diff options
Diffstat (limited to 'files/boilerplate')
27 files changed, 120 insertions, 114 deletions
diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header deleted file mode 100644 index 2392e17..0000000 --- a/files/boilerplate/blacklist.header +++ /dev/null @@ -1,10 +0,0 @@ -# -# Shorewall version 3.4 - Blacklist File -# -# For information about entries in this file, type "man shorewall-blacklist" -# -# Please see http://shorewall.net/blacklisting_support.htm for additional -# information. -# -############################################################################### -#ADDRESS/SUBNET PROTOCOL PORT diff --git a/files/boilerplate/clear.header b/files/boilerplate/clear.header index 6a39b0b..8bf025c 100644 --- a/files/boilerplate/clear.header +++ b/files/boilerplate/clear.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Clear +# Shorewall -- /etc/shorewall/clear # -# /etc/shorewall/stop -# -# Add commands below that you want to be executed at the beginning of a -# "shorewall stop" command. +# Add commands below that you want to be executed after Shorewall has +# processed the 'clear' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/conntrack.footer b/files/boilerplate/conntrack.footer new file mode 100644 index 0000000..8648c65 --- /dev/null +++ b/files/boilerplate/conntrack.footer @@ -0,0 +1,3 @@ + +?endif +#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/conntrack.header b/files/boilerplate/conntrack.header new file mode 100644 index 0000000..2db7bda --- /dev/null +++ b/files/boilerplate/conntrack.header @@ -0,0 +1,10 @@ +# +# Shorewall -- /etc/shorewall/conntrack +# +# For information about entries in this file, type "man shorewall-conntrack" +# +?FORMAT 3 +###################################################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT USER SWITCH + +?if $AUTOHELPERS && __CT_TARGET diff --git a/files/boilerplate/hosts.header b/files/boilerplate/hosts.header index e39d614..99bfa02 100644 --- a/files/boilerplate/hosts.header +++ b/files/boilerplate/hosts.header @@ -1,9 +1,10 @@ # -# Shorewall version 3.4 - Hosts file +# Shorewall -- /etc/shorewall/hosts # # For information about entries in this file, type "man shorewall-hosts" # -# For additional information, see http://shorewall.net/Documentation.htm#Hosts +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-hosts.html # ############################################################################### -#ZONE HOST(S) OPTIONS +#ZONE HOSTS OPTIONS diff --git a/files/boilerplate/init.header b/files/boilerplate/init.header index cbb0393..417c3f2 100644 --- a/files/boilerplate/init.header +++ b/files/boilerplate/init.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Init File +# Shorewall -- /etc/shorewall/init # -# /etc/shorewall/init -# -# Add commands below that you want to be executed at the beginning of -# a "shorewall start" or "shorewall restart" command. +# Add commands below that you want to be executed at the beginning of +# a "shorewall start", "shorewall-reload" or "shorewall restart" command. # # For additional information, see # http://shorewall.net/shorewall_extension_scripts.htm # ############################################################################### - diff --git a/files/boilerplate/initdone.header b/files/boilerplate/initdone.header index 9252a3b..5ad859a 100644 --- a/files/boilerplate/initdone.header +++ b/files/boilerplate/initdone.header @@ -1,14 +1,12 @@ # -# Shorewall version 4 - Initdone File +# Shorewall -- /etc/shorewall/initdone # -# /etc/shorewall/initdone -# -# Add commands below that you want to be executed during -# "shorewall start" or "shorewall restart" commands at the point where -# Shorewall has not yet added any perminent rules to the builtin chains. +# Add commands below that you want to be executed during +# "shorewall start", "shorewall reload" or "shorewall restart" commands +# at the point where Shorewall has not yet added any permanent rules to +# the builtin chains. # # For additional information, see # http://shorewall.net/shorewall_extension_scripts.htm # ############################################################################### - diff --git a/files/boilerplate/interfaces.header b/files/boilerplate/interfaces.header index 663e436..12855c7 100644 --- a/files/boilerplate/interfaces.header +++ b/files/boilerplate/interfaces.header @@ -1,10 +1,12 @@ # -# Shorewall version 4 - Interfaces File +# Shorewall -- /etc/shorewall/interfaces # # For information about entries in this file, type "man shorewall-interfaces" # -# For additional information, see +# The manpage is also online at # http://www.shorewall.net/manpages/shorewall-interfaces.html # +# FIXME: need to switch to format 2 +#?FORMAT 2 ############################################################################### -#ZONE INTERFACE BROADCAST OPTIONS +#ZONE INTERFACE OPTIONS diff --git a/files/boilerplate/mangle.header b/files/boilerplate/mangle.header index 7a7b12a..496e3f5 100644 --- a/files/boilerplate/mangle.header +++ b/files/boilerplate/mangle.header @@ -1,7 +1,14 @@ # -# Shorewall - Mangle File +# Shorewall -- /etc/shorewall/mangle # -# For additional information, see http://shorewall.net/manpages/shorewall-mangle.html +# For information about entries in this file, type "man shorewall-mangle" # -####################################################################################### -#ACTION SOURCE DESTINATION PROTO DSTPORT SRCPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS +# See http://shorewall.net/traffic_shaping.htm for additional information. +# For usage in selecting among multiple ISPs, see +# http://shorewall.net/MultiISP.html +# +# See http://shorewall.net/PacketMarking.html for a detailed description of +# the Netfilter/Shorewall packet marking mechanism. +# +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP SWITCH diff --git a/files/boilerplate/masq.header b/files/boilerplate/masq.header index f823321..2f7c22e 100644 --- a/files/boilerplate/masq.header +++ b/files/boilerplate/masq.header @@ -1,9 +1,10 @@ # -# Shorewall version 3.4 - Masq file +# Shorewall -- /etc/shorewall/masq # # For information about entries in this file, type "man shorewall-masq" # -# For additional information, see http://shorewall.net/Documentation.htm#Masq +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-masq.html # -############################################################################### -#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK +################################################################################################################################### +#INTERFACE SOURCE ADDRESS PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY diff --git a/files/boilerplate/nat.header b/files/boilerplate/nat.header index c2e0d92..5d0871f 100644 --- a/files/boilerplate/nat.header +++ b/files/boilerplate/nat.header @@ -1,9 +1,9 @@ # -# Shorewall version 3.4 - Nat File +# Shorewall -- /etc/shorewall/nat # # For information about entries in this file, type "man shorewall-nat" # # For additional information, see http://shorewall.net/NAT.htm # ############################################################################### -#EXTERNAL INTERFACE INTERNAL ALL LOCAL +#EXTERNAL INTERFACE INTERNAL ALLINTS LOCAL diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header index b258b0d..f07a916 100644 --- a/files/boilerplate/params.header +++ b/files/boilerplate/params.header @@ -1,26 +1,24 @@ # -# Shorewall version 3.4 - Params File +# Shorewall -- /etc/shorewall/params # -# /etc/shorewall/params +# Assign any variables that you need here. # -# Assign any variables that you need here. +# It is suggested that variable names begin with an upper case letter +# to distinguish them from variables used internally within the +# Shorewall programs # -# It is suggested that variable names begin with an upper case letter -# to distinguish them from variables used internally within the -# Shorewall programs +# Example: # -# Example: +# NET_IF=eth0 +# NET_BCAST=130.252.100.255 +# NET_OPTIONS=routefilter # -# NET_IF=eth0 -# NET_BCAST=130.252.100.255 -# NET_OPTIONS=routefilter,norfc1918 +# Example (/etc/shorewall/interfaces record): # -# Example (/etc/shorewall/interfaces record): +# net $NET_IF $NET_BCAST $NET_OPTIONS # -# net $NET_IF $NET_BCAST $NET_OPTIONS +# The result will be the same as if the record had been written # -# The result will be the same as if the record had been written -# -# net eth0 130.252.100.255 routefilter,norfc1918 +# net eth0 130.252.100.255 routefilter # ############################################################################### diff --git a/files/boilerplate/policy.header b/files/boilerplate/policy.header index cc9781f..8e9d032 100644 --- a/files/boilerplate/policy.header +++ b/files/boilerplate/policy.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Policy File +# Shorewall -- /etc/shorewall/policy # # For information about entries in this file, type "man shorewall-policy" # @@ -7,5 +7,4 @@ # http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### -#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: -# LEVEL BURST MASK +#SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT diff --git a/files/boilerplate/providers.header b/files/boilerplate/providers.header index b4a5990..0dfb950 100644 --- a/files/boilerplate/providers.header +++ b/files/boilerplate/providers.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Providers File +# Shorewall -- /etc/shorewall/providers # # For information about entries in this file, type "man shorewall-providers" # diff --git a/files/boilerplate/proxyarp.header b/files/boilerplate/proxyarp.header index 1e16853..4249e03 100644 --- a/files/boilerplate/proxyarp.header +++ b/files/boilerplate/proxyarp.header @@ -1,9 +1,9 @@ # -# Shorewall version 3.4 - Proxyarp File +# Shorewall -- /etc/shorewall/proxyarp # # For information about entries in this file, type "man shorewall-proxyarp" # # See http://shorewall.net/ProxyARP.htm for additional information. # ############################################################################### -#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT +#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT diff --git a/files/boilerplate/rtrules.header b/files/boilerplate/rtrules.header index fd9b2f4..7700816 100644 --- a/files/boilerplate/rtrules.header +++ b/files/boilerplate/rtrules.header @@ -1,8 +1,9 @@ # -# Shorewall version 4 - route rules File +# Shorewall -- /etc/shorewall/rtrules # # For information about entries in this file, type "man shorewall-rtrules" # # For additional information, see http://www.shorewall.net/MultiISP.html +# #################################################################################### -# SOURCE DEST PROVIDER PRIORITY MASK +#SOURCE DEST PROVIDER PRIORITY MASK diff --git a/files/boilerplate/rules.header b/files/boilerplate/rules.header index 764358a..1ebf187 100644 --- a/files/boilerplate/rules.header +++ b/files/boilerplate/rules.header @@ -1,10 +1,11 @@ # -# Shorewall version 3.4 - Rules File +# Shorewall -- /etc/shorewall/rules # # For information on the settings in this file, type "man shorewall-rules" # -# See http://shorewall.net/Documentation.htm#Rules for additional information. +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-rules.html # -############################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK -# PORT PORT(S) DEST LIMIT GROUP +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER + diff --git a/files/boilerplate/start.header b/files/boilerplate/start.header index 689dff1..881cdfd 100644 --- a/files/boilerplate/start.header +++ b/files/boilerplate/start.header @@ -1,10 +1,8 @@ # -# Shorewall version 4 - Start File +# Shorewall -- /etc/shorewall/start # -# /etc/shorewall/start -# -# Add commands below that you want to be executed after shorewall has -# been started or restarted. +# Add commands below that you want to be executed after shorewall has +# been started, reloaded or restarted. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header index b7704db..4adc4b9 100644 --- a/files/boilerplate/started.header +++ b/files/boilerplate/started.header @@ -1,20 +1,18 @@ # -# Shorewall version 4 - Started File +# Shorewall -- /etc/shorewall/started # -# /etc/shorewall/started +# Add commands below that you want to be executed after shorewall has +# been completely started, reloaded or restarted. The difference between +# this extension script and /etc/shorewall/start is that this one is +# invoked after the 'shorewall' chain has been created (thus +# signaling that the firewall is completely up). # -# Add commands below that you want to be executed after shorewall has -# been completely started or restarted. The difference between this -# extension script and /etc/shorewall/start is that this one is invoked -# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and -# after the 'shorewall' chain has been created (thus signaling that the -# firewall is completely up). -# -# This script should not change the firewall configuration directly but -# may do so indirectly by running /sbin/shorewall with the 'nolock' -# option. +# This script should not change the firewall configuration directly but +# may do so indirectly by running /sbin/shorewall with the 'nolock' +# option. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### + diff --git a/files/boilerplate/stop.header b/files/boilerplate/stop.header index 0088abe..27a993b 100644 --- a/files/boilerplate/stop.header +++ b/files/boilerplate/stop.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Stop File +# Shorewall -- /etc/shorewall/stop # -# /etc/shorewall/stop -# -# Add commands below that you want to be executed at the beginning of a -# "shorewall stop" command. +# Add commands below that you want to be executed at the beginning of a +# "shorewall stop" command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/stopped.header b/files/boilerplate/stopped.header index 438e5e0..8cc6bc6 100644 --- a/files/boilerplate/stopped.header +++ b/files/boilerplate/stopped.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Stopped File +# Shorewall -- /etc/shorewall/stopped # -# /etc/shorewall/stopped -# -# Add commands below that you want to be executed at the completion of a -# "shorewall stop" command. +# Add commands below that you want to be executed at the completion of a +# "shorewall stop" command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/stoppedrules.footer index 5e12d1d..5e12d1d 100644 --- a/files/boilerplate/blacklist.footer +++ b/files/boilerplate/stoppedrules.footer diff --git a/files/boilerplate/stoppedrules.header b/files/boilerplate/stoppedrules.header new file mode 100644 index 0000000..94f4d0c --- /dev/null +++ b/files/boilerplate/stoppedrules.header @@ -0,0 +1,13 @@ +# +# Shorewall -- /etc/shorewall/stoppedrules +# +# For information about entries in this file, type "man shorewall-stoppedrules" +# +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-stoppedrules.html +# +# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional +# information. +# +############################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT diff --git a/files/boilerplate/tcclasses.header b/files/boilerplate/tcclasses.header index 025415b..b31b684 100644 --- a/files/boilerplate/tcclasses.header +++ b/files/boilerplate/tcclasses.header @@ -1,9 +1,9 @@ # -# Shorewall version 4 - Tcclasses File +# Shorewall -- /etc/shorewall/tcclasses # # For information about entries in this file, type "man shorewall-tcclasses" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### -#INTERFACE:CLASS MARK RATE CEIL PRIORITY OPTIONS +#INTERFACE MARK RATE CEIL PRIO OPTIONS diff --git a/files/boilerplate/tcdevices.header b/files/boilerplate/tcdevices.header index fe7c3d1..226192e 100644 --- a/files/boilerplate/tcdevices.header +++ b/files/boilerplate/tcdevices.header @@ -1,10 +1,9 @@ # -# Shorewall version 4 - Tcdevices File +# Shorewall -- /etc/shorewall/tcdevices # # For information about entries in this file, type "man shorewall-tcdevices" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### -#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED -#INTERFACE INTERFACES +#INTERFACE IN_BANDWITH OUT_BANDWIDTH OPTIONS REDIRECT diff --git a/files/boilerplate/tunnel.header b/files/boilerplate/tunnel.header index 638fd56..7bfd966 100644 --- a/files/boilerplate/tunnel.header +++ b/files/boilerplate/tunnel.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Tunnels File +# Shorewall -- /etc/shorewall/tunnels # # For information about entries in this file, type "man shorewall-tunnels" # @@ -7,5 +7,4 @@ # http://www.shorewall.net/manpages/shorewall-tunnels.html # ############################################################################### -#TYPE ZONE GATEWAY GATEWAY -# ZONE +#TYPE ZONE GATEWAY GATEWAY_ZONE diff --git a/files/boilerplate/zones.header b/files/boilerplate/zones.header index 5dada52..d4b8cbc 100644 --- a/files/boilerplate/zones.header +++ b/files/boilerplate/zones.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Zones File +# Shorewall -- /etc/shorewall/zones # # For information about this file, type "man shorewall-zones" # @@ -7,6 +7,6 @@ # http://www.shorewall.net/manpages/shorewall-zones.html # ############################################################################### -#ZONE TYPE OPTIONS IN OUT -# OPTIONS OPTIONS -fw firewall +#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS + +fw firewall |