diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | files/boilerplate/blacklist.footer | 1 | ||||
-rw-r--r-- | files/boilerplate/blacklist.header | 10 | ||||
-rw-r--r-- | files/boilerplate/started.header | 22 | ||||
-rw-r--r-- | manifests/blacklist.pp | 9 | ||||
-rw-r--r-- | manifests/blrules.pp | 4 | ||||
-rw-r--r-- | manifests/host.pp | 2 | ||||
-rw-r--r-- | manifests/init.pp | 5 | ||||
-rw-r--r-- | manifests/interface.pp | 2 |
9 files changed, 15 insertions, 42 deletions
@@ -187,7 +187,7 @@ Example from node.pp: shorewall::interface { 'eth0': zone => 'net', rfc1918 => true, - options => 'tcpflags,blacklist,nosmurfs'; + options => 'tcpflags,nosmurfs'; } shorewall::policy { diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/blacklist.footer deleted file mode 100644 index 5e12d1d..0000000 --- a/files/boilerplate/blacklist.footer +++ /dev/null @@ -1 +0,0 @@ -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header deleted file mode 100644 index 2392e17..0000000 --- a/files/boilerplate/blacklist.header +++ /dev/null @@ -1,10 +0,0 @@ -# -# Shorewall version 3.4 - Blacklist File -# -# For information about entries in this file, type "man shorewall-blacklist" -# -# Please see http://shorewall.net/blacklisting_support.htm for additional -# information. -# -############################################################################### -#ADDRESS/SUBNET PROTOCOL PORT diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header index b7704db..4adc4b9 100644 --- a/files/boilerplate/started.header +++ b/files/boilerplate/started.header @@ -1,20 +1,18 @@ # -# Shorewall version 4 - Started File +# Shorewall -- /etc/shorewall/started # -# /etc/shorewall/started +# Add commands below that you want to be executed after shorewall has +# been completely started, reloaded or restarted. The difference between +# this extension script and /etc/shorewall/start is that this one is +# invoked after the 'shorewall' chain has been created (thus +# signaling that the firewall is completely up). # -# Add commands below that you want to be executed after shorewall has -# been completely started or restarted. The difference between this -# extension script and /etc/shorewall/start is that this one is invoked -# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and -# after the 'shorewall' chain has been created (thus signaling that the -# firewall is completely up). -# -# This script should not change the firewall configuration directly but -# may do so indirectly by running /sbin/shorewall with the 'nolock' -# option. +# This script should not change the firewall configuration directly but +# may do so indirectly by running /sbin/shorewall with the 'nolock' +# option. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### + diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp deleted file mode 100644 index afbe216..0000000 --- a/manifests/blacklist.pp +++ /dev/null @@ -1,9 +0,0 @@ -define shorewall::blacklist( - $proto = '-', - $port = '-', - $order='100' -){ - shorewall::entry{"blacklist-${order}-${name}": - line => "${name} ${proto} ${port}", - } -} diff --git a/manifests/blrules.pp b/manifests/blrules.pp index b8fe73f..d6b5550 100644 --- a/manifests/blrules.pp +++ b/manifests/blrules.pp @@ -5,11 +5,11 @@ # shorewall::interface { 'br0': # zone => 'net', # rfc1918 => true, -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge'; +# options => 'tcpflags,nosmurfs,routeback,bridge'; # } # # class { 'shorewall::blrules': -# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge', +# options => 'tcpflags,nosmurfs,routeback,bridge', # whitelists => [ # "net:10.0.0.1,192.168.0.1 all", # ], diff --git a/manifests/host.pp b/manifests/host.pp index f400223..370be03 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -1,6 +1,6 @@ define shorewall::host( $zone, - $options = 'tcpflags,blacklist,norfc1918', + $options = 'tcpflags,norfc1918', $order='100' ){ shorewall::entry{"hosts-${order}-${name}": diff --git a/manifests/init.pp b/manifests/init.pp index d6b2d2a..5e2da52 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,8 +27,6 @@ class shorewall( $proxyarp_defaults = {}, $nat = {}, $nat_defaults = {}, - $blacklist = {}, - $blacklist_defaults = {}, $rfc1918 = {}, $rfc1918_defaults = {}, $routestopped = {}, @@ -76,8 +74,6 @@ class shorewall( 'proxyarp', # See http://www.shorewall.net/3.0/Documentation.htm#NAT 'nat', - # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist - 'blacklist', # See http://www.shorewall.net/3.0/Documentation.htm#rfc1918 'rfc1918', # See http://www.shorewall.net/3.0/Documentation.htm#Routestopped @@ -110,7 +106,6 @@ class shorewall( create_resources('shorewall::masq',$masq,$masq_defaults) create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults) create_resources('shorewall::nat',$nat,$nat_defaults) - create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults) create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults) create_resources('shorewall::routestopped',$routestopped, $routestopped_defaults) diff --git a/manifests/interface.pp b/manifests/interface.pp index 403ee74..b3d66c6 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -1,7 +1,7 @@ define shorewall::interface( $zone, $broadcast = 'detect', - $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians', + $options = 'tcpflags,routefilter,nosmurfs,logmartians', $add_options = '', $rfc1918 = false, $dhcp = false, |