From 8c018a38aadafc94762c6f9bf7efdf9640bbac9b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 12 Jul 2012 19:32:12 -0400 Subject: update to latest upstream --- files/shorewall.conf.CentOS.6 | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'files') diff --git a/files/shorewall.conf.CentOS.6 b/files/shorewall.conf.CentOS.6 index 0d7a9be..7f9013b 100644 --- a/files/shorewall.conf.CentOS.6 +++ b/files/shorewall.conf.CentOS.6 @@ -42,6 +42,8 @@ LOGLIMIT= MACLIST_LOG_LEVEL=info +RELATED_LOG_LEVEL= + SFILTER_LOG_LEVEL=info SMURF_LOG_LEVEL=info @@ -54,7 +56,9 @@ TCP_FLAGS_LOG_LEVEL=info # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ############################################################################### -CONFIG_PATH="/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall" +CONFIG_PATH="/etc/shorewall/puppet:${CONFDIR}/shorewall:${SHAREDIR}/shorewall" + +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= @@ -62,6 +66,8 @@ IP= IPSET= +LOCKFILE= + MODULESDIR= PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" @@ -139,7 +145,7 @@ FORWARD_CLEAR_MARK= IMPLICIT_CONTINUE=Yes -HIGH_ROUTE_MARKS=No +IPSET_WARNINGS=Yes IP_FORWARDING=On @@ -149,7 +155,7 @@ LEGACY_FASTSTART=Yes LOAD_HELPERS_ONLY=No -MACLIST_TABLE=mangle +MACLIST_TABLE=filter MACLIST_TTL= @@ -191,7 +197,7 @@ TRACK_PROVIDERS=No USE_DEFAULT_RT=No -WIDE_TC_MARKS=No +USE_PHYSICAL_NAMES=No ZONE2ZONE=2 @@ -201,7 +207,9 @@ ZONE2ZONE=2 BLACKLIST_DISPOSITION=DROP -MACLIST_DISPOSITION=DROP +MACLIST_DISPOSITION=REJECT + +RELATED_DISPOSITION=ACCEPT SMURF_DISPOSITION=DROP @@ -209,6 +217,20 @@ SFILTER_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP +################################################################################ +# P A C K E T M A R K L A Y O U T +################################################################################ + +TC_BITS= + +PROVIDER_BITS= + +PROVIDER_OFFSET= + +MASK_BITS= + +ZONE_BITS=0 + ################################################################################ # L E G A C Y O P T I O N # D O N O T D E L E T E O R A L T E R -- cgit v1.2.3