From 27dcb673758d8d7b6325c3448f65b2007493e331 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 17 Oct 2014 12:30:38 +0200 Subject: update a few headers --- files/boilerplate/interfaces.header | 4 ++-- files/boilerplate/policy.header | 8 +++++--- files/boilerplate/zones.header | 11 ++++++----- 3 files changed, 13 insertions(+), 10 deletions(-) (limited to 'files') diff --git a/files/boilerplate/interfaces.header b/files/boilerplate/interfaces.header index 2027523..663e436 100644 --- a/files/boilerplate/interfaces.header +++ b/files/boilerplate/interfaces.header @@ -1,10 +1,10 @@ # -# Shorewall version 3.4 - Interfaces File +# Shorewall version 4 - Interfaces File # # For information about entries in this file, type "man shorewall-interfaces" # # For additional information, see -# http://shorewall.net/Documentation.htm#Interfaces +# http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS diff --git a/files/boilerplate/policy.header b/files/boilerplate/policy.header index a0c5d5d..cc9781f 100644 --- a/files/boilerplate/policy.header +++ b/files/boilerplate/policy.header @@ -1,9 +1,11 @@ # -# Shorewall version 3.4 - Policy File +# Shorewall version 4 - Policy File # # For information about entries in this file, type "man shorewall-policy" # -# See http://shorewall.net/Documentation.htm#Policy for additional information. +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### -#SOURCE DEST POLICY LOG LIMIT:BURST +#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: +# LEVEL BURST MASK diff --git a/files/boilerplate/zones.header b/files/boilerplate/zones.header index 8b82c2e..5dada52 100644 --- a/files/boilerplate/zones.header +++ b/files/boilerplate/zones.header @@ -1,11 +1,12 @@ # -# Shorewall version 3.4 - Zones File +# Shorewall version 4 - Zones File # # For information about this file, type "man shorewall-zones" # -# For more information, see http://www.shorewall.net/Documentation.htm#Zones +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-zones.html # ############################################################################### -#ZONE TYPE OPTIONS IN OUT -# OPTIONS OPTIONS -fw firewall +#ZONE TYPE OPTIONS IN OUT +# OPTIONS OPTIONS +fw firewall -- cgit v1.2.3 From 07c863098f453d3ce67d64c2ac5c67d8cf4c6a25 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 17 Apr 2015 12:59:19 +0200 Subject: Change tunnel managed file --- files/boilerplate/tunnel.footer | 1 - files/boilerplate/tunnel.header | 11 ----------- files/boilerplate/tunnels.footer | 1 + files/boilerplate/tunnels.header | 11 +++++++++++ 4 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 files/boilerplate/tunnel.footer delete mode 100644 files/boilerplate/tunnel.header create mode 100644 files/boilerplate/tunnels.footer create mode 100644 files/boilerplate/tunnels.header (limited to 'files') diff --git a/files/boilerplate/tunnel.footer b/files/boilerplate/tunnel.footer deleted file mode 100644 index 5e12d1d..0000000 --- a/files/boilerplate/tunnel.footer +++ /dev/null @@ -1 +0,0 @@ -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/tunnel.header b/files/boilerplate/tunnel.header deleted file mode 100644 index 638fd56..0000000 --- a/files/boilerplate/tunnel.header +++ /dev/null @@ -1,11 +0,0 @@ -# -# Shorewall version 4 - Tunnels File -# -# For information about entries in this file, type "man shorewall-tunnels" -# -# The manpage is also online at -# http://www.shorewall.net/manpages/shorewall-tunnels.html -# -############################################################################### -#TYPE ZONE GATEWAY GATEWAY -# ZONE diff --git a/files/boilerplate/tunnels.footer b/files/boilerplate/tunnels.footer new file mode 100644 index 0000000..5e12d1d --- /dev/null +++ b/files/boilerplate/tunnels.footer @@ -0,0 +1 @@ +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/tunnels.header b/files/boilerplate/tunnels.header new file mode 100644 index 0000000..638fd56 --- /dev/null +++ b/files/boilerplate/tunnels.header @@ -0,0 +1,11 @@ +# +# Shorewall version 4 - Tunnels File +# +# For information about entries in this file, type "man shorewall-tunnels" +# +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-tunnels.html +# +############################################################################### +#TYPE ZONE GATEWAY GATEWAY +# ZONE -- cgit v1.2.3 From 5bbdd438b0fbdefabd9a8542535cdfc60882866e Mon Sep 17 00:00:00 2001 From: Marknl Date: Tue, 27 Dec 2016 12:08:51 +0100 Subject: Create conntrack.header --- files/boilerplate/conntrack.header | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 files/boilerplate/conntrack.header (limited to 'files') diff --git a/files/boilerplate/conntrack.header b/files/boilerplate/conntrack.header new file mode 100644 index 0000000..2db7bda --- /dev/null +++ b/files/boilerplate/conntrack.header @@ -0,0 +1,10 @@ +# +# Shorewall -- /etc/shorewall/conntrack +# +# For information about entries in this file, type "man shorewall-conntrack" +# +?FORMAT 3 +###################################################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT USER SWITCH + +?if $AUTOHELPERS && __CT_TARGET -- cgit v1.2.3 From f4648a11950120b553e96e3859e7d8131329ae59 Mon Sep 17 00:00:00 2001 From: Marknl Date: Tue, 27 Dec 2016 12:09:21 +0100 Subject: Create conntrack.footer --- files/boilerplate/conntrack.footer | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 files/boilerplate/conntrack.footer (limited to 'files') diff --git a/files/boilerplate/conntrack.footer b/files/boilerplate/conntrack.footer new file mode 100644 index 0000000..8648c65 --- /dev/null +++ b/files/boilerplate/conntrack.footer @@ -0,0 +1,3 @@ + +?endif +#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE -- cgit v1.2.3 From 8552753d9e3ab7662e618c54875e626a2b6926e9 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 13:08:12 -0800 Subject: remove deprecated blacklist the blacklist file was deprecated by upstream in 4.5.7, remove all references to them. Debian wheezy shipped with 4.5.5.3-3 (but could use a backport) and jessie has 4.6.4.3-2 currently. --- files/boilerplate/blacklist.footer | 1 - files/boilerplate/blacklist.header | 10 ---------- files/boilerplate/started.header | 22 ++++++++++------------ 3 files changed, 10 insertions(+), 23 deletions(-) delete mode 100644 files/boilerplate/blacklist.footer delete mode 100644 files/boilerplate/blacklist.header (limited to 'files') diff --git a/files/boilerplate/blacklist.footer b/files/boilerplate/blacklist.footer deleted file mode 100644 index 5e12d1d..0000000 --- a/files/boilerplate/blacklist.footer +++ /dev/null @@ -1 +0,0 @@ -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/blacklist.header b/files/boilerplate/blacklist.header deleted file mode 100644 index 2392e17..0000000 --- a/files/boilerplate/blacklist.header +++ /dev/null @@ -1,10 +0,0 @@ -# -# Shorewall version 3.4 - Blacklist File -# -# For information about entries in this file, type "man shorewall-blacklist" -# -# Please see http://shorewall.net/blacklisting_support.htm for additional -# information. -# -############################################################################### -#ADDRESS/SUBNET PROTOCOL PORT diff --git a/files/boilerplate/started.header b/files/boilerplate/started.header index b7704db..4adc4b9 100644 --- a/files/boilerplate/started.header +++ b/files/boilerplate/started.header @@ -1,20 +1,18 @@ # -# Shorewall version 4 - Started File +# Shorewall -- /etc/shorewall/started # -# /etc/shorewall/started +# Add commands below that you want to be executed after shorewall has +# been completely started, reloaded or restarted. The difference between +# this extension script and /etc/shorewall/start is that this one is +# invoked after the 'shorewall' chain has been created (thus +# signaling that the firewall is completely up). # -# Add commands below that you want to be executed after shorewall has -# been completely started or restarted. The difference between this -# extension script and /etc/shorewall/start is that this one is invoked -# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and -# after the 'shorewall' chain has been created (thus signaling that the -# firewall is completely up). -# -# This script should not change the firewall configuration directly but -# may do so indirectly by running /sbin/shorewall with the 'nolock' -# option. +# This script should not change the firewall configuration directly but +# may do so indirectly by running /sbin/shorewall with the 'nolock' +# option. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### + -- cgit v1.2.3 From 47f1ee74666fa00314546d01982461fa79d9da0a Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 13:24:59 -0800 Subject: remove deprecated norfc1918 option It was deprecated in 4.2.0 http://www.shorewall.net/upgrade_issues.htm --- files/boilerplate/params.header | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'files') diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header index b258b0d..c4dd504 100644 --- a/files/boilerplate/params.header +++ b/files/boilerplate/params.header @@ -13,7 +13,7 @@ # # NET_IF=eth0 # NET_BCAST=130.252.100.255 -# NET_OPTIONS=routefilter,norfc1918 +# NET_OPTIONS=routefilter # # Example (/etc/shorewall/interfaces record): # @@ -21,6 +21,6 @@ # # The result will be the same as if the record had been written # -# net eth0 130.252.100.255 routefilter,norfc1918 +# net eth0 130.252.100.255 routefilter # ############################################################################### -- cgit v1.2.3 From eb4720e57cddbe1d26fde10429de5e413321a5d3 Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 15:53:28 -0800 Subject: new stoppedrules, replaces routestopped --- files/boilerplate/stoppedrules.footer | 1 + files/boilerplate/stoppedrules.header | 13 +++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 files/boilerplate/stoppedrules.footer create mode 100644 files/boilerplate/stoppedrules.header (limited to 'files') diff --git a/files/boilerplate/stoppedrules.footer b/files/boilerplate/stoppedrules.footer new file mode 100644 index 0000000..5e12d1d --- /dev/null +++ b/files/boilerplate/stoppedrules.footer @@ -0,0 +1 @@ +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/stoppedrules.header b/files/boilerplate/stoppedrules.header new file mode 100644 index 0000000..94f4d0c --- /dev/null +++ b/files/boilerplate/stoppedrules.header @@ -0,0 +1,13 @@ +# +# Shorewall -- /etc/shorewall/stoppedrules +# +# For information about entries in this file, type "man shorewall-stoppedrules" +# +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-stoppedrules.html +# +# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional +# information. +# +############################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT -- cgit v1.2.3 From b131814ed976c2034521a460b6790f78703d8f2f Mon Sep 17 00:00:00 2001 From: Matt Taggart Date: Fri, 10 Feb 2017 17:30:28 -0800 Subject: update config file headers to current upstream versions --- files/boilerplate/clear.header | 9 +++------ files/boilerplate/hosts.header | 7 ++++--- files/boilerplate/init.header | 9 +++------ files/boilerplate/initdone.header | 12 +++++------- files/boilerplate/interfaces.header | 8 +++++--- files/boilerplate/mangle.header | 15 +++++++++++---- files/boilerplate/masq.header | 9 +++++---- files/boilerplate/nat.header | 4 ++-- files/boilerplate/params.header | 28 +++++++++++++--------------- files/boilerplate/policy.header | 5 ++--- files/boilerplate/providers.header | 2 +- files/boilerplate/proxyarp.header | 4 ++-- files/boilerplate/rtrules.header | 5 +++-- files/boilerplate/rules.header | 11 ++++++----- files/boilerplate/start.header | 8 +++----- files/boilerplate/stop.header | 9 +++------ files/boilerplate/stopped.header | 9 +++------ files/boilerplate/tcclasses.header | 4 ++-- files/boilerplate/tcdevices.header | 5 ++--- files/boilerplate/tunnel.header | 5 ++--- files/boilerplate/zones.header | 8 ++++---- 21 files changed, 84 insertions(+), 92 deletions(-) (limited to 'files') diff --git a/files/boilerplate/clear.header b/files/boilerplate/clear.header index 6a39b0b..8bf025c 100644 --- a/files/boilerplate/clear.header +++ b/files/boilerplate/clear.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Clear +# Shorewall -- /etc/shorewall/clear # -# /etc/shorewall/stop -# -# Add commands below that you want to be executed at the beginning of a -# "shorewall stop" command. +# Add commands below that you want to be executed after Shorewall has +# processed the 'clear' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/hosts.header b/files/boilerplate/hosts.header index e39d614..99bfa02 100644 --- a/files/boilerplate/hosts.header +++ b/files/boilerplate/hosts.header @@ -1,9 +1,10 @@ # -# Shorewall version 3.4 - Hosts file +# Shorewall -- /etc/shorewall/hosts # # For information about entries in this file, type "man shorewall-hosts" # -# For additional information, see http://shorewall.net/Documentation.htm#Hosts +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-hosts.html # ############################################################################### -#ZONE HOST(S) OPTIONS +#ZONE HOSTS OPTIONS diff --git a/files/boilerplate/init.header b/files/boilerplate/init.header index cbb0393..417c3f2 100644 --- a/files/boilerplate/init.header +++ b/files/boilerplate/init.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Init File +# Shorewall -- /etc/shorewall/init # -# /etc/shorewall/init -# -# Add commands below that you want to be executed at the beginning of -# a "shorewall start" or "shorewall restart" command. +# Add commands below that you want to be executed at the beginning of +# a "shorewall start", "shorewall-reload" or "shorewall restart" command. # # For additional information, see # http://shorewall.net/shorewall_extension_scripts.htm # ############################################################################### - diff --git a/files/boilerplate/initdone.header b/files/boilerplate/initdone.header index 9252a3b..5ad859a 100644 --- a/files/boilerplate/initdone.header +++ b/files/boilerplate/initdone.header @@ -1,14 +1,12 @@ # -# Shorewall version 4 - Initdone File +# Shorewall -- /etc/shorewall/initdone # -# /etc/shorewall/initdone -# -# Add commands below that you want to be executed during -# "shorewall start" or "shorewall restart" commands at the point where -# Shorewall has not yet added any perminent rules to the builtin chains. +# Add commands below that you want to be executed during +# "shorewall start", "shorewall reload" or "shorewall restart" commands +# at the point where Shorewall has not yet added any permanent rules to +# the builtin chains. # # For additional information, see # http://shorewall.net/shorewall_extension_scripts.htm # ############################################################################### - diff --git a/files/boilerplate/interfaces.header b/files/boilerplate/interfaces.header index 663e436..12855c7 100644 --- a/files/boilerplate/interfaces.header +++ b/files/boilerplate/interfaces.header @@ -1,10 +1,12 @@ # -# Shorewall version 4 - Interfaces File +# Shorewall -- /etc/shorewall/interfaces # # For information about entries in this file, type "man shorewall-interfaces" # -# For additional information, see +# The manpage is also online at # http://www.shorewall.net/manpages/shorewall-interfaces.html # +# FIXME: need to switch to format 2 +#?FORMAT 2 ############################################################################### -#ZONE INTERFACE BROADCAST OPTIONS +#ZONE INTERFACE OPTIONS diff --git a/files/boilerplate/mangle.header b/files/boilerplate/mangle.header index 7a7b12a..496e3f5 100644 --- a/files/boilerplate/mangle.header +++ b/files/boilerplate/mangle.header @@ -1,7 +1,14 @@ # -# Shorewall - Mangle File +# Shorewall -- /etc/shorewall/mangle # -# For additional information, see http://shorewall.net/manpages/shorewall-mangle.html +# For information about entries in this file, type "man shorewall-mangle" # -####################################################################################### -#ACTION SOURCE DESTINATION PROTO DSTPORT SRCPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS +# See http://shorewall.net/traffic_shaping.htm for additional information. +# For usage in selecting among multiple ISPs, see +# http://shorewall.net/MultiISP.html +# +# See http://shorewall.net/PacketMarking.html for a detailed description of +# the Netfilter/Shorewall packet marking mechanism. +# +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP SWITCH diff --git a/files/boilerplate/masq.header b/files/boilerplate/masq.header index f823321..2f7c22e 100644 --- a/files/boilerplate/masq.header +++ b/files/boilerplate/masq.header @@ -1,9 +1,10 @@ # -# Shorewall version 3.4 - Masq file +# Shorewall -- /etc/shorewall/masq # # For information about entries in this file, type "man shorewall-masq" # -# For additional information, see http://shorewall.net/Documentation.htm#Masq +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-masq.html # -############################################################################### -#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK +################################################################################################################################### +#INTERFACE SOURCE ADDRESS PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY diff --git a/files/boilerplate/nat.header b/files/boilerplate/nat.header index c2e0d92..5d0871f 100644 --- a/files/boilerplate/nat.header +++ b/files/boilerplate/nat.header @@ -1,9 +1,9 @@ # -# Shorewall version 3.4 - Nat File +# Shorewall -- /etc/shorewall/nat # # For information about entries in this file, type "man shorewall-nat" # # For additional information, see http://shorewall.net/NAT.htm # ############################################################################### -#EXTERNAL INTERFACE INTERNAL ALL LOCAL +#EXTERNAL INTERFACE INTERNAL ALLINTS LOCAL diff --git a/files/boilerplate/params.header b/files/boilerplate/params.header index c4dd504..f07a916 100644 --- a/files/boilerplate/params.header +++ b/files/boilerplate/params.header @@ -1,26 +1,24 @@ # -# Shorewall version 3.4 - Params File +# Shorewall -- /etc/shorewall/params # -# /etc/shorewall/params +# Assign any variables that you need here. # -# Assign any variables that you need here. +# It is suggested that variable names begin with an upper case letter +# to distinguish them from variables used internally within the +# Shorewall programs # -# It is suggested that variable names begin with an upper case letter -# to distinguish them from variables used internally within the -# Shorewall programs +# Example: # -# Example: +# NET_IF=eth0 +# NET_BCAST=130.252.100.255 +# NET_OPTIONS=routefilter # -# NET_IF=eth0 -# NET_BCAST=130.252.100.255 -# NET_OPTIONS=routefilter +# Example (/etc/shorewall/interfaces record): # -# Example (/etc/shorewall/interfaces record): +# net $NET_IF $NET_BCAST $NET_OPTIONS # -# net $NET_IF $NET_BCAST $NET_OPTIONS +# The result will be the same as if the record had been written # -# The result will be the same as if the record had been written -# -# net eth0 130.252.100.255 routefilter +# net eth0 130.252.100.255 routefilter # ############################################################################### diff --git a/files/boilerplate/policy.header b/files/boilerplate/policy.header index cc9781f..8e9d032 100644 --- a/files/boilerplate/policy.header +++ b/files/boilerplate/policy.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Policy File +# Shorewall -- /etc/shorewall/policy # # For information about entries in this file, type "man shorewall-policy" # @@ -7,5 +7,4 @@ # http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### -#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: -# LEVEL BURST MASK +#SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT diff --git a/files/boilerplate/providers.header b/files/boilerplate/providers.header index b4a5990..0dfb950 100644 --- a/files/boilerplate/providers.header +++ b/files/boilerplate/providers.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Providers File +# Shorewall -- /etc/shorewall/providers # # For information about entries in this file, type "man shorewall-providers" # diff --git a/files/boilerplate/proxyarp.header b/files/boilerplate/proxyarp.header index 1e16853..4249e03 100644 --- a/files/boilerplate/proxyarp.header +++ b/files/boilerplate/proxyarp.header @@ -1,9 +1,9 @@ # -# Shorewall version 3.4 - Proxyarp File +# Shorewall -- /etc/shorewall/proxyarp # # For information about entries in this file, type "man shorewall-proxyarp" # # See http://shorewall.net/ProxyARP.htm for additional information. # ############################################################################### -#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT +#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT diff --git a/files/boilerplate/rtrules.header b/files/boilerplate/rtrules.header index fd9b2f4..7700816 100644 --- a/files/boilerplate/rtrules.header +++ b/files/boilerplate/rtrules.header @@ -1,8 +1,9 @@ # -# Shorewall version 4 - route rules File +# Shorewall -- /etc/shorewall/rtrules # # For information about entries in this file, type "man shorewall-rtrules" # # For additional information, see http://www.shorewall.net/MultiISP.html +# #################################################################################### -# SOURCE DEST PROVIDER PRIORITY MASK +#SOURCE DEST PROVIDER PRIORITY MASK diff --git a/files/boilerplate/rules.header b/files/boilerplate/rules.header index 764358a..1ebf187 100644 --- a/files/boilerplate/rules.header +++ b/files/boilerplate/rules.header @@ -1,10 +1,11 @@ # -# Shorewall version 3.4 - Rules File +# Shorewall -- /etc/shorewall/rules # # For information on the settings in this file, type "man shorewall-rules" # -# See http://shorewall.net/Documentation.htm#Rules for additional information. +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-rules.html # -############################################################################################################# -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK -# PORT PORT(S) DEST LIMIT GROUP +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER + diff --git a/files/boilerplate/start.header b/files/boilerplate/start.header index 689dff1..881cdfd 100644 --- a/files/boilerplate/start.header +++ b/files/boilerplate/start.header @@ -1,10 +1,8 @@ # -# Shorewall version 4 - Start File +# Shorewall -- /etc/shorewall/start # -# /etc/shorewall/start -# -# Add commands below that you want to be executed after shorewall has -# been started or restarted. +# Add commands below that you want to be executed after shorewall has +# been started, reloaded or restarted. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff --git a/files/boilerplate/stop.header b/files/boilerplate/stop.header index 0088abe..27a993b 100644 --- a/files/boilerplate/stop.header +++ b/files/boilerplate/stop.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Stop File +# Shorewall -- /etc/shorewall/stop # -# /etc/shorewall/stop -# -# Add commands below that you want to be executed at the beginning of a -# "shorewall stop" command. +# Add commands below that you want to be executed at the beginning of a +# "shorewall stop" command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/stopped.header b/files/boilerplate/stopped.header index 438e5e0..8cc6bc6 100644 --- a/files/boilerplate/stopped.header +++ b/files/boilerplate/stopped.header @@ -1,13 +1,10 @@ # -# Shorewall version 4 - Stopped File +# Shorewall -- /etc/shorewall/stopped # -# /etc/shorewall/stopped -# -# Add commands below that you want to be executed at the completion of a -# "shorewall stop" command. +# Add commands below that you want to be executed at the completion of a +# "shorewall stop" command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE diff --git a/files/boilerplate/tcclasses.header b/files/boilerplate/tcclasses.header index 025415b..b31b684 100644 --- a/files/boilerplate/tcclasses.header +++ b/files/boilerplate/tcclasses.header @@ -1,9 +1,9 @@ # -# Shorewall version 4 - Tcclasses File +# Shorewall -- /etc/shorewall/tcclasses # # For information about entries in this file, type "man shorewall-tcclasses" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### -#INTERFACE:CLASS MARK RATE CEIL PRIORITY OPTIONS +#INTERFACE MARK RATE CEIL PRIO OPTIONS diff --git a/files/boilerplate/tcdevices.header b/files/boilerplate/tcdevices.header index fe7c3d1..226192e 100644 --- a/files/boilerplate/tcdevices.header +++ b/files/boilerplate/tcdevices.header @@ -1,10 +1,9 @@ # -# Shorewall version 4 - Tcdevices File +# Shorewall -- /etc/shorewall/tcdevices # # For information about entries in this file, type "man shorewall-tcdevices" # # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### -#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED -#INTERFACE INTERFACES +#INTERFACE IN_BANDWITH OUT_BANDWIDTH OPTIONS REDIRECT diff --git a/files/boilerplate/tunnel.header b/files/boilerplate/tunnel.header index 638fd56..7bfd966 100644 --- a/files/boilerplate/tunnel.header +++ b/files/boilerplate/tunnel.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Tunnels File +# Shorewall -- /etc/shorewall/tunnels # # For information about entries in this file, type "man shorewall-tunnels" # @@ -7,5 +7,4 @@ # http://www.shorewall.net/manpages/shorewall-tunnels.html # ############################################################################### -#TYPE ZONE GATEWAY GATEWAY -# ZONE +#TYPE ZONE GATEWAY GATEWAY_ZONE diff --git a/files/boilerplate/zones.header b/files/boilerplate/zones.header index 5dada52..d4b8cbc 100644 --- a/files/boilerplate/zones.header +++ b/files/boilerplate/zones.header @@ -1,5 +1,5 @@ # -# Shorewall version 4 - Zones File +# Shorewall -- /etc/shorewall/zones # # For information about this file, type "man shorewall-zones" # @@ -7,6 +7,6 @@ # http://www.shorewall.net/manpages/shorewall-zones.html # ############################################################################### -#ZONE TYPE OPTIONS IN OUT -# OPTIONS OPTIONS -fw firewall +#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS + +fw firewall -- cgit v1.2.3 From d11b179b1b2f6083c0987e4650d89ad7831863e6 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Apr 2017 18:07:44 +0200 Subject: add mgmt of files for shorewall6 --- files/boilerplate6/zones.header | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 files/boilerplate6/zones.header (limited to 'files') diff --git a/files/boilerplate6/zones.header b/files/boilerplate6/zones.header new file mode 100644 index 0000000..3e445c5 --- /dev/null +++ b/files/boilerplate6/zones.header @@ -0,0 +1,11 @@ +# +# Shorewall6 -- /etc/shorewall6/zones +# +# For information about this file, type "man shorewall6-zones" +# +# The manpage is also online at +# http://www.shorewall.net/manpages6/shorewall6-zones.html +# +############################################################################### +#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS + -- cgit v1.2.3 From 312dd4b7b990f0fad0b55f050e4c5c8e17c7e20d Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 7 Apr 2017 18:14:03 +0200 Subject: we need this --- files/boilerplate6/zones.header | 1 + 1 file changed, 1 insertion(+) (limited to 'files') diff --git a/files/boilerplate6/zones.header b/files/boilerplate6/zones.header index 3e445c5..6ebe49b 100644 --- a/files/boilerplate6/zones.header +++ b/files/boilerplate6/zones.header @@ -9,3 +9,4 @@ ############################################################################### #ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS +fw firewall -- cgit v1.2.3 From 0a9d42a755723374b32571a9ed225493b1d36f58 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Apr 2017 13:25:56 +0200 Subject: add missing file --- files/boilerplate6/interfaces.header | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 files/boilerplate6/interfaces.header (limited to 'files') diff --git a/files/boilerplate6/interfaces.header b/files/boilerplate6/interfaces.header new file mode 100644 index 0000000..be98744 --- /dev/null +++ b/files/boilerplate6/interfaces.header @@ -0,0 +1,11 @@ +# +# Shorewall6 -- /etc/shorewall6/interfaces +# +# For information about entries in this file, type "man shorewall6-interfaces" +# +# The manpage is also online at +# http://www.shorewall.net/manpages6/shorewall6-interfaces.html +# +?FORMAT 2 +############################################################################### +#ZONE INTERFACE OPTIONS -- cgit v1.2.3 From e89e367f4a70b13bb2889203642ee5ec31367b75 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Apr 2017 13:59:11 +0200 Subject: add missing file --- files/boilerplate6/params.header | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 files/boilerplate6/params.header (limited to 'files') diff --git a/files/boilerplate6/params.header b/files/boilerplate6/params.header new file mode 100644 index 0000000..cf40b53 --- /dev/null +++ b/files/boilerplate6/params.header @@ -0,0 +1,23 @@ +# +# Shorewall6 -- /etc/shorewall6/params +# +# Assign any variables that you need here. +# +# It is suggested that variable names begin with an upper case letter +# to distinguish them from variables used internally within the +# Shorewall6 programs +# +# Example: +# +# NET_IF=eth0 +# NET_OPTIONS=dhcp,nosmurfs +# +# Example (/etc/shorewall6/interfaces record): +# +# net $NET_IF - $NET_OPTIONS +# +# The result will be the same as if the record had been written +# +# net eth0 - dhcp,nosmurfs +# +############################################################################### -- cgit v1.2.3 From 28a72736071330261ba8fa9dd5ca4e1202c1247f Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Apr 2017 18:57:53 +0200 Subject: make it possible to manage rules for ipv4 & ipv6 + add some more modern headers for certain versions --- files/boilerplate6/rules.header | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 files/boilerplate6/rules.header (limited to 'files') diff --git a/files/boilerplate6/rules.header b/files/boilerplate6/rules.header new file mode 100644 index 0000000..91e57a8 --- /dev/null +++ b/files/boilerplate6/rules.header @@ -0,0 +1,11 @@ +# +# Shorewall6 -- /etc/shorewall6/rules +# +# For information on the settings in this file, type "man shorewall6-rules" +# +# The manpage is also online at +# http://www.shorewall.net/manpages6/shorewall6-rules.html +# +############################################################################################################################################################## +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER + -- cgit v1.2.3 From 265cf2afa424b5bf9c48b6e8512308d8911a1eca Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 25 Apr 2017 17:24:50 +0200 Subject: add missing file --- files/boilerplate6/policy.header | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 files/boilerplate6/policy.header (limited to 'files') diff --git a/files/boilerplate6/policy.header b/files/boilerplate6/policy.header new file mode 100644 index 0000000..aee2ff0 --- /dev/null +++ b/files/boilerplate6/policy.header @@ -0,0 +1,10 @@ +# +# Shorewall6 -- /etc/shorewall6/policy +# +# For information about entries in this file, type "man shorewall6-policy" +# +# The manpage is also online at +# http://www.shorewall.net/manpages6/shorewall6-policy.html +# +############################################################################### +#SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT -- cgit v1.2.3 From db26643a43b74f5718f81a821316d6a58855b371 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 May 2017 17:37:05 +0200 Subject: also support EL6 style files --- files/boilerplate6/interfaces.header.CentOS.6 | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 files/boilerplate6/interfaces.header.CentOS.6 (limited to 'files') diff --git a/files/boilerplate6/interfaces.header.CentOS.6 b/files/boilerplate6/interfaces.header.CentOS.6 new file mode 100644 index 0000000..944bd94 --- /dev/null +++ b/files/boilerplate6/interfaces.header.CentOS.6 @@ -0,0 +1,12 @@ +# +# Shorewall6 version 4 - Interfaces File +# +# For information about entries in this file, type "man shorewall6-interfaces" +# +# The manpage is also online at +# http://www.shorewall.net/manpages6/shorewall6-interfaces.html +# +############################################################################### +FORMAT 2 +############################################################################### +#ZONE INTERFACE OPTIONS -- cgit v1.2.3 From 4112e79844623b76e0fc47e647a38f99c6d60d9e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 May 2017 21:08:58 +0200 Subject: correct snippet --- files/boilerplate6/interfaces.header.CentOS.6 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'files') diff --git a/files/boilerplate6/interfaces.header.CentOS.6 b/files/boilerplate6/interfaces.header.CentOS.6 index 944bd94..2e5bd3d 100644 --- a/files/boilerplate6/interfaces.header.CentOS.6 +++ b/files/boilerplate6/interfaces.header.CentOS.6 @@ -1,12 +1,11 @@ # -# Shorewall6 version 4 - Interfaces File +# Shorewall6 -- /etc/shorewall6/interfaces # # For information about entries in this file, type "man shorewall6-interfaces" # # The manpage is also online at # http://www.shorewall.net/manpages6/shorewall6-interfaces.html # -############################################################################### FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -- cgit v1.2.3 From 7332777829c19a63ce3d9bc50a2ddd40b940743a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 23 Jun 2017 12:03:17 -0400 Subject: fix filename rename --- files/boilerplate/tunnel.footer | 1 + files/boilerplate/tunnel.header | 10 ++++++++++ files/boilerplate/tunnels.footer | 1 - files/boilerplate/tunnels.header | 10 ---------- 4 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 files/boilerplate/tunnel.footer create mode 100644 files/boilerplate/tunnel.header delete mode 100644 files/boilerplate/tunnels.footer delete mode 100644 files/boilerplate/tunnels.header (limited to 'files') diff --git a/files/boilerplate/tunnel.footer b/files/boilerplate/tunnel.footer new file mode 100644 index 0000000..5e12d1d --- /dev/null +++ b/files/boilerplate/tunnel.footer @@ -0,0 +1 @@ +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/tunnel.header b/files/boilerplate/tunnel.header new file mode 100644 index 0000000..7bfd966 --- /dev/null +++ b/files/boilerplate/tunnel.header @@ -0,0 +1,10 @@ +# +# Shorewall -- /etc/shorewall/tunnels +# +# For information about entries in this file, type "man shorewall-tunnels" +# +# The manpage is also online at +# http://www.shorewall.net/manpages/shorewall-tunnels.html +# +############################################################################### +#TYPE ZONE GATEWAY GATEWAY_ZONE diff --git a/files/boilerplate/tunnels.footer b/files/boilerplate/tunnels.footer deleted file mode 100644 index 5e12d1d..0000000 --- a/files/boilerplate/tunnels.footer +++ /dev/null @@ -1 +0,0 @@ -#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/files/boilerplate/tunnels.header b/files/boilerplate/tunnels.header deleted file mode 100644 index 7bfd966..0000000 --- a/files/boilerplate/tunnels.header +++ /dev/null @@ -1,10 +0,0 @@ -# -# Shorewall -- /etc/shorewall/tunnels -# -# For information about entries in this file, type "man shorewall-tunnels" -# -# The manpage is also online at -# http://www.shorewall.net/manpages/shorewall-tunnels.html -# -############################################################################### -#TYPE ZONE GATEWAY GATEWAY_ZONE -- cgit v1.2.3