summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--files/boilerplate/blacklist.footer1
-rw-r--r--files/boilerplate/blacklist.header10
-rw-r--r--files/boilerplate/started.header22
-rw-r--r--manifests/blacklist.pp9
-rw-r--r--manifests/blrules.pp4
-rw-r--r--manifests/host.pp2
-rw-r--r--manifests/init.pp5
-rw-r--r--manifests/interface.pp2
9 files changed, 15 insertions, 42 deletions
diff --git a/README.md b/README.md
index e7e2985..82c0ab3 100644
--- a/README.md
+++ b/README.md
@@ -187,7 +187,7 @@ Example from node.pp:
shorewall::interface { 'eth0':
zone => 'net',
rfc1918 => true,
- options => 'tcpflags,blacklist,nosmurfs';
+ options => 'tcpflags,nosmurfs';
}
shorewall::policy {
diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/blacklist.footer
deleted file mode 100644
index 5e12d1d..0000000
--- a/files/boilerplate/blacklist.footer
+++ /dev/null
@@ -1 +0,0 @@
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header
deleted file mode 100644
index 2392e17..0000000
--- a/files/boilerplate/blacklist.header
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# Shorewall version 3.4 - Blacklist File
-#
-# For information about entries in this file, type "man shorewall-blacklist"
-#
-# Please see http://shorewall.net/blacklisting_support.htm for additional
-# information.
-#
-###############################################################################
-#ADDRESS/SUBNET PROTOCOL PORT
diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header
index b7704db..4adc4b9 100644
--- a/files/boilerplate/started.header
+++ b/files/boilerplate/started.header
@@ -1,20 +1,18 @@
#
-# Shorewall version 4 - Started File
+# Shorewall -- /etc/shorewall/started
#
-# /etc/shorewall/started
+# Add commands below that you want to be executed after shorewall has
+# been completely started, reloaded or restarted. The difference between
+# this extension script and /etc/shorewall/start is that this one is
+# invoked after the 'shorewall' chain has been created (thus
+# signaling that the firewall is completely up).
#
-# Add commands below that you want to be executed after shorewall has
-# been completely started or restarted. The difference between this
-# extension script and /etc/shorewall/start is that this one is invoked
-# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
-# after the 'shorewall' chain has been created (thus signaling that the
-# firewall is completely up).
-#
-# This script should not change the firewall configuration directly but
-# may do so indirectly by running /sbin/shorewall with the 'nolock'
-# option.
+# This script should not change the firewall configuration directly but
+# may do so indirectly by running /sbin/shorewall with the 'nolock'
+# option.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
+
diff --git a/manifests/blacklist.pp b/manifests/blacklist.pp
deleted file mode 100644
index afbe216..0000000
--- a/manifests/blacklist.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-define shorewall::blacklist(
- $proto = '-',
- $port = '-',
- $order='100'
-){
- shorewall::entry{"blacklist-${order}-${name}":
- line => "${name} ${proto} ${port}",
- }
-}
diff --git a/manifests/blrules.pp b/manifests/blrules.pp
index b8fe73f..d6b5550 100644
--- a/manifests/blrules.pp
+++ b/manifests/blrules.pp
@@ -5,11 +5,11 @@
# shorewall::interface { 'br0':
# zone => 'net',
# rfc1918 => true,
-# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
+# options => 'tcpflags,nosmurfs,routeback,bridge';
# }
#
# class { 'shorewall::blrules':
-# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
+# options => 'tcpflags,nosmurfs,routeback,bridge',
# whitelists => [
# "net:10.0.0.1,192.168.0.1 all",
# ],
diff --git a/manifests/host.pp b/manifests/host.pp
index f400223..370be03 100644
--- a/manifests/host.pp
+++ b/manifests/host.pp
@@ -1,6 +1,6 @@
define shorewall::host(
$zone,
- $options = 'tcpflags,blacklist,norfc1918',
+ $options = 'tcpflags,norfc1918',
$order='100'
){
shorewall::entry{"hosts-${order}-${name}":
diff --git a/manifests/init.pp b/manifests/init.pp
index d6b2d2a..5e2da52 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -27,8 +27,6 @@ class shorewall(
$proxyarp_defaults = {},
$nat = {},
$nat_defaults = {},
- $blacklist = {},
- $blacklist_defaults = {},
$rfc1918 = {},
$rfc1918_defaults = {},
$routestopped = {},
@@ -76,8 +74,6 @@ class shorewall(
'proxyarp',
# See http://www.shorewall.net/3.0/Documentation.htm#NAT
'nat',
- # See http://www.shorewall.net/3.0/Documentation.htm#Blacklist
- 'blacklist',
# See http://www.shorewall.net/3.0/Documentation.htm#rfc1918
'rfc1918',
# See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
@@ -110,7 +106,6 @@ class shorewall(
create_resources('shorewall::masq',$masq,$masq_defaults)
create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
create_resources('shorewall::nat',$nat,$nat_defaults)
- create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults)
create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults)
create_resources('shorewall::routestopped',$routestopped,
$routestopped_defaults)
diff --git a/manifests/interface.pp b/manifests/interface.pp
index 403ee74..b3d66c6 100644
--- a/manifests/interface.pp
+++ b/manifests/interface.pp
@@ -1,7 +1,7 @@
define shorewall::interface(
$zone,
$broadcast = 'detect',
- $options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
+ $options = 'tcpflags,routefilter,nosmurfs,logmartians',
$add_options = '',
$rfc1918 = false,
$dhcp = false,