diff options
| author | Micah <micah@riseup.net> | 2017-02-13 15:37:50 +0000 |
|---|---|---|
| committer | Micah <micah@riseup.net> | 2017-02-13 15:37:50 +0000 |
| commit | 4da1590e18c487f1dc89d0ce1fffeb848e75794e (patch) | |
| tree | 517e1d0a4bfe8799ecff9df391940d5185594412 | |
| parent | 054ccc9e8ee0a03e98165ee44f113ce7ccf3bc5c (diff) | |
| parent | 4b3f8eac5f343b5ecd2354d16e83256b8413e807 (diff) | |
Merge branch '5.x-2' into 'master'
5.x changes part 2
See merge request !8
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | files/boilerplate/blacklist.footer | 1 | ||||
| -rw-r--r-- | files/boilerplate/blacklist.header | 10 | ||||
| -rw-r--r-- | files/boilerplate/params.header | 4 | ||||
| -rw-r--r-- | files/boilerplate/started.header | 22 | ||||
| -rw-r--r-- | manifests/blacklist.pp | 9 | ||||
| -rw-r--r-- | manifests/blrules.pp | 5 | ||||
| -rw-r--r-- | manifests/host.pp | 2 | ||||
| -rw-r--r-- | manifests/init.pp | 10 | ||||
| -rw-r--r-- | manifests/interface.pp | 10 | ||||
| -rw-r--r-- | manifests/rfc1918.pp | 8 |
11 files changed, 18 insertions, 66 deletions
@@ -186,8 +186,7 @@ Example from node.pp: shorewall::interface { 'eth0': zone => 'net', - rfc1918 => true, - options => 'tcpflags,blacklist,nosmurfs'; + options => 'tcpflags,nosmurfs'; } shorewall::policy { diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/blacklist.footer deleted file mode 100644 index 5e12d1d..0000000 --- a/files/boilerplate/blacklist.footer +++ /dev/null @@ -1 +0,0 @@ -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header deleted file mode 100644 index 2392e17..0000000 --- a/files/boilerplate/blacklist.header +++ /dev/null @@ -1,10 +0,0 @@ -# -# Shorewall version 3.4 - Blacklist File -# -# For information about entries in this file, type "man shorewall-blacklist" -# -# Please see http://shorewall.net/blacklisting_support.htm for additional -# information. -# -############################################################################### -#ADDRESS/SUBNET PROTOCOL PORT diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header index b258b0d..c4dd504 100644 --- a/files/boilerplate/params.header +++ b/files/boilerplate/params.header @@ -13,7 +13,7 @@ # # NET_IF=eth0 # NET_BCAST=130.252.100.255 -# NET_OPTIONS=routefilter,norfc1918 +# NET_OPTIONS=routefilter # # Example (/etc/shorewall/interfaces record): # @@ -21,6 +21,6 @@ # # The result will be the same as if the record had been written # -# net eth0 130.252.100.255 routefilter,norfc1918 +# net eth0 130.252.100.255 routefilter # ############################################################################### diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header index b7704db..4adc4b9 100644 --- a/files/boilerplate/started.header +++ b/files/boilerplate/started.header @@ -1,20 +1,18 @@ # -# Shorewall version 4 - Started File +# Shorewall -- /etc/shorewall/started # -# /etc/shorewall/started +# Add commands below that you want to be executed after shorewall has +# been completely started, reloaded or restarted. The difference between +# this extension script and /etc/shorewall/start is that this one is +# invoked after the 'shorewall' chain has been created (thus +# signaling that the firewall is completely up). # -# Add commands below that you want to be executed after shorewall has -# been completely started or restarted. The difference between this -# extension script and /etc/shorewall/start is that this one is invoked -# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and -# after the 'shorewall' chain has been created (thus signaling that the -# firewall is completely up). -# -# This script should not change the firewall configuration directly but -# may do so indirectly by running /sbin/shorewall with the 'nolock' -# option. +# This script should not change the firewall configuration directly but +# may do so indirectly by running /sbin/shorewall with the 'nolock' +# option. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### + diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp deleted file mode 100644 index afbe216..0000000 --- a/manifests/blacklist.pp +++ /dev/null @@ -1,9 +0,0 @@ -define shorewall::blacklist( - $proto = '-', - $port = '-', - $order='100' -){ - shorewall::entry{"blacklist-${order}-${name}": - line => "${name} ${proto} ${port}", - } -} diff --git a/manifests/blrules.pp b/manifests/blrules.pp index b8fe73f..abf7508 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -4,12 +4,11 @@ # # shorewall::interface { 'br0': # zone => 'net', -# rfc1918 => true, -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# options => 'tcpflags,nosmurfs,routeback,bridge'; # } # # class { 'shorewall::blrules': -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# options => 'tcpflags,nosmurfs,routeback,bridge', # whitelists => [ # "net:10.0.0.1,192.168.0.1 all", # ], diff --git a/manifests/host.pp b/manifests/host.pp index f400223..fe12247 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -1,6 +1,6 @@ define shorewall::host( $zone, - $options = 'tcpflags,blacklist,norfc1918', + $options = 'tcpflags', $order='100' ){ shorewall::entry{"hosts-${order}-${name}": diff --git a/manifests/init.pp b/manifests/init.pp index d6b2d2a..fa2641d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,10 +27,6 @@ class shorewall( $proxyarp_defaults = {}, $nat = {}, $nat_defaults = {}, - $blacklist = {}, - $blacklist_defaults = {}, - $rfc1918 = {}, - $rfc1918_defaults = {}, $routestopped = {}, $routestopped_defaults = {}, $params = {}, @@ -76,10 +72,6 @@ class shorewall( 'proxyarp', # See http://www.shorewall.net/3.0/Documentation.htm#NAT 'nat', - # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist - 'blacklist', - # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918 - 'rfc1918', # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped 'routestopped', # See http://www.shorewall.net/3.0/Documentation.htm#Variables @@ -110,8 +102,6 @@ class shorewall( create_resources('shorewall::masq',$masq,$masq_defaults) create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) create_resources('shorewall::nat',$nat,$nat_defaults) - create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults) - create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults) create_resources('shorewall::routestopped',$routestopped, $routestopped_defaults) create_resources('shorewall::params',$params,$params_defaults) diff --git a/manifests/interface.pp b/manifests/interface.pp index 403ee74..670e477 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -1,9 +1,8 @@ define shorewall::interface( $zone, $broadcast = 'detect', - $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians', + $options = 'tcpflags,routefilter,nosmurfs,logmartians', $add_options = '', - $rfc1918 = false, $dhcp = false, $order = 100 ){ @@ -17,13 +16,8 @@ define shorewall::interface( default => ',dhcp', } - $rfc1918_opt = $rfc1918 ? { - false => ',norfc1918', - default => '', - } - shorewall::entry { "interfaces-${order}-${name}": - line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${rfc1918_opt}${added_opts}", + line => "${zone} ${name} ${broadcast} ${options}${dhcp_opt}${added_opts}", } } diff --git a/manifests/rfc1918.pp b/manifests/rfc1918.pp deleted file mode 100644 index 31dce5d..0000000 --- a/manifests/rfc1918.pp +++ /dev/null @@ -1,8 +0,0 @@ -define shorewall::rfc1918( - $action = 'logdrop', - $order='100' -){ - shorewall::entry{"rfc1918-${order}-${name}": - line => "${name} ${action}" - } -} |