forked from extern/shorewall_code
f16f401910
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@529 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
69 lines
2.1 KiB
Plaintext
Executable File
69 lines
2.1 KiB
Plaintext
Executable File
This is a minor release of Shorewall.
|
|
|
|
Problems Corrected:
|
|
|
|
1) TCP connection requests rejected out of the common chain are now
|
|
properly rejected with TCP RST; previously, some of these requests
|
|
were rejeced with an ICMP port-unreachable response.
|
|
|
|
2) 'traceroute -I' from behind the firewall previously timed out on the
|
|
first hop (e.g., to the firewall). This has been worked around.
|
|
|
|
New Features:
|
|
|
|
1) Where an entry in the/etc/shorewall/hosts file specifies a
|
|
particular host or network, Shorewall now creates an intermediate
|
|
chain for handling input from the related zone. This can
|
|
substantially reduce the number of rules traversed by connections
|
|
requests from such zones.
|
|
|
|
2) Any file may include an INCLUDE directive. An INCLUDE directive
|
|
consists of the word INCLUDE followed by a file name and causes the
|
|
contents of the named file to be logically included into the file
|
|
containing the INCLUDE. File names given in an INCLUDE directive
|
|
are assumed to reside in /etc/shorewall or in an alternate
|
|
configuration directory if one has been specified for the command.
|
|
|
|
Examples:
|
|
shorewall/params.mgmt:
|
|
MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
|
|
TIME_SERVERS=4.4.4.4
|
|
BACKUP_SERVERS=5.5.5.5
|
|
----- end params.mgmt -----
|
|
|
|
|
|
shorewall/params:
|
|
# Shorewall 1.3 /etc/shorewall/params
|
|
[..]
|
|
#######################################
|
|
|
|
INCLUDE params.mgmt
|
|
|
|
# params unique to this host here
|
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
|
----- end params -----
|
|
|
|
|
|
shorewall/rules.mgmt:
|
|
ACCEPT net:$MGMT_SERVERS $FW tcp 22
|
|
ACCEPT $FW net:$TIME_SERVERS udp 123
|
|
ACCEPT $FW net:$BACKUP_SERVERS tcp 22
|
|
----- end rules.mgmt -----
|
|
|
|
shorewall/rules:
|
|
# Shorewall version 1.3 - Rules File
|
|
[..]
|
|
#######################################
|
|
|
|
INCLUDE rules.mgmt
|
|
|
|
# rules unique to this host here
|
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
|
----- end rules -----
|
|
|
|
INCLUDE's may be nested to a level of 3 -- further nested INCLUDE
|
|
directives are ignored.
|
|
|
|
|
|
|