Update of /cvsroot/leaf/src/bering-uclibc/contrib/shorewall
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11704
Added Files:
buildtool.cfg buildtool.mk shorewall-config.diff
shorewall-default shorewall-lrp.diff
Log Message:
shorewall 2.4.0
--- NEW FILE: shorewall-config.diff ---
diff -urN shorewall-2.4.0.orig/interfaces shorewall-2.4.0/interfaces
--- shorewall-2.4.0.orig/interfaces 2005-05-17 21:02:12.000000000 +0200
+++ shorewall-2.4.0/interfaces 2005-06-19 12:36:14.000000000 +0200
@@ -214,4 +214,6 @@
##############################################################################
#ZONE INTERFACE BROADCAST OPTIONS GATEWAY
#
+net eth0 detect dhcp,routefilter,norfc1918
+loc eth1 detect dhcp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -urN shorewall-2.4.0.orig/masq shorewall-2.4.0/masq
--- shorewall-2.4.0.orig/masq 2005-05-02 22:54:43.000000000 +0200
+++ shorewall-2.4.0/masq 2005-06-19 12:36:14.000000000 +0200
@@ -213,4 +213,5 @@
#
###############################################################################
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
+eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
diff -urN shorewall-2.4.0.orig/policy shorewall-2.4.0/policy
--- shorewall-2.4.0.orig/policy 2005-05-02 22:54:43.000000000 +0200
+++ shorewall-2.4.0/policy 2005-06-19 12:36:14.000000000 +0200
@@ -89,4 +89,14 @@
###############################################################################
#SOURCE DEST POLICY LOG
LIMIT:BURST
# LEVEL
+loc net ACCEPT
+net all DROP ULOG
+# If you want open access to the Internet from your Firewall
+# remove the comment from the following line.
+#fw net ACCEPT
+
+#
+# THE FOLLOWING POLICY MUST BE LAST
+#
+all all REJECT ULOG
#LAST LINE -- DO NOT REMOVE
diff -urN shorewall-2.4.0.orig/rules shorewall-2.4.0/rules
--- shorewall-2.4.0.orig/rules 2005-06-02 16:08:57.000000000 +0200
+++ shorewall-2.4.0/rules 2005-06-19 12:36:14.000000000 +0200
@@ -368,4 +368,28 @@
####################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/
# PORT PORT(S) DEST
LIMIT GROUP
+
+# Accept DNS connections from the firewall to the network
+# and from the local network to the firewall (in case dnsmasq is running)
+AllowDNS fw net
+AllowDNS loc fw
+
+# Accept SSH connections from the local network for administration
+#
+AllowSSH loc fw
+
+# Allow Ping to Firewall
+#
+AllowPing net fw
+AllowPing loc fw
+
+#
+# Allow all ICMP types (including ping) from firewall
+ACCEPT fw loc icmp
+ACCEPT fw net icmp
+
+# Allow local network to access weblet/webconf
+#
+AllowWeb loc fw
+
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -urN shorewall-2.4.0.orig/zones shorewall-2.4.0/zones
--- shorewall-2.4.0.orig/zones 2005-05-02 22:59:48.000000000 +0200
+++ shorewall-2.4.0/zones 2005-06-19 12:36:14.000000000 +0200
@@ -24,4 +24,9 @@
# dmz DMZ Demilitarized zone.
#
#ZONE DISPLAY COMMENTS
+
+net Net Internet
+loc Local Local networks
+#dmz DMZ Demilitarized zone
+
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- NEW FILE: buildtool.cfg ---
<Server shorewall-net>
Type = http
Name = www.shorewall.net
Serverpath = /pub/shorewall
</Server>
<File shorewall-2.4.0.tgz>
Server = shorewall-net
Directory = 2.4/shorewall-2.4.0
Envname = SHOREWALL_SOURCE
</File>
<File buildtool.mk>
Server = cvs-contrib-sourceforge
Revision = HEAD
Directory = shorewall
</File>
# This patch provides generic changes to run under Bering uClibc
<File shorewall-lrp.diff>
Server = cvs-contrib-sourceforge
Revision = HEAD
Directory = shorewall
Envname = SHOREWALL_LRP_DIFF
</File>
# This patch provides the Bering-uClibc specific configuration defaults
<File shorewall-config.diff>
Server = cvs-contrib-sourceforge
Revision = HEAD
Directory = shorewall
Envname = SHOREWALL_CONFIG_DIFF
</File>
# This patch provides the Bering-uClibc specific configuration defaults
<File shorewall-default>
Server = cvs-contrib-sourceforge
Revision = HEAD
Directory = shorewall
Envname = SHOREWALL_DEFAULT
</File>
# ---------------------------------------------------------------------
<Package>
<shorwall>
Version 2.4.0
Revision = 1
Help <<EOF
Shoreline Firewall (Shorewall)
Homepage: http://www.shorewall.net
Requires: iptables.lrp ulogd.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = etc/init.d/shorewall
Source = etc/init.d/shorewall
Permissions = 755
Type = binary
</File>
<File>
Filename = sbin/shorewall
Source = sbin/shorewall
Permissions = 755
Type = binary
</File>
<File>
Filename = usr/share/shorewall/
Type = list
</File>
<File>
Filename = usr/share/shorewall/
Source = usr/share/shorewall/*
Type = binary
</File>
<File>
Filename = usr/share/shorewall/firewall
Source = usr/share/shorewall/firewall
Permissions = 755
Type = binary
</File>
<File>
Filename = usr/share/shorewall/help
Source = usr/share/shorewall/help
Permissions = 755
Type = binary
</File>
<File>
Filename = var/lib/shorewall/
Type = directory
Type = list
</File>
<File>
Filename = var/lib/shorewall/*
Type = exclude
</File>
<File>
Filename = var/state/shorewall/
Type = directory
Type = list
</File>
<File>
Filename = var/state/shorewall/*
Type = exclude
</File>
<File>
Filename = etc/default/shorewall
Source = etc/default/shorewall
Description = Default Shorewall Runtime
Startup options
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/
Type = list
</File>
<File>
Filename = etc/shorewall/start.d
Type = directory
Type = list
</File>
<File>
Filename = etc/shorewall/stop.d
Type = directory
Type = list
</File>
<File>
Filename = etc/shorewall/
Source = etc/shorewall/*
Permissions = 600
Type = binary
</File>
<File>
Filename = etc/shorewall/params
Source = etc/shorewall/params
Permissions = 600
Description = Params Assign parameter values
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/zones
Source = etc/shorewall/zones
Description = Zones Partition the network
into Zones
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/interfaces
Source = etc/shorewall/interfaces
Permissions = 600
Description = Ifaces Shorewall Networking
Interfaces
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/ipsec
Source = etc/shorewall/ipsec
Permissions = 600
Description = Ipsec Define Zone IPSEC
Properties
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/hosts
Source = etc/shorewall/hosts
Permissions = 600
Description = Hosts Define specific zones
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/policy
Source = etc/shorewall/policy
Permissions = 600
Description = Policy Firewall high-level
policy
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/rules
Source = etc/shorewall/rules
Permissions = 600
Description = Rules Exceptions to policy
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/maclist
Source = etc/shorewall/maclist
Permissions = 600
Description = Maclist MAC Verification
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/masq
Source = etc/shorewall/masq
Permissions = 600
Description = Masq Internal MASQ Server
Configuration
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/proxyarp
Source = etc/shorewall/proxyarp
Permissions = 600
Description = ProxyArp Proxy ARP Configuration
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/routestopped
Source = etc/shorewall/routestopped
Permissions = 600
Description = RStopped Hosts admitted after
'shorewall stop'
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/nat
Source = etc/shorewall/nat
Permissions = 600
Description = Nat Static NAT Configuration
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/tunnels
Source = etc/shorewall/tunnels
Permissions = 600
Description = Tunnels Tunnel Definition
(ipsec)
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/tcrules
Source = etc/shorewall/tcrules
Permissions = 600
Description = TCRules FWMark Rules
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/shorewall.conf
Source = etc/shorewall/shorewall.conf
Permissions = 600
Description = Config Shorewall Global
Parameters
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/modules
Source = etc/shorewall/modules
Permissions = 600
Description = Modules Netfilter modules to
load
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/tos
Source = etc/shorewall/tos
Permissions = 600
Description = TOS Type of Service policy
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/blacklist
Source = etc/shorewall/blacklist
Permissions = 600
Description = Blacklist Blacklisted hosts
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/ecn
Source = etc/shorewall/ecn
Permissions = 600
Description = ECN Disable ECN to hosts
and networks
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/init
Source = etc/shorewall/init
Permissions = 600
Description = Init Commands executed
before [re]start
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/start
Source = etc/shorewall/start
Permissions = 600
Description = Start Commands executed after
[re]start
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/stop
Source = etc/shorewall/stop
Permissions = 600
Description = Stop Commands executed
before stop
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/stopped
Source = etc/shorewall/stopped
Permissions = 600
Description = Stopped Commands executed after
stop
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/accounting
Source = etc/shorewall/accounting
Permissions = 600
Description = Account Traffic Accounting Rules
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/actions
Source = etc/shorewall/actions
Permissions = 600
Description = Actions Define user actions
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/continue
Source = etc/shorewall/continue
Permissions = 600
Description = Continue Commands executed early
in [re]start
Type = binary
Type = conf
</File>
<File>
Filename = etc/shorewall/netmap
Source = etc/shorewall/netmap
Permissions = 600
Description = Netmap Network Mapping Table
Type = binary
Type = conf
</File>
</Contents>
</shorwall>
</Package>
--- NEW FILE: buildtool.mk ---
######################################
#
# buildtool makefile for Shoreline Firewall
#
######################################
include $(MASTERMAKEFILE)
TARGET_DIR=$(BT_BUILD_DIR)/shorewall
SHOREWALL_DIR:=shorewall-2.4.0
$(SHOREWALL_DIR)/.source:
zcat $(SHOREWALL_SOURCE) | tar -xvf -
cat $(SHOREWALL_LRP_DIFF) | patch -d $(SHOREWALL_DIR) -p1
cat $(SHOREWALL_CONFIG_DIFF) | patch -d $(SHOREWALL_DIR) -p1
touch $(SHOREWALL_DIR)/.source
$(SHOREWALL_DIR)/.build: $(SHOREWALL_DIR)/.source
mkdir -p $(TARGET_DIR)
(cd $(SHOREWALL_DIR); env PREFIX=$(TARGET_DIR) ./install.sh)
chmod 755 $(TARGET_DIR)/usr/share/shorewall/{firewall,help}
mkdir -p $(TARGET_DIR)/etc/default
install -c $(SHOREWALL_DEFAULT) $(TARGET_DIR)/etc/default/shorewall
touch $(SHOREWALL_DIR)/.build
source: $(SHOREWALL_DIR)/.source
build: $(SHOREWALL_DIR)/.build
cp -af $(TARGET_DIR)/* $(BT_STAGING_DIR)
clean: stageclean
rm -rf $(TARGET_DIR)
rm -f $(SHOREWALL_DIR)/.build
stageclean:
rm -f $(BT_STAGING_DIR)/etc/init.d/shorewall
rm -f $(BT_STAGING_DIR)/etc/default/shorewall
rm -f $(BT_STAGING_DIR)/sbin/shorewall
rm -rf $(BT_STAGING_DIR)/etc/shorewall
rm -rf $(BT_STAGING_DIR)/usr/share/shorewall
rm -rf $(BT_STAGING_DIR)/var/lib/shorewall
rm -rf $(BT_STAGING_DIR)/var/state/shorewall
srcclean: clean
rm -rf $(SHOREWALL_DIR)
--- NEW FILE: shorewall-default ---
#
# Shoreline Firewall startup options
#
# Any flags that appear in this file will be passed to shorewall
# by init.d on startup.
#
# -f = fast
# -q = quiet
#
OPTIONS=""
--- NEW FILE: shorewall-lrp.diff ---
diff -urN shorewall-2.4.0.orig/init.sh shorewall-2.4.0/init.sh
--- shorewall-2.4.0.orig/init.sh 2005-05-23 19:58:06.000000000 +0200
+++ shorewall-2.4.0/init.sh 2005-06-19 12:32:41.000000000 +0200
@@ -72,12 +72,12 @@
case "$command" in
- start)
+ start|restart)
- exec /sbin/shorewall $OPTIONS start
+ exec /sbin/shorewall $OPTIONS $@
;;
- stop|restart|status)
+ stop|status)
exec /sbin/shorewall $@
;;
diff -urN shorewall-2.4.0.orig/shorewall.conf shorewall-2.4.0/shorewall.conf
--- shorewall-2.4.0.orig/shorewall.conf 2005-06-04 02:59:39.000000000 +0200
+++ shorewall-2.4.0/shorewall.conf 2005-06-19 12:32:41.000000000 +0200
@@ -13,7 +13,7 @@
# Once you have configured Shorewall, you may change the setting of
# this variable to 'Yes'
-STARTUP_ENABLED=No
+STARTUP_ENABLED=Yes
##############################################################################
# L O G G I N G
@@ -67,7 +67,7 @@
#
# http://www.shorewall.net/shorewall_logging.html
-LOGFILE=/var/log/messages
+LOGFILE=/var/log/shorewall.log
#
# LOG FORMAT
@@ -175,7 +175,7 @@
#
# Example: LOGNEWNOTSYN=debug
-LOGNEWNOTSYN=info
+LOGNEWNOTSYN=ULOG
#
# MAC List Log Level
@@ -187,7 +187,7 @@
# See the comment at the top of this section for a description of log levels
#
-MACLIST_LOG_LEVEL=info
+MACLIST_LOG_LEVEL=ULOG
#
# TCP FLAGS Log Level
@@ -199,7 +199,7 @@
# See the comment at the top of this section for a description of log levels
#
-TCP_FLAGS_LOG_LEVEL=info
+TCP_FLAGS_LOG_LEVEL=ULOG
#
# RFC1918 Log Level
@@ -211,7 +211,7 @@
# See the comment at the top of this section for a description of log levels
#
-RFC1918_LOG_LEVEL=info
+RFC1918_LOG_LEVEL=ULOG
#
# SMURF Log Level
@@ -225,7 +225,7 @@
# See the comment at the top of this section for a description of log levels
#
-SMURF_LOG_LEVEL=info
+SMURF_LOG_LEVEL=ULOG
#
# BOGON Log Level
@@ -239,7 +239,7 @@
# See the comment at the top of this section for a description of log levels
#
-BOGON_LOG_LEVEL=info
+BOGON_LOG_LEVEL=ULOG
#
# MARTIAN LOGGING
@@ -287,7 +287,7 @@
# use lock files, set this to "".
#
-SUBSYSLOCK=/var/lock/subsys/shorewall
+SUBSYSLOCK=/var/run/shorewall
#
# SHOREWALL TEMPORARY STATE DIRECTORY
@@ -296,7 +296,7 @@
# it is running
#
-STATEDIR=/var/lib/shorewall
+STATEDIR=/var/state/shorewall
#
# KERNEL MODULE DIRECTORY
@@ -684,7 +684,7 @@
# Shorewall to disable IPV6 traffic to/from and through your
# firewall system. This requires that you have ip6tables installed.
-DISABLE_IPV6=Yes
+DISABLE_IPV6=No
#
# BRIDGING
diff -urN shorewall-2.4.0.orig/start shorewall-2.4.0/start
--- shorewall-2.4.0.orig/start 2005-05-02 22:54:43.000000000 +0200
+++ shorewall-2.4.0/start 2005-06-19 12:32:41.000000000 +0200
@@ -6,3 +6,6 @@
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
+for file in /etc/shorewall/start.d/* ; do
+ run_user_exit $file
+done
diff -urN shorewall-2.4.0.orig/stop shorewall-2.4.0/stop
--- shorewall-2.4.0.orig/stop 2005-05-02 22:54:43.000000000 +0200
+++ shorewall-2.4.0/stop 2005-06-19 12:32:41.000000000 +0200
@@ -6,3 +6,6 @@
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
+for file in /etc/shorewall/stop.d/* ; do
+ run_user_exit $file
+done
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
