywhich hostname; then
|
g_hostname=$(hostname 2> /dev/null)
|
||||||
g_hostname=$(hostname 2> /dev/null)
|
|
||||||
elif qt mywhich uname; then
|
|
||||||
g_hostname=$(uname -n 2> /dev/null)
|
|
||||||
else
|
|
||||||
g_hostname=localhost
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$IPSET" ]; then
|
if [ -n "$IPSET" ]; then
|
||||||
case "$IPSET" in
|
case "$IPSET" in
|
||||||
@@ -3750,7 +3787,7 @@ start_command() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Reload/Restart Command Executor
|
# Restart Command Executor
|
||||||
#
|
#
|
||||||
restart_command() {
|
restart_command() {
|
||||||
local finished
|
local finished
|
||||||
@@ -3809,11 +3846,11 @@ restart_command() {
|
|||||||
[ -n "$g_nolock" ] || mutex_on
|
[ -n "$g_nolock" ] || mutex_on
|
||||||
|
|
||||||
if [ -x ${VARDIR}/firewall ]; then
|
if [ -x ${VARDIR}/firewall ]; then
|
||||||
run_it ${VARDIR}/firewall $g_debugging $COMMAND
|
run_it ${VARDIR}/firewall $g_debugging restart
|
||||||
rc=$?
|
rc=$?
|
||||||
else
|
else
|
||||||
error_message "${VARDIR}/firewall is missing or is not executable"
|
error_message "${VARDIR}/firewall is missing or is not executable"
|
||||||
logger -p kern.err "ERROR:$g_product $COMMAND failed"
|
logger -p kern.err "ERROR:$g_product restart failed"
|
||||||
rc=6
|
rc=6
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -3975,6 +4012,7 @@ shorewall_cli() {
|
|||||||
g_refreshchains=:none:
|
g_refreshchains=:none:
|
||||||
g_confess=
|
g_confess=
|
||||||
g_update=
|
g_update=
|
||||||
|
g_convert=
|
||||||
g_annotate=
|
g_annotate=
|
||||||
g_recovering=
|
g_recovering=
|
||||||
g_timestamp=
|
g_timestamp=
|
||||||
@@ -3983,10 +4021,14 @@ shorewall_cli() {
|
|||||||
g_conditional=
|
g_conditional=
|
||||||
g_file=
|
g_file=
|
||||||
g_doing="Compiling"
|
g_doing="Compiling"
|
||||||
|
g_directives=
|
||||||
g_inline=
|
g_inline=
|
||||||
|
g_tcrules=
|
||||||
g_counters=
|
g_counters=
|
||||||
g_loopback=
|
g_loopback=
|
||||||
g_compiled=
|
g_compiled=
|
||||||
|
g_routestopped=
|
||||||
|
g_notrack=
|
||||||
|
|
||||||
VERBOSE=
|
VERBOSE=
|
||||||
VERBOSITY=1
|
VERBOSITY=1
|
||||||
@@ -4165,7 +4207,7 @@ shorewall_cli() {
|
|||||||
run_it $g_firewall $g_debugging reset $@
|
run_it $g_firewall $g_debugging reset $@
|
||||||
[ -n "$g_nolock" ] || mutex_off
|
[ -n "$g_nolock" ] || mutex_off
|
||||||
;;
|
;;
|
||||||
reload|restart)
|
restart)
|
||||||
get_config Yes Yes
|
get_config Yes Yes
|
||||||
shift
|
shift
|
||||||
restart_command $@
|
restart_command $@
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 5.0 -- /usr/share/shorewall/lib.common.
|
# Shorewall 4.5 -- /usr/share/shorewall/lib.common.
|
||||||
#
|
#
|
||||||
# (c) 2010-2015 - Tom Eastep (teastep@shorewall.net)
|
# (c) 2010-2014 - Tom Eastep (teastep@shorewall.net)
|
||||||
#
|
#
|
||||||
# Complete documentation is available at http://shorewall.net
|
# Complete documentation is available at http://shorewall.net
|
||||||
#
|
#
|
||||||
@@ -71,35 +71,108 @@ startup_error() # $* = Error Message
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Create the required option string and run the passed script using
|
# Get the Shorewall version of the passed script
|
||||||
|
#
|
||||||
|
get_script_version() { # $1 = script
|
||||||
|
local temp
|
||||||
|
local version
|
||||||
|
local ifs
|
||||||
|
local digits
|
||||||
|
local verbosity
|
||||||
|
|
||||||
|
if [ -z "$WORKAROUNDS" -o "$g_compiled" = "$g_file" ]; then
|
||||||
|
#
|
||||||
|
# Unless WORKAROUNDS=No, either this script was just compiled or AUTOMAKE
|
||||||
|
# determined that re-compilation wasn't needed
|
||||||
|
#
|
||||||
|
temp="$SHOREWALL_VERSION"
|
||||||
|
else
|
||||||
|
verbosity="$VERBOSITY"
|
||||||
|
VERBOSITY=0
|
||||||
|
|
||||||
|
temp=$( $SHOREWALL_SHELL $1 version | tail -n 1 )
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$temp" ]; then
|
||||||
|
version=0
|
||||||
|
else
|
||||||
|
temp=${temp%-*}
|
||||||
|
ifs=$IFS
|
||||||
|
IFS=.
|
||||||
|
temp=$(echo $temp)
|
||||||
|
IFS=$ifs
|
||||||
|
digits=0
|
||||||
|
|
||||||
|
for temp in $temp; do
|
||||||
|
version=${version}$(printf '%02d' $temp)
|
||||||
|
digits=$(($digits + 1))
|
||||||
|
[ $digits -eq 3 ] && break
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo $version
|
||||||
|
|
||||||
|
VERBOSITY="$verbosity"
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Do required exports or create the required option string and run the passed script using
|
||||||
# $SHOREWALL_SHELL
|
# $SHOREWALL_SHELL
|
||||||
#
|
#
|
||||||
run_it() {
|
run_it() {
|
||||||
local script
|
local script
|
||||||
local options
|
local options
|
||||||
|
local version
|
||||||
|
|
||||||
export VARDIR
|
export VARDIR
|
||||||
|
|
||||||
script=$1
|
script=$1
|
||||||
shift
|
shift
|
||||||
|
|
||||||
if [ x$1 = xtrace -o x$1 = xdebug ]; then
|
version=$(get_script_version $script)
|
||||||
options="$1 -"
|
|
||||||
shift;
|
if [ $version -lt 040408 ]; then
|
||||||
|
#
|
||||||
|
# Old script that doesn't understand 4.4.8 script options
|
||||||
|
#
|
||||||
|
export RESTOREFILE
|
||||||
|
export VERBOSITY
|
||||||
|
export NOROUTES=$g_noroutes
|
||||||
|
export PURGE=$g_purge
|
||||||
|
export TIMESTAMP=$g_timestamp
|
||||||
|
export RECOVERING=$g_recovering
|
||||||
|
|
||||||
|
case "$g_program" in
|
||||||
|
*-lite)
|
||||||
|
#
|
||||||
|
# Shorewall Lite
|
||||||
|
#
|
||||||
|
export LOGFORMAT
|
||||||
|
export IPTABLES
|
||||||
|
;;
|
||||||
|
esac
|
||||||
else
|
else
|
||||||
options='-'
|
#
|
||||||
|
# 4.4.8 or later -- no additional exports required
|
||||||
|
#
|
||||||
|
if [ x$1 = xtrace -o x$1 = xdebug ]; then
|
||||||
|
options="$1 -"
|
||||||
|
shift;
|
||||||
|
else
|
||||||
|
options='-'
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -n "$g_noroutes" ] && options=${options}n
|
||||||
|
[ -n "$g_timestamp" ] && options=${options}t
|
||||||
|
[ -n "$g_purge" ] && options=${options}p
|
||||||
|
[ -n "$g_recovering" ] && options=${options}r
|
||||||
|
[ -n "$g_counters" ] && options=${options}c
|
||||||
|
|
||||||
|
options="${options}V $VERBOSITY"
|
||||||
|
|
||||||
|
[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -n "$g_noroutes" ] && options=${options}n
|
|
||||||
[ -n "$g_timestamp" ] && options=${options}t
|
|
||||||
[ -n "$g_purge" ] && options=${options}p
|
|
||||||
[ -n "$g_recovering" ] && options=${options}r
|
|
||||||
[ -n "$g_counters" ] && options=${options}c
|
|
||||||
|
|
||||||
options="${options}V $VERBOSITY"
|
|
||||||
|
|
||||||
[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
|
|
||||||
|
|
||||||
$SHOREWALL_SHELL $script $options $@
|
$SHOREWALL_SHELL $script $options $@
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -499,9 +572,9 @@ in_network() # $1 = IP address, $2 = CIDR network
|
|||||||
#
|
#
|
||||||
# Query NetFilter about the existence of a filter chain
|
# Query NetFilter about the existence of a filter chain
|
||||||
#
|
#
|
||||||
chain_exists() # $1 = chain name, $2 = table name (optional)
|
chain_exists() # $1 = chain name
|
||||||
{
|
{
|
||||||
qt1 $g_tool -t ${2:-filter} -L $1 -n
|
qt1 $g_tool -L $1 -n
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Apple OS X Shorewall 5.0 rc file
|
# Apple OS X Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD=apple
|
BUILD=apple
|
||||||
HOST=apple
|
HOST=apple
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Arch Linux Shorewall 5.0 rc file
|
# Arch Linux Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD= #Default is to detect the build system
|
BUILD= #Default is to detect the build system
|
||||||
HOST=archlinux
|
HOST=archlinux
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Cygwin Shorewall 5.0 rc file
|
# Cygwin Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD=cygwin
|
BUILD=cygwin
|
||||||
HOST=cygwin
|
HOST=cygwin
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ INITFILE= #Name of the product's installed SysV init script
|
|||||||
INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script
|
INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script
|
||||||
ANNOTATED= #If non-zero, annotated configuration files are installed
|
ANNOTATED= #If non-zero, annotated configuration files are installed
|
||||||
SYSCONFFILE=default.debian #Name of the distributed file to be installed in $SYSCONFDIR
|
SYSCONFFILE=default.debian #Name of the distributed file to be installed in $SYSCONFDIR
|
||||||
SERVICEFILE=$PRODUCT.service.debian #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
|
SERVICEFILE=$PRODUCT.service.debian #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
|
||||||
SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed
|
SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed
|
||||||
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
|
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
|
||||||
SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
|
SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Default Shorewall 5.0 rc file
|
# Default Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
HOST=linux #Generic Linux
|
HOST=linux #Generic Linux
|
||||||
BUILD= #Default is to detect the build system
|
BUILD= #Default is to detect the build system
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# RedHat/FedoraShorewall 5.0 rc file
|
# RedHat/FedoraShorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD= #Default is to detect the build system
|
BUILD= #Default is to detect the build system
|
||||||
HOST=redhat
|
HOST=redhat
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Slackware Shorewall 5.0 rc file
|
# Slackware Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD=slackware
|
BUILD=slackware
|
||||||
HOST=slackware
|
HOST=slackware
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# SuSE Shorewall 5.0 rc file
|
# SuSE Shorewall 4.5 rc file
|
||||||
#
|
#
|
||||||
BUILD= #Default is to detect the build system
|
BUILD= #Default is to detect the build system
|
||||||
HOST=suse
|
HOST=suse
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
|
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
|
||||||
#
|
#
|
||||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
|
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
|
||||||
#
|
#
|
||||||
# (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
|
# (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
|
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
|
||||||
#
|
#
|
||||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||||
#
|
#
|
||||||
@@ -38,7 +38,7 @@
|
|||||||
# 0 - success
|
# 0 - success
|
||||||
# 1 - generic or unspecified error
|
# 1 - generic or unspecified error
|
||||||
# 2 - invalid or excess argument(s)
|
# 2 - invalid or excess argument(s)
|
||||||
# 3 - unimplemented feature
|
# 3 - unimplemented feature (e.g. "reload")
|
||||||
# 4 - insufficient privilege
|
# 4 - insufficient privilege
|
||||||
# 5 - program is not installed
|
# 5 - program is not installed
|
||||||
# 6 - program is not configured
|
# 6 - program is not configured
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.0
|
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
|
||||||
#
|
#
|
||||||
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
|
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -6,6 +6,7 @@
|
|||||||
#
|
#
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Shorewall firewall (bootup security)
|
Description=Shorewall firewall (bootup security)
|
||||||
|
Wants=network.target
|
||||||
Before=network.target
|
Before=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall Lite version 5 - Default Config Path
|
# Shorewall Lite version 4.1 - Default Config Path
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall-lite/configpath
|
# /usr/share/shorewall-lite/configpath
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -329,21 +329,6 @@
|
|||||||
<arg choice="plain"><replaceable>address</replaceable></arg>
|
<arg choice="plain"><replaceable>address</replaceable></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>shorewall-lite</command>
|
|
||||||
|
|
||||||
<arg
|
|
||||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
|
||||||
|
|
||||||
<arg>-<replaceable>options</replaceable></arg>
|
|
||||||
|
|
||||||
<arg choice="plain"><option>reload</option></arg>
|
|
||||||
|
|
||||||
<arg><option>-n</option></arg>
|
|
||||||
|
|
||||||
<arg><option>-p</option><arg><option>-C</option></arg></arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
<command>shorewall-lite</command>
|
<command>shorewall-lite</command>
|
||||||
|
|
||||||
@@ -723,7 +708,6 @@
|
|||||||
<para>If <option>-f</option> is given, the command will be processed
|
<para>If <option>-f</option> is given, the command will be processed
|
||||||
by the compiled script that executed the last successful <emphasis
|
by the compiled script that executed the last successful <emphasis
|
||||||
role="bold">start</emphasis>, <emphasis
|
role="bold">start</emphasis>, <emphasis
|
||||||
role="bold">reload</emphasis>, <emphasis
|
|
||||||
role="bold">restart</emphasis> or <emphasis
|
role="bold">restart</emphasis> or <emphasis
|
||||||
role="bold">refresh</emphasis> command if that script exists.</para>
|
role="bold">refresh</emphasis> command if that script exists.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
@@ -1042,32 +1026,6 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><emphasis role="bold">reload </emphasis>[-n] [-p]
|
|
||||||
[-<option>C</option>]</term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Added in Shorewall 5.0.0, <emphasis
|
|
||||||
role="bold">reload</emphasis> is similar to <emphasis
|
|
||||||
role="bold">shorewall-lite start</emphasis> except that it assumes
|
|
||||||
that the firewall is already started. Existing connections are
|
|
||||||
maintained.</para>
|
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall-lite to avoid
|
|
||||||
updating the routing table(s).</para>
|
|
||||||
|
|
||||||
<para>The <option>-p</option> option causes the connection tracking
|
|
||||||
table to be flushed; the <command>conntrack</command> utility must
|
|
||||||
be installed to use this option.</para>
|
|
||||||
|
|
||||||
<para>The <option>-C</option> option was added in Shorewall 4.6.5.
|
|
||||||
If the specified (or implicit) firewall script is the one that
|
|
||||||
generated the current running configuration, then the running
|
|
||||||
netfilter configuration will be reloaded as is so as to preserve the
|
|
||||||
iptables packet and byte counters.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
|
<term><emphasis role="bold">reset [<replaceable>chain</replaceable>,
|
||||||
...]</emphasis><acronym/></term>
|
...]</emphasis><acronym/></term>
|
||||||
@@ -1085,10 +1043,9 @@
|
|||||||
[-<option>C</option>]</term>
|
[-<option>C</option>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
<para>Restart is similar to <emphasis role="bold">shorewall-lite
|
||||||
restart. The firewall is completely stopped as if a
|
start</emphasis> except that it assumes that the firewall is already
|
||||||
<command>stop</command> command had been issued then it is started
|
started. Existing connections are maintained.</para>
|
||||||
again.</para>
|
|
||||||
|
|
||||||
<para>The <option>-n</option> option causes Shorewall-lite to avoid
|
<para>The <option>-n</option> option causes Shorewall-lite to avoid
|
||||||
updating the routing table(s).</para>
|
updating the routing table(s).</para>
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
# /etc/shorewall-lite/shorewall-lite.conf Version 5 - Change the following
|
# /etc/shorewall-lite/shorewall-lite.conf Version 4 - Change the following
|
||||||
# variables to override the values in the shorewall.conf file used to
|
# variables to override the values in the shorewall.conf file used to
|
||||||
# compile /var/lib/shorewall-lite/firewall. Those values may be found in
|
# compile /var/lib/shorewall-lite/firewall. Those values may be found in
|
||||||
# /var/lib/shorewall-lite/firewall.conf.
|
# /var/lib/shorewall-lite/firewall.conf.
|
||||||
|
|||||||
@@ -17,7 +17,6 @@ EnvironmentFile=-/etc/default/shorewall-lite
|
|||||||
StandardOutput=syslog
|
StandardOutput=syslog
|
||||||
ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
|
ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
|
||||||
ExecStop=/sbin/shorewall-lite $OPTIONS stop
|
ExecStop=/sbin/shorewall-lite $OPTIONS stop
|
||||||
ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=basic.target
|
WantedBy=basic.target
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
Shoreline Firewall (Shorewall) Version 5
|
Shoreline Firewall (Shorewall) Version 4
|
||||||
----- ----
|
----- ----
|
||||||
|
|
||||||
-----------------------------------------------------------------------------
|
-----------------------------------------------------------------------------
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - AMQP Macro
|
# Shorewall version 4 - AMQP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.AMQP
|
# /usr/share/shorewall/macro.AMQP
|
||||||
#
|
#
|
||||||
# This macro handles AMQP traffic.
|
# This macro handles AMQP traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5672
|
PARAM - - tcp 5672
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Audited AllowICMPs Macro
|
# Shorewall version 4 - Audited AllowICMPs Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.A_AllowICMPs
|
# /usr/share/shorewall/macro.A_AllowICMPs
|
||||||
#
|
#
|
||||||
# This macro A_ACCEPTs needed ICMP types
|
# This macro A_ACCEPTs needed ICMP types
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Audited DropDNSrep Macro
|
# Shorewall version 4 - Audited DropDNSrep Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.A_DropDNSrep
|
# /usr/share/shorewall/macro.A_DropDNSrep
|
||||||
#
|
#
|
||||||
# This macro silently audites and drops DNS UDP replies
|
# This macro silently audites and drops DNS UDP replies
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - ADropUPnP Macro
|
# Shorewall version 4 - ADropUPnP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.A_DropUPnP
|
# /usr/share/shorewall/macro.A_DropUPnP
|
||||||
#
|
#
|
||||||
# This macro silently drops UPnP probes on UDP port 1900
|
# This macro silently drops UPnP probes on UDP port 1900
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Samba 4 Macro
|
# Shorewall version 4 - Samba 4 Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.ActiveDir
|
# /usr/share/shorewall/macro.ActiveDir
|
||||||
#
|
#
|
||||||
@@ -9,6 +9,8 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 389 #LDAP services
|
PARAM - - tcp 389 #LDAP services
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - AllowICMPs Macro
|
# Shorewall version 4 - AllowICMPs Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.AllowICMPs
|
# /usr/share/shorewall/macro.AllowICMPs
|
||||||
#
|
#
|
||||||
# This macro ACCEPTs needed ICMP types
|
# This macro ACCEPTs needed ICMP types
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Amanda Macro
|
# Shorewall version 4 - Amanda Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Amanda
|
# /usr/share/shorewall/macro.Amanda
|
||||||
#
|
#
|
||||||
@@ -8,6 +8,8 @@
|
|||||||
# files from those nodes.
|
# files from those nodes.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Auth Macro
|
# Shorewall version 4 - Auth Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Auth
|
# /usr/share/shorewall/macro.Auth
|
||||||
#
|
#
|
||||||
# This macro handles Auth (identd) traffic.
|
# This macro handles Auth (identd) traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 113
|
PARAM - - tcp 113
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - BGP Macro
|
# Shorewall version 4 - BGP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.BGP
|
# /usr/share/shorewall/macro.BGP
|
||||||
#
|
#
|
||||||
# This macro handles BGP4 traffic.
|
# This macro handles BGP4 traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 179 # BGP4
|
PARAM - - tcp 179 # BGP4
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - blacklist Macro
|
# Shorewall version 4 - blacklist Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.blacklist
|
# /usr/share/shorewall/macro.blacklist
|
||||||
#
|
#
|
||||||
# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
|
# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
?if $BLACKLIST_LOGLEVEL
|
?if $BLACKLIST_LOGLEVEL
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - BitTorrent Macro
|
# Shorewall version 4 - BitTorrent Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.BitTorrent
|
# /usr/share/shorewall/macro.BitTorrent
|
||||||
#
|
#
|
||||||
@@ -9,6 +9,8 @@
|
|||||||
# BitTorrent32 macro.
|
# BitTorrent32 macro.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 6881:6889
|
PARAM - - tcp 6881:6889
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - BitTorrent 3.2 Macro
|
# Shorewall version 4 - BitTorrent 3.2 Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.BitTorrent32
|
# /usr/share/shorewall/macro.BitTorrent32
|
||||||
#
|
#
|
||||||
# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
|
# This macro handles BitTorrent traffic for BitTorrent 3.2 and later.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 6881:6999
|
PARAM - - tcp 6881:6999
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - CVS Macro
|
# Shorewall version 4 - CVS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.CVS
|
# /usr/share/shorewall/macro.CVS
|
||||||
#
|
#
|
||||||
# This macro handles connections to the CVS pserver.
|
# This macro handles connections to the CVS pserver.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 2401
|
PARAM - - tcp 2401
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Citrix/ICA Macro
|
# Shorewall version 4 - Citrix/ICA Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Citrix
|
# /usr/share/shorewall/macro.Citrix
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# ICA Session Reliability)
|
# ICA Session Reliability)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 1494 # ICA
|
PARAM - - tcp 1494 # ICA
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DAAP Macro
|
# Shorewall version 4 - DAAP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DAAP
|
# /usr/share/shorewall/macro.DAAP
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# The protocol is used by iTunes, Rythmbox and other similar daemons.
|
# The protocol is used by iTunes, Rythmbox and other similar daemons.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 3689
|
PARAM - - tcp 3689
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DCC Macro
|
# Shorewall version 4 - DCC Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DCC
|
# /usr/share/shorewall/macro.DCC
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# DCC is a distributed spam filtering mechanism.
|
# DCC is a distributed spam filtering mechanism.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 6277
|
PARAM - - udp 6277
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DHCPfwd Macro
|
# Shorewall version 4 - DHCPfwd Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DHCPfwd
|
# /usr/share/shorewall/macro.DHCPfwd
|
||||||
#
|
#
|
||||||
# This macro (bidirectional) handles forwarded DHCP traffic
|
# This macro (bidirectional) handles forwarded DHCP traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 67:68 67:68 # DHCP
|
PARAM - - udp 67:68 67:68 # DHCP
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DNS Macro
|
# Shorewall version 4 - DNS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DNS
|
# /usr/share/shorewall/macro.DNS
|
||||||
#
|
#
|
||||||
# This macro handles DNS traffic.
|
# This macro handles DNS traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 53
|
PARAM - - udp 53
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Distcc Macro
|
# Shorewall version 4 - Distcc Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Distcc
|
# /usr/share/shorewall/macro.Distcc
|
||||||
#
|
#
|
||||||
# This macro handles connections to the Distributed Compiler service.
|
# This macro handles connections to the Distributed Compiler service.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 3632
|
PARAM - - tcp 3632
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Drop Macro
|
# Shorewall version 4 - Drop Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Drop
|
# /usr/share/shorewall/macro.Drop
|
||||||
#
|
#
|
||||||
@@ -11,6 +11,8 @@
|
|||||||
# Drop net all
|
# Drop net all
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DropDNSrep Macro
|
# Shorewall version 4 - DropDNSrep Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DropDNSrep
|
# /usr/share/shorewall/macro.DropDNSrep
|
||||||
#
|
#
|
||||||
# This macro silently drops DNS UDP replies
|
# This macro silently drops DNS UDP replies
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - DropUPnP Macro
|
# Shorewall version 4 - DropUPnP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.DropUPnP
|
# /usr/share/shorewall/macro.DropUPnP
|
||||||
#
|
#
|
||||||
# This macro silently drops UPnP probes on UDP port 1900
|
# This macro silently drops UPnP probes on UDP port 1900
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Edonkey Macro
|
# Shorewall version 4 - Edonkey Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Edonkey
|
# /usr/share/shorewall/macro.Edonkey
|
||||||
#
|
#
|
||||||
@@ -28,6 +28,8 @@
|
|||||||
# applications such as aMule WebServer or aMuleCMD.
|
# applications such as aMule WebServer or aMuleCMD.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 4662
|
PARAM - - tcp 4662
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - FTP Macro
|
# Shorewall version 4 - FTP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.FTP
|
# /usr/share/shorewall/macro.FTP
|
||||||
#
|
#
|
||||||
# This macro handles FTP traffic.
|
# This macro handles FTP traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
|
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Finger Macro
|
# Shorewall version 4 - Finger Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Finger
|
# /usr/share/shorewall/macro.Finger
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# your finger information to internet.
|
# your finger information to internet.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 79
|
PARAM - - tcp 79
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - GNUnet Macro
|
# Shorewall version 4 - GNUnet Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.GNUnet
|
# /usr/share/shorewall/macro.GNUnet
|
||||||
#
|
#
|
||||||
# This macro handles GNUnet (secure peer-to-peer networking) traffic.
|
# This macro handles GNUnet (secure peer-to-peer networking) traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 2086
|
PARAM - - tcp 2086
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - GRE Macro
|
# Shorewall version 4 - GRE Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.GRE
|
# /usr/share/shorewall/macro.GRE
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# traffic (RFC 1701)
|
# traffic (RFC 1701)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - 47 # GRE
|
PARAM - - 47 # GRE
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Git Macro
|
# Shorewall version 4 - Git Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Git
|
# /usr/share/shorewall/macro.Git
|
||||||
#
|
#
|
||||||
# This macro handles Git traffic.
|
# This macro handles Git traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 9418
|
PARAM - - tcp 9418
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Gnutella Macro
|
# Shorewall version 4 - Gnutella Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Gnutella
|
# /usr/share/shorewall/macro.Gnutella
|
||||||
#
|
#
|
||||||
# This macro handles Gnutella traffic.
|
# This macro handles Gnutella traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 6346
|
PARAM - - tcp 6346
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Citrix/Goto Meeting macro
|
# Shorewall version 4 - Citrix/Goto Meeting macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Goto-Meeting
|
# /usr/share/shorewall/macro.Goto-Meeting
|
||||||
# by Eric Teeter
|
# by Eric Teeter
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# Assumes that ports 80 and 443 are already open
|
# Assumes that ports 80 and 443 are already open
|
||||||
# If needed, use the macros that open Http and Https to reduce redundancy
|
# If needed, use the macros that open Http and Https to reduce redundancy
|
||||||
####################################################################################
|
####################################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
####################################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 8200 # Goto Meeting only needed (TCP outbound)
|
PARAM - - tcp 8200 # Goto Meeting only needed (TCP outbound)
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - HKP Macro
|
# Shorewall version 4 - HKP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.HKP
|
# /usr/share/shorewall/macro.HKP
|
||||||
#
|
#
|
||||||
# This macro handles OpenPGP HTTP keyserver protocol traffic.
|
# This macro handles OpenPGP HTTP keyserver protocol traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 11371
|
PARAM - - tcp 11371
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - HTTP Macro
|
# Shorewall version 4 - HTTP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.HTTP
|
# /usr/share/shorewall/macro.HTTP
|
||||||
#
|
#
|
||||||
# This macro handles plaintext HTTP (WWW) traffic.
|
# This macro handles plaintext HTTP (WWW) traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 80
|
PARAM - - tcp 80
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - HTTPS Macro
|
# Shorewall version 4 - HTTPS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.HTTPS
|
# /usr/share/shorewall/macro.HTTPS
|
||||||
#
|
#
|
||||||
# This macro handles HTTPS (WWW over SSL) traffic.
|
# This macro handles HTTPS (WWW over SSL) traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 443
|
PARAM - - tcp 443
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - ICPV2 Macro
|
# Shorewall version 4 - ICPV2 Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.ICPV2
|
# /usr/share/shorewall/macro.ICPV2
|
||||||
#
|
#
|
||||||
# This macro handles Internet Cache Protocol V2 (Squid) traffic
|
# This macro handles Internet Cache Protocol V2 (Squid) traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 3130
|
PARAM - - udp 3130
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - ICQ Macro
|
# Shorewall version 4 - ICQ Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.ICQ
|
# /usr/share/shorewall/macro.ICQ
|
||||||
#
|
#
|
||||||
# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
|
# This macro handles ICQ, now called AOL Instant Messenger (or AIM).
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5190
|
PARAM - - tcp 5190
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - ILO Macro
|
# Shorewall version 4 - ILO Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.ILO
|
# /usr/share/shorewall/macro.ILO
|
||||||
#
|
#
|
||||||
@@ -8,6 +8,8 @@
|
|||||||
# workstations.
|
# workstations.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 3002 # Raw serial data
|
PARAM - - tcp 3002 # Raw serial data
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IMAP Macro
|
# Shorewall version 4 - IMAP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IMAP
|
# /usr/share/shorewall/macro.IMAP
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# see macro.IMAPS.
|
# see macro.IMAPS.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 143
|
PARAM - - tcp 143
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IMAPS Macro
|
# Shorewall version 4 - IMAPS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IMAPS
|
# /usr/share/shorewall/macro.IMAPS
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# (not recommended), see macro.IMAP.
|
# (not recommended), see macro.IMAP.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 993
|
PARAM - - tcp 993
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPIP Macro
|
# Shorewall version 4 - IPIP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPIP
|
# /usr/share/shorewall/macro.IPIP
|
||||||
#
|
#
|
||||||
# This macro (bidirectional) handles IPIP capsulation traffic
|
# This macro (bidirectional) handles IPIP capsulation traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - 94 # IPIP
|
PARAM - - 94 # IPIP
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPMI Macro
|
# Shorewall version 4 - IPMI Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPMI
|
# /usr/share/shorewall/macro.IPMI
|
||||||
#
|
#
|
||||||
@@ -9,6 +9,8 @@
|
|||||||
# workstations.
|
# workstations.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 623 # RMCP
|
PARAM - - tcp 623 # RMCP
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPP Macro
|
# Shorewall version 3.2 - IPP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPP
|
# /usr/share/shorewall/macro.IPP
|
||||||
#
|
#
|
||||||
# This macro handles Internet Printing Protocol (IPP).
|
# This macro handles Internet Printing Protocol (IPP).
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 631
|
PARAM - - tcp 631
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPP Broadcast Macro
|
# Shorewall version 4 - IPP Broadcast Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPPbrd
|
# /usr/share/shorewall/macro.IPPbrd
|
||||||
#
|
#
|
||||||
@@ -8,6 +8,8 @@
|
|||||||
# direction, use the IPPserver Macro
|
# direction, use the IPPserver Macro
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 631
|
PARAM - - udp 631
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPPserver Macro
|
# Shorewall version 4 - IPPserver Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPPserver
|
# /usr/share/shorewall/macro.IPPserver
|
||||||
#
|
#
|
||||||
@@ -23,6 +23,8 @@
|
|||||||
# IPPserver/ACCEPT $FW loc
|
# IPPserver/ACCEPT $FW loc
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM SOURCE DEST tcp 631
|
PARAM SOURCE DEST tcp 631
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPsec Macro
|
# Shorewall version 4 - IPsec Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPsec
|
# /usr/share/shorewall/macro.IPsec
|
||||||
#
|
#
|
||||||
# This macro (bidirectional) handles IPsec traffic
|
# This macro (bidirectional) handles IPsec traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 500 500 # IKE
|
PARAM - - udp 500 500 # IKE
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPsecah Macro
|
# Shorewall version 4 - IPsecah Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPsecah
|
# /usr/share/shorewall/macro.IPsecah
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# This is insecure. You should use ESP with encryption for security.
|
# This is insecure. You should use ESP with encryption for security.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 500 500 # IKE
|
PARAM - - udp 500 500 # IKE
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - IPsecnat Macro
|
# Shorewall version 4 - IPsecnat Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IPsecnat
|
# /usr/share/shorewall/macro.IPsecnat
|
||||||
#
|
#
|
||||||
# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
|
# This macro (bidirectional) handles IPsec traffic and Nat-Traversal
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 500 # IKE
|
PARAM - - udp 500 # IKE
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall IRC Macro
|
# Shorewall version 4 IRC Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.IRC
|
# /usr/share/shorewall/macro.IRC
|
||||||
#
|
#
|
||||||
# This macro handles IRC traffic (Internet Relay Chat).
|
# This macro handles IRC traffic (Internet Relay Chat).
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - JAP Macro
|
# Shorewall version 4 - JAP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.JAP
|
# /usr/share/shorewall/macro.JAP
|
||||||
#
|
#
|
||||||
@@ -8,6 +8,8 @@
|
|||||||
# to browse anonymously!
|
# to browse anonymously!
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 8080 # HTTP port
|
PARAM - - tcp 8080 # HTTP port
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Jabber Macro
|
# Shorewall version 4 - Jabber Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Jabber
|
# /usr/share/shorewall/macro.Jabber
|
||||||
#
|
#
|
||||||
# This macro accepts Jabber traffic.
|
# This macro accepts Jabber traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5222
|
PARAM - - tcp 5222
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - JabberPlain Macro
|
# Shorewall version 4 - JabberPlain Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.JabberPlain
|
# /usr/share/shorewall/macro.JabberPlain
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# deprecated - use of macro.Jabber instead is recommended.
|
# deprecated - use of macro.Jabber instead is recommended.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
Jabber
|
Jabber
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - JabberSecure (SSL) Macro
|
# Shorewall version 4 - JabberSecure (SSL) Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.JabberSecure
|
# /usr/share/shorewall/macro.JabberSecure
|
||||||
#
|
#
|
||||||
@@ -8,6 +8,8 @@
|
|||||||
# Jabber macro instead.
|
# Jabber macro instead.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5223
|
PARAM - - tcp 5223
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Jabberd (server intercommunication)
|
# Shorewall version 3.4 - Jabberd (server intercommunication)
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Jabberd
|
# /usr/share/shorewall/macro.Jabberd
|
||||||
#
|
#
|
||||||
# This macro accepts Jabberd intercommunication traffic
|
# This macro accepts Jabberd intercommunication traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5269
|
PARAM - - tcp 5269
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Jetdirect Macro
|
# Shorewall version 3.2 - Jetdirect Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Jetdirect
|
# /usr/share/shorewall/macro.Jetdirect
|
||||||
#
|
#
|
||||||
# This macro handles HP Jetdirect printing.
|
# This macro handles HP Jetdirect printing.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 9100
|
PARAM - - tcp 9100
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Kerberos Macro
|
# Shorewall version 4 - Kerberos Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Kerberos
|
# /usr/share/shorewall/macro.Kerberos
|
||||||
#
|
#
|
||||||
# This macro handles Kerberos traffic.
|
# This macro handles Kerberos traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 88
|
PARAM - - tcp 88
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - L2TP Macro
|
# Shorewall version 4 - L2TP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.L2TP
|
# /usr/share/shorewall/macro.L2TP
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# (RFC 2661)
|
# (RFC 2661)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 1701 # L2TP
|
PARAM - - udp 1701 # L2TP
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - LDAP Macro
|
# Shorewall version 4 - LDAP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.LDAP
|
# /usr/share/shorewall/macro.LDAP
|
||||||
#
|
#
|
||||||
@@ -11,6 +11,8 @@
|
|||||||
# Consult your LDAP server documentation for details.
|
# Consult your LDAP server documentation for details.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 389
|
PARAM - - tcp 389
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - LDAPS Macro
|
# Shorewall version 4 - LDAPS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.LDAPS
|
# /usr/share/shorewall/macro.LDAPS
|
||||||
#
|
#
|
||||||
@@ -11,6 +11,8 @@
|
|||||||
# Consult your LDAP server documentation for details.
|
# Consult your LDAP server documentation for details.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 636
|
PARAM - - tcp 636
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - MSNP Macro
|
# Shorewall version 4 - MSNP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.MSNP
|
# /usr/share/shorewall/macro.MSNP
|
||||||
#
|
#
|
||||||
# This macro handles MSNP (MicroSoft Notification Protocol)
|
# This macro handles MSNP (MicroSoft Notification Protocol)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 1863
|
PARAM - - tcp 1863
|
||||||
|
|||||||
@@ -1,12 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - MSSQL Macro
|
# Shorewall version 4 - MSSQL Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.MSSQL
|
# /usr/share/shorewall/macro.MSSQL
|
||||||
#
|
#
|
||||||
# This macro handles MSSQL (Microsoft SQL Server)
|
# This macro handles MSSQL (Microsoft SQL Server)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 1433
|
PARAM - - tcp 1433
|
||||||
PARAM - - udp 1434
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Mail Macro
|
# Shorewall version 4 - Mail Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Mail
|
# /usr/share/shorewall/macro.Mail
|
||||||
#
|
#
|
||||||
@@ -12,6 +12,8 @@
|
|||||||
# the POP3 or IMAP macros.
|
# the POP3 or IMAP macros.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 25
|
PARAM - - tcp 25
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - MongoDB Macro
|
# Shorewall version 4 - MongoDB Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.MongoDB
|
# /usr/share/shorewall/macro.MongoDB
|
||||||
#
|
#
|
||||||
# This macro handles MongoDB Daemon/Router traffic.
|
# This macro handles MongoDB Daemon/Router traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 27017
|
PARAM - - tcp 27017
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Munin Macro
|
# Shorewall version 4 - Munin Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Munin
|
# /usr/share/shorewall/macro.Munin
|
||||||
#
|
#
|
||||||
# This macro handles Munin networked resource monitoring traffic
|
# This macro handles Munin networked resource monitoring traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 4949
|
PARAM - - tcp 4949
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - MySQL Macro
|
# Shorewall version 4 - MySQL Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.MySQL
|
# /usr/share/shorewall/macro.MySQL
|
||||||
#
|
#
|
||||||
# This macro handles connections to the MySQL server.
|
# This macro handles connections to the MySQL server.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 3306
|
PARAM - - tcp 3306
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall NNTP Macro
|
# Shorewall version 4 NNTP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.NNTP
|
# /usr/share/shorewall/macro.NNTP
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# encrypted NNTP, see macro.NNTPS.
|
# encrypted NNTP, see macro.NNTPS.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 119
|
PARAM - - tcp 119
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall NNTPS Macro
|
# Shorewall version 4 NNTPS Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.NNTPS
|
# /usr/share/shorewall/macro.NNTPS
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# plaintext NNTP, see macro.NNTP.
|
# plaintext NNTP, see macro.NNTP.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 563
|
PARAM - - tcp 563
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - NTP Macro
|
# Shorewall version 4 - NTP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.NTP
|
# /usr/share/shorewall/macro.NTP
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# For broadcast NTP traffic, use NTPbrd Macro.
|
# For broadcast NTP traffic, use NTPbrd Macro.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 123
|
PARAM - - udp 123
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - NTPbi Macro
|
# Shorewall version 4 - NTPbi Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.NTPbi
|
# /usr/share/shorewall/macro.NTPbi
|
||||||
#
|
#
|
||||||
# This macro handles bi-directional NTP (for NTP peers)
|
# This macro handles bi-directional NTP (for NTP peers)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 123
|
PARAM - - udp 123
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - NTPbrd Macro
|
# Shorewall version 4 - NTPbrd Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.NTPbrd
|
# /usr/share/shorewall/macro.NTPbrd
|
||||||
#
|
#
|
||||||
@@ -11,6 +11,8 @@
|
|||||||
# Netfilter doesn't track connections for broadcast traffic.
|
# Netfilter doesn't track connections for broadcast traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 123
|
PARAM - - udp 123
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - OSPF Macro
|
# Shorewall version 4 - OSPF Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.OSPF
|
# /usr/share/shorewall/macro.OSPF
|
||||||
#
|
#
|
||||||
# This macro handles OSPF multicast traffic
|
# This macro handles OSPF multicast traffic
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - 89 # OSPF
|
PARAM - - 89 # OSPF
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - OpenVPN Macro
|
# Shorewall version 4 - OpenVPN Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.OpenVPN Macro
|
# /usr/share/shorewall/macro.OpenVPN Macro
|
||||||
#
|
#
|
||||||
# This macro handles OpenVPN traffic.
|
# This macro handles OpenVPN traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 1194
|
PARAM - - udp 1194
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - PCA Macro
|
# Shorewall version 4 - PCA Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.PCA
|
# /usr/share/shorewall/macro.PCA
|
||||||
#
|
#
|
||||||
# This macro handles PCAnywere (tm)
|
# This macro handles PCAnywere (tm)
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - udp 5632
|
PARAM - - udp 5632
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - POP3 Macro
|
# Shorewall version 4 - POP3 Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.POP3
|
# /usr/share/shorewall/macro.POP3
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# see macro.POP3S.
|
# see macro.POP3S.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 110
|
PARAM - - tcp 110
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - POP3S Macro
|
# Shorewall version 4 - POP3S Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.POP3S
|
# /usr/share/shorewall/macro.POP3S
|
||||||
#
|
#
|
||||||
@@ -7,6 +7,8 @@
|
|||||||
# see macro.POP3.
|
# see macro.POP3.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 995 # Secure POP3
|
PARAM - - tcp 995 # Secure POP3
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - PPTP Macro
|
# Shorewall version 4 - PPTP Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.PPtP Macro
|
# /usr/share/shorewall/macro.PPtP Macro
|
||||||
#
|
#
|
||||||
# This macro handles PPTP traffic.
|
# This macro handles PPTP traffic.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - 47
|
PARAM - - 47
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - Ping Macro
|
# Shorewall version 4 - Ping Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.Ping
|
# /usr/share/shorewall/macro.Ping
|
||||||
#
|
#
|
||||||
# This macro handles 'ping' requests.
|
# This macro handles 'ping' requests.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - icmp 8
|
PARAM - - icmp 8
|
||||||
|
|||||||
@@ -1,11 +1,13 @@
|
|||||||
#
|
#
|
||||||
# Shorewall - PostgreSQL Macro
|
# Shorewall version 4 - PostgreSQL Macro
|
||||||
#
|
#
|
||||||
# /usr/share/shorewall/macro.PostgreSQL
|
# /usr/share/shorewall/macro.PostgreSQL
|
||||||
#
|
#
|
||||||
# This macro handles connections to the PostgreSQL server.
|
# This macro handles connections to the PostgreSQL server.
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
###############################################################################
|
||||||
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
|
||||||
# PORT(S) PORT(S) DEST LIMIT GROUP
|
# PORT(S) PORT(S) DEST LIMIT GROUP
|
||||||
PARAM - - tcp 5432
|
PARAM - - tcp 5432
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user