Eduardo Ferreira
2005-May-31 12:44 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behaviour
Hi all,
I was trying to test ROUTE specific code with a multi-isp serviced box.
There is a bug somewhere, but I''m not able to understand what the real
problem is:
when I issue a "shorewall show capabilities" I get:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
ROUTE Target: Not available
Extended MARK Target: Not available
CONNMARK Target: Available
Connmark Match: Available
but the following command works fine:
iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1
For this reason, a "shorewall start" fails when it processes the route
file.
hope this helps
PS: I spent the last 24 hours trying to understand why, every two boots, I
loose all my ethernet devices. This is a fedora-rc3 2.6.11 kernel with
ipset, ROUTE and policy patches applied. If someone has any hints on how
to avoid this behaviour, I''ll be very gratefull.
________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606
-------------- next part --------------
+ shift
+ nolock+ ''['' 1 -gt 1 '']''
+ trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9
+ COMMAND=restart
+ case "$COMMAND" in
+ ''['' 1 -ne 1 '']''
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ umask 177
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version+ IPTABLES+ FW+ SUBSYSLOCK+ STATEDIR+ ALLOWRELATED=Yes
+ LOGRATE+ LOGBURST+ LOGPARMS+ LOGLIMIT+ ADD_IP_ALIASES+ ADD_SNAT_ALIASES+
TC_ENABLED+ BLACKLIST_DISPOSITION+ BLACKLIST_LOGLEVEL+ CLAMPMSS+ ROUTE_FILTER+
LOG_MARTIANS+ DETECT_DNAT_IPADDRS+ MUTEX_TIMEOUT+ NEWNOTSYN+ LOGNEWNOTSYN+
FORWARDPING+ MACLIST_DISPOSITION+ MACLIST_LOG_LEVEL+ TCP_FLAGS_DISPOSITION+
TCP_FLAGS_LOG_LEVEL+ RFC1918_LOG_LEVEL+ BOGON_LOG_LEVEL+ MARK_IN_FORWARD_CHAIN+
SHARED_DIR=/usr/share/shorewall
+ FUNCTIONS+ VERSION_FILE+ LOGFORMAT+ LOGRULENUMBERS+ ADMINISABSENTMINDED+
BLACKLISTNEWONLY+ MODULE_SUFFIX+ ACTIONS+ USEDACTIONS+ SMURF_LOG_LEVEL+
DISABLE_IPV6+ BRIDGING+ DYNAMIC_ZONES+ PKTTYPE+ RETAIN_ALIASES+
DELAYBLACKLISTLOAD+ LOGTAGONLY+ LOGALLNEW+ DROPINVALID+ RFC1918_STRICT+
MACLIST_TTL+ SAVE_IPSETS+ RESTOREFILE+ RESTOREBASE+ TMP_DIR+ CROSSBEAM+
CROSSBEAM_BACKBONE+ ALL_INTERFACES+ ROUTEMARK_INTERFACES+ ROUTEMARK=256
+ PROVIDERS+ stopping+ have_mutex+ masq_seq=1
+ nonat_seq=1
+ aliases_to_add+ FUNCTIONS=/usr/share/shorewall/functions
+ ''['' -f /usr/share/shorewall/functions '']''
+ ''['' -n '''' '']''
+ echo ''Loading /usr/share/shorewall/functions...''
Loading /usr/share/shorewall/functions...
+ . /usr/share/shorewall/functions
++ LEFTSHIFT=''<<''
++ mktempdir
++ ''['' -z '''' '']''
++ find_mktemp
+++ which mktemp
++ local mktemp=/bin/mktemp
++ ''['' -n /bin/mktemp '']''
++ qt mktemp -V
++ mktemp -V
++ MKTEMP=STD
++ case "$MKTEMP" in
++ mktemp -td shorewall.XXXXXX
+ TMP_DIR=/tmp/shorewall.nm8830
+ ''['' -n /tmp/shorewall.nm8830 '']''
+ chmod 700 /tmp/shorewall.nm8830
+ trap ''rm -rf /tmp/shorewall.nm8830; my_mutex_off; exit 2'' 1
2 3 4 5 6 9
+ ensure_config_path
+ local F=/usr/share/shorewall/configpath
+ ''['' -z /etc/shorewall:/usr/share/shorewall
'']''
+ VERSION_FILE=/usr/share/shorewall/version
+ ''['' -f /usr/share/shorewall/version '']''
++ cat /usr/share/shorewall/version
+ version=2.4.0-RC2
+ run_user_exit params
++ find_file params
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /params
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/params '']''
++ echo /etc/shorewall/params
++ IFS=''
''
++ return
+ local user_exit=/etc/shorewall/params
+ ''['' -f /etc/shorewall/params '']''
+ progress_message ''Processing /etc/shorewall/params ...''
+ ''['' -n '''' '']''
+ echo ''Processing /etc/shorewall/params ...''
Processing /etc/shorewall/params ...
+ . /etc/shorewall/params
++ find_file shorewall.conf
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /shorewall.conf
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/shorewall.conf '']''
++ echo /etc/shorewall/shorewall.conf
++ IFS=''
''
++ return
+ config=/etc/shorewall/shorewall.conf
+ ''['' -f /etc/shorewall/shorewall.conf '']''
+ ''['' -r /etc/shorewall/shorewall.conf '']''
+ ''['' -n '''' '']''
+ echo ''Processing /etc/shorewall/shorewall.conf...''
Processing /etc/shorewall/shorewall.conf...
+ . /etc/shorewall/shorewall.conf
++ STARTUP_ENABLED=Yes
++ LOGFILE=/var/log/messages
++ LOGFORMAT=Shorewall:%s:%s:
++ LOGTAGONLY=No
++ LOGRATE++ LOGBURST++ LOGALLNEW++ BLACKLIST_LOGLEVEL++ LOGNEWNOTSYN=info
++ MACLIST_LOG_LEVEL=info
++ TCP_FLAGS_LOG_LEVEL=info
++ RFC1918_LOG_LEVEL=info
++ SMURF_LOG_LEVEL=info
++ BOGON_LOG_LEVEL=info
++ LOG_MARTIANS=No
++ IPTABLES++ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
++ SHOREWALL_SHELL=/bin/sh
++ SUBSYSLOCK=/var/lock/subsys/shorewall
++ STATEDIR=/var/lib/shorewall
++ MODULESDIR++ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
++ RESTOREFILE++ FW=fw
++ IP_FORWARDING=On
++ ADD_IP_ALIASES=Yes
++ ADD_SNAT_ALIASES=No
++ RETAIN_ALIASES=No
++ TC_ENABLED=No
++ CLEAR_TC=Yes
++ MARK_IN_FORWARD_CHAIN=No
++ CLAMPMSS=No
++ ROUTE_FILTER=No
++ DETECT_DNAT_IPADDRS=No
++ MUTEX_TIMEOUT=60
++ NEWNOTSYN=Yes
++ ADMINISABSENTMINDED=Yes
++ BLACKLISTNEWONLY=Yes
++ DELAYBLACKLISTLOAD=No
++ MODULE_SUFFIX++ DISABLE_IPV6=Yes
++ BRIDGING=No
++ DYNAMIC_ZONES=No
++ PKTTYPE=Yes
++ DROPINVALID=No
++ RFC1918_STRICT=No
++ MACLIST_TTL++ SAVE_IPSETS=No
++ CROSSBEAM=No
++ CROSSBEAM_BACKBONE=eth0
++ BLACKLIST_DISPOSITION=DROP
++ MACLIST_DISPOSITION=REJECT
++ TCP_FLAGS_DISPOSITION=DROP
+ ensure_config_path
+ local F=/usr/share/shorewall/configpath
+ ''['' -z /etc/shorewall:/usr/share/shorewall
'']''
+ ''['' -n '''' '']''
+ MODULE_SUFFIX=''o gz ko o.gz ko.gz''
+ load_kernel_modules
+ save_modules_dir+ ''['' -z ''''
'']''
++ uname -r
+ MODULESDIR=/lib/modules/2.6.11/kernel/net/ipv4/netfilter
++ find_file modules
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /modules
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/modules '']''
++ echo /etc/shorewall/modules
++ IFS=''
''
++ return
+ modules=/etc/shorewall/modules
+ ''['' -f /etc/shorewall/modules -a -d
/lib/modules/2.6.11/kernel/net/ipv4/netfilter '']''
+ progress_message ''Loading Modules...''
+ ''['' -n '''' '']''
+ echo ''Loading Modules...''
Loading Modules...
+ . /etc/shorewall/modules
++ loadmodule ip_tables
++ local modulename=ip_tables
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_tables
++ ''['' -z ''ip_tables 23936 19
ipt_ROUTE,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_CONNMARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_REJECT,ipt_conntrack,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule iptable_filter
++ local modulename=iptable_filter
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep iptable_filter
++ ''['' -z ''iptable_filter 3328 1
ip_tables 23936 19
ipt_ROUTE,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_CONNMARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_REJECT,ipt_conntrack,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule ip_conntrack
++ local modulename=ip_conntrack
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack
++ ''['' -z ''ip_conntrack_irc 72976 1 ip_nat_irc
ip_conntrack_tftp 4496 1 ip_nat_tftp
ip_conntrack_ftp 74000 1 ip_nat_ftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_ftp
++ local modulename=ip_conntrack_ftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_ftp
++ ''['' -z ''ip_conntrack_ftp 74000 1 ip_nat_ftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_tftp
++ local modulename=ip_conntrack_tftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_tftp
++ ''['' -z ''ip_conntrack_tftp 4496 1
ip_nat_tftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_irc
++ local modulename=ip_conntrack_irc
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_irc
++ ''['' -z ''ip_conntrack_irc 72976 1 ip_nat_irc
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule iptable_nat
++ local modulename=iptable_nat
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep iptable_nat
++ ''['' -z ''iptable_nat 23900 5
ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
ip_tables 23936 19
ipt_ROUTE,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_CONNMARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_REJECT,ipt_conntrack,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule ip_nat_ftp
++ local modulename=ip_nat_ftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_ftp
++ ''['' -z ''ip_nat_ftp 3456 0
iptable_nat 23900 5 ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_ftp 74000 1 ip_nat_ftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_nat_tftp
++ local modulename=ip_nat_tftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_tftp
++ ''['' -z ''ip_nat_tftp 2176 0
iptable_nat 23900 5 ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_tftp 4496 1 ip_nat_tftp
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_nat_irc
++ local modulename=ip_nat_irc
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_irc
++ ''['' -z ''ip_nat_irc 2816 0
iptable_nat 23900 5 ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_irc 72976 1 ip_nat_irc
ip_conntrack 44760 10
ipt_MASQUERADE,ipt_conntrack,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_set
++ local modulename=ip_set
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_set
++ ''['' -z ''ip_set_portmap 5248 0
ip_set_macipmap 5124 0
ip_set_ipmap 4864 0
ip_set_iphash 7428 0
ip_set 23068 8
ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash''
'']''
++ loadmodule ip_set_iphash
++ local modulename=ip_set_iphash
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_set_iphash
++ ''['' -z ''ip_set_iphash 7428 0
ip_set 23068 8
ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash''
'']''
++ loadmodule ip_set_ipmap
++ local modulename=ip_set_ipmap
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_set_ipmap
++ ''['' -z ''ip_set_ipmap 4864 0
ip_set 23068 8
ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash''
'']''
++ loadmodule ip_set_macipmap
++ local modulename=ip_set_macipmap
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_set_macipmap
++ ''['' -z ''ip_set_macipmap 5124 0
ip_set 23068 8
ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash''
'']''
++ loadmodule ip_set_portmap
++ local modulename=ip_set_portmap
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_set_portmap
++ ''['' -z ''ip_set_portmap 5248 0
ip_set 23068 8
ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash''
'']''
+ MODULESDIR+ ''['' -z ''''
'']''
++ which iptables
+ IPTABLES=/sbin/iptables
+ ''['' -z /sbin/iptables '']''
++ added_param_value_no PKTTYPE Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ PKTTYPE=Yes
+ determine_capabilities
+ qt /sbin/iptables -t nat -L -n
+ /sbin/iptables -t nat -L -n
+ NAT_ENABLED=Yes
+ qt /sbin/iptables -t mangle -L -n
+ /sbin/iptables -t mangle -L -n
+ MANGLE_ENABLED=Yes
+ CONNTRACK_MATCH+ MULTIPORT+ XMULTIPORT+ POLICY_MATCH+ PHYSDEV_MATCH+
IPRANGE_MATCH+ RECENT_MATCH+ OWNER_MATCH+ IPSET_MATCH+ ROUTE_TARGET+ XMARK+
CONNMARK+ CONNMARK_MATCH+ qt /sbin/iptables -N fooX1234
+ /sbin/iptables -N fooX1234
+ qt /sbin/iptables -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT
+ /sbin/iptables -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT
+ CONNTRACK_MATCH=Yes
+ qt /sbin/iptables -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT
+ /sbin/iptables -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT
+ MULTIPORT=Yes
+ qt /sbin/iptables -A fooX1234 -p tcp -m multiport --dports 21:22 -j ACCEPT
+ /sbin/iptables -A fooX1234 -p tcp -m multiport --dports 21:22 -j ACCEPT
+ qt /sbin/iptables -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT
+ /sbin/iptables -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT
+ qt /sbin/iptables -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT
+ /sbin/iptables -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT
+ PHYSDEV_MATCH=Yes
+ qt /sbin/iptables -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124
-j ACCEPT
+ /sbin/iptables -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j
ACCEPT
+ IPRANGE_MATCH=Yes
+ qt /sbin/iptables -A fooX1234 -m recent --update -j ACCEPT
+ /sbin/iptables -A fooX1234 -m recent --update -j ACCEPT
+ RECENT_MATCH=Yes
+ qt /sbin/iptables -A fooX1234 -m owner --cmd-owner foo -j ACCEPT
+ /sbin/iptables -A fooX1234 -m owner --cmd-owner foo -j ACCEPT
+ OWNER_MATCH=Yes
+ qt /sbin/iptables -A fooX1234 -m connmark --mark 2 -j ACCEPT
+ /sbin/iptables -A fooX1234 -m connmark --mark 2 -j ACCEPT
+ CONNMARK_MATCH=Yes
+ qt /sbin/iptables -t mangle -N fooX1234
+ /sbin/iptables -t mangle -N fooX1234
+ qt /sbin/iptables -t mangle -A fooX1234 -j ROUTE --oif eth0
+ /sbin/iptables -t mangle -A fooX1234 -j ROUTE --oif eth0
+ qt /sbin/iptables -t mangle -A fooX1234 -j MARK --or-mark 2
+ /sbin/iptables -t mangle -A fooX1234 -j MARK --or-mark 2
+ qt /sbin/iptables -t mangle -A fooX1234 -j CONNMARK --save-mark
+ /sbin/iptables -t mangle -A fooX1234 -j CONNMARK --save-mark
+ CONNMARK=Yes
+ qt /sbin/iptables -t mangle -F fooX1234
+ /sbin/iptables -t mangle -F fooX1234
+ qt /sbin/iptables -t mangle -X fooX1234
+ /sbin/iptables -t mangle -X fooX1234
+ qt ipset -X fooX1234
+ ipset -X fooX1234
+ qt ipset -N fooX1234 iphash
+ ipset -N fooX1234 iphash
+ ''['' -n Yes '']''
+ qt /sbin/iptables -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT
+ /sbin/iptables -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT
+ qt /sbin/iptables -F fooX1234
+ /sbin/iptables -F fooX1234
+ qt /sbin/iptables -X fooX1234
+ /sbin/iptables -X fooX1234
+ ''['' -z /var/lib/shorewall '']''
+ ''['' -d /var/lib/shorewall '']''
+ ''['' -z fw '']''
++ added_param_value_yes ALLOWRELATED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ ALLOWRELATED=Yes
+ ''['' -n Yes '']''
++ added_param_value_yes ADD_IP_ALIASES Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ ADD_IP_ALIASES=Yes
++ added_param_value_yes TC_ENABLED No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ TC_ENABLED+ ''['' -n ''''
'']''
+ ''['' -n On '']''
+ case "$IP_FORWARDING" in
+ ''['' -n '''' -a -z Yes '']''
+ ''['' -z DROP '']''
+ case "$CLAMPMSS" in
++ added_param_value_no CLAMPMSS No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ CLAMPMSS++ added_param_value_no ADD_SNAT_ALIASES No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ ADD_SNAT_ALIASES++ added_param_value_no ROUTE_FILTER No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ ROUTE_FILTER++ added_param_value_no LOG_MARTIANS No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ LOG_MARTIANS++ added_param_value_no DETECT_DNAT_IPADDRS No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ DETECT_DNAT_IPADDRS++ added_param_value_no FORWARDPING
++ local val++ ''['' -z ''''
'']''
++ echo ''''
+ FORWARDPING+ ''['' -n ''''
'']''
++ added_param_value_yes NEWNOTSYN Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ NEWNOTSYN=Yes
+ maclist_target=reject
+ ''['' -n REJECT '']''
+ case $MACLIST_DISPOSITION in
+ ''['' -n DROP '']''
+ case $TCP_FLAGS_DISPOSITION in
+ ''['' -z info '']''
+ ''['' -z info '']''
++ added_param_value_no MARK_IN_FORWARD_CHAIN No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ MARK_IN_FORWARD_CHAIN+ ''['' -n ''''
'']''
+ MARKING_CHAIN=tcpre
+ ''['' -n '''' '']''
+ CLEAR_TC+ ''['' -n Shorewall:%s:%s: '']''
++ echo Shorewall:%s:%s:
++ grep %d
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: fooxx barxx
+ temp=Shorewall:fooxx:barxx:
+ ''['' 0 -ne 0 '']''
+ ''['' 22 -le 29 '']''
++ added_param_value_no ADMINISABSENTMINDED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ ADMINISABSENTMINDED=Yes
++ added_param_value_no BLACKLISTNEWONLY Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ BLACKLISTNEWONLY=Yes
++ added_param_value_no DISABLE_IPV6 Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ DISABLE_IPV6=Yes
++ added_param_value_no BRIDGING No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ BRIDGING++ added_param_value_no DYNAMIC_ZONES No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ DYNAMIC_ZONES++ added_param_value_yes STARTUP_ENABLED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ case $val in
++ echo Yes
+ STARTUP_ENABLED=Yes
++ added_param_value_no RETAIN_ALIASES No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ RETAIN_ALIASES++ added_param_value_no DELAYBLACKLISTLOAD No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ DELAYBLACKLISTLOAD++ added_param_value_no LOGTAGONLY No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ LOGTAGONLY++ added_param_value_yes DROPINVALID No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ DROPINVALID++ added_param_value_no RFC1918_STRICT No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ RFC1918_STRICT++ added_param_value_no SAVE_IPSETS No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ SAVE_IPSETS++ added_param_value_no CROSSBEAM No
++ local val=No
++ ''['' -z No '']''
++ case $val in
++ echo ''''
+ CROSSBEAM+ ''['' -z eth0 '']''
+ strip_file interfaces
+ local fname
+ ''['' 1 = 1 '']''
++ find_file interfaces
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /interfaces
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/interfaces '']''
++ echo /etc/shorewall/interfaces
++ IFS=''
''
++ return
+ fname=/etc/shorewall/interfaces
+ ''['' -f /etc/shorewall/interfaces '']''
+ read_file /etc/shorewall/interfaces 0
+ local first rest
+ ''['' -f /etc/shorewall/interfaces '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Interfaces File''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/interfaces''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You must add an entry in this file for each network interface
on your''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall system.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ZONE = xINCLUDE '']''
+ echo ''#ZONE INTERFACE BROADCAST OPTIONS GATEWAY''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xloc = xINCLUDE '']''
+ echo ''loc eth1 detect dhcp''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net eth0 detect norfc1918,nobogons''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net eth2 detect norfc1918,nobogons''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ZONE Zone for this interface. Must match the short
name''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of a zone defined in /etc/shorewall/zones.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the interface serves multiple zones that will be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# defined in the /etc/shorewall/hosts file, you
should''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# place "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE Name of interface. Each interface may be listed
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# once in this file. You may NOT specify the name of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an alias (e.g., eth0:0) here; see''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.shorewall.net/FAQ.htm#faq18''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You may specify wildcards here. For example, if you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# want to make an entry that applies to all PPP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interfaces, use
''\''''ppp+''\''''.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# There is no need to define the loopback interface
(lo)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in this file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# BROADCAST The broadcast address for the subnetwork to which
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface belongs. For P-T-P interfaces, this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column is left blank.If the interface has multiple''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses on multiple subnets then list the
broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses as a comma-separated list.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you use the special value "detect", the
firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# will detect the broadcast address for you. If you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# select this option, the interface must be up before''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the firewall is started, you must have iproute''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# installed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to give a
value for this column but''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you want to enter a value in the OPTIONS column,
enter''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OPTIONS A comma-separated list of options including
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# following:''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dhcp - Specify this option when any of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the following are true:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. the interface gets its IP address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# via DHCP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. the interface is used by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a DHCP server running on the firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 3. you have a static IP but are on a LAN''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# segment with lots of Laptop DHCP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# clients.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 4. the interface is a bridge with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a DHCP server on one port and DHCP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# clients on another port.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# norfc1918 - This interface should not receive''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any packets whose source is in one''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of the ranges reserved by RFC 1918''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (i.e., private or "non-routable"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses. If packet mangling or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connection-tracking match is enabled in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# your kernel, packets whose destination''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses are reserved by RFC 1918 are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# also rejected.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# nobogons - This interface should not receive''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any packets whose source is in one''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of the ranges reserved by IANA (this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option does not cover those ranges''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# reserved by RFC 1918 -- see above).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# I PERSONALLY RECOMMEND AGAINST USING''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THE
''\''''nobogons''\''''
OPTION.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routefilter - turn on kernel route filtering for
this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface (anti-spoofing measure). This''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option can also be enabled globally in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the /etc/shorewall/shorewall.conf file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logmartians - turn on kernel martian logging
(logging''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of packets with impossible source''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses. It is suggested that if you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# set routefilter on an interface that''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you also set logmartians. This option''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# may also be enabled globally in the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/shorewall.conf file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# blacklist - Check packets arriving on this
interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# against the /etc/shorewall/blacklist''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# maclist - Connection requests from this
interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are compared against the contents of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/maclist. If this option''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is specified, the interface must be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an ethernet NIC and must be up before''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall is started.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# tcpflags - Packets arriving on this interface
are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# checked for certain illegal combinations''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of TCP flags. Packets found to have''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# such a combination of flags are handled''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# according to the setting of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP_FLAGS_DISPOSITION after having been''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logged according to the setting of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP_FLAGS_LOG_LEVEL.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# proxyarp -''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Sets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''#
/proc/sys/net/ipv4/conf/<interface>/proxy_arp.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Do NOT use this option if you are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# employing Proxy ARP through entries in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/proxyarp. This option is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# intended soley for use with Proxy ARP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# sub-networking as described at:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# newnotsyn - TCP packets that
don''\''''t have the SYN''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# flag set and which are not part of an''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# established connection will be accepted''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# from this interface, even if''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NEWNOTSYN=No has been specified in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/shorewall.conf. In other''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# words, packets coming in on this interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are processed as if NEWNOTSYN=Yes had been''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# specified in /etc/shorewall/shorewall.conf.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This option has no effect if''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NEWNOTSYN=Yes.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# It is the opinion of the author that''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NEWNOTSYN=No creates more problems than''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# it solves and I recommend against using''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that setting in shorewall.conf (hence''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# making the use of the
''\''''newnotsyn''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface option unnecessary).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routeback - If specified, indicates that
Shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# should include rules that allow filtering''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# traffic arriving on this interface back''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# out that same interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# arp_filter - If specified, this interface will
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# respond to ARP who-has requests for IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses configured on the interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If not specified, the interface can''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# respond to ARP who-has requests for''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# IP addresses on any of the
firewall''\''''s''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface. The interface must be up''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# when Shorewall is started.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# nosmurfs - Filter packets for smurfs''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (packets with a broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address as the source).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Smurfs will be optionally logged based''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# on the setting of SMURF_LOG_LEVEL in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# shorewall.conf. After logging, the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packets are dropped.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# detectnets - Automatically taylors the zone named''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in the ZONE column to include only those''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# hosts routed through the interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# upnp - Incoming requests from this interface
may''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# be remapped via UPNP (upnpd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# WARNING: DO NOT SET THE detectnets OPTION ON YOUR''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERNET INTERFACE.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The order in which you list the options is not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# significant but the list should have no embedded
white''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# space.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# GATEWAY This column is only meaningful if the
''\''''default''\''''
OPTION''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is given -- it is ignored otherwise. You may
specify''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the default gateway IP address for this interface
here''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and Shorewall will use that IP address rather than
any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that it finds in the main routing table.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 1: Suppose you have eth0 connected to a DSL modem
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth1 connected to your local network and that your''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# local subnet is 192.168.1.0/24. The interface gets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# it''\''''s IP address via DHCP from
subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 206.191.149.192/27. You have a DMZ with subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 192.168.2.0/24 using eth2.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Your entries for this setup would look like:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net eth0 206.191.149.223 dhcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# local eth1 192.168.1.255''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dmz eth2 192.168.2.255''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 2: The same configuration without specifying
broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses is:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net eth0 detect dhcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# loc eth1 detect''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dmz eth2 detect''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 3: You have a simple dial-in system with no
ethernet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connections.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net ppp0 -''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For additional information, see
http://shorewall.net/Documentation.htm#Interfaces''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ strip_file hosts
+ local fname
+ ''['' 1 = 1 '']''
++ find_file hosts
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /hosts
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/hosts '']''
++ echo /etc/shorewall/hosts
++ IFS=''
''
++ return
+ fname=/etc/shorewall/hosts
+ ''['' -f /etc/shorewall/hosts '']''
+ read_file /etc/shorewall/hosts 0
+ local first rest
+ ''['' -f /etc/shorewall/hosts '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ cut -d# -f1
+ ''['' -n /bin/sh '']''
++ decodeaddr 192.168.1.1
++ local x
++ local temp=0
++ local ''ifs=
''
++ IFS=.
++ for x in ''$1''
++ temp=192
++ for x in ''$1''
++ temp=49320
++ for x in ''$1''
++ temp=12625921
++ for x in ''$1''
++ temp=3232235777
++ echo 3232235777
++ IFS=''
''
+ temp=3232235777
++ encodeaddr 3232235777
++ addr=3232235777
++ local x
++ local y=1
++ for x in 1 2 3
++ addr=12625921
++ y=1.1
++ for x in 1 2 3
++ addr=49320
++ y=168.1.1
++ for x in 1 2 3
++ addr=192
++ y=192.168.1.1
++ echo 192.168.1.1
+ ''['' 192.168.1.1 ''!='' 192.168.1.1
'']''
+ rm -f /tmp/shorewall.nm8830/physdev
+ rm -f /tmp/shorewall.nm8830/iprange
+ my_mutex_on
+ ''['' -n '''' '']''
+ mutex_on
+ local try=0
+ local lockf=/var/lib/shorewall/lock
+ MUTEX_TIMEOUT=60
+ ''['' 60 -gt 0 '']''
+ ''['' -d /var/lib/shorewall '']''
+ qt which lockfile
+ which lockfile
+ lockfile -60 -r1 /var/lib/shorewall/lock
+ have_mutex=Yes
+ qt /sbin/iptables -L shorewall -n
+ /sbin/iptables -L shorewall -n
+ define_firewall Restart
+ check_disabled_startup
+ ''['' -z Yes '']''
+ echo ''Restarting Shorewall...''
Restarting Shorewall...
+ verify_os_version
++ uname -r
+ osversion=2.6.11
+ case $osversion in
++ lsmod
++ grep ''^ipchains''
+ ''['' restart = start -a -n ''''
'']''
+ verify_ip
+ qt ip link ls
+ ip link ls
+ ''['' -d /var/lib/shorewall '']''
++ mktempfile /var/lib/shorewall
++ ''['' -z '''' '']''
++ find_mktemp
+++ which mktemp
++ local mktemp=/bin/mktemp
++ ''['' -n /bin/mktemp '']''
++ qt mktemp -V
++ mktemp -V
++ MKTEMP=STD
++ ''['' 1 -gt 0 '']''
++ case "$MKTEMP" in
++ mktemp -p /var/lib/shorewall shorewall.XXXXXX
+ RESTOREBASE=/var/lib/shorewall/shorewall.oY8975
+ ''['' -n /var/lib/shorewall/shorewall.oY8975
'']''
+ echo ''#bin/sh''
+ save_command ''#''
+ echo ''#''
++ date
+ save_command ''# Restore base file generated by Shorewall 2.4.0-RC2 -
Tue May 31 16:24:50 BRT 2005''
+ echo ''# Restore base file generated by Shorewall 2.4.0-RC2 - Tue May
31 16:24:50 BRT 2005''
+ save_command ''#''
+ echo ''#''
+ save_command ''. /usr/share/shorewall/functions''
+ echo ''. /usr/share/shorewall/functions''
++ find_file params
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /params
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/params '']''
++ echo /etc/shorewall/params
++ IFS=''
''
++ return
+ f=/etc/shorewall/params
+ ''['' -f /etc/shorewall/params '']''
+ save_command ''. /etc/shorewall/params''
+ echo ''. /etc/shorewall/params''
+ save_command ''#''
+ echo ''#''
+ save_command ''MODULESDIR=""''
+ echo ''MODULESDIR=""''
+ save_command ''MODULE_SUFFIX="o gz ko o.gz ko.gz"''
+ echo ''MODULE_SUFFIX="o gz ko o.gz ko.gz"''
+ save_load_kernel_modules
++ find_file modules
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /modules
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/modules '']''
++ echo /etc/shorewall/modules
++ IFS=''
''
++ return
+ modules=/etc/shorewall/modules
+ save_progress_message ''Loading kernel modules...''
+ echo
+ echo ''progress_message "Loading kernel
modules..."''
+ echo
+ save_command ''reload_kernel_modules <<__EOF__''
+ echo ''reload_kernel_modules <<__EOF__''
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ read command
+ case "$command" in
+ save_command loadmodule ip_tables
+ echo loadmodule ip_tables
+ read command
+ case "$command" in
+ save_command loadmodule iptable_filter
+ echo loadmodule iptable_filter
+ read command
+ case "$command" in
+ save_command loadmodule ip_conntrack
+ echo loadmodule ip_conntrack
+ read command
+ case "$command" in
+ save_command loadmodule ip_conntrack_ftp
+ echo loadmodule ip_conntrack_ftp
+ read command
+ case "$command" in
+ save_command loadmodule ip_conntrack_tftp
+ echo loadmodule ip_conntrack_tftp
+ read command
+ case "$command" in
+ save_command loadmodule ip_conntrack_irc
+ echo loadmodule ip_conntrack_irc
+ read command
+ case "$command" in
+ save_command loadmodule iptable_nat
+ echo loadmodule iptable_nat
+ read command
+ case "$command" in
+ save_command loadmodule ip_nat_ftp
+ echo loadmodule ip_nat_ftp
+ read command
+ case "$command" in
+ save_command loadmodule ip_nat_tftp
+ echo loadmodule ip_nat_tftp
+ read command
+ case "$command" in
+ save_command loadmodule ip_nat_irc
+ echo loadmodule ip_nat_irc
+ read command
+ case "$command" in
+ save_command loadmodule ip_set
+ echo loadmodule ip_set
+ read command
+ case "$command" in
+ save_command loadmodule ip_set_iphash
+ echo loadmodule ip_set_iphash
+ read command
+ case "$command" in
+ save_command loadmodule ip_set_ipmap
+ echo loadmodule ip_set_ipmap
+ read command
+ case "$command" in
+ save_command loadmodule ip_set_macipmap
+ echo loadmodule ip_set_macipmap
+ read command
+ case "$command" in
+ save_command loadmodule ip_set_portmap
+ echo loadmodule ip_set_portmap
+ read command
+ case "$command" in
+ read command
+ save_command __EOF__
+ echo __EOF__
+ save_command ''''
+ echo ''''
+ echo Initializing...
Initializing...
+ initialize_netfilter
+ report_capabilities
+ echo ''Shorewall has detected the following iptables/netfilter
capabilities:''
Shorewall has detected the following iptables/netfilter capabilities:
+ report_capability NAT Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' NAT: Available
NAT: Available
+ report_capability ''Packet Mangling'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Packet Mangling: Available
Packet Mangling: Available
+ report_capability ''Multi-port Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Multi-port Match: Available
Multi-port Match: Available
+ ''['' -n Yes '']''
+ report_capability ''Extended Multi-port Match''
+ local setting+ ''['' x = xYes '']''
+ setting=''Not available''
+ echo '' '' Extended Multi-port Match: Not available
Extended Multi-port Match: Not available
+ report_capability ''Connection Tracking Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Connection Tracking Match: Available
Connection Tracking Match: Available
+ report_capability ''Packet Type Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Packet Type Match: Available
Packet Type Match: Available
+ report_capability ''Policy Match''
+ local setting+ ''['' x = xYes '']''
+ setting=''Not available''
+ echo '' '' Policy Match: Not available
Policy Match: Not available
+ report_capability ''Physdev Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Physdev Match: Available
Physdev Match: Available
+ report_capability ''IP range Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' IP range Match: Available
IP range Match: Available
+ report_capability ''Recent Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Recent Match: Available
Recent Match: Available
+ report_capability ''Owner Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Owner Match: Available
Owner Match: Available
+ report_capability ''Ipset Match''
+ local setting+ ''['' x = xYes '']''
+ setting=''Not available''
+ echo '' '' Ipset Match: Not available
Ipset Match: Not available
+ report_capability ''ROUTE Target''
+ local setting+ ''['' x = xYes '']''
+ setting=''Not available''
+ echo '' '' ROUTE Target: Not available
ROUTE Target: Not available
+ report_capability ''Extended MARK Target''
+ local setting+ ''['' x = xYes '']''
+ setting=''Not available''
+ echo '' '' Extended MARK Target: Not available
Extended MARK Target: Not available
+ report_capability ''CONNMARK Target'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' CONNMARK Target: Available
CONNMARK Target: Available
+ report_capability ''Connmark Match'' Yes
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ echo '' '' Connmark Match: Available
Connmark Match: Available
+ ''['' -n '''' '']''
+ ''['' '''' = 0 '']''
+ ''['' -n '''' -a -z Yes '']''
+ ''['' -n '''' -a -z Yes '']''
+ echo ''Determining Zones...''
Determining Zones...
+ determine_zones
++ find_file zones
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /zones
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/zones '']''
++ echo /etc/shorewall/zones
++ IFS=''
''
++ return
+ local zonefile=/etc/shorewall/zones
+ multi_display=Multi-zone
+ strip_file zones /etc/shorewall/zones
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/zones
+ ''['' -f /etc/shorewall/zones '']''
+ read_file /etc/shorewall/zones 0
+ local first rest
+ ''['' -f /etc/shorewall/zones '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /etc/shorewall/zones''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file determines your network zones. Columns
are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ZONE Short name of the zone (5 Characters or less in
length).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The names "all" and "none" are reserved
and may not be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# used as zone names.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DISPLAY Display name of the zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# COMMENTS Comments about the zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU
HAVE NESTED OR''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OVERLAPPING ZONES DEFINED THROUGH
/etc/shorewall/hosts.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See
http://www.shorewall.net/Documentation.htm#Nested''
+ read first rest
+ ''[''
x#--------------------------------------------------------------------------------
= xINCLUDE '']''
+ echo
''#--------------------------------------------------------------------------------
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example zones:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# You have a three interface firewall with internet, local and
DMZ interfaces.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ZONE DISPLAY COMMENTS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net Internet The big bad Internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# loc Local Local Network''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dmz DMZ Demilitarized zone.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ZONE = xINCLUDE '']''
+ echo ''#ZONE DISPLAY COMMENTS''
+ read first rest
+ ''['' xloc = xINCLUDE '']''
+ echo ''loc local Local zone''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net internet Internet zone''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT
REMOVE''
+ read first rest
++ find_zones /tmp/shorewall.nm8830/zones
++ read zone display comments
++ ''['' -n loc '']''
++ case "$zone" in
++ echo loc
++ read zone display comments
++ ''['' -n net '']''
++ case "$zone" in
++ echo net
++ read zone display comments
+ zones=''loc
net''
+ newzones+ for zone in ''$zones''
++ find_display loc /tmp/shorewall.nm8830/zones
++ grep ''^loc'' /tmp/shorewall.nm8830/zones
++ read z display comments
++ ''['' xloc = xloc '']''
++ echo local
++ read z display comments
+ dsply=local
+ ''['' 3 -gt 5 '']''
+ eval ''loc_display=$dsply''
++ loc_display=local
+ newzones='' loc''
+ for zone in ''$zones''
++ find_display net /tmp/shorewall.nm8830/zones
++ grep ''^net'' /tmp/shorewall.nm8830/zones
++ read z display comments
++ ''['' xnet = xnet '']''
++ echo internet
++ read z display comments
+ dsply=internet
+ ''['' 3 -gt 5 '']''
+ eval ''net_display=$dsply''
++ net_display=internet
+ newzones='' loc net''
+ zones=''loc net''
+ check_duplicate_zones
+ local localzones+ for zone in ''$zones''
+ list_search loc
+ local e=loc
+ ''['' 1 -gt 1 '']''
+ return 1
+ localzones='' loc''
+ for zone in ''$zones''
+ list_search net loc
+ local e=net
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ localzones='' loc net''
+ ''['' -z ''loc net'' '']''
+ display_list Zones: loc net
+ ''['' 3 -gt 1 '']''
+ echo '' Zones: loc net''
Zones: loc net
+ echo ''Validating interfaces file...''
Validating interfaces file...
+ validate_interfaces_file
+ local wildcard
+ local found_obsolete_option+ local z interface networks options r iface option
+ read z interface networks options gateway
+ expandv z interface networks options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=loc
+ eval ''z="loc"''
++ z=loc
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth1
+ eval ''interface="eth1"''
++ interface=eth1
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$networks''
++ varval=detect
+ eval ''networks="detect"''
++ networks=detect
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=dhcp
+ eval ''options="dhcp"''
++ options=dhcp
+ shift
+ ''['' 0 -gt 0 '']''
+ r=''loc eth1 detect dhcp''
+ ''['' xloc = x- '']''
+ ''['' -n loc '']''
+ validate_zone loc
+ list_search loc loc net fw
+ local e=loc
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xloc = xloc '']''
+ return 0
+ list_search eth1
+ local e=eth1
+ ''['' 1 -gt 1 '']''
+ return 1
+ wildcard+ case $interface in
+ ALL_INTERFACES='' eth1''
++ separate_list dhcp
++ local list=dhcp
++ local part
++ local newlist
++ local firstpart
++ local lastpart
++ local enclosure
++ case "$list" in
++ list=dhcp
++ part=dhcp
++ newlist=dhcp
++ ''['' xdhcp ''!='' xdhcp
'']''
++ echo dhcp
+ options=dhcp
++ chain_base eth1
++ local c=eth1
++ true
++ case $c in
++ echo eth1
++ return
+ iface=eth1
+ eval eth1_broadcast=detect
++ eth1_broadcast=detect
+ eval eth1_zone=loc
++ eth1_zone=loc
+ eval ''eth1_options="dhcp"''
++ eth1_options=dhcp
+ for option in ''$options''
+ case $option in
+ ''['' -n '''' '']''
+ read z interface networks options gateway
+ expandv z interface networks options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=net
+ eval ''z="net"''
++ z=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth0
+ eval ''interface="eth0"''
++ interface=eth0
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$networks''
++ varval=detect
+ eval ''networks="detect"''
++ networks=detect
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=norfc1918,nobogons
+ eval ''options="norfc1918,nobogons"''
++ options=norfc1918,nobogons
+ shift
+ ''['' 0 -gt 0 '']''
+ r=''net eth0 detect norfc1918,nobogons''
+ ''['' xnet = x- '']''
+ ''['' -n net '']''
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ list_search eth0 eth1
+ local e=eth0
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth0 = xeth1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ wildcard+ case $interface in
+ ALL_INTERFACES='' eth1 eth0''
++ separate_list norfc1918,nobogons
++ local list=norfc1918,nobogons
++ local part
++ local newlist
++ local firstpart
++ local lastpart
++ local enclosure
++ case "$list" in
++ list=norfc1918,nobogons
++ part=norfc1918
++ newlist=norfc1918
++ ''['' xnorfc1918 ''!='' xnorfc1918,nobogons
'']''
++ list=nobogons
++ part=nobogons
++ newlist=''norfc1918 nobogons''
++ ''['' xnobogons ''!='' xnobogons
'']''
++ echo ''norfc1918 nobogons''
+ options=''norfc1918 nobogons''
++ chain_base eth0
++ local c=eth0
++ true
++ case $c in
++ echo eth0
++ return
+ iface=eth0
+ eval eth0_broadcast=detect
++ eth0_broadcast=detect
+ eval eth0_zone=net
++ eth0_zone=net
+ eval ''eth0_options="norfc1918''
''nobogons"''
++ eth0_options=''norfc1918 nobogons''
+ for option in ''$options''
+ case $option in
+ for option in ''$options''
+ case $option in
+ ''['' -n '''' '']''
+ read z interface networks options gateway
+ expandv z interface networks options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=net
+ eval ''z="net"''
++ z=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth2
+ eval ''interface="eth2"''
++ interface=eth2
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$networks''
++ varval=detect
+ eval ''networks="detect"''
++ networks=detect
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=norfc1918,nobogons
+ eval ''options="norfc1918,nobogons"''
++ options=norfc1918,nobogons
+ shift
+ ''['' 0 -gt 0 '']''
+ r=''net eth2 detect norfc1918,nobogons''
+ ''['' xnet = x- '']''
+ ''['' -n net '']''
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ list_search eth2 eth1 eth0
+ local e=eth2
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xeth2 = xeth1 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth2 = xeth0 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ wildcard+ case $interface in
+ ALL_INTERFACES='' eth1 eth0 eth2''
++ separate_list norfc1918,nobogons
++ local list=norfc1918,nobogons
++ local part
++ local newlist
++ local firstpart
++ local lastpart
++ local enclosure
++ case "$list" in
++ list=norfc1918,nobogons
++ part=norfc1918
++ newlist=norfc1918
++ ''['' xnorfc1918 ''!='' xnorfc1918,nobogons
'']''
++ list=nobogons
++ part=nobogons
++ newlist=''norfc1918 nobogons''
++ ''['' xnobogons ''!='' xnobogons
'']''
++ echo ''norfc1918 nobogons''
+ options=''norfc1918 nobogons''
++ chain_base eth2
++ local c=eth2
++ true
++ case $c in
++ echo eth2
++ return
+ iface=eth2
+ eval eth2_broadcast=detect
++ eth2_broadcast=detect
+ eval eth2_zone=net
++ eth2_zone=net
+ eval ''eth2_options="norfc1918''
''nobogons"''
++ eth2_options=''norfc1918 nobogons''
+ for option in ''$options''
+ case $option in
+ for option in ''$options''
+ case $option in
+ ''['' -n '''' '']''
+ read z interface networks options gateway
+ ''['' -z '' eth1 eth0 eth2''
'']''
+ echo ''Validating hosts file...''
Validating hosts file...
+ validate_hosts_file
+ local z hosts options r interface host option port ports
+ read z hosts options
+ ''['' -n '''' '']''
+ echo ''Validating Policy file...''
Validating Policy file...
+ validate_policy
+ local clientwild
+ local serverwild
+ local zone
+ local zone1
+ local pc
+ local chain
+ local policy
+ local loglevel
+ local synparams
+ all_policy_chains+ strip_file policy
+ local fname
+ ''['' 1 = 1 '']''
++ find_file policy
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /policy
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/policy '']''
++ echo /etc/shorewall/policy
++ IFS=''
''
++ return
+ fname=/etc/shorewall/policy
+ ''['' -f /etc/shorewall/policy '']''
+ read_file /etc/shorewall/policy 0
+ local first rest
+ ''['' -f /etc/shorewall/policy '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Policy File''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/policy''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THE ORDER OF ENTRIES IN THIS FILE IS IMPORTANT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file determines what to do with a new connection request
if we''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# don''\''''t get a match from the
/etc/shorewall/rules file . For each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# source/destination pair, the file is processed in order until
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match is found ("all" will match any client or
server).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#SOURCE = xINCLUDE '']''
+ echo ''#SOURCE DEST POLICY LOG LIMIT:BURST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LEVEL''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net net DROP''
+ read first rest
+ ''['' xloc = xINCLUDE '']''
+ echo ''loc net ACCEPT''
+ read first rest
+ ''['' xloc = xINCLUDE '']''
+ echo ''loc fw ACCEPT''
+ read first rest
+ ''['' xfw = xINCLUDE '']''
+ echo ''fw loc ACCEPT''
+ read first rest
+ ''['' xfw = xINCLUDE '']''
+ echo ''fw net ACCEPT''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net fw DROP''
+ read first rest
+ ''['' xall = xINCLUDE '']''
+ echo ''all all REJECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE Source zone. Must be the name of a zone
defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in /etc/shorewall/zones, $FW or "all".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST Destination zone. Must be the name of a zone
defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in /etc/shorewall/zones, $FW or "all"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# POLICY Policy if no match from the rules file is found.
Must''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# be "ACCEPT", "DROP", "REJECT",
"CONTINUE" or "NONE".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT - Accept the connection''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DROP - Ignore the connection request''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REJECT - For TCP, send RST. For all other, send''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "port unreachable" ICMP.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# QUEUE - Send the request to a user-space''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# application using the QUEUE target.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CONTINUE - Pass the connection request past''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any other rules that it might also''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match (where the source or destination''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# zone in those rules is a superset of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the SOURCE or DEST in this policy).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NONE - Assume that there will never be any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packets from this SOURCE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to this DEST. Shorewall will not set up''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any infrastructure to handle such''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packets and you may not have any rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# with this SOURCE and DEST in the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/rules file. If such a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packet _is_ received, the result is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# undefined. NONE may not be used if the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE or DEST columns contain the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall zone ($FW) or "all".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If this column contains ACCEPT, DROP or REJECT and
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# corresponding common action is defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/actions (or
/usr/share/shorewall/actions.std)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# then that action will be invoked before the policy named
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this column is inforced.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOG LEVEL If supplied, each connection handled under the
default''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# POLICY is logged at that level. If not supplied, no''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log message is generated. See syslog.conf(5) for a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# description of log levels.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Beginning with Shorewall version 1.3.12, you may''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# also specify ULOG (must be in upper case). This
will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log to the ULOG target and sent to a separate log''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# through use of ulogd''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (http://www.gnumonks.org/projects/ulogd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to log but
need to specify the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# following column, place "-" here.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LIMIT:BURST If passed, specifies the maximum TCP connection
rate''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and the size of an acceptable burst. If not
specified,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP connections are not limited.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a) All connections from the local network to the internet are
allowed''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# b) All connections from the internet are ignored but logged
at syslog''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# level KERNEL.INFO.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# d) All other connection requests are rejected and logged at
level''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# KERNEL.INFO.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #SOURCE DEST POLICY LOG''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # LEVEL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# loc net ACCEPT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net all DROP info''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # THE FOLLOWING POLICY MUST BE LAST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# all all REJECT info''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/Documentation.htm#Policy for
additional information.''
+ read first rest
+ ''[''
x###############################################################################
= xINCLUDE '']''
+ echo
''###############################################################################
''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- DO NOT REMOVE''
+ read first rest
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=net
+ eval ''client="net"''
++ client=net
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=net
+ eval ''server="net"''
++ server=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=DROP
+ eval ''policy="DROP"''
++ policy=DROP
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ case "$server" in
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ case $policy in
+ chain=net2net
+ is_policy_chain net2net
+ eval test ''"$net2net_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' DROP = NONE '']''
+ all_policy_chains='' net2net''
+ eval net2net_is_policy=Yes
++ net2net_is_policy=Yes
+ eval net2net_policy=DROP
++ net2net_policy=DROP
+ eval net2net_loglevel++ net2net_loglevel+ eval net2net_synparams++
net2net_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval net2net_policychain=net2net
++ net2net_policychain=net2net
+ print_policy net net
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=loc
+ eval ''client="loc"''
++ client=loc
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=net
+ eval ''server="net"''
++ server=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone loc
+ list_search loc loc net fw
+ local e=loc
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xloc = xloc '']''
+ return 0
+ case "$server" in
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ case $policy in
+ chain=loc2net
+ is_policy_chain loc2net
+ eval test ''"$loc2net_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains='' net2net loc2net''
+ eval loc2net_is_policy=Yes
++ loc2net_is_policy=Yes
+ eval loc2net_policy=ACCEPT
++ loc2net_policy=ACCEPT
+ eval loc2net_loglevel++ loc2net_loglevel+ eval loc2net_synparams++
loc2net_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval loc2net_policychain=loc2net
++ loc2net_policychain=loc2net
+ print_policy loc net
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=loc
+ eval ''client="loc"''
++ client=loc
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=fw
+ eval ''server="fw"''
++ server=fw
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone loc
+ list_search loc loc net fw
+ local e=loc
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xloc = xloc '']''
+ return 0
+ case "$server" in
+ validate_zone fw
+ list_search fw loc net fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ case $policy in
+ chain=loc2fw
+ is_policy_chain loc2fw
+ eval test ''"$loc2fw_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains='' net2net loc2net loc2fw''
+ eval loc2fw_is_policy=Yes
++ loc2fw_is_policy=Yes
+ eval loc2fw_policy=ACCEPT
++ loc2fw_policy=ACCEPT
+ eval loc2fw_loglevel++ loc2fw_loglevel+ eval loc2fw_synparams++
loc2fw_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval loc2fw_policychain=loc2fw
++ loc2fw_policychain=loc2fw
+ print_policy loc fw
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=fw
+ eval ''client="fw"''
++ client=fw
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=loc
+ eval ''server="loc"''
++ server=loc
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone fw
+ list_search fw loc net fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ case "$server" in
+ validate_zone loc
+ list_search loc loc net fw
+ local e=loc
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xloc = xloc '']''
+ return 0
+ case $policy in
+ chain=fw2loc
+ is_policy_chain fw2loc
+ eval test ''"$fw2loc_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains='' net2net loc2net loc2fw fw2loc''
+ eval fw2loc_is_policy=Yes
++ fw2loc_is_policy=Yes
+ eval fw2loc_policy=ACCEPT
++ fw2loc_policy=ACCEPT
+ eval fw2loc_loglevel++ fw2loc_loglevel+ eval fw2loc_synparams++
fw2loc_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval fw2loc_policychain=fw2loc
++ fw2loc_policychain=fw2loc
+ print_policy fw loc
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=fw
+ eval ''client="fw"''
++ client=fw
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=net
+ eval ''server="net"''
++ server=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone fw
+ list_search fw loc net fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ case "$server" in
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ case $policy in
+ chain=fw2net
+ is_policy_chain fw2net
+ eval test ''"$fw2net_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains='' net2net loc2net loc2fw fw2loc fw2net''
+ eval fw2net_is_policy=Yes
++ fw2net_is_policy=Yes
+ eval fw2net_policy=ACCEPT
++ fw2net_policy=ACCEPT
+ eval fw2net_loglevel++ fw2net_loglevel+ eval fw2net_synparams++
fw2net_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval fw2net_policychain=fw2net
++ fw2net_policychain=fw2net
+ print_policy fw net
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=net
+ eval ''client="net"''
++ client=net
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=fw
+ eval ''server="fw"''
++ server=fw
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=DROP
+ eval ''policy="DROP"''
++ policy=DROP
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ validate_zone net
+ list_search net loc net fw
+ local e=net
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xnet = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ case "$server" in
+ validate_zone fw
+ list_search fw loc net fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xloc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ case $policy in
+ chain=net2fw
+ is_policy_chain net2fw
+ eval test ''"$net2fw_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' DROP = NONE '']''
+ all_policy_chains='' net2net loc2net loc2fw fw2loc fw2net
net2fw''
+ eval net2fw_is_policy=Yes
++ net2fw_is_policy=Yes
+ eval net2fw_policy=DROP
++ net2fw_policy=DROP
+ eval net2fw_loglevel++ net2fw_loglevel+ eval net2fw_synparams++
net2fw_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval net2fw_policychain=net2fw
++ net2fw_policychain=net2fw
+ print_policy net fw
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=all
+ eval ''client="all"''
++ client=all
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=all
+ eval ''server="all"''
++ server=all
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=REJECT
+ eval ''policy="REJECT"''
++ policy=REJECT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ case "$client" in
+ clientwild=Yes
+ case "$server" in
+ serverwild=Yes
+ case $policy in
+ chain=all2all
+ is_policy_chain all2all
+ eval test ''"$all2all_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' REJECT = NONE '']''
+ all_policy_chains='' net2net loc2net loc2fw fw2loc fw2net net2fw
all2all''
+ eval all2all_is_policy=Yes
++ all2all_is_policy=Yes
+ eval all2all_policy=REJECT
++ all2all_policy=REJECT
+ eval all2all_loglevel++ all2all_loglevel+ eval all2all_synparams++
all2all_synparams+ ''['' -n Yes '']''
+ ''['' -n Yes '']''
+ for zone in ''$zones'' ''$FW'' all
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$loc2loc_policychain''
++ pc+ ''['' -z '''' '']''
+ eval loc2loc_policychain=all2all
++ loc2loc_policychain=all2all
+ eval loc2loc_policy=REJECT
++ loc2loc_policy=REJECT
+ print_policy loc loc
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$loc2net_policychain''
++ pc=loc2net
+ ''['' -z loc2net '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$loc2fw_policychain''
++ pc=loc2fw
+ ''['' -z loc2fw '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$loc2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval loc2all_policychain=all2all
++ loc2all_policychain=all2all
+ eval loc2all_policy=REJECT
++ loc2all_policy=REJECT
+ print_policy loc all
+ ''['' restart ''!='' check
'']''
+ for zone in ''$zones'' ''$FW'' all
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$net2loc_policychain''
++ pc+ ''['' -z '''' '']''
+ eval net2loc_policychain=all2all
++ net2loc_policychain=all2all
+ eval net2loc_policy=REJECT
++ net2loc_policy=REJECT
+ print_policy net loc
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$net2net_policychain''
++ pc=net2net
+ ''['' -z net2net '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$net2fw_policychain''
++ pc=net2fw
+ ''['' -z net2fw '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$net2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval net2all_policychain=all2all
++ net2all_policychain=all2all
+ eval net2all_policy=REJECT
++ net2all_policy=REJECT
+ print_policy net all
+ ''['' restart ''!='' check
'']''
+ for zone in ''$zones'' ''$FW'' all
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$fw2loc_policychain''
++ pc=fw2loc
+ ''['' -z fw2loc '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$fw2net_policychain''
++ pc=fw2net
+ ''['' -z fw2net '']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$fw2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2fw_policychain=all2all
++ fw2fw_policychain=all2all
+ eval fw2fw_policy=REJECT
++ fw2fw_policy=REJECT
+ print_policy fw fw
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$fw2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2all_policychain=all2all
++ fw2all_policychain=all2all
+ eval fw2all_policy=REJECT
++ fw2all_policy=REJECT
+ print_policy fw all
+ ''['' restart ''!='' check
'']''
+ for zone in ''$zones'' ''$FW'' all
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$all2loc_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2loc_policychain=all2all
++ all2loc_policychain=all2all
+ eval all2loc_policy=REJECT
++ all2loc_policy=REJECT
+ print_policy all loc
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$all2net_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2net_policychain=all2all
++ all2net_policychain=all2all
+ eval all2net_policy=REJECT
++ all2net_policy=REJECT
+ print_policy all net
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$all2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2fw_policychain=all2all
++ all2fw_policychain=all2all
+ eval all2fw_policy=REJECT
++ all2fw_policy=REJECT
+ print_policy all fw
+ ''['' restart ''!='' check
'']''
+ for zone1 in ''$zones'' ''$FW'' all
+ eval ''pc=$all2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2all_policychain=all2all
++ all2all_policychain=all2all
+ eval all2all_policy=REJECT
++ all2all_policy=REJECT
+ print_policy all all
+ ''['' restart ''!='' check
'']''
+ read client server policy loglevel synparams
+ echo ''Determining Hosts in Zones...''
Determining Hosts in Zones...
+ determine_interfaces
+ for zone in ''$zones''
++ find_interfaces loc
++ local zne=loc
++ local z
++ local interface
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ eval ''z=$eth1_zone''
+++ z=loc
++ ''['' xloc = xloc '']''
++ echo eth1
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ eval ''z=$eth0_zone''
+++ z=net
++ ''['' xnet = xloc '']''
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ eval ''z=$eth2_zone''
+++ z=net
++ ''['' xnet = xloc '']''
+ interfaces=eth1
++ echo eth1
+ interfaces=eth1
+ eval ''loc_interfaces="$interfaces"''
++ loc_interfaces=eth1
+ for zone in ''$zones''
++ find_interfaces net
++ local zne=net
++ local z
++ local interface
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ eval ''z=$eth1_zone''
+++ z=loc
++ ''['' xloc = xnet '']''
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ eval ''z=$eth0_zone''
+++ z=net
++ ''['' xnet = xnet '']''
++ echo eth0
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ eval ''z=$eth2_zone''
+++ z=net
++ ''['' xnet = xnet '']''
++ echo eth2
+ interfaces=''eth0
eth2''
++ echo eth0 eth2
+ interfaces=''eth0 eth2''
+ eval ''net_interfaces="$interfaces"''
++ net_interfaces=''eth0 eth2''
+ determine_hosts
+ for zone in ''$zones''
++ find_hosts loc
++ local hosts interface address addresses
++ read z hosts options
+ hosts++ echo
+ hosts+ eval ''interfaces=$loc_interfaces''
++ interfaces=eth1
+ for interface in ''$interfaces''
+ interface_has_option eth1 detectnets
+ local options
++ chain_base eth1
++ local c=eth1
++ true
++ case $c in
++ echo eth1
++ return
+ eval ''options=$eth1_options''
++ options=dhcp
+ list_search detectnets dhcp
+ local e=detectnets
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xdhcp '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ networks=0.0.0.0/0
+ for network in ''$networks''
+ ''['' -z '''' '']''
+ hosts=eth1:0.0.0.0/0
+ interface_has_option eth1 routeback
+ local options
++ chain_base eth1
++ local c=eth1
++ true
++ case $c in
++ echo eth1
++ return
+ eval ''options=$eth1_options''
++ options=dhcp
+ list_search routeback dhcp
+ local e=routeback
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xrouteback = xdhcp '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ interfaces+ for host in ''$hosts''
+ interface=eth1
+ list_search eth1
+ local e=eth1
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z '''' '']''
+ interfaces=eth1
+ eval ''loc_interfaces=$interfaces''
++ loc_interfaces=eth1
+ eval ''loc_hosts=$hosts''
++ loc_hosts=eth1:0.0.0.0/0
+ ''['' -n eth1:0.0.0.0/0 '']''
+ eval ''display=$loc_display''
++ display=local
+ display_list ''local Zone:'' eth1:0.0.0.0/0
+ ''['' 2 -gt 1 '']''
+ echo '' local Zone: eth1:0.0.0.0/0''
local Zone: eth1:0.0.0.0/0
+ for zone in ''$zones''
++ find_hosts net
++ local hosts interface address addresses
++ read z hosts options
+ hosts++ echo
+ hosts+ eval ''interfaces=$net_interfaces''
++ interfaces=''eth0 eth2''
+ for interface in ''$interfaces''
+ interface_has_option eth0 detectnets
+ local options
++ chain_base eth0
++ local c=eth0
++ true
++ case $c in
++ echo eth0
++ return
+ eval ''options=$eth0_options''
++ options=''norfc1918 nobogons''
+ list_search detectnets norfc1918 nobogons
+ local e=detectnets
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xnorfc1918 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xnobogons '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ networks=0.0.0.0/0
+ for network in ''$networks''
+ ''['' -z '''' '']''
+ hosts=eth0:0.0.0.0/0
+ interface_has_option eth0 routeback
+ local options
++ chain_base eth0
++ local c=eth0
++ true
++ case $c in
++ echo eth0
++ return
+ eval ''options=$eth0_options''
++ options=''norfc1918 nobogons''
+ list_search routeback norfc1918 nobogons
+ local e=routeback
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xrouteback = xnorfc1918 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xrouteback = xnobogons '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ for interface in ''$interfaces''
+ interface_has_option eth2 detectnets
+ local options
++ chain_base eth2
++ local c=eth2
++ true
++ case $c in
++ echo eth2
++ return
+ eval ''options=$eth2_options''
++ options=''norfc1918 nobogons''
+ list_search detectnets norfc1918 nobogons
+ local e=detectnets
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xnorfc1918 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xnobogons '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ networks=0.0.0.0/0
+ for network in ''$networks''
+ ''['' -z eth0:0.0.0.0/0 '']''
+ hosts=''eth0:0.0.0.0/0 eth2:0.0.0.0/0''
+ interface_has_option eth2 routeback
+ local options
++ chain_base eth2
++ local c=eth2
++ true
++ case $c in
++ echo eth2
++ return
+ eval ''options=$eth2_options''
++ options=''norfc1918 nobogons''
+ list_search routeback norfc1918 nobogons
+ local e=routeback
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xrouteback = xnorfc1918 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xrouteback = xnobogons '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ interfaces+ for host in ''$hosts''
+ interface=eth0
+ list_search eth0
+ local e=eth0
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z '''' '']''
+ interfaces=eth0
+ for host in ''$hosts''
+ interface=eth2
+ list_search eth2 eth0
+ local e=eth2
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth2 = xeth0 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z eth0 '']''
+ interfaces=''eth0 eth2''
+ eval ''net_interfaces=$interfaces''
++ net_interfaces=''eth0 eth2''
+ eval ''net_hosts=$hosts''
++ net_hosts=''eth0:0.0.0.0/0 eth2:0.0.0.0/0''
+ ''['' -n ''eth0:0.0.0.0/0 eth2:0.0.0.0/0''
'']''
+ eval ''display=$net_display''
++ display=internet
+ display_list ''internet Zone:'' eth0:0.0.0.0/0 eth2:0.0.0.0/0
+ ''['' 3 -gt 1 '']''
+ echo '' internet Zone: eth0:0.0.0.0/0 eth2:0.0.0.0/0''
internet Zone: eth0:0.0.0.0/0 eth2:0.0.0.0/0
+ run_user_exit init
++ find_file init
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /init
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/init '']''
++ echo /etc/shorewall/init
++ IFS=''
''
++ return
+ local user_exit=/etc/shorewall/init
+ ''['' -f /etc/shorewall/init '']''
+ progress_message ''Processing /etc/shorewall/init ...''
+ ''['' -n '''' '']''
+ echo ''Processing /etc/shorewall/init ...''
Processing /etc/shorewall/init ...
+ . /etc/shorewall/init
+ strip_file rules
+ local fname
+ ''['' 1 = 1 '']''
++ find_file rules
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /rules
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/rules '']''
++ echo /etc/shorewall/rules
++ IFS=''
''
++ return
+ fname=/etc/shorewall/rules
+ ''['' -f /etc/shorewall/rules '']''
+ read_file /etc/shorewall/rules 0
+ local first rest
+ ''['' -f /etc/shorewall/rules '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall version 2.4 - Rules File''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Rules in this file govern connection establishment. Requests
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# responses are automatically allowed using connection
tracking. For any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# particular (source,dest) pair of zones, the rules are
evaluated in the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# order in which they appear in this file and the first match
is the one''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that determines the disposition of the request.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# In most places where an IP address or subnet is allowed,
you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# can preceed the address/subnet with "!" (e.g.,
!192.168.1.0/24) to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# indicate that the rule matches all addresses except the
address/subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# given. Notice that no white space is permitted between
"!" and the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address/subnet.''
+ read first rest
+ ''[''
x#------------------------------------------------------------------------------
= xINCLUDE '']''
+ echo
''#------------------------------------------------------------------------------
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ echo ''# WARNING: If you masquerade or use SNAT from a local system to
the internet,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you cannot use an ACCEPT rule to allow traffic from the
internet to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that system. You *must* use a DNAT rule instead.''
+ read first rest
+ ''[''
x#-------------------------------------------------------------------------------#
= xINCLUDE '']''
+ echo
''#-------------------------------------------------------------------------------#
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACTION ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT,
CONTINUE,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOG, QUEUE or an <action>.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT -- allow the connection request''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT+ -- like ACCEPT but also excludes the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connection from any subsequent''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT[-] or REDIRECT[-] rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NONAT -- Excludes the connection from any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# subsequent DNAT[-] or REDIRECT[-]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# rules but doesn''\''''t generate a
rule''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to accept the traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DROP -- ignore the request''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REJECT -- disallow the request and return an''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# icmp-unreachable or an RST packet.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT -- Forward the request to another''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# system (and optionally another''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT- -- Advanced users only.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like DNAT but only generates the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT iptables rule and not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the companion ACCEPT rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SAME -- Similar to DNAT except that the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port may not be remapped and when''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# multiple server addresses are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# listed, all requests from a given''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# remote system go to the same''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# server.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SAME- -- Advanced users only.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like SAME but only generates the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NAT iptables rule and not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the companion ACCEPT rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT -- Redirect the request to a local''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port on the firewall.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT-''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# -- Advanced users only.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like REDIRET but only generates the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT iptables rule and not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the companion ACCEPT rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CONTINUE -- (For experts only). Do not process''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any of the following rules for this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (source zone,destination zone). If''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The source and/or destination IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address falls into a zone defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# later in /etc/shorewall/zones, this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connection request will be passed''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to the rules defined for that''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (those) zone(s).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOG -- Simply log the packet and continue.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# QUEUE -- Queue the packet to a user-space''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# application such as ftwall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (http://p2pwall.sf.net).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <action> -- The name of an action defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/actions or in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /usr/share/shorewall/actions.std.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The ACTION may optionally be followed''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# by ":" and a syslog log level (e.g, REJECT:info
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT:debug). This causes the packet to be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logged at the specified level.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the ACTION names an action defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/actions or in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /usr/share/shorewall/actions.std then:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - If the log level is followed by
"!''\'''' then all rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in the action are logged at the log level.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - If the log level is not followed by "!" then
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# those rules in the action that do not specify''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logging are logged at the specified level.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - The special log level
''\''''none!''\'''' suppresses
logging''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# by the action.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You may also specify ULOG (must be in upper case) as
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log level.This will log to the ULOG target for
routing''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to a separate log through use of ulogd''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (http://www.gnumonks.org/projects/ulogd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Actions specifying logging may be followed by a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log tag (a string of alphanumeric characters)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are appended to the string generated by the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOGPREFIX (in /etc/shorewall/shorewall.conf).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: ACCEPT:info:ftp would include
''\''''ftp ''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# at the end of the log prefix generated by the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOGPREFIX setting.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE Source hosts to which the rule applies. May be a
zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# defined in /etc/shorewall/zones, $FW to indicate
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall itself, "all" or "none" If the
ACTION is DNAT or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT, sub-zones of the specified zone may be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# excluded from the rule by following the zone name
with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "!''\'''' and a comma-separated
list of sub-zone names.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When "none" is used either in the SOURCE or DEST
column,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the rule is ignored.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When "all" is used either in the SOURCE or DEST
column''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# intra-zone traffic is not affected. You must add''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# separate rules to handle that traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Except when "all" is specified, clients may be
further''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# restricted to a list of subnets and/or hosts by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# appending ":" and a comma-separated list of
subnets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and/or hosts. Hosts may be specified by IP or MAC''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address; mac addresses must begin with "~" and must
use''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-" as a separator.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Hosts may be specified as an IP address range using
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# syntax <low address>-<high address>. This
requires that''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# your kernel and iptables contain iprange match
support.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you kernel and iptables have ipset match support
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you may give the name of an ipset prefaced by "+".
The''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ipset name may be optionally followed by a number
from''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1 to 6 enclosed in square brackets ([]) to indicate
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# number of levels of source bindings to be matched.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dmz:192.168.2.2 Host 192.168.2.2 in the DMZ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:155.186.235.0/24 Subnet 155.186.235.0/24 on the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# loc:192.168.1.1,192.168.1.2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Hosts 192.168.1.1 and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 192.168.1.2 in the local zone.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# loc:~00-A0-C9-15-39-78 Host in the local zone with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# MAC address 00:A0:C9:15:39:78.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:192.0.2.11-192.0.2.17''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Hosts 192.0.2.11-192.0.2.17 in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the net zone.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Alternatively, clients may be specified by
interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# by appending ":" to the zone name followed by
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface name. For example, loc:eth1 specifies a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# client that communicates with the firewall system''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# through eth1. This may be optionally followed by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# another colon (":") and an IP/MAC/subnet
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# as described above (e.g., loc:eth1:192.168.1.5).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST Location of Server. May be a zone defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/zones, $FW to indicate the firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# itself, "all" or "none".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When "none" is used either in the SOURCE or DEST
column,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the rule is ignored.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When "all" is used either in the SOURCE or DEST
column''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# intra-zone traffic is not affected. You must add''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# separate rules to handle that traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Except when "all" is specified, the server may
be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# further restricted to a particular subnet, host or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface by appending ":" and the subnet, host
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface. See above.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Restrictions:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. MAC addresses are not allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. In DNAT rules, only IP addresses are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowed; no FQDNs or subnet addresses''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are permitted.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 3. You may not specify both an interface and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an address.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like in the SOURCE column, you may specify a range
of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# up to 256 IP addresses using the syntax''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <first ip>-<last ip>. When the ACTION is DNAT or
DNAT-,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the connections will be assigned to addresses in
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# range in a round-robin fashion.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you kernel and iptables have ipset match support
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you may give the name of an ipset prefaced by "+".
The''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ipset name may be optionally followed by a number
from''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1 to 6 enclosed in square brackets ([]) to indicate
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# number of levels of destination bindings to be
matched.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Only one of the SOURCE and DEST columns may specify
an''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ipset name.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The port that the server is listening on may be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# included and separated from the
server''\''''s IP address by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ":". If omitted, the firewall will not modifiy
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# destination port. A destination port may only be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# included if the ACTION is DNAT or REDIRECT.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: loc:192.168.1.3:3128 specifies a local''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# server at IP address 192.168.1.3 and listening on
port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 3128. The port number MUST be specified as an
integer''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and not as a name from /etc/services.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# if the ACTION is REDIRECT, this column needs only
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# contain the port number on the firewall that the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# request should be redirected to.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PROTO Protocol - Must be "tcp", "udp",
"icmp", "ipp2p",''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a number, or "all". "ipp2p" requires
ipp2p match''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# support in your kernel and iptables.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST PORT(S) Destination Ports. A comma-separated list of
Port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# names (from /etc/services), port numbers or port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ranges; if the protocol is "icmp", this column
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interpreted as the destination icmp-type(s).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the protocol is ipp2p, this column is
interpreted''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# as an ipp2p option without the leading "--"
(example "bit"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# for bit-torrent). If no port is given, "ipp2p"
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# assumed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# A port range is expressed as <low port>:<high
port>.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This column is ignored if PROTOCOL = all but must
be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# entered if any of the following ields are supplied.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# In that case, it is suggested that this field
contain''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If your kernel contains multi-port match support,
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# only a single Netfilter rule will be generated if
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this list and the CLIENT PORT(S) list below:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. There are 15 or less ports listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. No port ranges are included.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Otherwise, a separate rule will be generated for
each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CLIENT PORT(S) (Optional) Port(s) used by the client. If
omitted,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any source port is acceptable. Specified as a
comma-''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# separated list of port names, port numbers or port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ranges.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to restrict
client ports but need to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# specify an ORIGINAL DEST in the next column, then
place''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If your kernel contains multi-port match support,
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# only a single Netfilter rule will be generated if
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this list and the DEST PORT(S) list above:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. There are 15 or less ports listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. No port ranges are included.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Otherwise, a separate rule will be generated for
each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ORIGINAL DEST (0ptional) -- If ACTION is DNAT[-] or
REDIRECT[-] then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# if included and different from the IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address given in the SERVER column, this is an
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# on some interface on the firewall and connections
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that address will be forwarded to the IP and port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# specified in the DEST column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# A comma-separated list of addresses may also be
used.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This is usually most useful with the REDIRECT
target''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# where you want to redirect traffic destined for''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# particular set of hosts.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Finally, if the list of addresses begins with "!"
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the rule will be followed only if the original''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# destination address in the connection request does
not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match any of the addresses listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For other actions, this column may be included and
may''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# contain one or more addresses (host or network)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# separated by commas. Address ranges are not
allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When this column is supplied, rules are generated''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that require that the original destination address
matches''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# one of the listed addresses. This feature is most useful
when''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you want to generate a filter rule that corresponds to
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT- or REDIRECT- rule. In this usage, the list of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses should not begin with "!".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/PortKnocking.html for an''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# example of using an entry in this column with a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# user-defined action rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# RATE LIMIT You may rate-limit the rule by placing a value
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this colume:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <rate>/<interval>[:<burst>]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# where <rate> is the number of connections per''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <interval> ("sec" or "min") and
<burst> is the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# largest burst permitted. If no <burst> is
given,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a value of 5 is assumed. There may be no''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# no whitespace embedded in the specification.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: 10/sec:20''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# USER/GROUP This column may only be non-empty if the SOURCE
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the firewall itself.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The column may contain:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# [!][<user name or number>][:<group name or
number>][+<program name>]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When this column is non-empty, the rule applies
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# if the program generating the output is running
under''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the effective <user> and/or <group> specified (or
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NOT running under that id if "!" is
given).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Examples:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# joe #program must be run by joe''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# :kids #program must be run by a member of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #the
''\''''kids''\''''
group''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# !:kids #program must not be run by a member''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #of the
''\''''kids''\''''
group''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# +upnpd #program named
''\''''upnpd''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Accept SMTP requests from the DMZ to the
internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S)
DEST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT dmz net tcp smtp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Forward all ssh and http connection requests from
the internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to local system 192.168.1.3''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S)
DEST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT net loc:192.168.1.3 tcp ssh,http''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Forward all http connection requests from the
internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to local system 192.168.1.3 with a limit of 3 per second
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a maximum burst of 10''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S) DEST
LIMIT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT net loc:192.168.1.3 tcp http - - 3/sec:10''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Redirect all locally-originating www connection
requests to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port 3128 on the firewall (Squid running on the
firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# system) except when the destination address is
192.168.2.2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S)
DEST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT loc 3128 tcp www - !192.168.2.2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: All http requests from the internet to
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 130.252.100.69 are to be forwarded to 192.168.1.3''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S)
DEST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT net loc:192.168.1.3 tcp 80 -
130.252.100.69''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: You want to accept SSH connections to your firewall
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# from internet IP addresses 130.252.100.69 and
130.252.100.70''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S)
DEST''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT net:130.252.100.69,130.252.100.70 fw # tcp
22''
+ read first rest
+ ''[''
x####################################################################################################
= xINCLUDE '']''
+ echo
''####################################################################################################
''
+ read first rest
+ ''['' x#ACTION = xINCLUDE '']''
+ echo ''#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT GROUP''
+ read first rest
+ ''['' xAllowPing = xINCLUDE '']''
+ echo ''AllowPing all all''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT net fw tcp 9322''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ strip_file proxyarp
+ local fname
+ ''['' 1 = 1 '']''
++ find_file proxyarp
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /proxyarp
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/proxyarp '']''
++ echo /etc/shorewall/proxyarp
++ IFS=''
''
++ return
+ fname=/etc/shorewall/proxyarp
+ ''['' -f /etc/shorewall/proxyarp '']''
+ read_file /etc/shorewall/proxyarp 0
+ local first rest
+ ''['' -f /etc/shorewall/proxyarp '']''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Proxy ARP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/proxyarp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to define Proxy ARP.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns must be separated by white space and are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ADDRESS IP Address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE Local interface where system is connected. If
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# local interface is obvious from the subnetting,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you may enter "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# EXTERNAL External Interface to be used to access this
system''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# HAVEROUTE If there is already a route from the firewall
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the host whose address is given, enter "Yes" or
"yes"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in this column. Otherwise, entry "no",
"No" or leave''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the column empty and Shorewall will add the route
for''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you. If Shorewall adds the route,the route will be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# persistent if the PERSISTENT column contains Yes;''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# otherwise, "shorewall stop" or "shorewall
clear" will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# delete the route.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PERSISTENT If HAVEROUTE is No or "no", then the
value of this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column determines if the route added by Shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# persists after a "shorewall stop" or a
"shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# clear". If this column contains "Yes" or
"yes" then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the route persists; If the column is empty or
contains''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "No"or "no" then the route is deleted at
"shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# stop" or "shorewall clear".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Host with IP 155.186.235.6 is connected to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface eth1 and we want hosts attached via eth0''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to be able to access it using that address.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ADDRESS INTERFACE EXTERNAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 155.186.235.6 eth1 eth0''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/ProxyARP.htm for additional
information.''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#ADDRESS = xINCLUDE '']''
+ echo ''#ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ strip_file maclist
+ local fname
+ ''['' 1 = 1 '']''
++ find_file maclist
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /maclist
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/maclist '']''
++ echo /etc/shorewall/maclist
++ IFS=''
''
++ return
+ fname=/etc/shorewall/maclist
+ ''['' -f /etc/shorewall/maclist '']''
+ read_file /etc/shorewall/maclist 0
+ local first rest
+ ''['' -f /etc/shorewall/maclist '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 - MAC list file''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to define the MAC addresses and optionally
their''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# associated IP addresses to be allowed to use the specified
interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The feature is enabled by using the maclist option in the
interfaces''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# or hosts configuration file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/maclist''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE Network interface to a host. If the
interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# names a bridge, it may be optionally followed by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a colon (":") and a physical port name
(e.g.,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# br0:eth4).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# MAC MAC address of the host -- you do not need to
use''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the Shorewall format for MAC addresses here''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# IP ADDRESSES Optional -- if specified, both the MAC and IP
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# must match. This column can contain a
comma-separated''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# list of host and/or subnet addresses. If your
kernel''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and iptables have iprange match support then IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address ranges are also allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# For additional information, see
http://shorewall.net/MAC_Validation.html''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#INTERFACE = xINCLUDE '']''
+ echo ''#INTERFACE MAC IP ADDRESSES (Optional)''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
+ strip_file nat
+ local fname
+ ''['' 1 = 1 '']''
++ find_file nat
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /nat
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/nat '']''
++ echo /etc/shorewall/nat
++ IFS=''
''
++ return
+ fname=/etc/shorewall/nat
+ ''['' -f /etc/shorewall/nat '']''
+ read_file /etc/shorewall/nat 0
+ local first rest
+ ''['' -f /etc/shorewall/nat '']''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Network Address Translation Table''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/nat''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to define one-to-one Network Address
Translation''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (NAT).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# WARNING: If all you want to do is simple port forwarding, do
NOT use this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# file. See http://www.shorewall.net/FAQ.htm#faq1. Also, in
most''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# cases, Proxy ARP is a better solution that one-to-one
NAT.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns must be separated by white space and are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# EXTERNAL External IP Address - this should NOT be the
primary''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# IP address of the interface named in the next''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column and must not be a DNS Name.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE Interface that you want to EXTERNAL address to
appear''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# on. If ADD_IP_ALIASES=Yes in shorewall.conf, you
may''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# follow the interface name with ":" and a digit
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# indicate that you want Shorewall to add the alias''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# with this name (e.g., "eth0:0"). That allows you
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# see the alias with ifconfig. THAT IS THE ONLY THING''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THAT THIS NAME IS GOOD FOR -- YOU CANNOT USE IT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ANYWHERE ELSE IN YOUR SHORWALL CONFIGURATION.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you want to override ADD_IP_ALIASES=Yes for a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# particular entry, follow the interface name with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ":" and no digit (e.g.,
"eth0:").''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERNAL Internal Address (must not be a DNS Name).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ALL INTERFACES If Yes or yes, NAT will be effective from all
hosts.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If No or no (or left empty) then NAT will be
effective''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# only through the interface named in the INTERFACE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOCAL If Yes or yes, NAT will be effective from the
firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# system''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For additional information, see
http://shorewall.net/NAT.htm''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#EXTERNAL = xINCLUDE '']''
+ echo ''#EXTERNAL INTERFACE INTERNAL ALL LOCAL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACES''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ strip_file netmap
+ local fname
+ ''['' 1 = 1 '']''
++ find_file netmap
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /netmap
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/netmap '']''
++ echo /etc/shorewall/netmap
++ IFS=''
''
++ return
+ fname=/etc/shorewall/netmap
+ ''['' -f /etc/shorewall/netmap '']''
+ read_file /etc/shorewall/netmap 0
+ local first rest
+ ''['' -f /etc/shorewall/netmap '']''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Network Mapping Table''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/netmap''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to map addresses in one network to
corresponding''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses in a second network.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# WARNING: To use this file, your kernel and iptables must
have''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NETMAP support included.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns must be separated by white space and are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TYPE Must be DNAT or SNAT.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If DNAT, traffic entering INTERFACE and addressed
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NET1 has it''\''''s destination
address rewritten to the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# corresponding address in NET2.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If SNAT, traffic leaving INTERFACE with a source''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address in NET1 has it''\''''s source
address rewritten to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the corresponding address in NET2.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NET1 Network in CIDR format (e.g., 192.168.1.0/24)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE The name of a network interface. The interface
must''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# be defined in /etc/shorewall/interfaces.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NET2 Network in CIDR format''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/netmap.html for an example and
usage''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# information.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#TYPE = xINCLUDE '']''
+ echo ''#TYPE NET1 INTERFACE NET2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ echo ''Pre-processing Actions...''
Pre-processing Actions...
+ process_actions1
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP''
+ USEDACTIONS+ strip_file actions
+ local fname
+ ''['' 1 = 1 '']''
++ find_file actions
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /actions
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/actions '']''
++ echo /etc/shorewall/actions
++ IFS=''
''
++ return
+ fname=/etc/shorewall/actions
+ ''['' -f /etc/shorewall/actions '']''
+ read_file /etc/shorewall/actions 0
+ local first rest
+ ''['' -f /etc/shorewall/actions '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /etc/shorewall/actions''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file allows you to define new ACTIONS for use in
rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (/etc/shorewall/rules). You define the iptables rules
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# be performed in an ACTION in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/action.<action-name>.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACTION names should begin with an upper-case letter
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# distinguish them from Shorewall-generated chain names
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# they must meet the requirements of a Netfilter chain.
If''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you intend to log from the action then the name must
be''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# no longer than 11 character in length. Names must
also''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# meet the requirements for a Bourne Shell identifier
(must''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# begin with a letter and be composed of letters, digits
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# underscore characters).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you follow the action name with ":DROP",
":REJECT" or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# :ACCEPT then the action will be taken before a DROP, REJECT
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT policy respectively is enforced. If you specify
":DROP",''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ":REJECT" or ":ACCEPT" on more than one
action then only the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# last such action will be taken.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you specify ":DROP", ":REJECT" or
":ACCEPT" on a line by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# itself, the associated policy will have no common
action.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Please see http://shorewall.net/Actions.html for
additional''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# information.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ACTION = xINCLUDE '']''
+ echo ''#ACTION ''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT
REMOVE''
+ read first rest
+ strip_file actions.std /usr/share/shorewall/actions.std
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/actions.std
+ ''['' -f /usr/share/shorewall/actions.std
'']''
+ read_file /usr/share/shorewall/actions.std 0
+ local first rest
+ ''['' -f /usr/share/shorewall/actions.std
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/actions.std''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Please see http://shorewall.net/Actions.html for
additional''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# information.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Builtin Actions are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowBcast #Silently Allow Broadcast/multicast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropBcast #Silently Drop
Broadcast/multicast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropNotSyn #Silently Drop Non-syn TCP
packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# rejNotSyn #Silently Reject Non-syn TCP
packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropInvalid #Silently Drop packets that are in the
INVALID''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #conntrack state.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowInvalid #Accept packets that are in the
INVALID''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #conntrack state.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowoutUPnP #Allow traffic from local command
''\''''upnpd''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowinUPnP #Allow UPnP inbound (to firewall)
traffic''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# forwardUPnP #Allow traffic that upnpd has redirected
from''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''#
#''\''''upnp''\''''
interfaces.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ACTION = xINCLUDE '']''
+ echo ''#ACTION ''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xDropSMB = xINCLUDE '']''
+ echo ''DropSMB #Silently Drops Microsoft SMB Traffic''
+ read first rest
+ ''['' xRejectSMB = xINCLUDE '']''
+ echo ''RejectSMB #Silently Reject Microsoft SMB Traffic''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP #Silently Drop UPnP Probes''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth #Silently Reject Auth''
+ read first rest
+ ''['' xDropPing = xINCLUDE '']''
+ echo ''DropPing #Silently Drop Ping''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep #Silently Drop DNS Replies''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xAllowPing = xINCLUDE '']''
+ echo ''AllowPing #Accept Ping''
+ read first rest
+ ''['' xAllowFTP = xINCLUDE '']''
+ echo ''AllowFTP #Accept FTP''
+ read first rest
+ ''['' xAllowDNS = xINCLUDE '']''
+ echo ''AllowDNS #Accept DNS''
+ read first rest
+ ''['' xAllowSSH = xINCLUDE '']''
+ echo ''AllowSSH #Accept SSH''
+ read first rest
+ ''['' xAllowWeb = xINCLUDE '']''
+ echo ''AllowWeb #Allow Web Browsing''
+ read first rest
+ ''['' xAllowSMB = xINCLUDE '']''
+ echo ''AllowSMB #Allow MS Networking''
+ read first rest
+ ''['' xAllowAuth = xINCLUDE '']''
+ echo ''AllowAuth #Allow Auth (identd)''
+ read first rest
+ ''['' xAllowSMTP = xINCLUDE '']''
+ echo ''AllowSMTP #Allow SMTP (Email)''
+ read first rest
+ ''['' xAllowPOP3 = xINCLUDE '']''
+ echo ''AllowPOP3 #Allow reading mail via POP3''
+ read first rest
+ ''['' xAllowICMPs = xINCLUDE '']''
+ echo ''AllowICMPs #Allows critical ICMP types''
+ read first rest
+ ''['' xAllowIMAP = xINCLUDE '']''
+ echo ''AllowIMAP #Allow reading mail via IMAP''
+ read first rest
+ ''['' xAllowTelnet = xINCLUDE '']''
+ echo ''AllowTelnet #Allow Telnet Access (not recommended for use over
the''
+ read first rest
+ ''['' ''x#Internet)'' = xINCLUDE
'']''
+ echo ''#Internet) ''
+ read first rest
+ ''['' xAllowVNC = xINCLUDE '']''
+ echo ''AllowVNC #Allow VNC viewer->server, Displays 0-9''
+ read first rest
+ ''['' xAllowVNCL = xINCLUDE '']''
+ echo ''AllowVNCL #Allow VNC server->viewer in listening
mode''
+ read first rest
+ ''['' xAllowNTP = xINCLUDE '']''
+ echo ''AllowNTP #Allow Network Time Protocol (ntpd)''
+ read first rest
+ ''['' xAllowRdate = xINCLUDE '']''
+ echo ''AllowRdate #Allow remote time (rdate).''
+ read first rest
+ ''['' xAllowNNTP = xINCLUDE '']''
+ echo ''AllowNNTP #Allow network news (Usenet).''
+ read first rest
+ ''['' xAllowTrcrt = xINCLUDE '']''
+ echo ''AllowTrcrt #Allows Traceroute (20 hops)''
+ read first rest
+ ''['' xAllowSNMP = xINCLUDE '']''
+ echo ''AllowSNMP #Allows SNMP (including traps)''
+ read first rest
+ ''['' xAllowPCA = xINCLUDE '']''
+ echo ''AllowPCA #Allows PCAnywhere (tm)''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xDrop:DROP = xINCLUDE '']''
+ echo ''Drop:DROP #Common Action for DROP policy''
+ read first rest
+ ''['' xReject:REJECT = xINCLUDE '']''
+ echo ''Reject:REJECT #Common Action for REJECT policy''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ for inputfile in actions.std actions
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z DropSMB '']''
++ chain_base DropSMB
++ local c=DropSMB
++ true
++ case $c in
++ echo DropSMB
++ return
+ ''['' DropSMB = DropSMB '']''
+ list_search DropSMB dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP
+ local e=DropSMB
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowBcast '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNonSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrejNotSyn '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowInvalid '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowinUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowoutUPnP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xforwardUPnP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropSMB
++ find_file action.DropSMB
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.DropSMB
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.DropSMB '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
++ echo /usr/share/shorewall/action.DropSMB
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.DropSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropSMB...''
Pre-processing /usr/share/shorewall/action.DropSMB...
+ strip_file action.DropSMB /usr/share/shorewall/action.DropSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropSMB
+ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
+ read_file /usr/share/shorewall/action.DropSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.DropSMB''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops Microsoft SMB traffic''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp 135''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp 137:139''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp 445''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 135''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 139''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z RejectSMB '']''
++ chain_base RejectSMB
++ local c=RejectSMB
++ true
++ case $c in
++ echo RejectSMB
++ return
+ ''['' RejectSMB = RejectSMB '']''
+ list_search RejectSMB dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB
+ local e=RejectSMB
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowBcast '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNonSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrejNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowInvalid '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowinUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowoutUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xforwardUPnP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.RejectSMB
++ find_file action.RejectSMB
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.RejectSMB
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.RejectSMB
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
++ echo /usr/share/shorewall/action.RejectSMB
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.RejectSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.RejectSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.RejectSMB...''
Pre-processing /usr/share/shorewall/action.RejectSMB...
+ strip_file action.RejectSMB /usr/share/shorewall/action.RejectSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.RejectSMB
+ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
+ read_file /usr/share/shorewall/action.RejectSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.RejectSMB''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently rejects Microsoft SMB traffic''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 135''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 137:139''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 445''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 135''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 139''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB
RejectSMB''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z DropUPnP '']''
++ chain_base DropUPnP
++ local c=DropUPnP
++ true
++ case $c in
++ echo DropUPnP
++ return
+ ''['' DropUPnP = DropUPnP '']''
+ list_search DropUPnP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
+ local e=DropUPnP
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowBcast '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowinUPnP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowoutUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xforwardUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropUPnP
++ find_file action.DropUPnP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.DropUPnP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.DropUPnP '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
++ echo /usr/share/shorewall/action.DropUPnP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.DropUPnP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropUPnP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropUPnP...''
Pre-processing /usr/share/shorewall/action.DropUPnP...
+ strip_file action.DropUPnP /usr/share/shorewall/action.DropUPnP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropUPnP
+ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
+ read_file /usr/share/shorewall/action.DropUPnP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.DropUPnP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops UPnP probes on UDP port
1900''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp 1900''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z RejectAuth '']''
++ chain_base RejectAuth
++ local c=RejectAuth
++ true
++ case $c in
++ echo RejectAuth
++ return
+ ''['' RejectAuth = RejectAuth '']''
+ list_search RejectAuth dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP
+ local e=RejectAuth
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowBcast '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowinUPnP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowoutUPnP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xforwardUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.RejectAuth
++ find_file action.RejectAuth
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.RejectAuth
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.RejectAuth
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
++ echo /usr/share/shorewall/action.RejectAuth
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.RejectAuth
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.RejectAuth '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.RejectAuth...''
Pre-processing /usr/share/shorewall/action.RejectAuth...
+ strip_file action.RejectAuth /usr/share/shorewall/action.RejectAuth
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.RejectAuth
+ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
+ read_file /usr/share/shorewall/action.RejectAuth 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.RejectAuth''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently rejects Auth (tcp 113) traffic''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 113''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z DropPing '']''
++ chain_base DropPing
++ local c=DropPing
++ true
++ case $c in
++ echo DropPing
++ return
+ ''['' DropPing = DropPing '']''
+ list_search DropPing dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth
+ local e=DropPing
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropBcast '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDropPing = xallowBcast '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropNonSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropPing = xrejNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropInvalid '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropPing = xallowInvalid '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropPing = xallowinUPnP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropPing = xallowoutUPnP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropPing = xforwardUPnP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropPing = xDropSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropPing = xRejectSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropPing = xDropUPnP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropPing = xRejectAuth '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropPing
++ find_file action.DropPing
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.DropPing
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.DropPing '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.DropPing
'']''
++ echo /usr/share/shorewall/action.DropPing
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.DropPing
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropPing '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropPing...''
Pre-processing /usr/share/shorewall/action.DropPing...
+ strip_file action.DropPing /usr/share/shorewall/action.DropPing
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropPing
+ ''['' -f /usr/share/shorewall/action.DropPing
'']''
+ read_file /usr/share/shorewall/action.DropPing 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropPing
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.DropPing''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops
''\''''ping''\''''
requests.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - icmp 8''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z DropDNSrep '']''
++ chain_base DropDNSrep
++ local c=DropDNSrep
++ true
++ case $c in
++ echo DropDNSrep
++ return
+ ''['' DropDNSrep = DropDNSrep '']''
+ list_search DropDNSrep dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing
+ local e=DropDNSrep
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowBcast '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowinUPnP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowoutUPnP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xforwardUPnP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropDNSrep
++ find_file action.DropDNSrep
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.DropDNSrep
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.DropDNSrep
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
++ echo /usr/share/shorewall/action.DropDNSrep
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.DropDNSrep
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropDNSrep '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropDNSrep...''
Pre-processing /usr/share/shorewall/action.DropDNSrep...
+ strip_file action.DropDNSrep /usr/share/shorewall/action.DropDNSrep
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropDNSrep
+ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
+ read_file /usr/share/shorewall/action.DropDNSrep 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.DropDNSrep''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops DNS UDP replies''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp - 53''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowPing '']''
++ chain_base AllowPing
++ local c=AllowPing
++ true
++ case $c in
++ echo AllowPing
++ return
+ ''['' AllowPing = AllowPing '']''
+ list_search AllowPing dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep
+ local e=AllowPing
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropBcast '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xallowBcast '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropNonSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xrejNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropInvalid '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xallowInvalid '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xallowinUPnP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xallowoutUPnP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xforwardUPnP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xRejectSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xRejectAuth '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropPing '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropDNSrep '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPing
++ find_file action.AllowPing
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowPing
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowPing
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
++ echo /usr/share/shorewall/action.AllowPing
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowPing
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPing '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPing...''
Pre-processing /usr/share/shorewall/action.AllowPing...
+ strip_file action.AllowPing /usr/share/shorewall/action.AllowPing
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPing
+ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
+ read_file /usr/share/shorewall/action.AllowPing 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowPing''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts
''\''''ping''\''''
requests.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - icmp 8''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowFTP '']''
++ chain_base AllowFTP
++ local c=AllowFTP
++ true
++ case $c in
++ echo AllowFTP
++ return
+ ''['' AllowFTP = AllowFTP '']''
+ list_search AllowFTP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing
+ local e=AllowFTP
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropBcast '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xallowBcast '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropNonSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xrejNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropInvalid '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xallowInvalid '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xallowinUPnP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xallowoutUPnP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xforwardUPnP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xRejectSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropUPnP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xRejectAuth '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropPing '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropDNSrep '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xAllowPing '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowFTP
++ find_file action.AllowFTP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowFTP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowFTP '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
++ echo /usr/share/shorewall/action.AllowFTP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowFTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowFTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowFTP...''
Pre-processing /usr/share/shorewall/action.AllowFTP...
+ strip_file action.AllowFTP /usr/share/shorewall/action.AllowFTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowFTP
+ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
+ read_file /usr/share/shorewall/action.AllowFTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowFTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts FTP traffic. See''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.shorewall.net/FTP.html for additional
considerations.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 21''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowDNS '']''
++ chain_base AllowDNS
++ local c=AllowDNS
++ true
++ case $c in
++ echo AllowDNS
++ return
+ ''['' AllowDNS = AllowDNS '']''
+ list_search AllowDNS dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
+ local e=AllowDNS
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropBcast '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xallowBcast '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropNonSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xrejNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropInvalid '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xallowInvalid '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xallowinUPnP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xallowoutUPnP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xforwardUPnP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xRejectSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropUPnP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xRejectAuth '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropPing '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropDNSrep '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xAllowPing '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xAllowFTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowDNS
++ find_file action.AllowDNS
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowDNS
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowDNS '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
++ echo /usr/share/shorewall/action.AllowDNS
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowDNS
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowDNS '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowDNS...''
Pre-processing /usr/share/shorewall/action.AllowDNS...
+ strip_file action.AllowDNS /usr/share/shorewall/action.AllowDNS
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowDNS
+ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
+ read_file /usr/share/shorewall/action.AllowDNS 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowDNS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts DNS traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 53''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 53''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowSSH '']''
++ chain_base AllowSSH
++ local c=AllowSSH
++ true
++ case $c in
++ echo AllowSSH
++ return
+ ''['' AllowSSH = AllowSSH '']''
+ list_search AllowSSH dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS
+ local e=AllowSSH
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropBcast '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xallowBcast '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropNonSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xrejNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropInvalid '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xallowInvalid '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xallowinUPnP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xallowoutUPnP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xforwardUPnP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xRejectSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropUPnP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xRejectAuth '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropPing '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropDNSrep '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowPing '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowFTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowDNS '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSSH
++ find_file action.AllowSSH
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowSSH
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowSSH '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
++ echo /usr/share/shorewall/action.AllowSSH
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowSSH
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSSH '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSSH...''
Pre-processing /usr/share/shorewall/action.AllowSSH...
+ strip_file action.AllowSSH /usr/share/shorewall/action.AllowSSH
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSSH
+ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
+ read_file /usr/share/shorewall/action.AllowSSH 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowSSH''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts secure shell (SSH) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 22''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS
AllowSSH''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowWeb '']''
++ chain_base AllowWeb
++ local c=AllowWeb
++ true
++ case $c in
++ echo AllowWeb
++ return
+ ''['' AllowWeb = AllowWeb '']''
+ list_search AllowWeb dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
+ local e=AllowWeb
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropBcast '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xallowBcast '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropNonSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xrejNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropInvalid '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xallowInvalid '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xallowinUPnP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xallowoutUPnP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xforwardUPnP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xRejectSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropUPnP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xRejectAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropPing '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropDNSrep '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowPing '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowFTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowDNS '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowSSH '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowWeb
++ find_file action.AllowWeb
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowWeb
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowWeb '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
++ echo /usr/share/shorewall/action.AllowWeb
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowWeb
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowWeb '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowWeb...''
Pre-processing /usr/share/shorewall/action.AllowWeb...
+ strip_file action.AllowWeb /usr/share/shorewall/action.AllowWeb
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowWeb
+ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
+ read_file /usr/share/shorewall/action.AllowWeb 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowWeb''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts WWW traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ cut -d# -f1
= xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 80''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 443''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowSMB '']''
++ chain_base AllowSMB
++ local c=AllowSMB
++ true
++ case $c in
++ echo AllowSMB
++ return
+ ''['' AllowSMB = AllowSMB '']''
+ list_search AllowSMB dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb
+ local e=AllowSMB
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropBcast '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xallowBcast '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropNonSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xrejNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropInvalid '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xallowInvalid '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xallowinUPnP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xallowoutUPnP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xforwardUPnP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xRejectSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropUPnP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropPing '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropDNSrep '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowPing '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowFTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowDNS '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowSSH '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowWeb '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSMB
++ find_file action.AllowSMB
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowSMB
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowSMB '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
++ echo /usr/share/shorewall/action.AllowSMB
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSMB...''
Pre-processing /usr/share/shorewall/action.AllowSMB...
+ strip_file action.AllowSMB /usr/share/shorewall/action.AllowSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSMB
+ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
+ read_file /usr/share/shorewall/action.AllowSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowSMB''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Allow Microsoft SMB traffic. You need to invoke this action
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# both directions.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 135,445''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 137:139''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 1024: 137''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp
135,139,445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowAuth '']''
++ chain_base AllowAuth
++ local c=AllowAuth
++ true
++ case $c in
++ echo AllowAuth
++ return
+ ''['' AllowAuth = AllowAuth '']''
+ list_search AllowAuth dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB
+ local e=AllowAuth
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropBcast '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xallowBcast '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropNonSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xrejNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropInvalid '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xallowInvalid '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xallowinUPnP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xallowoutUPnP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xforwardUPnP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xRejectSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropUPnP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xRejectAuth '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropPing '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropDNSrep '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowPing '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowFTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowDNS '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowSSH '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowWeb '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowAuth
++ find_file action.AllowAuth
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowAuth
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowAuth
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
++ echo /usr/share/shorewall/action.AllowAuth
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowAuth
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowAuth '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowAuth...''
Pre-processing /usr/share/shorewall/action.AllowAuth...
+ strip_file action.AllowAuth /usr/share/shorewall/action.AllowAuth
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowAuth
+ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
+ read_file /usr/share/shorewall/action.AllowAuth 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowAuth''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Auth (identd) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 113''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowSMTP '']''
++ chain_base AllowSMTP
++ local c=AllowSMTP
++ true
++ case $c in
++ echo AllowSMTP
++ return
+ ''['' AllowSMTP = AllowSMTP '']''
+ list_search AllowSMTP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth
+ local e=AllowSMTP
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropBcast '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xallowBcast '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropNonSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xrejNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropInvalid '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xallowInvalid '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xallowinUPnP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xallowoutUPnP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xforwardUPnP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xRejectSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropUPnP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xRejectAuth '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropPing '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropDNSrep '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowPing '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowFTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowDNS '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowSSH '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowWeb '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowAuth '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSMTP
++ find_file action.AllowSMTP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowSMTP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowSMTP
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
++ echo /usr/share/shorewall/action.AllowSMTP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowSMTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSMTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSMTP...''
Pre-processing /usr/share/shorewall/action.AllowSMTP...
+ strip_file action.AllowSMTP /usr/share/shorewall/action.AllowSMTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSMTP
+ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
+ read_file /usr/share/shorewall/action.AllowSMTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowSMTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts SMTP (email) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Note: This action allows traffic between an MUA (Email
client)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and an MTA (mail server) or between MTAs. It does not
enable''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# reading of email via POP3 or IMAP. For those you need to
use''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the AllowPOP3 or AllowIMAP actions.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 25''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowPOP3 '']''
++ chain_base AllowPOP3
++ local c=AllowPOP3
++ true
++ case $c in
++ echo AllowPOP3
++ return
+ ''['' AllowPOP3 = AllowPOP3 '']''
+ list_search AllowPOP3 dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP
+ local e=AllowPOP3
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropBcast '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xallowBcast '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropNonSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xrejNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropInvalid '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xallowInvalid '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xallowinUPnP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xallowoutUPnP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xforwardUPnP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xRejectSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropUPnP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xRejectAuth '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropPing '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropDNSrep '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowPing '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowFTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowDNS '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSSH '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowWeb '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowAuth '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSMTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPOP3
++ find_file action.AllowPOP3
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowPOP3
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowPOP3
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
++ echo /usr/share/shorewall/action.AllowPOP3
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowPOP3
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPOP3 '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPOP3...''
Pre-processing /usr/share/shorewall/action.AllowPOP3...
+ strip_file action.AllowPOP3 /usr/share/shorewall/action.AllowPOP3
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPOP3
+ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
+ read_file /usr/share/shorewall/action.AllowPOP3 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowPOP3''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts POP3 traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 110 #Unsecure POP3''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 995 #Secure POP3''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowICMPs '']''
++ chain_base AllowICMPs
++ local c=AllowICMPs
++ true
++ case $c in
++ echo AllowICMPs
++ return
+ ''['' AllowICMPs = AllowICMPs '']''
+ list_search AllowICMPs dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
+ local e=AllowICMPs
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropBcast '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowBcast '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNonSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xrejNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropInvalid '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowInvalid '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowinUPnP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowoutUPnP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xforwardUPnP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropUPnP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectAuth '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropPing '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropDNSrep '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPing '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowFTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowDNS '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSSH '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowWeb '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowAuth '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPOP3 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowICMPs
++ find_file action.AllowICMPs
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowICMPs
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowICMPs
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowICMPs
'']''
++ echo /usr/share/shorewall/action.AllowICMPs
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowICMPs
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowICMPs '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowICMPs...''
Pre-processing /usr/share/shorewall/action.AllowICMPs...
+ strip_file action.AllowICMPs /usr/share/shorewall/action.AllowICMPs
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowICMPs
+ ''['' -f /usr/share/shorewall/action.AllowICMPs
'']''
+ read_file /usr/share/shorewall/action.AllowICMPs 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowICMPs
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.AllowICMPs''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT needed ICMP types''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - icmp fragmentation-needed''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - icmp time-exceeded''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowIMAP '']''
++ chain_base AllowIMAP
++ local c=AllowIMAP
++ true
++ case $c in
++ echo AllowIMAP
++ return
+ ''['' AllowIMAP = AllowIMAP '']''
+ list_search AllowIMAP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs
+ local e=AllowIMAP
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropBcast '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xallowBcast '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropNonSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xrejNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropInvalid '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xallowInvalid '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xallowinUPnP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xallowoutUPnP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xforwardUPnP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xRejectSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropUPnP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xRejectAuth '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropPing '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropDNSrep '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowPing '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowFTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowDNS '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSSH '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowWeb '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowAuth '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSMTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowPOP3 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowICMPs '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowIMAP
++ find_file action.AllowIMAP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowIMAP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowIMAP
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
++ echo /usr/share/shorewall/action.AllowIMAP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowIMAP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowIMAP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowIMAP...''
Pre-processing /usr/share/shorewall/action.AllowIMAP...
+ strip_file action.AllowIMAP /usr/share/shorewall/action.AllowIMAP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowIMAP
+ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
+ read_file /usr/share/shorewall/action.AllowIMAP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowIMAP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts IMAP traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 143 #Unsecure IMAP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 993 #Secure IMAP''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowTelnet '']''
++ chain_base AllowTelnet
++ local c=AllowTelnet
++ true
++ case $c in
++ echo AllowTelnet
++ return
+ ''['' AllowTelnet = AllowTelnet '']''
+ list_search AllowTelnet dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP
+ local e=AllowTelnet
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropBcast '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xallowBcast '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropNonSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xrejNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropInvalid '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xallowInvalid '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xallowinUPnP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xallowoutUPnP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xforwardUPnP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropSMB '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xRejectSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropUPnP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xRejectAuth '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropPing '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropDNSrep '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowPing '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowFTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowDNS '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSSH '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowWeb '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowAuth '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSMTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowPOP3 '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowICMPs '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowIMAP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowTelnet
++ find_file action.AllowTelnet
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowTelnet
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowTelnet
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
++ echo /usr/share/shorewall/action.AllowTelnet
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowTelnet
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowTelnet '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowTelnet...''
Pre-processing /usr/share/shorewall/action.AllowTelnet...
+ strip_file action.AllowTelnet /usr/share/shorewall/action.AllowTelnet
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowTelnet
+ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
+ read_file /usr/share/shorewall/action.AllowTelnet 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.AllowTelnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Telnet traffic. For traffic over
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# internet, telnet is inappropriate; use SSH instead''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 23''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP
AllowTelnet''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowVNC '']''
++ chain_base AllowVNC
++ local c=AllowVNC
++ true
++ case $c in
++ echo AllowVNC
++ return
+ ''['' AllowVNC = AllowVNC '']''
+ list_search AllowVNC dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
+ local e=AllowVNC
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropBcast '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xallowBcast '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropNonSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xrejNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropInvalid '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xallowInvalid '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xallowinUPnP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xallowoutUPnP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xforwardUPnP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropSMB '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xRejectSMB '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropUPnP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xRejectAuth '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropPing '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropDNSrep '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowPing '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowFTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowDNS '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSSH '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowWeb '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowAuth '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSMTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowPOP3 '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowICMPs '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowIMAP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowTelnet '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowVNC
++ find_file action.AllowVNC
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowVNC
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowVNC '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
++ echo /usr/share/shorewall/action.AllowVNC
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowVNC
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowVNC '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowVNC...''
Pre-processing /usr/share/shorewall/action.AllowVNC...
+ strip_file action.AllowVNC /usr/share/shorewall/action.AllowVNC
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowVNC
+ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
+ read_file /usr/share/shorewall/action.AllowVNC 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowVNC''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts VNC traffic for VNC
display''\''''s 0 - 9.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5900:5909''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowVNCL '']''
++ chain_base AllowVNCL
++ local c=AllowVNCL
++ true
++ case $c in
++ echo AllowVNCL
++ return
+ ''['' AllowVNCL = AllowVNCL '']''
+ list_search AllowVNCL dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC
+ local e=AllowVNCL
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropBcast '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xallowBcast '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropNonSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xrejNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropInvalid '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xallowInvalid '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xallowinUPnP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xallowoutUPnP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xforwardUPnP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropSMB '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xRejectSMB '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropUPnP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xRejectAuth '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropPing '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropDNSrep '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowPing '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowFTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowDNS '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSSH '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowWeb '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSMTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowPOP3 '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowICMPs '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowIMAP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowTelnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowVNC '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowVNCL
++ find_file action.AllowVNCL
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowVNCL
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowVNCL
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
++ echo /usr/share/shorewall/action.AllowVNCL
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowVNCL
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowVNCL '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowVNCL...''
Pre-processing /usr/share/shorewall/action.AllowVNCL...
+ strip_file action.AllowVNCL /usr/share/shorewall/action.AllowVNCL
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowVNCL
+ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
+ read_file /usr/share/shorewall/action.AllowVNCL 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowVNCL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts VNC traffic from Vncservers to Vncviewers
in listen mode.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5500''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowNTP '']''
++ chain_base AllowNTP
++ local c=AllowNTP
++ true
++ case $c in
++ echo AllowNTP
++ return
+ ''['' AllowNTP = AllowNTP '']''
+ list_search AllowNTP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL
+ local e=AllowNTP
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropBcast '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xallowBcast '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropNonSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xrejNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropInvalid '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xallowInvalid '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xallowinUPnP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xallowoutUPnP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xforwardUPnP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropSMB '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xRejectSMB '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropUPnP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xRejectAuth '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropPing '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropDNSrep '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowPing '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowFTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowDNS '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSSH '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowWeb '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSMTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowPOP3 '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowICMPs '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowIMAP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowTelnet '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowVNC '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowVNCL '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowNTP
++ find_file action.AllowNTP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowNTP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowNTP '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
++ echo /usr/share/shorewall/action.AllowNTP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowNTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowNTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowNTP...''
Pre-processing /usr/share/shorewall/action.AllowNTP...
+ strip_file action.AllowNTP /usr/share/shorewall/action.AllowNTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowNTP
+ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
+ read_file /usr/share/shorewall/action.AllowNTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowNTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts NTP traffic (ntpd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 123''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 1024: 123''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowRdate '']''
++ chain_base AllowRdate
++ local c=AllowRdate
++ true
++ case $c in
++ echo AllowRdate
++ return
+ ''['' AllowRdate = AllowRdate '']''
+ list_search AllowRdate dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP
+ local e=AllowRdate
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropBcast '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xallowBcast '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropNonSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xrejNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropInvalid '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xallowInvalid '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xallowinUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xallowoutUPnP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xforwardUPnP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropSMB '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xRejectSMB '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropUPnP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xRejectAuth '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropPing '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropDNSrep '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowPing '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowFTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowDNS '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSSH '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowWeb '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowAuth '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSMTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowPOP3 '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowICMPs '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowIMAP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowTelnet '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowVNC '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowVNCL '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowNTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowRdate
++ find_file action.AllowRdate
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowRdate
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowRdate
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
++ echo /usr/share/shorewall/action.AllowRdate
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowRdate
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowRdate '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowRdate...''
Pre-processing /usr/share/shorewall/action.AllowRdate...
+ strip_file action.AllowRdate /usr/share/shorewall/action.AllowRdate
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowRdate
+ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
+ read_file /usr/share/shorewall/action.AllowRdate 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.AllowRdate''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts remote time retrieval (rdate).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 37''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowNNTP '']''
++ chain_base AllowNNTP
++ local c=AllowNNTP
++ true
++ case $c in
++ echo AllowNNTP
++ return
+ ''['' AllowNNTP = AllowNNTP '']''
+ list_search AllowNNTP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate
+ local e=AllowNNTP
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropBcast '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xallowBcast '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropNonSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xrejNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropInvalid '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xallowInvalid '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xallowinUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xallowoutUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xforwardUPnP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropSMB '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xRejectSMB '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropUPnP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xRejectAuth '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropPing '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropDNSrep '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowPing '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowFTP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowDNS '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSSH '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowWeb '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowAuth '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSMTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowPOP3 '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowICMPs '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowIMAP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowTelnet '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowVNC '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowVNCL '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowNTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowRdate '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowNNTP
++ find_file action.AllowNNTP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowNNTP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowNNTP
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
++ echo /usr/share/shorewall/action.AllowNNTP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowNNTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowNNTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowNNTP...''
Pre-processing /usr/share/shorewall/action.AllowNNTP...
+ strip_file action.AllowNNTP /usr/share/shorewall/action.AllowNNTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowNNTP
+ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
+ read_file /usr/share/shorewall/action.AllowNNTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowNNTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts NNTP traffic (Usenet) and encrypted NNTP
(NNTPS)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 119''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 563''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowTrcrt '']''
++ chain_base AllowTrcrt
++ local c=AllowTrcrt
++ true
++ case $c in
++ echo AllowTrcrt
++ return
+ ''['' AllowTrcrt = AllowTrcrt '']''
+ list_search AllowTrcrt dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
+ local e=AllowTrcrt
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropBcast '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xallowBcast '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropNonSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xrejNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropInvalid '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xallowInvalid '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xallowinUPnP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xallowoutUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xforwardUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropSMB '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xRejectSMB '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropUPnP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xRejectAuth '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropPing '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropDNSrep '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowPing '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowFTP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowDNS '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSSH '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowWeb '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowAuth '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSMTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowPOP3 '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowICMPs '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowIMAP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowTelnet '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowVNC '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowVNCL '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowNTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowRdate '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowNNTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowTrcrt
++ find_file action.AllowTrcrt
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowTrcrt
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowTrcrt
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
++ echo /usr/share/shorewall/action.AllowTrcrt
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowTrcrt
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowTrcrt '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowTrcrt...''
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
+ strip_file action.AllowTrcrt /usr/share/shorewall/action.AllowTrcrt
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowTrcrt
+ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
+ read_file /usr/share/shorewall/action.AllowTrcrt 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4
/usr/share/shorewall/action.AllowTrcrt''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Traceroute (for up to 30 hops):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 33434:33524 #UDP
Traceroute''
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - icmp 8 #ICMP Traceroute''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowSNMP '']''
++ chain_base AllowSNMP
++ local c=AllowSNMP
++ true
++ case $c in
++ echo AllowSNMP
++ return
+ ''['' AllowSNMP = AllowSNMP '']''
+ list_search AllowSNMP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt
+ local e=AllowSNMP
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropBcast '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xallowBcast '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropNonSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xrejNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropInvalid '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xallowInvalid '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xallowinUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xallowoutUPnP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xforwardUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropSMB '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xRejectSMB '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropUPnP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xRejectAuth '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropPing '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropDNSrep '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowPing '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowFTP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowDNS '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSSH '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowWeb '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowAuth '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSMTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowPOP3 '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowICMPs '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowIMAP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowTelnet '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowVNC '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowVNCL '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowNTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowRdate '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowNNTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowTrcrt '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSNMP
++ find_file action.AllowSNMP
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowSNMP
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowSNMP
'']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
++ echo /usr/share/shorewall/action.AllowSNMP
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowSNMP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSNMP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSNMP...''
Pre-processing /usr/share/shorewall/action.AllowSNMP...
+ strip_file action.AllowSNMP /usr/share/shorewall/action.AllowSNMP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSNMP
+ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
+ read_file /usr/share/shorewall/action.AllowSNMP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowSNMP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts SNMP traffic (including traps):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 161:162''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 161''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ ''['' -z AllowPCA '']''
++ chain_base AllowPCA
++ local c=AllowPCA
++ true
++ case $c in
++ echo AllowPCA
++ return
+ ''['' AllowPCA = AllowPCA '']''
+ list_search AllowPCA dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
+ local e=AllowPCA
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xallowBcast '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropNonSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xrejNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xallowInvalid '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xallowinUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xallowoutUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xforwardUPnP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xRejectSMB '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropUPnP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xRejectAuth '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropPing '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropDNSrep '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowPing '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowFTP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowDNS '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSSH '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowWeb '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowAuth '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSMTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowPOP3 '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowICMPs '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowIMAP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowTelnet '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowVNC '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowVNCL '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowNTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowRdate '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowNNTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowTrcrt '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSNMP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPCA
++ find_file action.AllowPCA
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.AllowPCA
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.AllowPCA '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
++ echo /usr/share/shorewall/action.AllowPCA
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.AllowPCA
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPCA '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPCA...''
Pre-processing /usr/share/shorewall/action.AllowPCA...
+ strip_file action.AllowPCA /usr/share/shorewall/action.AllowPCA
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPCA
+ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
+ read_file /usr/share/shorewall/action.AllowPCA 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.AllowPCA''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts PCAnywere (tm)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 5632''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5631''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ case "$temp" in
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ temp=DROP
+ ''['' 4 -le 30 '']''
+ xaction=Drop
+ case $temp in
+ eval DROP_common=Drop
++ DROP_common=Drop
+ ''['' -n Drop '']''
+ list_search Drop
+ local e=Drop
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS='' Drop''
+ ''['' -z Drop '']''
++ chain_base Drop
++ local c=Drop
++ true
++ case $c in
++ echo Drop
++ return
+ ''['' Drop = Drop '']''
+ list_search Drop dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=Drop
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDrop = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDrop = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDrop = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDrop = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDrop = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDrop = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDrop = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xDrop = xRejectAuth '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropPing '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropDNSrep '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPing '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowFTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowDNS '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSSH '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowWeb '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowAuth '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSMTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPOP3 '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowICMPs '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowIMAP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowTelnet '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowVNC '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowVNCL '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowNTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowRdate '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowNNTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowTrcrt '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSNMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPCA '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.Drop
++ find_file action.Drop
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.Drop
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.Drop '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.Drop
'']''
++ echo /usr/share/shorewall/action.Drop
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.Drop
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.Drop '']''
+ echo '' Pre-processing /usr/share/shorewall/action.Drop...''
Pre-processing /usr/share/shorewall/action.Drop...
+ strip_file action.Drop /usr/share/shorewall/action.Drop
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.Drop
+ ''['' -f /usr/share/shorewall/action.Drop
'']''
+ read_file /usr/share/shorewall/action.Drop 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.Drop
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.Drop''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The default DROP common rules''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action is invoked before a DROP policy is enforced. The
purpose of the action''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a) Avoid logging lots of useless cruft.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# b) Ensure that
''\''''auth''\'''' requests are
rejected, even if the policy is DROP.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Otherwise, you may experience problems establishing
connections with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# servers that use auth.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# c) Ensure that certain ICMP packets that are necessary for
successful''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# internet operation are always ACCEPTed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE
WON''\''''T HELP!!!!!!!!!!!!''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Reject
''\''''auth''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Don''\''''t log broadcasts''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropBcast = xINCLUDE '']''
+ echo ''dropBcast ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT critical ICMP types''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xAllowICMPs = xINCLUDE '']''
+ echo ''AllowICMPs - - icmp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop packets that in the INVALID state -- these are usually
ICMP packets and just''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# confuse people when they appear in the log.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropInvalid = xINCLUDE '']''
+ echo ''dropInvalid ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop Microsoft noise so that it
doesn''\''''t clutter up the log.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xDropSMB = xINCLUDE '']''
+ echo ''DropSMB ''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop
''\''''newnotsyn''\'''' traffic
so that it doesn''\''''t get logged.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropNotSyn = xINCLUDE '']''
+ echo ''dropNotSyn - - tcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop late-arriving DNS replies. These are just a nuisance and
clutter up the log.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectAuth
+ case "$temp" in
+ list_search RejectAuth dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=RejectAuth
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''RejectAuth"''
++ requiredby_Drop='' RejectAuth''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropBcast
+ case "$temp" in
+ list_search dropBcast dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=dropBcast
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropBcast"''
++ requiredby_Drop='' RejectAuth dropBcast''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=AllowICMPs
+ eval ''xtarget="AllowICMPs"''
++ xtarget=AllowICMPs
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=AllowICMPs
+ case "$temp" in
+ list_search AllowICMPs dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=AllowICMPs
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectAuth '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropPing '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropDNSrep '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPing '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowFTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowDNS '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSSH '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowWeb '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowAuth '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPOP3 '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowICMPs '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''AllowICMPs"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropInvalid
+ case "$temp" in
+ list_search dropInvalid dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=dropInvalid
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropInvalid"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs
dropInvalid''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropSMB
+ eval ''xtarget="DropSMB"''
++ xtarget=DropSMB
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropSMB
+ case "$temp" in
+ list_search DropSMB dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=DropSMB
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xDropSMB '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropSMB"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs dropInvalid
DropSMB''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropUPnP
+ case "$temp" in
+ list_search DropUPnP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=DropUPnP
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropUPnP"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs dropInvalid
DropSMB DropUPnP''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropNotSyn
+ case "$temp" in
+ list_search dropNotSyn dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=dropNotSyn
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropNotSyn"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs dropInvalid
DropSMB DropUPnP dropNotSyn''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropDNSrep
+ case "$temp" in
+ list_search DropDNSrep dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
+ local e=DropDNSrep
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowinUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowoutUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xforwardUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropDNSrep"''
++ requiredby_Drop='' RejectAuth dropBcast AllowICMPs dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop''
+ read xaction rest
+ ''['' x = x '']''
+ case $xaction in
+ temp=REJECT
+ ''['' 6 -le 30 '']''
+ xaction=Reject
+ case $temp in
+ eval REJECT_common=Reject
++ REJECT_common=Reject
+ ''['' -n Reject '']''
+ list_search Reject Drop
+ local e=Reject
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xReject = xDrop '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS='' Drop Reject''
+ ''['' -z Reject '']''
++ chain_base Reject
++ local c=Reject
++ true
++ case $c in
++ echo Reject
++ return
+ ''['' Reject = Reject '']''
+ list_search Reject dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=Reject
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xReject = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xReject = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xReject = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xReject = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xReject = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xReject = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xReject = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xReject = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xReject = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xReject = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xReject = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xReject = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xReject = xDropUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xReject = xRejectAuth '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xReject = xDropPing '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xReject = xDropDNSrep '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPing '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowFTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowDNS '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSSH '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowWeb '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowAuth '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSMTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPOP3 '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowICMPs '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowIMAP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowTelnet '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowVNC '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowVNCL '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowNTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowRdate '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowNNTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowTrcrt '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSNMP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPCA '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xReject = xDrop '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.Reject
++ find_file action.Reject
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /action.Reject
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/action.Reject '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/action.Reject
'']''
++ echo /usr/share/shorewall/action.Reject
++ IFS=''
''
++ return
+ fn=/usr/share/shorewall/action.Reject
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.Reject '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.Reject...''
Pre-processing /usr/share/shorewall/action.Reject...
+ strip_file action.Reject /usr/share/shorewall/action.Reject
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.Reject
+ ''['' -f /usr/share/shorewall/action.Reject
'']''
+ read_file /usr/share/shorewall/action.Reject 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.Reject
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 /usr/share/shorewall/action.Reject''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The default REJECT action common rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action is invoked before a REJECT policy is enforced.
The purpose of the action''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a) Avoid logging lots of useless cruft.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# b) Ensure that certain ICMP packets that are necessary for
successful''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# internet operation are always ACCEPTed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# IF YOU ARE HAVING CONNECTION PROBLEMS, CHANGING THIS FILE
WON''\''''T HELP!!!!!!!!!!!!''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Don''\''''t log
''\''''auth''\''''
REJECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop Broadcasts so they don''\''''t
clutter up the log (broadcasts must *not* be rejected).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropBcast = xINCLUDE '']''
+ echo ''dropBcast ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT critical ICMP types''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xAllowICMPs = xINCLUDE '']''
+ echo ''AllowICMPs - - icmp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop packets that in the INVALID state -- these are usually
ICMP packets and just''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# confuse people when they appear in the log (these ICMPs
cannot be rejected).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropInvalid = xINCLUDE '']''
+ echo ''dropInvalid ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop Microsoft noise so that it
doesn''\''''t clutter up the lot.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xRejectSMB = xINCLUDE '']''
+ echo ''RejectSMB ''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop
''\''''newnotsyn''\'''' traffic
so that it doesn''\''''t get logged.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xdropNotSyn = xINCLUDE '']''
+ echo ''dropNotSyn - - tcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Drop late-arriving DNS replies. These are just a nuisance and
clutter up the log.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectAuth
+ case "$temp" in
+ list_search RejectAuth dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=RejectAuth
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''RejectAuth"''
++ requiredby_Reject='' RejectAuth''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropBcast
+ case "$temp" in
+ list_search dropBcast dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=dropBcast
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropBcast"''
++ requiredby_Reject='' RejectAuth dropBcast''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=AllowICMPs
+ eval ''xtarget="AllowICMPs"''
++ xtarget=AllowICMPs
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=AllowICMPs
+ case "$temp" in
+ list_search AllowICMPs dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=AllowICMPs
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xRejectAuth '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropPing '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xDropDNSrep '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPing '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowFTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowDNS '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSSH '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowWeb '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowAuth '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowSMTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowPOP3 '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowICMPs = xAllowICMPs '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''AllowICMPs"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropInvalid
+ case "$temp" in
+ list_search dropInvalid dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=dropInvalid
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropInvalid"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs
dropInvalid''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectSMB
+ eval ''xtarget="RejectSMB"''
++ xtarget=RejectSMB
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectSMB
+ case "$temp" in
+ list_search RejectSMB dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=RejectSMB
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xRejectSMB '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''RejectSMB"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs dropInvalid
RejectSMB''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropUPnP
+ case "$temp" in
+ list_search DropUPnP dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=DropUPnP
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''DropUPnP"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs dropInvalid
RejectSMB DropUPnP''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropNotSyn
+ case "$temp" in
+ list_search dropNotSyn dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=dropNotSyn
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropNotSyn"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs dropInvalid
RejectSMB DropUPnP dropNotSyn''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropDNSrep
+ case "$temp" in
+ list_search DropDNSrep dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop
+ local e=DropDNSrep
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowinUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowoutUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xforwardUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''DropDNSrep"''
++ requiredby_Reject='' RejectAuth dropBcast AllowICMPs dropInvalid
RejectSMB DropUPnP dropNotSyn DropDNSrep''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn
dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowICMPs AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP AllowPCA
Drop Reject''
+ read xaction rest
+ for inputfile in actions.std actions
+ read xaction rest
+ terminator=fatal_error
+ deletechain shorewall
+ qt /sbin/iptables -L shorewall -n
+ /sbin/iptables -L shorewall -n
+ qt /sbin/iptables -F shorewall
+ /sbin/iptables -F shorewall
+ qt /sbin/iptables -X shorewall
+ /sbin/iptables -X shorewall
+ ''['' -n Yes '']''
+ delete_nat
+ run_iptables -t nat -F
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -t nat -F
+ run_iptables -t nat -X
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -t nat -X
+ ''['' -f /var/lib/shorewall/nat '']''
+ read external interface
+ rm -f ''{/var/lib/shorewall}/nat''
+ ''['' -d /var/lib/shorewall '']''
+ touch /var/lib/shorewall/nat
+ delete_proxy_arp
+ ''['' -f /var/lib/shorewall/proxyarp '']''
+ read address interface external haveroute
+ rm -f /var/lib/shorewall/proxyarp
+ ''['' -d /var/lib/shorewall '']''
+ touch /var/lib/shorewall/proxyarp
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/all/proxy_arp
'']''
+ echo 0
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/default/proxy_arp
'']''
+ echo 0
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/eth0/proxy_arp
'']''
+ echo 0
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/eth1/proxy_arp
'']''
+ echo 0
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/eth2/proxy_arp
'']''
+ echo 0
+ for f in ''/proc/sys/net/ipv4/conf/*''
+ ''['' -f /proc/sys/net/ipv4/conf/lo/proxy_arp
'']''
+ echo 0
+ ''['' -n Yes '']''
+ run_iptables -t mangle -F
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -t mangle -F
+ run_iptables -t mangle -X
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -t mangle -X
+ ''['' -n '''' '']''
+ echo ''Deleting user chains...''
Deleting user chains...
+ exists_INPUT=Yes
+ exists_OUTPUT=Yes
+ exists_FORWARD=Yes
+ ''['' -z '''' '']''
+ setpolicy INPUT DROP
+ run_iptables -P INPUT DROP
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -P INPUT DROP
+ setpolicy OUTPUT DROP
+ run_iptables -P OUTPUT DROP
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -P OUTPUT DROP
+ setpolicy FORWARD DROP
+ run_iptables -P FORWARD DROP
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -P FORWARD DROP
+ deleteallchains
+ run_iptables -F
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -F
+ run_iptables -X
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -X
+ setcontinue FORWARD
+ run_iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ setcontinue INPUT
+ run_iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ setcontinue OUTPUT
+ run_iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
++ find_file ipsets
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /ipsets
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/ipsets '']''
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /usr/share/shorewall/ipsets '']''
++ IFS=''
''
++ echo /etc/shorewall/ipsets
+ f=/etc/shorewall/ipsets
+ ''['' -f /etc/shorewall/ipsets '']''
+ run_user_exit continue
++ find_file continue
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /continue
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/continue '']''
++ echo /etc/shorewall/continue
++ IFS=''
''
++ return
+ local user_exit=/etc/shorewall/continue
+ ''['' -f /etc/shorewall/continue '']''
+ progress_message ''Processing /etc/shorewall/continue ...''
+ ''['' -n '''' '']''
+ echo ''Processing /etc/shorewall/continue ...''
Processing /etc/shorewall/continue ...
+ . /etc/shorewall/continue
++ find_file routestopped
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /routestopped
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/routestopped '']''
++ echo /etc/shorewall/routestopped
++ IFS=''
''
++ return
+ f=/etc/shorewall/routestopped
+ echo ''Processing /etc/shorewall/routestopped ...''
Processing /etc/shorewall/routestopped ...
+ strip_file routestopped /etc/shorewall/routestopped
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/routestopped
+ ''['' -f /etc/shorewall/routestopped '']''
+ read_file /etc/shorewall/routestopped 0
+ local first rest
+ ''['' -f /etc/shorewall/routestopped '']''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Hosts Accessible when the Firewall is
Stopped''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/routestopped''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to define the hosts that are accessible
when the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall is stopped or when it is in the process of
being''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# [re]started.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns must be separated by white space and are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE - Interface through which host(s) communicate
with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# HOST(S) - (Optional) Comma-separated list of
IP/subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses. If your kernel and iptables include''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# iprange match support, IP address ranges are also''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If left empty or supplied as "-",''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 0.0.0.0/0 is assumed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OPTIONS - (Optional) A comma-separated list
of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# options. The currently-supported options are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routeback - Set up a rule to ACCEPT traffic from''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# these hosts back to themselves.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# source - Allow traffic from these hosts to ANY''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# destination. Without this option or the
''\''''dest''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option, only traffic from this host to other''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# listed hosts (and the firewall) is allowed. If''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''#
''\''''source''\'''' is
specified then
''\''''routeback''\'''' is
redundent.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# dest - Allow traffic to these hosts from ANY''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# source. Without this option or the
''\''''source''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option, only traffic from this host to other''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# listed hosts (and the firewall) is allowed. If''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''#
''\''''dest''\'''' is specified
then ''\''''routeback''\'''' is
redundent.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE HOST(S) OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth2 192.168.1.0/24''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth0 192.0.2.44''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# br0 - routeback''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth3 - source''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/Documentation.htm#Routestopped
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://shorewall.net/starting_and_stopping_shorewall.htm for
additional''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# information.''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#INTERFACE = xINCLUDE '']''
+ echo ''#INTERFACE HOST(S) OPTIONS''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ process_routestopped -A
+ local hosts= interface host host1 options networks source= dest= matched
+ read interface host options
+ ''['' -n Yes '']''
+ disable_ipv6
++ ip -f inet6 addr ls
+ local ''foo=1: lo: <LOOPBACK,UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fe94:95ba/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fec5:3b66/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fe94:958f/64 scope link
valid_lft forever preferred_lft forever''
+ ''['' -n ''1: lo: <LOOPBACK,UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fe94:95ba/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fec5:3b66/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::210:4bff:fe94:958f/64 scope link
valid_lft forever preferred_lft forever'' '']''
+ qt which ip6tables
+ which ip6tables
+ save_progress_message ''Disabling IPV6...''
+ echo
+ echo ''progress_message "Disabling IPV6..."''
+ echo
+ ip6tables -P FORWARD DROP
+ save_command ip6tables -P FORWARD DROP
+ echo ip6tables -P FORWARD DROP
+ ip6tables -P INPUT DROP
+ save_command ip6tables -P INPUT DROP
+ echo ip6tables -P INPUT DROP
+ ip6tables -P OUTPUT DROP
+ save_command ip6tables -P OUTPUT DROP
+ echo ip6tables -P OUTPUT DROP
+ run_iptables -A INPUT -i lo -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A INPUT -i lo -j ACCEPT
+ run_iptables -A OUTPUT -o lo -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A OUTPUT -o lo -j ACCEPT
+ for chain in INPUT OUTPUT FORWARD
+ run_iptables -A INPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ for chain in INPUT OUTPUT FORWARD
+ run_iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ for chain in INPUT OUTPUT FORWARD
+ run_iptables -A FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
++ find_file accounting
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /accounting
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/accounting '']''
++ echo /etc/shorewall/accounting
++ IFS=''
''
++ return
+ accounting_file=/etc/shorewall/accounting
+ ''['' -f /etc/shorewall/accounting '']''
+ setup_accounting /etc/shorewall/accounting
+ echo ''Setting up Accounting...''
Setting up Accounting...
+ strip_file accounting /etc/shorewall/accounting
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/accounting
+ ''['' -f /etc/shorewall/accounting '']''
+ read_file /etc/shorewall/accounting 0
+ local first rest
+ ''['' -f /etc/shorewall/accounting '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall version 2.4 - Accounting File''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/accounting''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Accounting rules exist simply to count packets and bytes in
categories''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that you define in this file. You may display these rules and
their''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packet and byte counters using the "shorewall show
accounting" command.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Please see http://shorewall.net/Accounting.html for examples
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# additional information about how to use this file.''
+ grep -v ''^[[:space:]]*$''
+ read action chain source dest proto port sport user
+ havechain accounting
++ chain_base accounting
++ local c=accounting
++ true
++ case $c in
++ echo accounting
++ return
+ local c=accounting
+ eval test ''"$exists_accounting"'' = Yes
++ test '''' = Yes
+ ''['' -z Yes '']''
+ createchain reject no
++ chain_base reject
++ local c=reject
++ true
++ case $c in
++ echo reject
++ return
+ local c=reject
+ run_iptables -N reject
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N reject
+ ''['' no = yes '']''
+ eval exists_reject=Yes
++ exists_reject=Yes
+ createchain dynamic no
++ chain_base dynamic
++ local c=dynamic
++ true
++ case $c in
++ echo dynamic
++ return
+ local c=dynamic
+ run_iptables -N dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N dynamic
+ ''['' no = yes '']''
+ eval exists_dynamic=Yes
++ exists_dynamic=Yes
+ createchain smurfs no
++ chain_base smurfs
++ local c=smurfs
++ true
++ case $c in
++ echo smurfs
++ return
+ local c=smurfs
+ run_iptables -N smurfs
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N smurfs
+ ''['' no = yes '']''
+ eval exists_smurfs=Yes
++ exists_smurfs=Yes
+ ''['' -f /var/lib/shorewall/save '']''
+ echo ''Restoring dynamic rules...''
Restoring dynamic rules...
+ ''['' -f /var/lib/shorewall/save '']''
+ read target ignore1 ignore2 address rest
+ case $target in
+ read target ignore1 ignore2 address rest
+ case $target in
+ read target ignore1 ignore2 address rest
+ ''['' -n Yes '']''
+ state=''-m state --state NEW,INVALID''
+ echo ''Creating Interface Chains...''
Creating Interface Chains...
+ for interface in ''$ALL_INTERFACES''
++ forward_chain eth1
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ echo eth1_fwd
+ createchain eth1_fwd no
++ chain_base eth1_fwd
++ local c=eth1_fwd
++ true
++ case $c in
++ echo eth1_fwd
++ return
+ local c=eth1_fwd
+ run_iptables -N eth1_fwd
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth1_fwd
+ ''['' no = yes '']''
+ eval exists_eth1_fwd=Yes
++ exists_eth1_fwd=Yes
++ forward_chain eth1
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ echo eth1_fwd
+ run_iptables -A eth1_fwd -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth1_fwd -m state --state NEW,INVALID -j dynamic
++ input_chain eth1
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ echo eth1_in
+ createchain eth1_in no
++ chain_base eth1_in
++ local c=eth1_in
++ true
++ case $c in
++ echo eth1_in
++ return
+ local c=eth1_in
+ run_iptables -N eth1_in
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth1_in
+ ''['' no = yes '']''
+ eval exists_eth1_in=Yes
++ exists_eth1_in=Yes
++ input_chain eth1
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ echo eth1_in
+ run_iptables -A eth1_in -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth1_in -m state --state NEW,INVALID -j dynamic
+ for interface in ''$ALL_INTERFACES''
++ forward_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ echo eth0_fwd
+ createchain eth0_fwd no
++ chain_base eth0_fwd
++ local c=eth0_fwd
++ true
++ case $c in
++ echo eth0_fwd
++ return
+ local c=eth0_fwd
+ run_iptables -N eth0_fwd
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth0_fwd
+ ''['' no = yes '']''
+ eval exists_eth0_fwd=Yes
++ exists_eth0_fwd=Yes
++ forward_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ echo eth0_fwd
+ run_iptables -A eth0_fwd -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth0_fwd -m state --state NEW,INVALID -j dynamic
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ echo eth0_in
+ createchain eth0_in no
++ chain_base eth0_in
++ local c=eth0_in
++ true
++ case $c in
++ echo eth0_in
++ return
+ local c=eth0_in
+ run_iptables -N eth0_in
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth0_in
+ ''['' no = yes '']''
+ eval exists_eth0_in=Yes
++ exists_eth0_in=Yes
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ echo eth0_in
+ run_iptables -A eth0_in -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth0_in -m state --state NEW,INVALID -j dynamic
+ for interface in ''$ALL_INTERFACES''
++ forward_chain eth2
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ echo eth2_fwd
+ createchain eth2_fwd no
++ chain_base eth2_fwd
++ local c=eth2_fwd
++ true
++ case $c in
++ echo eth2_fwd
++ return
+ local c=eth2_fwd
+ run_iptables -N eth2_fwd
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth2_fwd
+ ''['' no = yes '']''
+ eval exists_eth2_fwd=Yes
++ exists_eth2_fwd=Yes
++ forward_chain eth2
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ echo eth2_fwd
+ run_iptables -A eth2_fwd -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth2_fwd -m state --state NEW,INVALID -j dynamic
++ input_chain eth2
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ echo eth2_in
+ createchain eth2_in no
++ chain_base eth2_in
++ local c=eth2_in
++ true
++ case $c in
++ echo eth2_in
++ return
+ local c=eth2_in
+ run_iptables -N eth2_in
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -N eth2_in
+ ''['' no = yes '']''
+ eval exists_eth2_in=Yes
++ exists_eth2_in=Yes
++ input_chain eth2
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ echo eth2_in
+ run_iptables -A eth2_in -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ ''['' -f /tmp/shorewall.nm8830/iprange '']''
+ /sbin/iptables -A eth2_in -m state --state NEW,INVALID -j dynamic
+ echo ''Configuring Proxy ARP''
Configuring Proxy ARP
+ setup_proxy_arp
+ local setlist= resetlist+ save_progress_message ''Restoring Proxy
ARP...''
+ echo
+ echo ''progress_message "Restoring Proxy ARP..."''
+ echo
+ read address interface external haveroute persistent
++ find_interfaces_by_option proxyarp
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth1
+++ local c=eth1
+++ true
+++ case $c in
+++ echo eth1
+++ return
++ eval ''options=$eth1_options''
+++ options=dhcp
++ list_search proxyarp dhcp
++ local e=proxyarp
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ case $c in
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=''norfc1918 nobogons''
++ list_search proxyarp norfc1918 nobogons
++ local e=proxyarp
++ ''['' 3 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xnorfc1918 '']''
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xnobogons '']''
++ ''['' 1 -gt 1 '']''
++ return 1
++ for interface in ''$ALL_INTERFACES''
+++ chain_base eth2
+++ local c=eth2
+++ true
+++ case $c in
+++ echo eth2
+++ return
++ eval ''options=$eth2_options''
+++ options=''norfc1918 nobogons''
++ list_search proxyarp norfc1918 nobogons
++ local e=proxyarp
++ ''['' 3 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xnorfc1918 '']''
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xnobogons '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ interfaces++ find_file providers
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /providers
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/providers '']''
++ echo /etc/shorewall/providers
++ IFS=''
''
++ return
+ setup_providers /etc/shorewall/providers
+ local table number mark duplicate interface gateway options provider address
+ strip_file providers /etc/shorewall/providers
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/providers
+ ''['' -f /etc/shorewall/providers '']''
+ read_file /etc/shorewall/providers 0
+ local first rest
+ ''['' -f /etc/shorewall/providers '']''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.4 -- Internet Service Providers''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/providers''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file is used to define additional routing tables. You
will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# want to define an additional table if:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - You have connections to more than one ISP or multiple
connections''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to the same ISP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - You run Squid as a transparent proxy on a host other than
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# To omit a column, enter "-".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#NAME = xINCLUDE '']''
+ echo ''#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS''
+ read first rest
+ ''['' xatt = xINCLUDE '']''
+ echo ''att 1 1 att eth0 200.173.215.94 track,balance''
+ read first rest
+ ''['' xintelig = xINCLUDE '']''
+ echo ''intelig 2 2 intelig eth2 200.157.40.129
track,balance''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns must be separated by white space and are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NAME The provider name.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NUMBER The provider number -- a number between 1 and
15''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# MARK A FWMARK value used in your
/etc/shorewall/tcrules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# file to direct packets to this provider.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DUPLICATE The name of an existing table to duplicate. May
be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''#
''\''''main''\'''' or the name
of a previous provider.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE The name of the network interface to the
provider.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Must be listed in /etc/shorewall/interfaces.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# GATEWAY The IP address of the
provider''\''''s gateway router.''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You can enter "detect" here and Shorewall
will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# attempt to detect the gateway automatically.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OPTIONS A comma-separated list selected from the
following:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# track If specified, connections FROM this interface
are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to be tracked so that responses may be routed back''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# out this same interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You want specify
''\''''track''\'''' if internet
hosts will be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connecting to local servers through this provider.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# balance The providers that have
''\''''default''\'''' specified
will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# get outbound traffic load-balanced among them.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: You run squid in your DMZ on IP address
192.168.2.99. Your DMZ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface is eth2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Squid 1 1 - eth2 192.168.2.99 -''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth0 connects to ISP 1. The IP address of eth0 is
206.124.146.176 and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the ISP''\''''s gateway router has IP
address 206.124.146.254.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# eth1 connects to ISP 2. The IP address of eth1 is
130.252.99.27 and the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ISP''\''''s gateway router has IP
address 130.252.99.254.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ISP1 1 1 main eth0 206.124.146.254
track,balance''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ISP2 2 2 main eth1 130.252.99.254
track,balance''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For additional information, see
http://shorewall.net/Shorewall_and_Routing.html''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
+ ''['' -s /tmp/shorewall.nm8830/providers '']''
+ echo ''Processing /etc/shorewall/providers...''
Processing /etc/shorewall/providers...
+ save_progress_message ''Restoring Providers...''
+ echo
+ echo ''progress_message "Restoring Providers..."''
+ echo
+ read table number mark duplicate interface gateway options
+ expandv table number mark duplicate interface gateway options
+ local varval
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$table''
++ varval=att
+ eval ''table="att"''
++ table=att
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$number''
++ varval=1
+ eval ''number="1"''
++ number=1
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$mark''
++ varval=1
+ eval ''mark="1"''
++ mark=1
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$duplicate''
++ varval=att
+ eval ''duplicate="att"''
++ duplicate=att
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth0
+ eval ''interface="eth0"''
++ interface=eth0
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$gateway''
++ varval=200.173.215.94
+ eval ''gateway="200.173.215.94"''
++ gateway=200.173.215.94
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=track,balance
+ eval ''options="track,balance"''
++ options=track,balance
+ shift
+ ''['' 0 -gt 0 '']''
+ provider=''att 1 1 att eth0 200.173.215.94 track,balance''
+ add_a_provider
+ local t n iface option
+ eval att_number=1
++ att_number=1
+ run_and_save_command qt ip route flush table 1
+ echo qt ip route flush table 1
+ eval qt ip route flush table 1
++ qt ip route flush table 1
++ ip route flush table 1
+ ''['' xatt ''!='' x- '']''
+ run_ip route show table att
+ ip route show table att
+ read net route
+ ''['' x200.173.215.94 = xdetect '']''
+ ensure_and_save_command ip route add default via 200.173.215.94 dev eth0 table
1
+ eval ip route add default via 200.173.215.94 dev eth0 table 1
++ ip route add default via 200.173.215.94 dev eth0 table 1
+ echo ip route add default via 200.173.215.94 dev eth0 table 1
+ verify_mark 1
+ verify_mark2 1
+ verify_mark1 1
+ eval att_mark=1
++ att_mark=1
+ run_and_save_command qt ip rule del fwmark 1
+ echo qt ip rule del fwmark 1
+ eval qt ip rule del fwmark 1
++ qt ip rule del fwmark 1
++ ip rule del fwmark 1
+ ensure_and_save_command ip rule add fwmark 1 table 1
+ eval ip rule add fwmark 1 table 1
++ ip rule add fwmark 1 table 1
+ echo ip rule add fwmark 1 table 1
++ find_interface_addresses eth0
++ ip -f inet addr show eth0
++ grep inet
++ sed ''s/inet //;s/\/.*//;s/ peer.*//''
+ for address in ''$(find_interface_addresses $interface)''
+ run_and_save_command qt ip rule del from 200.173.215.82
+ echo qt ip rule del from 200.173.215.82
+ eval qt ip rule del from 200.173.215.82
++ qt ip rule del from 200.173.215.82
++ ip rule del from 200.173.215.82
+ ensure_and_save_command ip rule add from 200.173.215.82 table 1
+ eval ip rule add from 200.173.215.82 table 1
++ ip rule add from 200.173.215.82 table 1
+ echo ip rule add from 200.173.215.82 table 1
++ separate_list track,balance
++ local list=track,balance
++ local part
++ local newlist
++ local firstpart
++ local lastpart
++ local enclosure
++ case "$list" in
++ list=track,balance
++ part=track
++ newlist=track
++ ''['' xtrack ''!='' xtrack,balance
'']''
++ list=balance
++ part=balance
++ newlist=''track balance''
++ ''['' xbalance ''!='' xbalance
'']''
++ echo ''track balance''
+ for option in ''$(separate_list $options)''
+ case $option in
++ chain_base eth0
++ local c=eth0
++ true
++ case $c in
++ echo eth0
++ return
+ iface=eth0
+ eval eth0_routemark=1
++ eth0_routemark=1
+ ROUTEMARK_INTERFACES='' eth0''
+ for option in ''$(separate_list $options)''
+ case $option in
+ DEFAULT_ROUTE='' nexthop via 200.173.215.94 dev eth0 weight
1''
+ PROVIDERS='' att''
+ progress_message '' Provider att 1 1 att eth0 200.173.215.94
track,balance Added''
+ ''['' -n '''' '']''
+ echo '' Provider att 1 1 att eth0 200.173.215.94 track,balance
Added''
Provider att 1 1 att eth0 200.173.215.94 track,balance Added
+ read table number mark duplicate interface gateway options
+ expandv table number mark duplicate interface gateway options
+ local varval
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$table''
++ varval=intelig
+ eval ''table="intelig"''
++ table=intelig
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$number''
++ varval=2
+ eval ''number="2"''
++ number=2
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$mark''
++ varval=2
+ eval ''mark="2"''
++ mark=2
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$duplicate''
++ varval=intelig
+ eval ''duplicate="intelig"''
++ duplicate=intelig
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth2
+ eval ''interface="eth2"''
++ interface=eth2
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$gateway''
++ varval=200.157.40.129
+ eval ''gateway="200.157.40.129"''
++ gateway=200.157.40.129
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=track,balance
+ eval ''options="track,balance"''
++ options=track,balance
+ shift
+ ''['' 0 -gt 0 '']''
+ provider=''intelig 2 2 intelig eth2 200.157.40.129
track,balance''
+ add_a_provider
+ local t n iface option
+ for t in ''$PROVIDERS''
+ ''['' att = intelig '']''
+ eval ''n=$att_number''
++ n=1
+ ''['' 1 -eq 2 '']''
+ eval intelig_number=2
++ intelig_number=2
+ run_and_save_command qt ip route flush table 2
+ echo qt ip route flush table 2
+ eval qt ip route flush table 2
++ qt ip route flush table 2
++ ip route flush table 2
+ ''['' xintelig ''!='' x- '']''
+ run_ip route show table intelig
+ ip route show table intelig
+ read net route
+ ''['' x200.157.40.129 = xdetect '']''
+ ensure_and_save_command ip route add default via 200.157.40.129 dev eth2 table
2
+ eval ip route add default via 200.157.40.129 dev eth2 table 2
++ ip route add default via 200.157.40.129 dev eth2 table 2
+ echo ip route add default via 200.157.40.129 dev eth2 table 2
+ verify_mark 2
+ verify_mark2 2
+ verify_mark1 2
+ eval intelig_mark=2
++ intelig_mark=2
+ run_and_save_command qt ip rule del fwmark 2
+ echo qt ip rule del fwmark 2
+ eval qt ip rule del fwmark 2
++ qt ip rule del fwmark 2
++ ip rule del fwmark 2
+ ensure_and_save_command ip rule add fwmark 2 table 2
+ eval ip rule add fwmark 2 table 2
++ ip rule add fwmark 2 table 2
+ echo ip rule add fwmark 2 table 2
++ find_interface_addresses eth2
++ ip -f inet addr show eth2
++ grep inet
++ sed ''s/inet //;s/\/.*//;s/ peer.*//''
+ for address in ''$(find_interface_addresses $interface)''
+ run_and_save_command qt ip rule del from 200.157.40.131
+ echo qt ip rule del from 200.157.40.131
+ eval qt ip rule del from 200.157.40.131
++ qt ip rule del from 200.157.40.131
++ ip rule del from 200.157.40.131
+ ensure_and_save_command ip rule add from 200.157.40.131 table 2
+ eval ip rule add from 200.157.40.131 table 2
++ ip rule add from 200.157.40.131 table 2
+ echo ip rule add from 200.157.40.131 table 2
++ separate_list track,balance
++ local list=track,balance
++ local part
++ local newlist
++ local firstpart
++ local lastpart
++ local enclosure
++ case "$list" in
++ list=track,balance
++ part=track
++ newlist=track
++ ''['' xtrack ''!='' xtrack,balance
'']''
++ list=balance
++ part=balance
++ newlist=''track balance''
++ ''['' xbalance ''!='' xbalance
'']''
++ echo ''track balance''
+ for option in ''$(separate_list $options)''
+ case $option in
++ chain_base eth2
++ local c=eth2
++ true
++ case $c in
++ echo eth2
++ return
+ iface=eth2
+ eval eth2_routemark=2
++ eth2_routemark=2
+ ROUTEMARK_INTERFACES='' eth0 eth2''
+ for option in ''$(separate_list $options)''
+ case $option in
+ DEFAULT_ROUTE='' nexthop via 200.173.215.94 dev eth0 weight 1 nexthop
via 200.157.40.129 dev eth2 weight 1''
+ PROVIDERS='' att intelig''
+ progress_message '' Provider intelig 2 2 intelig eth2 200.157.40.129
track,balance Added''
+ ''['' -n '''' '']''
+ echo '' Provider intelig 2 2 intelig eth2 200.157.40.129
track,balance Added''
Provider intelig 2 2 intelig eth2 200.157.40.129 track,balance Added
+ read table number mark duplicate interface gateway options
+ ''['' -n '' att intelig''
'']''
+ ''['' -n '' nexthop via 200.173.215.94 dev eth0 weight
1 nexthop via 200.157.40.129 dev eth2 weight 1'' '']''
+ run_ip route replace default scope global nexthop via 200.173.215.94 dev eth0
weight 1 nexthop via 200.157.40.129 dev eth2 weight 1
+ ip route replace default scope global nexthop via 200.173.215.94 dev eth0
weight 1 nexthop via 200.157.40.129 dev eth2 weight 1
+ progress_message '' Default route nexthop via 200.173.215.94 dev
eth0 weight 1 nexthop via 200.157.40.129 dev eth2 weight 1 Added.''
+ ''['' -n '''' '']''
+ echo '' Default route nexthop via 200.173.215.94 dev eth0 weight 1
nexthop via 200.157.40.129 dev eth2 weight 1 Added.''
Default route nexthop via 200.173.215.94 dev eth0 weight 1 nexthop via
200.157.40.129 dev eth2 weight 1 Added.
+ cat
+ for table in ''$PROVIDERS''
+ eval ''number=$att_number''
++ number=1
+ /bin/echo -e ''1\tatt''
+ for table in ''$PROVIDERS''
+ eval ''number=$intelig_number''
++ number=2
+ /bin/echo -e ''2\tintelig''
+ save_command ''cat > /etc/iproute2/rt_tables <<
__EOF__''
+ echo ''cat > /etc/iproute2/rt_tables << __EOF__''
+ cat /etc/iproute2/rt_tables
+ save_command __EOF__
+ echo __EOF__
+ ensure_and_save_command ip route flush cache
+ eval ip route flush cache
++ ip route flush cache
+ echo ip route flush cache
++ find_file routes
++ local saveifs= directory
++ case $1 in
++ ''['' -n '''' -a -f /routes
'']''
++ saveifs=''
''
++ IFS=:
++ for directory in ''$CONFIG_PATH''
++ ''['' -f /etc/shorewall/routes '']''
++ echo /etc/shorewall/routes
++ IFS=''
''
++ return
+ setup_routes /etc/shorewall/routes
+ local created_chains+ strip_file routes /etc/shorewall/routes
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/routes
+ ''['' -f /etc/shorewall/routes '']''
+ read_file /etc/shorewall/routes 0
+ local first rest
+ ''['' -f /etc/shorewall/routes '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall version 2.4 - Routing Rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/routes''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Entries in this file cause packets to be routed in
non-standard''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ways.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# I M P O R T A N T ! ! ! !''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# In order to use entries in this file, your kernel and
iptables must''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# have ROUTE target support (see the output of "shorewall
show''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# capabilities").''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This facility is *EXPERIMENTAL* -- the Netfilter team have no
intention''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of ever submitting the ROUTE target patch to
kernel.org.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# To omit any column, enter "-" in that
column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE Source of the packet. May be any of the
following:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ echo ''# - A host or network address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A network interface name.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - The name of an ipset prefaced with "+"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - $FW (for packets originating on the firewall)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A MAC address in Shorewall format''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A range of IP addresses (assuming that your''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# kernel and iptables support range match)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A network interface name followed by
":"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and an address or address range.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST Destination of the packet. May be any of the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# following:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A host or network address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A network interface name (determined from''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routing table(s))''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - The name of an ipset prefaced with "+"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# - A network interface name followed by
":"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and an address or address range.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PROTO Protocol - Must be "tcp", "udp",
"icmp", "ipp2p",''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a number, or "all". "ipp2p" requires
ipp2p match''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# support in your kernel and iptables.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT(S) Destination Ports. A comma-separated list of
Port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# names (from /etc/services), port numbers or port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ranges; if the protocol is "icmp", this column
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interpreted as the destination icmp-type(s).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Port ranges are allowed in a list only if your''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# kernel and iptables support Extended Multi-port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match (see the output of "shorewall show
capabilities").''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the protocol is ipp2p, this column is
interpreted''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# as an ipp2p option without the leading "--"
(example "bit"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# for bit-torrent). If no PORT is given, "ipp2p"
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# assumed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE PORT(S) Source port(s). If omitted, any source port is
acceptable.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Specified as a comma-separated list of port names,
port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# numbers or port ranges.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Port ranges are allowed in a list only if your''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# kernel and iptables support Extended Multi-port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match (see the output of "shorewall show
capabilities").''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TEST Defines a test on the existing packet or connection
mark.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The rule will match only if the test returns true.
Tests''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# have the format [!]<value>[/<mask>][:C]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Where:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ! Inverts the test (not equal)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <value> Value of the packet or connection
mark.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <mask> A mask to be applied to the mark
before''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# testing''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# :C Designates a connection mark. If omitted,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the packet mark''\''''s value is
tested.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE The interface that the packet is to be routed out
of.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you specify "-" here, then you must enter the IP
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of a gateway in the GATEWAY column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# GATEWAY The gateway that the packet is to be forewarded
through.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# See http://shorewall.net/Shorewall_and_Routing.html for
additional information.''
+ read first rest
+ ''[''
x#######################################################################################
= xINCLUDE '']''
+ echo
''#######################################################################################
''
+ read first rest
+ ''['' x#SOURCE = xINCLUDE '']''
+ echo ''#SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE
GATEWAY''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT(S)''
+ read first rest
+ ''['' xeth1 = xINCLUDE '']''
+ echo ''eth1 0.0.0.0/0 tcp 80 - - eth0 200.173.215.94''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ ''['' -s /tmp/shorewall.nm8830/routes '']''
+ echo ''Processing /etc/shorewall/routes...''
Processing /etc/shorewall/routes...
+ ''['' -n '''' '']''
+ fatal_error ''Entries in /etc/shorewall/routes requires that your
kernel and iptables have ROUTE target support''
+ echo '' Error: Entries in /etc/shorewall/routes requires that your
kernel and iptables have ROUTE target support''
Error: Entries in /etc/shorewall/routes requires that your kernel and
iptables have ROUTE target support
+ ''['' restart = check '']''
+ stop_firewall
+ ''['' -n /var/lib/shorewall/shorewall.oY8975
'']''
+ rm -f /var/lib/shorewall/shorewall.oY8975
+ case $COMMAND in
+ set +x
Restoring Shorewall...
Loading kernel modules...
Restoring Proxy ARP...
Restoring one-to-one NAT...
Restoring ARP filtering...
Restoring Accept Source Routing...
Restoring IP Forwarding...
Restoring Netfilter Configuration...
Shorewall restored from /var/lib/shorewall/restore
Tom Eastep
2005-May-31 12:52 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behaviour
Eduardo Ferreira wrote:> but the following command works fine: > iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1Eduardo -- I suspect that the PATH from the command line and the PATH in your shorewall.conf are different. So Shorewall is running a different version of iptables than you are. Shorewall is running /sbin/iptables; if you accepted all of the defaults when you rebuilt iptables, your new iptables is /usr/local/sbin/iptables.> PS: I spent the last 24 hours trying to understand why, every two boots, I > loose all my ethernet devices. This is a fedora-rc3 2.6.11 kernel with > ipset, ROUTE and policy patches applied. If someone has any hints on how > to avoid this behaviour, I''ll be very gratefull.What do you mean exactly by "loose (sic) all my ethernet devices"? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Cristian Rodriguez
2005-May-31 13:18 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behaviour
2005/5/31, Eduardo Ferreira <duda@icatu.com.br>:> Hi all, > > I was trying to test ROUTE specific code with a multi-isp serviced box. > There is a bug somewhere, but I''m not able to understand what the real > problem is: >> ROUTE Target: Not availableShorewall doesn''t detect the availability of the ROUTE Taget.. did you patch iptables too??? if not,you need it.
Tom Eastep
2005-May-31 13:23 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behaviour
On Tuesday 31 May 2005 13:18, Cristian Rodriguez wrote:> > > > ROUTE Target: Not available > > Shorewall doesn''t detect the availability of the ROUTE Taget.. did you > patch iptables too??? > if not,you need it.Eduardo mentioned off-line that he was running the old version, just as I suggested in my post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Eduardo Ferreira
2005-May-31 13:30 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behaviour
I wrote on 31/05/2005 16:29:43:> Hi all, > > I was trying to test ROUTE specific code with a multi-isp serviced box. > There is a bug somewhere, but I''m not able to understand what the real > problem is: > > when I issue a "shorewall show capabilities" I get: > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Shorewall has detected the following iptables/netfilter capabilities: > NAT: Available > Packet Mangling: Available > Multi-port Match: Available > Extended Multi-port Match: Not available > Connection Tracking Match: Available > Packet Type Match: Available > Policy Match: Not available > Physdev Match: Available > IP range Match: Available > Recent Match: Available > Owner Match: Available > Ipset Match: Not available > ROUTE Target: Not available > Extended MARK Target: Not available > CONNMARK Target: Available > Connmark Match: Available > > but the following command works fine: > iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1 > > For this reason, a "shorewall start" fails when it processes the route > file.duuhhh, I was using a previous installed iptables version. everything is ok now with a fresh compiled iptables 1.3.1 with those patches. all capabilities are available. sorry, ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606
Eduardo Ferreira
2005-May-31 13:42 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
First, sorry for the last post - I didn''t realize it was so big until I got the bounce back. I tried to delete the message but it was already posted. Tom Eastep wrote on 31/05/2005 16:52:07:> Eduardo Ferreira wrote: > > > but the following command works fine: > > iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1 > > Eduardo -- I suspect that the PATH from the command line and the PATH in > your shorewall.conf are different. So Shorewall is running a different > version of iptables than you are. Shorewall is running /sbin/iptables;if> you accepted all of the defaults when you rebuilt iptables, your new > iptables is /usr/local/sbin/iptables.ok, fixed.> > > PS: I spent the last 24 hours trying to understand why, every twoboots, I> > loose all my ethernet devices. This is a fedora-rc3 2.6.11 kernelwith> > ipset, ROUTE and policy patches applied. If someone has any hints onhow> > to avoid this behaviour, I''ll be very gratefull. > > What do you mean exactly by "loose (sic) all my ethernet devices"?sorry for my bad english. I should use a speller, I should use a speller, I should use a speller... here are the network starting part of the log of two consecutive boots: 1st: May 31 15:45:27 fwutaci network: Setting network parameters: succeeded May 31 15:45:40 fwutaci network: Bringing up loopback interface: succeeded May 31 15:45:41 fwutaci ifup: Device eth0 has different MAC address than expected, ignoring. May 31 15:45:41 fwutaci network: Bringing up interface eth0: failed May 31 15:45:42 fwutaci ifup: Device eth1 has different MAC address than expected, ignoring. May 31 15:45:42 fwutaci network: Bringing up interface eth1: failed 2nd: May 31 15:53:15 fwutaci network: Setting network parameters: succeeded May 31 15:53:26 fwutaci network: Bringing up loopback interface: succeeded May 31 15:53:30 fwutaci network: Bringing up interface eth0: succeeded May 31 15:53:30 fwutaci ifup: May 31 15:53:30 fwutaci ifup: Determining IP information for eth1... May 31 15:53:36 fwutaci NET: /sbin/dhclient-script : updated /etc/resolv.conf May 31 15:53:36 fwutaci ifup: done. May 31 15:53:36 fwutaci network: Bringing up interface eth1: succeeded between this two logs, I just logged in and issue a shutdown -r now... cheers, ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606
Paul Gear
2005-May-31 14:01 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
Eduardo Ferreira wrote:> First, sorry for the last post - I didn''t realize it was so big until I > got the bounce back. I tried to delete the message but it was already > posted.gzip is your friend. :-) -- Paul <http://paulgear.webhop.net> -- Did you know? Email addresses can be forged easily. This message is signed with GNU Privacy Guard <http://www.gnupg.org> and Enigmail <http://enigmail.mozdev.org> so you can be sure it comes from me. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050601/1332b10c/signature.bin
Alexander Wilms
2005-May-31 14:25 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
> here are the network starting part of the log of two consecutive boots: > 1st: > May 31 15:45:27 fwutaci network: Setting network parameters: succeeded > May 31 15:45:40 fwutaci network: Bringing up loopback interface: succeeded > May 31 15:45:41 fwutaci ifup: Device eth0 has different MAC address than > expected, ignoring. > May 31 15:45:41 fwutaci network: Bringing up interface eth0: failed > May 31 15:45:42 fwutaci ifup: Device eth1 has different MAC address than > expected, ignoring. > May 31 15:45:42 fwutaci network: Bringing up interface eth1: failed > 2nd: > May 31 15:53:15 fwutaci network: Setting network parameters: succeeded > May 31 15:53:26 fwutaci network: Bringing up loopback interface: succeeded > May 31 15:53:30 fwutaci network: Bringing up interface eth0: succeeded > May 31 15:53:30 fwutaci ifup: > May 31 15:53:30 fwutaci ifup: Determining IP information for eth1... > May 31 15:53:36 fwutaci NET: /sbin/dhclient-script : updated > /etc/resolv.conf > May 31 15:53:36 fwutaci ifup: done. > May 31 15:53:36 fwutaci network: Bringing up interface eth1: succeeded >Hi Folks, I never used Fedora, so I''m not sure if I''m on the right path... But this looks like a behavior similar to what I have seen in SuSE 9.2/9.3 Changing the ethX interfaces every reboot. There was a thread about it a couple of weeks ago. Solution (more a hack) was to rename the interfaces before network/shorewall comes up. Something like this: ifconfig eth0 down ifconfig eth1 down nameif -s foo1 xx:xx:xx:xx:xx:xa nameif -s foo2 xx:xx:xx:xx:xx:xb nameif eth0 xx:xx:xx:xx:xx:xb nameif eth1 xx:xx:xx:xx:xx:xa ifconfig eth0 up ifconfig eth1 up Maybe it helps, Alex
Eduardo Ferreira
2005-Jun-01 14:18 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
Alexander Wilms wrote on 31/05/2005 18:25:02:> Solution (more a hack) was to rename the interfaces beforenetwork/shorewall> comes up. Something like this: > > ifconfig eth0 down > ifconfig eth1 down > > nameif -s foo1 xx:xx:xx:xx:xx:xa > nameif -s foo2 xx:xx:xx:xx:xx:xb > > nameif eth0 xx:xx:xx:xx:xx:xb > nameif eth1 xx:xx:xx:xx:xx:xa > > ifconfig eth0 up > ifconfig eth1 up > >didn''t work - It''s like the devices aren''t there anymore. But I found out that, if I do a shutdown and not a restart, the cards come back in the right way. whoooo, I''m surely doing something wrong here. Time to reinstall? thanks for the help... ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606
Tom Eastep
2005-Jun-01 15:24 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
Eduardo Ferreira wrote:> Alexander Wilms wrote on 31/05/2005 18:25:02: > >>Solution (more a hack) was to rename the interfaces before > network/shorewall >>comes up. Something like this: >> >>ifconfig eth0 down >>ifconfig eth1 down >> >>nameif -s foo1 xx:xx:xx:xx:xx:xa >>nameif -s foo2 xx:xx:xx:xx:xx:xb >> >>nameif eth0 xx:xx:xx:xx:xx:xb >>nameif eth1 xx:xx:xx:xx:xx:xa >> >>ifconfig eth0 up >>ifconfig eth1 up >> >> > didn''t work - It''s like the devices aren''t there anymore.What does ''ip link ls'' show when things don''t work? How about ''lspci''?> > But I found out that, if I do a shutdown and not a restart, the cards come > back in the right way. whoooo, I''m surely doing something wrong here. > Time to reinstall? >Given what (little) you''ve told us, how could we possibly make a recommendation for what you should do? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050601/b25e203b/signature.bin
Alexander Wilms
2005-Jun-01 21:45 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
On Wednesday 01 June 2005 23:18, Eduardo Ferreira wrote:> Alexander Wilms wrote on 31/05/2005 18:25:02: > > Solution (more a hack) was to rename the interfaces before > > network/shorewall > > > comes up. Something like this: > > > > ifconfig eth0 down > > ifconfig eth1 down > > > > nameif -s foo1 xx:xx:xx:xx:xx:xa > > nameif -s foo2 xx:xx:xx:xx:xx:xb > > > > nameif eth0 xx:xx:xx:xx:xx:xb > > nameif eth1 xx:xx:xx:xx:xx:xa > > > > ifconfig eth0 up > > ifconfig eth1 up > > didn''t work - It''s like the devices aren''t there anymore.what does a ifconfig -a or ip addr ls show? And how about nic modules, are they loaded?> > But I found out that, if I do a shutdown and not a restart, the cards come > back in the right way. whoooo, I''m surely doing something wrong here. > Time to reinstall?You are using Linux - No.> > thanks for the help... > > ________________________ > Eduardo Ferreira > Icatu Holding S.A. > Supervisor de TI > (5521) 3804-8606 > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@lists.shorewall.net > https://lists.shorewall.net/mailman/listinfo/shorewall-devel-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050602/71d6651f/attachment.bin
Paul Gear
2005-Jun-02 04:31 UTC
[Shorewall-devel] More Tests for 2.4.0-RC2 - strange behavior
Alexander Wilms wrote:> ... >>>ifconfig eth0 up >>>ifconfig eth1 up >> >>didn''t work - It''s like the devices aren''t there anymore. > > > what does a ifconfig -a or ip addr ls show? > And how about nic modules, are they loaded? > >>But I found out that, if I do a shutdown and not a restart, the cards come >>back in the right way. whoooo, I''m surely doing something wrong here. >>Time to reinstall? > > You are using Linux - No.How about moving this thread to shorewall-users, guys? :-) -- Paul <http://paulgear.webhop.net> -- Did you know? Email addresses can be forged easily. This message is signed with GNU Privacy Guard <http://www.gnupg.org> and Enigmail <http://enigmail.mozdev.org> so you can be sure it comes from me. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050602/6c03d858/signature.bin