Update of /cvsroot/leaf/src/bering-uclibc/apps/shorewall
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv1483
Modified Files:
buildtool.cfg shorewall-config.diff
Log Message:
enable traceroute from firewall to net
cleanup icmp
Index: shorewall-config.diff
===================================================================
RCS file: /cvsroot/leaf/src/bering-uclibc/apps/shorewall/shorewall-config.diff,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** shorewall-config.diff 22 Jun 2007 18:30:38 -0000 1.4
--- shorewall-config.diff 31 Jan 2009 18:16:04 -0000 1.5
***************
*** 1,5 ****
! diff -urN shorewall-3.4.0-Beta3.orig/interfaces
shorewall-3.4.0-Beta3/interfaces
! --- shorewall-3.4.0-Beta3.orig/interfaces 2006-12-18 22:57:44.000000000
+0100
! +++ shorewall-3.4.0-Beta3/interfaces 2007-01-22 22:20:25.000000000 +0100
@@ -8,4 +8,6 @@
#
--- 1,5 ----
! diff -urN shorewall-3.4.8.orig/interfaces shorewall-3.4.8/interfaces
! --- shorewall-3.4.8.orig/interfaces 2007-09-08 18:45:59.000000000 +0200
! +++ shorewall-3.4.8/interfaces 2009-01-31 18:56:24.000000000 +0100
@@ -8,4 +8,6 @@
#
***************
*** 9,15 ****
+loc eth1 detect dhcp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
! diff -urN shorewall-3.4.0-Beta3.orig/policy shorewall-3.4.0-Beta3/policy
! --- shorewall-3.4.0-Beta3.orig/policy 2006-12-18 22:57:44.000000000 +0100
! +++ shorewall-3.4.0-Beta3/policy 2007-01-22 22:21:08.000000000 +0100
@@ -8,4 +8,13 @@
###############################################################################
--- 9,15 ----
+loc eth1 detect dhcp
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
! diff -urN shorewall-3.4.8.orig/policy shorewall-3.4.8/policy
! --- shorewall-3.4.8.orig/policy 2007-09-08 18:45:59.000000000 +0200
! +++ shorewall-3.4.8/policy 2009-01-31 18:57:38.000000000 +0100
@@ -8,4 +8,13 @@
###############################################################################
***************
*** 26,32 ****
+all all REJECT ULOG
#LAST LINE -- DO NOT REMOVE
! diff -urN shorewall-3.4.0-Beta3.orig/zones shorewall-3.4.0-Beta3/zones
! --- shorewall-3.4.0-Beta3.orig/zones 2006-12-18 22:57:44.000000000 +0100
! +++ shorewall-3.4.0-Beta3/zones 2007-01-22 22:24:05.000000000 +0100
@@ -9,4 +9,7 @@
#ZONE TYPE OPTIONS IN OUT
--- 26,32 ----
+all all REJECT ULOG
#LAST LINE -- DO NOT REMOVE
! diff -urN shorewall-3.4.8.orig/zones shorewall-3.4.8/zones
! --- shorewall-3.4.8.orig/zones 2007-09-08 18:45:59.000000000 +0200
! +++ shorewall-3.4.8/zones 2009-01-31 18:58:23.000000000 +0100
@@ -9,4 +9,7 @@
#ZONE TYPE OPTIONS IN OUT
***************
*** 37,44 ****
+#dmz ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
! diff -urN shorewall-3.4.0-Beta3.orig/rules shorewall-3.4.0-Beta3/rules
! --- shorewall-3.4.0-Beta3.orig/rules 2006-12-18 22:57:44.000000000 +0100
! +++ shorewall-3.4.0-Beta3/rules 2007-02-03 14:09:44.000000000 +0100
! @@ -11,4 +11,29 @@
#SECTION ESTABLISHED
#SECTION RELATED
--- 37,44 ----
+#dmz ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
! diff -urN shorewall-3.4.8.orig/rules shorewall-3.4.8/rules
! --- shorewall-3.4.8.orig/rules 2007-09-08 18:45:59.000000000 +0200
! +++ shorewall-3.4.8/rules 2009-01-31 19:02:28.000000000 +0100
! @@ -11,4 +11,31 @@
#SECTION ESTABLISHED
#SECTION RELATED
***************
*** 53,65 ****
+SSH/ACCEPT loc fw
+
! +# Allow Ping to Firewall
+#
+Ping/ACCEPT net fw
+Ping/ACCEPT loc fw
+
+#
! +# Allow all ICMP types (including ping) from firewall
! +ACCEPT fw loc icmp
! +ACCEPT fw net icmp
+# Allow local network to access weblet/webconf
+#
--- 53,67 ----
+SSH/ACCEPT loc fw
+
! +# Allow Ping to Firewall and from Firewall
+#
+Ping/ACCEPT net fw
+Ping/ACCEPT loc fw
+ +Ping/ACCEPT fw net
+ +Ping/ACCEPT fw loc
+
+ +# Allow traceroute from firewall
+#
! +Trcrt/ACCEPT fw net
! +
+# Allow local network to access weblet/webconf
+#
***************
*** 70,80 ****
+# NTP/ACCEPT loc fw
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
! diff -urN shorewall-3.4.4-orig/masq shorewall-3.4.4/masq
! --- shorewall-3.4.4-orig/masq 2007-05-01 23:14:47.000000000 +0200
! +++ shorewall-3.4.4/masq 2007-06-22 15:28:14.000000000 +0200
@@ -7,4 +7,5 @@
#
###############################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
MARK
! +eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- 72,82 ----
+# NTP/ACCEPT loc fw
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
! diff -urN shorewall-3.4.8.orig/masq shorewall-3.4.8/masq
! --- shorewall-3.4.8.orig/masq 2007-09-08 18:45:59.000000000 +0200
! +++ shorewall-3.4.8/masq 2009-01-31 19:02:51.000000000 +0100
@@ -7,4 +7,5 @@
#
###############################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
MARK
! +eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Index: buildtool.cfg
===================================================================
RCS file: /cvsroot/leaf/src/bering-uclibc/apps/shorewall/buildtool.cfg,v
retrieving revision 1.29
retrieving revision 1.30
diff -C2 -d -r1.29 -r1.30
*** buildtool.cfg 2 Mar 2008 16:23:32 -0000 1.29
--- buildtool.cfg 31 Jan 2009 18:16:04 -0000 1.30
***************
*** 113,117 ****
packagename=shorwall
Version 3.4.8
! Revision = 1
Help <<EOF
--- 113,117 ----
packagename=shorwall
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 139,143 ****
<shorwall-maclist>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 139,143 ----
<shorwall-maclist>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 165,169 ****
<shorwall-accounting>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 165,169 ----
<shorwall-accounting>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 191,195 ****
<shorwall-providers>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 191,195 ----
<shorwall-providers>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 216,220 ****
<shorwall-dynamiczones>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 216,220 ----
<shorwall-dynamiczones>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 241,245 ****
<shorwall-proxyarp>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 241,245 ----
<shorwall-proxyarp>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 266,270 ****
<shorwall-tunnels>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 266,270 ----
<shorwall-tunnels>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 291,295 ****
<shorwall-tcrules>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 291,295 ----
<shorwall-tcrules>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 316,320 ****
<shorwall-tc>
Version 3.4.8
! Revision = 1
Help <<EOF
--- 316,320 ----
<shorwall-tc>
Version 3.4.8
! Revision = 2
Help <<EOF
***************
*** 343,347 ****
packagename=shorwall
Version 3.4.8
! Revision = 1
Help <<EOF
--- 343,347 ----
packagename=shorwall
Version 3.4.8
! Revision = 2
Help <<EOF
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
