Hi!
I am new with firewall and also with Debian Linux.
My system is Debian Sarge, kernel 2.6.8. I installed Shorewall Firewall
from Debian site, version 2.01.
I hava a standalone machine, DSL modem to connect to the Internet.
I got a message /sbin/shorewall: line 20: 7: command not found.
Bellow is mine trace and attache status.txt.
Thank you in advance.
Sincerely,
Mitja
/sbin/shorewall: line 20: 7: command not found
+ shift
+ nolock+ ''['' 1 -gt 1 '']''
+ trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9
+ COMMAND=start
+ ''['' 1 -ne 1 '']''
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version+ FW+ SUBSYSLOCK+ STATEDIR+ ALLOWRELATED=Yes
+ LOGRATE+ LOGBURST+ LOGPARMS+ LOGLIMIT+ ADD_IP_ALIASES+ ADD_SNAT_ALIASES+
TC_ENABLED+ BLACKLIST_DISPOSITION+ BLACKLIST_LOGLEVEL+ CLAMPMSS+ ROUTE_FILTER+
DETECT_DNAT_IPADDRS+ MUTEX_TIMEOUT+ NEWNOTSYN+ LOGNEWNOTSYN+ FORWARDPING+
MACLIST_DISPOSITION+ MACLIST_LOG_LEVEL+ TCP_FLAGS_DISPOSITION+
TCP_FLAGS_LOG_LEVEL+ RFC1918_LOG_LEVEL+ BOGON_LOG_LEVEL+ MARK_IN_FORWARD_CHAIN+
SHARED_DIR=/usr/share/shorewall
+ FUNCTIONS+ VERSION_FILE+ LOGFORMAT+ LOGRULENUMBERS+ ADMINISABSENTMINDED+
BLACKLISTNEWONLY+ MODULE_SUFFIX+ ACTIONS+ USEDACTIONS+ SMURF_LOG_LEVEL+
DISABLE_IPV6+ BRIDGING+ DYNAMIC_ZONES+ PKTTYPE+ DROPINVALID+ RESTOREBASE+
TMP_DIR+ stopping+ have_mutex+ masq_seq=1
+ nonat_seq=1
+ aliases_to_add+ FUNCTIONS=/usr/share/shorewall/functions
+ ''['' -f /usr/share/shorewall/functions '']''
+ ''['' -n '''' '']''
+ echo ''Loading /usr/share/shorewall/functions...''
+ . /usr/share/shorewall/functions
++ LEFTSHIFT=<<
++ mktempdir
++ ''['' -z '''' '']''
++ find_mktemp
+++ which mktemp
++ local mktemp=/bin/mktemp
++ ''['' -n /bin/mktemp '']''
++ qt mktemp -V
++ mktemp -V
++ MKTEMP=STD
++ mktemp -td shorewall.XXXXXX
+ TMP_DIR=/tmp/shorewall.jtrmfH
+ ''['' -n /tmp/shorewall.jtrmfH '']''
+ chmod 700 /tmp/shorewall.jtrmfH
+ trap ''rm -rf /tmp/shorewall.jtrmfH; my_mutex_off; exit 2'' 1
2 3 4 5 6
9
+ ensure_config_path
+ local F=/usr/share/shorewall/configpath
+ ''['' -z /etc/shorewall:/usr/share/shorewall
'']''
+ VERSION_FILE=/usr/share/shorewall/version
+ ''['' -f /usr/share/shorewall/version '']''
++ cat /usr/share/shorewall/version
+ version=2.0.16
+ run_user_exit params
++ find_file params
++ local saveifs= directory
++ ''['' -n '''' -a -f /params
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/params '']''
++ ''['' -f /usr/share/shorewall/params '']''
++ IFS=
++ echo /etc/shorewall/params
+ local user_exit=/etc/shorewall/params
+ ''['' -f /etc/shorewall/params '']''
++ find_file shorewall.conf
++ local saveifs= directory
++ ''['' -n '''' -a -f /shorewall.conf
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/shorewall.conf '']''
++ echo /etc/shorewall/shorewall.conf
++ IFS=
++ return
+ config=/etc/shorewall/shorewall.conf
+ ''['' -f /etc/shorewall/shorewall.conf '']''
+ ''['' -r /etc/shorewall/shorewall.conf '']''
+ ''['' -n '''' '']''
+ echo ''Processing /etc/shorewall/shorewall.conf...''
+ . /etc/shorewall/shorewall.conf
++ 7 debug
/usr/share/shorewall/firewall: line 20: 7: command not found
++ LOGFILE=/var/log/messages
++ LOGFORMAT=Shorewall:%s:%s:
++ LOGRATE++ LOGBURST++ BLACKLIST_LOGLEVEL++ LOGNEWNOTSYN=info
++ MACLIST_LOG_LEVEL=info
++ TCP_FLAGS_LOG_LEVEL=info
++ RFC1918_LOG_LEVEL=info
++ SMURF_LOG_LEVEL=info
++ BOGON_LOG_LEVEL=info
++ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
++ SHOREWALL_SHELL=/bin/sh
++ SUBSYSLOCK++ STATEDIR=/var/lib/shorewall
++ MODULESDIR++ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
++ RESTOREFILE++ FW=fw
++ IP_FORWARDING=Off
++ ADD_IP_ALIASES=no
++ ADD_SNAT_ALIASES=No
++ TC_ENABLED=No
++ CLEAR_TC=Yes
++ MARK_IN_FORWARD_CHAIN=No
++ CLAMPMSS=Yes
++ ROUTE_FILTER=Yes
++ DETECT_DNAT_IPADDRS=No
++ MUTEX_TIMEOUT=60
++ NEWNOTSYN=Yes
++ ADMINISABSENTMINDED=Yes
++ BLACKLISTNEWONLY=Yes
++ MODULE_SUFFIX++ DISABLE_IPV6=No
++ BRIDGING=No
++ DYNAMIC_ZONES=No
++ PKTTYPE=Yes
++ DROPINVALID=No
++ BLACKLIST_DISPOSITION=DROP
++ MACLIST_DISPOSITION=REJECT
++ TCP_FLAGS_DISPOSITION=DROP
+ ensure_config_path
+ local F=/usr/share/shorewall/configpath
+ ''['' -z /etc/shorewall:/usr/share/shorewall
'']''
+ ''['' -n '''' '']''
+ MODULE_SUFFIX=o gz ko o.gz ko.gz
+ load_kernel_modules
+ save_modules_dir+ ''['' -z ''''
'']''
++ uname -r
+ MODULESDIR=/lib/modules/2.6.8-2-686-smp/kernel/net/ipv4/netfilter
++ find_file modules
++ local saveifs= directory
++ ''['' -n '''' -a -f /modules
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/modules '']''
++ ''['' -f /usr/share/shorewall/modules '']''
++ echo /usr/share/shorewall/modules
++ IFS=
++ return
+ modules=/usr/share/shorewall/modules
+ ''['' -f /usr/share/shorewall/modules -a
-d /lib/modules/2.6.8-2-686-smp/kernel/net/ipv4/netfilter '']''
+ progress_message ''Loading Modules...''
+ ''['' -n '''' '']''
+ echo ''Loading Modules...''
+ . /usr/share/shorewall/modules
++ loadmodule ip_tables
++ local modulename=ip_tables
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_tables
++ ''['' -z ''ip_tables 19360 10
ipt_TCPMSS,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_state,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule iptable_filter
++ local modulename=iptable_filter
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep iptable_filter
++ ''['' -z ''iptable_filter 3104 1
ip_tables 19360 10
ipt_TCPMSS,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_state,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule ip_conntrack
++ local modulename=ip_conntrack
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack
++ ''['' -z ''ip_conntrack_irc 71760 1 ip_nat_irc
ip_conntrack_tftp 3920 0
ip_conntrack_ftp 72688 1 ip_nat_ftp
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_ftp
++ local modulename=ip_conntrack_ftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_ftp
++ ''['' -z ''ip_conntrack_ftp 72688 1 ip_nat_ftp
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_tftp
++ local modulename=ip_conntrack_tftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_tftp
++ ''['' -z ''ip_conntrack_tftp 3920 0
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_conntrack_irc
++ local modulename=ip_conntrack_irc
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_conntrack_irc
++ ''['' -z ''ip_conntrack_irc 71760 1 ip_nat_irc
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule iptable_nat
++ local modulename=iptable_nat
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep iptable_nat
++ ''['' -z ''iptable_nat 26276 3
ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
ip_tables 19360 10
ipt_TCPMSS,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_state,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter''
'']''
++ loadmodule ip_nat_ftp
++ local modulename=ip_nat_ftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_ftp
++ ''['' -z ''ip_nat_ftp 5488 0
iptable_nat 26276 3 ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_ftp 72688 1 ip_nat_ftp
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_nat_tftp
++ local modulename=ip_nat_tftp
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_tftp
++ ''['' -z ''ip_nat_tftp 3664 0
iptable_nat 26276 3 ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
++ loadmodule ip_nat_irc
++ local modulename=ip_nat_irc
++ local modulefile
++ local suffix
++ moduleloader=modprobe
++ qt which modprobe
++ which modprobe
+++ lsmod
+++ grep ip_nat_irc
++ ''['' -z ''ip_nat_irc 4752 0
iptable_nat 26276 3 ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_irc 71760 1 ip_nat_irc
ip_conntrack 37004 9
ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp''
'']''
+ MODULESDIR+ determine_capabilities
+ qt iptables -t nat -L -n
+ iptables -t nat -L -n
+ NAT_ENABLED=Yes
+ qt iptables -t mangle -L -n
+ iptables -t mangle -L -n
+ MANGLE_ENABLED=Yes
+ CONNTRACK_MATCH+ MULTIPORT+ qt iptables -N fooX1234
+ iptables -N fooX1234
+ qt iptables -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT
+ iptables -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT
+ CONNTRACK_MATCH=Yes
+ qt iptables -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT
+ iptables -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT
+ MULTIPORT=Yes
+ qt iptables -F fooX1234
+ iptables -F fooX1234
+ qt iptables -X fooX1234
+ iptables -X fooX1234
+ ''['' -z /var/lib/shorewall '']''
+ ''['' -d /var/lib/shorewall '']''
+ ''['' -z fw '']''
++ added_param_value_yes ALLOWRELATED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ ALLOWRELATED=Yes
+ ''['' -n Yes '']''
++ added_param_value_yes ADD_IP_ALIASES no
++ local val=no
++ ''['' -z no '']''
++ echo ''''
+ ADD_IP_ALIASES++ added_param_value_yes TC_ENABLED No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ TC_ENABLED+ ''['' -n ''''
'']''
+ ''['' -n Off '']''
+ ''['' -n '''' -a -z Yes '']''
+ ''['' -z DROP '']''
++ added_param_value_no CLAMPMSS Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ CLAMPMSS=Yes
++ added_param_value_no ADD_SNAT_ALIASES No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ ADD_SNAT_ALIASES++ added_param_value_no ROUTE_FILTER Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ ROUTE_FILTER=Yes
++ added_param_value_no DETECT_DNAT_IPADDRS No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ DETECT_DNAT_IPADDRS++ added_param_value_no FORWARDPING
++ local val++ ''['' -z ''''
'']''
++ echo ''''
+ FORWARDPING+ ''['' -n ''''
'']''
++ added_param_value_yes NEWNOTSYN Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ NEWNOTSYN=Yes
+ maclist_target=reject
+ ''['' -n REJECT '']''
+ ''['' -n DROP '']''
+ ''['' -z info '']''
+ ''['' -z info '']''
++ added_param_value_no MARK_IN_FORWARD_CHAIN No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ MARK_IN_FORWARD_CHAIN+ ''['' -n ''''
'']''
+ marking_chain=tcpre
+ ''['' -n '''' '']''
+ CLEAR_TC+ ''['' -n Shorewall:%s:%s: '']''
++ echo Shorewall:%s:%s:
++ grep %d
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: fooxx barxx
+ temp=Shorewall:fooxx:barxx:
+ ''['' 0 -ne 0 '']''
+ ''['' 22 -gt 29 '']''
++ added_param_value_no ADMINISABSENTMINDED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ ADMINISABSENTMINDED=Yes
++ added_param_value_no BLACKLISTNEWONLY Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ BLACKLISTNEWONLY=Yes
++ added_param_value_no DISABLE_IPV6 No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ DISABLE_IPV6++ added_param_value_no BRIDGING No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ BRIDGING++ added_param_value_no DYNAMIC_ZONES No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ DYNAMIC_ZONES++ added_param_value_yes PKTTYPE Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ PKTTYPE=Yes
++ added_param_value_yes DROPINVALID No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ DROPINVALID+ strip_file interfaces
+ local fname
+ ''['' 1 = 1 '']''
++ find_file interfaces
++ local saveifs= directory
++ ''['' -n '''' -a -f /interfaces
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/interfaces '']''
++ echo /etc/shorewall/interfaces
++ IFS=
++ return
+ fname=/etc/shorewall/interfaces
+ ''['' -f /etc/shorewall/interfaces '']''
+ read_file /etc/shorewall/interfaces 0
+ local first rest
+ ''['' -f /etc/shorewall/interfaces '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the interface serves multiple zones that will be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# defined in the /etc/shorewall/hosts file, you
should''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# place "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# INTERFACE Name of interface. Each interface may be listed
only''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# once in this file. You may NOT specify the name of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an alias (e.g., eth0:0) here; see''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.shorewall.net/FAQ.htm#faq18''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You may specify wildcards here. For example, if you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# want to make a entry that applies to all PPP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interfaces, use
''\''''ppp+''\''''''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# There is no need to define the loopback interface
(lo)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in this file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# BROADCAST The broadcast address for the subnetwork to which
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface belongs. For P-T-P interfaces, this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column is left blank.If the interface has multiple''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses on multiple subnets then list the
broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses as a comma-separated list.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you use the special value "detect", the
firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# will detect the broadcast address for you. If you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# select this option, the interface must be up before''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the firewall is started, you must have iproute''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# installed and the interface must only be associated''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# with a single subnet.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to give a
value for this column but''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you want to enter a value in the OPTIONS column,
enter''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-" in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OPTIONS A comma-separated list of options including
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# following:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dhcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Interface is managed by DHCP or used by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a DHCP server running on the firewall or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you have a static IP but are on a LAN''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# segment with lots of Laptop DHCP clients.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# norfc1918''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This interface should not receive''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any packets whose source is in one''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of the ranges reserved by RFC 1918''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (i.e., private or "non-routable"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses. If packet mangling is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# enabled in shorewall.conf, packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# whose destination addresses are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# reserved by RFC 1918 are also rejected.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# nobogons''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This interface should not receive''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any packets whose source is in one''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of the ranges reserved by IANA (this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option does not cover those ranges''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# reserved by RFC 1918 -- see above).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routefilter''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Turn on kernel route filtering for this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface (anti-spoofing measure). This''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# option can also be enabled globally in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the /etc/shorewall/shorewall.conf file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# blacklist''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Check packets arriving on this interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# against the /etc/shorewall/blacklist''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# maclist''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Connection requests from this interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are compared against the contents of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/maclist. If this option''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is specified, the interface must be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an ethernet NIC and must be up before''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall is started.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# tcpflags''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Packets arriving on this interface are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# checked for certain illegal combinations''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# of TCP flags. Packets found to have''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# such a combination of flags are handled''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# according to the setting of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP_FLAGS_DISPOSITION after having been''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logged according to the setting of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP_FLAGS_LOG_LEVEL.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# proxyarp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Sets
/proc/sys/net/ipv4/conf/<interface>/proxy_arp.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Do NOT use this option if you are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# employing Proxy ARP through entries in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/proxyarp. This option is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# intended soley for use with Proxy ARP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# sub-networking as described at:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# newnotsyn''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP packets that don''\''''t have the
SYN flag set and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# which are not part of an established connection''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# will be accepted from this interface, even if''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NEWNOTSYN=No has been specified in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/shorewall.conf.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This option has no effect if NEWNOTSYN=Yes''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# routeback''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If specified, indicates that Shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# should include rules that allow filtering''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# traffic arriving on this interface back''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# out that same interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# arp_filter''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If specified, this interface will only respond''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to ARP who-has requests for IP addresses''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# configured on the interface. If not specified,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the interface can respond to ARP who-has requests''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# for IP addresses on any of the
firewall''\''''s interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The interface must be up when shorewall is started.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# nosmurfs''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Filter packers for smurfs (Packets with a broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address as the source).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# detectnets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Automatically taylors the zone named in the ZONE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# column to include only those hosts routed through''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the interface.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# WARNING: DO NOT SET THE detectnets OPTION ON YOUR INTERNET
INTERFACE!''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The order in which you list the options is not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# significant but the list should have no embedded
white''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# space.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 1:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Suppose you have eth0 connected to a DSL modem''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that gets it''\''''s IP address via
DHCP from subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 206.191.149.192/27.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Your entries for this setup would look like:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ZONE INTERFACE BROADCAST OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net eth0 206.191.149.223 dhcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 2:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The same configuration without specifying broadcast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# addresses is:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ZONE INTERFACE BROADCAST OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net eth0 detect dhcp''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example 3:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You have a simple dial-in system with no ethernet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connections.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ZONE INTERFACE BROADCAST OPTIONS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net ppp0 -''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#ZONE = xINCLUDE '']''
+ echo ''#ZONE INTERFACE BROADCAST OPTIONS''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net eth0 detect dhcp''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ strip_file hosts
+ local fname
+ ''['' 1 = 1 '']''
++ find_file hosts
++ local saveifs= directory
++ ''['' -n '''' -a -f /hosts
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/hosts '']''
++ ''['' -f /usr/share/shorewall/hosts '']''
++ IFS=
++ echo /etc/shorewall/hosts
+ fname=/etc/shorewall/hosts
+ ''['' -f /etc/shorewall/hosts '']''
+ ''['' -n /bin/sh '']''
++ decodeaddr 192.168.1.1
++ local x
++ local temp=0
++ local ''ifs=
''
++ IFS=.
++ temp=192
++ temp=49320
++ temp=12625921
++ temp=3232235777
++ echo 3232235777
++ IFS=
+ temp=3232235777
++ encodeaddr 3232235777
++ addr=3232235777
++ local x
++ local y=1
++ addr=12625921
++ y=1.1
++ addr=49320
++ y=168.1.1
++ addr=192
++ y=192.168.1.1
++ echo 192.168.1.1
+ ''['' 192.168.1.1 ''!='' 192.168.1.1
'']''
+ rm -f /tmp/shorewall.jtrmfH/physdev
+ my_mutex_on
+ ''['' -n '''' '']''
+ mutex_on
+ local try=0
+ local lockf=/var/lib/shorewall/lock
+ MUTEX_TIMEOUT=60
+ ''['' 60 -gt 0 '']''
+ ''['' -d /var/lib/shorewall '']''
+ qt which lockfile
+ which lockfile
+ lockfile -60 -r1 /var/lib/shorewall/lock
+ have_mutex=Yes
+ qt iptables -L shorewall -n
+ iptables -L shorewall -n
+ define_firewall Start
+ check_disabled_startup
+ ''['' -f /etc/shorewall/startup_disabled '']''
+ echo ''Starting Shorewall...''
+ verify_os_version
++ uname -r
+ osversion=2.6.8-2-686-smp
++ lsmod
++ grep ''^ipchains''
+ ''['' start = start -a -n ''''
'']''
+ verify_ip
+ qt ip link ls
+ ip link ls
+ ''['' -d /var/lib/shorewall '']''
++ mktempfile /var/lib/shorewall
++ ''['' -z '''' '']''
++ find_mktemp
+++ which mktemp
++ local mktemp=/bin/mktemp
++ ''['' -n /bin/mktemp '']''
++ qt mktemp -V
++ mktemp -V
++ MKTEMP=STD
++ ''['' 1 -gt 0 '']''
++ mktemp -p /var/lib/shorewall shorewall.XXXXXX
+ RESTOREBASE=/var/lib/shorewall/shorewall.XjCV4W
+ ''['' -n /var/lib/shorewall/shorewall.XjCV4W
'']''
+ echo ''#bin/sh''
+ save_command ''#''
+ echo ''#''
++ date
+ save_command ''# Restore base file generated by Shorewall 2.0.16 - Sun
Feb 27 22:57:20 EST 2005''
+ echo ''# Restore base file generated by Shorewall 2.0.16 - Sun Feb 27
22:57:20 EST 2005''
+ save_command ''#''
+ echo ''#''
+ save_command ''. /usr/share/shorewall/functions''
+ echo ''. /usr/share/shorewall/functions''
+ save_command ''MODULESDIR=""''
+ echo ''MODULESDIR=""''
+ save_command ''MODULE_SUFFIX="o gz ko o.gz ko.gz"''
+ echo ''MODULE_SUFFIX="o gz ko o.gz ko.gz"''
+ save_load_kernel_modules
++ find_file modules
++ local saveifs= directory
++ ''['' -n '''' -a -f /modules
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/modules '']''
++ ''['' -f /usr/share/shorewall/modules '']''
++ echo /usr/share/shorewall/modules
++ IFS=
++ return
+ modules=/usr/share/shorewall/modules
+ save_progress_message ''Loading kernel modules...''
+ echo
+ echo ''progress_message "Loading kernel
modules..."''
+ echo
+ save_command ''reload_kernel_modules <<__EOF__''
+ echo ''reload_kernel_modules <<__EOF__''
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ read command
+ save_command loadmodule ip_tables
+ echo loadmodule ip_tables
+ read command
+ save_command loadmodule iptable_filter
+ echo loadmodule iptable_filter
+ read command
+ save_command loadmodule ip_conntrack
+ echo loadmodule ip_conntrack
+ read command
+ save_command loadmodule ip_conntrack_ftp
+ echo loadmodule ip_conntrack_ftp
+ read command
+ save_command loadmodule ip_conntrack_tftp
+ echo loadmodule ip_conntrack_tftp
+ read command
+ save_command loadmodule ip_conntrack_irc
+ echo loadmodule ip_conntrack_irc
+ read command
+ save_command loadmodule iptable_nat
+ echo loadmodule iptable_nat
+ read command
+ save_command loadmodule ip_nat_ftp
+ echo loadmodule ip_nat_ftp
+ read command
+ save_command loadmodule ip_nat_tftp
+ echo loadmodule ip_nat_tftp
+ read command
+ save_command loadmodule ip_nat_irc
+ echo loadmodule ip_nat_irc
+ read command
+ read command
+ save_command __EOF__
+ echo __EOF__
+ echo Initializing...
+ initialize_netfilter
+ report_capabilities
+ echo ''Shorewall has detected the following iptables/netfilter
capabilities:''
+ report_capability Yes NAT
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ shift
+ echo '' '' NAT: Available
+ report_capability Yes ''Packet Mangling''
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ shift
+ echo '' '' Packet Mangling: Available
+ report_capability Yes ''Multi-port Match''
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ shift
+ echo '' '' Multi-port Match: Available
+ report_capability Yes ''Connection Tracking Match''
+ local setting+ ''['' xYes = xYes '']''
+ setting=Available
+ shift
+ echo '' '' Connection Tracking Match: Available
+ echo ''Determining Zones...''
+ determine_zones
++ find_file zones
++ local saveifs= directory
++ ''['' -n '''' -a -f /zones
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/zones '']''
++ echo /etc/shorewall/zones
++ IFS=
++ return
+ local zonefile=/etc/shorewall/zones
+ multi_display=Multi-zone
+ strip_file zones /etc/shorewall/zones
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/zones
+ ''['' -f /etc/shorewall/zones '']''
+ read_file /etc/shorewall/zones 0
+ local first rest
+ ''['' -f /etc/shorewall/zones '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 -- Sample Zone File For One Interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/zones''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ cut -d# -f1
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file determines your network zones. Columns
are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ZONE Short name of the zone (5 Characters or less in
length).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DISPLAY Display name of the zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# COMMENTS Comments about the zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU
HAVE
NESTED OR''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# OVERLAPPING ZONES DEFINED THROUGH
/etc/shorewall/hosts.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# See
http://www.shorewall.net/Documentation.html#Nested''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Of Course This Is A Single Zone .. So The Above Does Not
Apply''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ZONE = xINCLUDE '']''
+ echo ''#ZONE DISPLAY COMMENTS''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net Net Internet''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
++ find_zones /tmp/shorewall.jtrmfH/zones
++ read zone display comments
++ ''['' -n net '']''
++ echo net
++ read zone display comments
+ zones=net
++ echo net
+ zones=net
++ find_display net /tmp/shorewall.jtrmfH/zones
++ grep ''^net'' /tmp/shorewall.jtrmfH/zones
++ read z display comments
++ ''['' xnet = xnet '']''
++ echo Net
++ read z display comments
+ dsply=Net
+ eval ''net_display=$dsply''
++ net_display=Net
+ ''['' -z net '']''
+ display_list Zones: net
+ ''['' 2 -gt 1 '']''
+ echo '' Zones: net''
+ echo ''Validating interfaces file...''
+ validate_interfaces_file
+ local wildcard
+ local found_obsolete_option+ local z interface networks options r iface option
+ read z interface networks options
+ expandv z interface networks options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=net
+ eval ''z="net"''
++ z=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth0
+ eval ''interface="eth0"''
++ interface=eth0
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$networks''
++ varval=detect
+ eval ''networks="detect"''
++ networks=detect
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=dhcp
+ eval ''options="dhcp"''
++ options=dhcp
+ shift
+ ''['' 0 -gt 0 '']''
+ r=net eth0 detect dhcp
+ ''['' xnet = x- '']''
+ ''['' -n net '']''
+ validate_zone net
+ list_search net net fw
+ local e=net
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ list_search eth0
+ local e=eth0
+ ''['' 1 -gt 1 '']''
+ return 1
+ wildcard+ all_interfaces= eth0
++ separate_list dhcp
++ local list
++ local part
++ local newlist
++ list=dhcp
++ part=dhcp
++ newlist=dhcp
++ ''['' xdhcp ''!='' xdhcp
'']''
++ echo dhcp
+ options=dhcp
++ chain_base eth0
++ local c=eth0
++ true
++ echo eth0
++ return
+ iface=eth0
+ eval eth0_broadcast=detect
++ eth0_broadcast=detect
+ eval eth0_zone=net
++ eth0_zone=net
+ eval ''eth0_options="dhcp"''
++ eth0_options=dhcp
+ ''['' -z '' eth0'' '']''
+ read z interface networks options
+ echo ''Validating hosts file...''
+ validate_hosts_file
+ local z hosts options r interface host option port ports
+ read z hosts options
+ ''['' -n '''' '']''
+ echo ''Validating Policy file...''
+ validate_policy
+ local clientwild
+ local serverwild
+ local zone
+ local zone1
+ local pc
+ local chain
+ local policy
+ local loglevel
+ local synparams
+ all_policy_chains+ strip_file policy
+ local fname
+ ''['' 1 = 1 '']''
++ find_file policy
++ local saveifs= directory
++ ''['' -n '''' -a -f /policy
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/policy '']''
++ echo /etc/shorewall/policy
++ IFS=
++ return
+ fname=/etc/shorewall/policy
+ ''['' -f /etc/shorewall/policy '']''
+ read_file /etc/shorewall/policy 0
+ local first rest
+ ''['' -f /etc/shorewall/policy '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 -- Sample Policy File For One
Interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/policy''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# THE ORDER OF ENTRYS IN THIS FILE IS IMPORTANT!''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This file determines what to do with a new connection request
if we''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# don''\''''t get a match from the
/etc/shorewall/rules file For
each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# source/destination pair, the file is processed in order until
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match is found ("all" will match any client or
server).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE Source zone. Must be the name of a zone
defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# in /etc/shorewall/zones, $FW or "all".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST Destination zone. Must be the name of a zone
defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in /etc/shorewall/zones, $FW or "all"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# POLICY Policy if no match from the rules file is found.
Must''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# be "ACCEPT", "DROP", "REJECT",
"CONTINUE" or "NONE"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Accept the connection''
+ grep -v ''^[[:space:]]*$''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DROP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Ignore the connection request.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REJECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For TCP, send RST. For all other, send''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "port unreachable" ICMP.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CONTINUE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Pass the connection request past''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any other rules that it might also''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match (where the source or destination''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# zone in those rules is a superset of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the SOURCE or DEST in this policy)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# NONE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Assume that there will never be any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packets from this SOURCE to this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST. Shorewall will not set up any''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# infrastructure to handle such packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and you may not have any rules with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this SOURCE and DEST in the /etc/shorewall/rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# file. If such a packet is received the result''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# is undefined. NONE may not be used if the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE or DEST columns contain the firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# zone ($FW) or "all".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If this column contains ACCEPT, DROP or REJECT and
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# corresonding common action is defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/actions (or
/usr/share/shorewall/actions.std)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# then that action will be invoked before the policy named
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this column is inforced.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOG LEVEL If supplied, each connection handled under the
default''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# POLICY is logged at that level. If not supplied, no''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log message is generated. See syslog.conf(5) for a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# description of log levels.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Beginning with Shorewall version 1.3.12, you may''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# also specify ULOG (must be in upper case). This
will''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log to the ULOG target and sent to a separate log''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# through use of ulogd
(http://www.gnumonks.org/projects/ulogd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to log but
need to specify the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# following column, place "_" here.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LIMIT:BURST If passed, specifies the maximum TCP connection
rate''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and the size of an acceptable burst. If not
specified,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# TCP connections are not limited.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# As shipped, the default policies are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a) All connections from the Firewall to the Internet are
allowed''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# b) All connections from the Internet are ignored but logged
at
syslog''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# level KERNEL.INFO.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# d) All other connection requests are rejected and logged at
level''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# KERNEL.INFO.''
+ read first rest
+ ''[''
x###############################################################################
= xINCLUDE '']''
+ echo
''###############################################################################
''
+ read first rest
+ ''['' x#SOURCE = xINCLUDE '']''
+ echo ''#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST''
+ read first rest
+ ''['' xfw = xINCLUDE '']''
+ echo ''fw net ACCEPT''
+ read first rest
+ ''['' xnet = xINCLUDE '']''
+ echo ''net all DROP info''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The FOLLOWING POLICY MUST BE LAST''
+ read first rest
+ ''['' xall = xINCLUDE '']''
+ echo ''all all REJECT info''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE''
+ read first rest
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=fw
+ eval ''client="fw"''
++ client=fw
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=net
+ eval ''server="net"''
++ server=net
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ validate_zone fw
+ list_search fw net fw
+ local e=fw
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ validate_zone net
+ list_search net net fw
+ local e=net
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ chain=fw2net
+ is_policy_chain fw2net
+ eval test ''"$fw2net_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains= fw2net
+ eval fw2net_is_policy=Yes
++ fw2net_is_policy=Yes
+ eval fw2net_policy=ACCEPT
++ fw2net_policy=ACCEPT
+ eval fw2net_loglevel++ fw2net_loglevel+ eval fw2net_synparams++
fw2net_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval fw2net_policychain=fw2net
++ fw2net_policychain=fw2net
+ print_policy fw net
+ ''['' start ''!='' check '']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=net
+ eval ''client="net"''
++ client=net
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=all
+ eval ''server="all"''
++ server=all
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=DROP
+ eval ''policy="DROP"''
++ policy=DROP
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=info
+ eval ''loglevel="info"''
++ loglevel=info
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ validate_zone net
+ list_search net net fw
+ local e=net
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ serverwild=Yes
+ chain=net2all
+ is_policy_chain net2all
+ eval test ''"$net2all_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' xinfo = x- '']''
+ ''['' DROP = NONE '']''
+ all_policy_chains= fw2net net2all
+ eval net2all_is_policy=Yes
++ net2all_is_policy=Yes
+ eval net2all_policy=DROP
++ net2all_policy=DROP
+ eval net2all_loglevel=info
++ net2all_loglevel=info
+ eval net2all_synparams++ net2all_synparams+ ''['' -n
'''' '']''
+ ''['' -n Yes '']''
+ eval ''pc=$net2net_policychain''
++ pc+ ''['' -z '''' '']''
+ eval net2net_policychain=net2all
++ net2net_policychain=net2all
+ eval net2net_policy=DROP
++ net2net_policy=DROP
+ print_policy net net
+ ''['' start ''!='' check '']''
+ eval ''pc=$net2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval net2fw_policychain=net2all
++ net2fw_policychain=net2all
+ eval net2fw_policy=DROP
++ net2fw_policy=DROP
+ print_policy net fw
+ ''['' start ''!='' check '']''
+ eval ''pc=$net2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval net2all_policychain=net2all
++ net2all_policychain=net2all
+ eval net2all_policy=DROP
++ net2all_policy=DROP
+ print_policy net all
+ ''['' start ''!='' check '']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=all
+ eval ''client="all"''
++ client=all
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=all
+ eval ''server="all"''
++ server=all
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=REJECT
+ eval ''policy="REJECT"''
++ policy=REJECT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=info
+ eval ''loglevel="info"''
++ loglevel=info
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ clientwild=Yes
+ serverwild=Yes
+ chain=all2all
+ is_policy_chain all2all
+ eval test ''"$all2all_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' xinfo = x- '']''
+ ''['' REJECT = NONE '']''
+ all_policy_chains= fw2net net2all all2all
+ eval all2all_is_policy=Yes
++ all2all_is_policy=Yes
+ eval all2all_policy=REJECT
++ all2all_policy=REJECT
+ eval all2all_loglevel=info
++ all2all_loglevel=info
+ eval all2all_synparams++ all2all_synparams+ ''['' -n Yes
'']''
+ ''['' -n Yes '']''
+ eval ''pc=$net2net_policychain''
++ pc=net2all
+ ''['' -z net2all '']''
+ eval ''pc=$net2fw_policychain''
++ pc=net2all
+ ''['' -z net2all '']''
+ eval ''pc=$net2all_policychain''
++ pc=net2all
+ ''['' -z net2all '']''
+ eval ''pc=$fw2net_policychain''
++ pc=fw2net
+ ''['' -z fw2net '']''
+ eval ''pc=$fw2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2fw_policychain=all2all
++ fw2fw_policychain=all2all
+ eval fw2fw_policy=REJECT
++ fw2fw_policy=REJECT
+ print_policy fw fw
+ ''['' start ''!='' check '']''
+ eval ''pc=$fw2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2all_policychain=all2all
++ fw2all_policychain=all2all
+ eval fw2all_policy=REJECT
++ fw2all_policy=REJECT
+ print_policy fw all
+ ''['' start ''!='' check '']''
+ eval ''pc=$all2net_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2net_policychain=all2all
++ all2net_policychain=all2all
+ eval all2net_policy=REJECT
++ all2net_policy=REJECT
+ print_policy all net
+ ''['' start ''!='' check '']''
+ eval ''pc=$all2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2fw_policychain=all2all
++ all2fw_policychain=all2all
+ eval all2fw_policy=REJECT
++ all2fw_policy=REJECT
+ print_policy all fw
+ ''['' start ''!='' check '']''
+ eval ''pc=$all2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2all_policychain=all2all
++ all2all_policychain=all2all
+ eval all2all_policy=REJECT
++ all2all_policy=REJECT
+ print_policy all all
+ ''['' start ''!='' check '']''
+ read client server policy loglevel synparams
+ echo ''Determining Hosts in Zones...''
+ determine_interfaces
++ find_interfaces net
++ local zne=net
++ local z
++ local interface
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''z=$eth0_zone''
+++ z=net
++ ''['' xnet = xnet '']''
++ echo eth0
+ interfaces=eth0
++ echo eth0
+ interfaces=eth0
+ eval ''net_interfaces="$interfaces"''
++ net_interfaces=eth0
+ determine_hosts
++ find_hosts net
++ local hosts interface address addresses
++ read z hosts options
+ hosts++ echo
+ hosts+ eval ''interfaces=$net_interfaces''
++ interfaces=eth0
+ interface_has_option eth0 detectnets
+ local options
++ chain_base eth0
++ local c=eth0
++ true
++ echo eth0
++ return
+ eval ''options=$eth0_options''
++ options=dhcp
+ list_search detectnets dhcp
+ local e=detectnets
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdetectnets = xdhcp '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ networks=0.0.0.0/0
+ ''['' -z '''' '']''
+ hosts=eth0:0.0.0.0/0
+ interface_has_option eth0 routeback
+ local options
++ chain_base eth0
++ local c=eth0
++ true
++ echo eth0
++ return
+ eval ''options=$eth0_options''
++ options=dhcp
+ list_search routeback dhcp
+ local e=routeback
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xrouteback = xdhcp '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ interfaces+ interface=eth0
+ list_search eth0
+ local e=eth0
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z '''' '']''
+ interfaces=eth0
+ eval ''net_interfaces=$interfaces''
++ net_interfaces=eth0
+ eval ''net_hosts=$hosts''
++ net_hosts=eth0:0.0.0.0/0
+ ''['' -n eth0:0.0.0.0/0 '']''
+ eval ''display=$net_display''
++ display=Net
+ display_list ''Net Zone:'' eth0:0.0.0.0/0
+ ''['' 2 -gt 1 '']''
+ echo '' Net Zone: eth0:0.0.0.0/0''
+ run_user_exit init
++ find_file init
++ local saveifs= directory
++ ''['' -n '''' -a -f /init
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/init '']''
++ ''['' -f /usr/share/shorewall/init '']''
++ IFS=
++ echo /etc/shorewall/init
+ local user_exit=/etc/shorewall/init
+ ''['' -f /etc/shorewall/init '']''
+ strip_file rules
+ local fname
+ ''['' 1 = 1 '']''
++ find_file rules
++ local saveifs= directory
++ ''['' -n '''' -a -f /rules
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/rules '']''
++ echo /etc/shorewall/rules
++ IFS=
++ return
+ fname=/etc/shorewall/rules
+ ''['' -f /etc/shorewall/rules '']''
+ read_file /etc/shorewall/rules 0
+ local first rest
+ ''['' -f /etc/shorewall/rules '']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall version 2.0 - Sample Rules File For One
Interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Rules in this file govern connection establishment. Requests
and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# responses are automatically allowed using connection
tracking.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# For any particular (source,dest) pair of zones, the rules are
evaluated''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in the order in which they appear in this file and the first
match is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the one that determines the disposition of the
request.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# In most places where an IP address or subnet is allowed,
you''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# can preceed the address/subnet with "!" (e.g., !
192.168.1.0/24) to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# indicate that the rule matches all addresses except the
address/subnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# given. Notice that no white space is permitted between
"!" and
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address/subnet.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# WARNING: If you masquerade or use SNAT from a local system to
the internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# you cannot use a ACCEPT rule to allow traffic from the
internet to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that system. You *must* use a DNAT rule instead.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Columns are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACTION ACCEPT, DROP, REJECT, DNAT, DNAT-,
REDIRECT,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT-, CONTINUE, LOG, QUEUE or an
<action>.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# Allow the connection request''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DROP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Ignore the request''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REJECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Disallow the request and return an''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# icmp-unreachable or an RST packet.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Forward the request to another''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# system (and optionally another''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT-''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Advanced users only.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like DNAT but only generates the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT iptables rule and not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the companion ACCEPT rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Redirect the request to a local''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port on the firewall.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT-''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Advanced users only.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Like REDIRECT but only generates the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT iptables rule and not the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# companion ACCEPT rule.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CONTINUE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (For experts only). Do Not Process''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any of the following rules for this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (source zone,destination zone). If''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the source and/or destination IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address falls into a zone defined''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# later in /etc/shorewall/zones, this''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# connection request will be passed''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# to the rules defined for that''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (those) zones(s).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# LOG''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Simply log the packet and continue.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# QUEUE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Queue the packet to a user-space''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# application such as ftwall.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (http://p2pwall.sf.net).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <action>''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The name of an action defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/actions or in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /usr/share/shorewall/actions.std.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The ACTION may optionally be followed by ":" and a
syslog''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# log level (e.g, REJECT:info or DNAT:debug). This causes
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# packet to be logged at the specified level.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# You may also specify ULOG (Must be in upper case) as a
log''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# level. This will log to the ULOG target for routing to
a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# seperate log through the use of ulogd.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (http://www.gnumonks.org/projects/ulogd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# SOURCE Source hosts to which the rule applies. May be a
zone''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# defined in /etc/shorewall/zones, $FW to indicate
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# firewall itself, or "all" If the ACTION is DNAT
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT, sub-zones of the specified zone may be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# excluded from the rule by following the zone name
with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "!''\'''' and a comma-separated
list of sub-zone names.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Except when "all" is specified, clients may be
further''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# restricted to a list of subnets and/or hosts by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# appending ":" and a comma-separated list of
subnets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and/or hosts. Hosts may be specified by IP or MAC''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address; mac addresses must begin with "~" and must
use''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-" as a separator.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Some Examples:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:155.186.235.1''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Host 155.186.235.1 on the Internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:155.186.235.0/24''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Subnet 155.186.235.0/24 on the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:155.186.235.1,155.186.235.2''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Hosts 155.186.235.1 and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 155.186.235.2 on the Internet.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# net:~00-A0-C9-15-39-78''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Host on the Internet with''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# MAC address 00:A0:C9:15:39:78.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Alternatively, clients may be specified by
interface''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# by appending ":" to the zone name followed by
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface name. For example, net:eth0 specifies a''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# client that communicates with the firewall system''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# through eth0. This may be optionally followed by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# another colon (":") and an IP/MAC/subnet
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# as described above (e.g., net:eth0:192.168.1.5).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST Location of Server. May be a zone defined in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# /etc/shorewall/zones, $FW to indicate the firewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# itself or "all"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Except when "all" is specified, the server may
be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# further restricted to a particular subnet, host or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface by appending ":" and the subnet, host
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interface. See above.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Restrictions:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. MAC addresses are not allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. In DNAT rules, only IP addresses are''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowed; no FQDNs or subnet addresses''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# are permitted.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 3. You may not specify both an interface and''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# an address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Unlike in the SOURCE column, you may specify a range
of''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# up to 256 IP addresses using the syntax''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <first ip>-<last ip>. When the ACTION is DNAT or
DNAT-,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the connections will be assigned to addresses in
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# range in a round-robin fashion.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The port that the server is listening on may be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# included and separated from the
server''\''''s IP address by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ":". If omitted, the firewall will not modifiy
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# destination port. A destination port may only be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# included if the ACTION is DNAT or REDIRECT.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: net:155.186.235.1:25 specifies a Internet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# server at IP address 155.186.235.1 and listening on
port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 25. The port number MUST be specified as an integer''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and not as a name from /etc/services.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If the ACTION is REDIRECT, this column needs only
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# contain the port number on the firewall that the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# request should be redirected to.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PROTO Protocol - Must be "tcp", "udp",
"icmp", a number or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "all".''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DEST PORT(S) Destination Ports. A comma-separated list of
Port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# names (from /etc/services), port numbers or port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ranges; if the protocol is "icmp", this column
is''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# interpreted as the destination icmp-type(s).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# A port range is expressed as <low port>:<high
port>.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This column is ignored if PROTOCOL = all but must
be''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# entered if any of the following fields are
supplied.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# In that case, it is suggested that this field
contain''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# "-"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If your kernel contains multi-port match support,
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# only a single Netfilter rule will be generated if
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this list and the CLIENT PORT(S) list below:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. There are 15 or less ports listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. No port ranges are included.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Otherwise, a separate rule will be generated for
each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# CLIENT PORT(S) (Optional) Port(s) used by the client. If
omitted,''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# any source port is acceptable. Specified as a
comma-''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# separated list of port names, port numbers or port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ranges.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you don''\''''t want to restrict
client ports but need to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# specify an ADDRESS in the next column, then place
"-"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in this column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If your kernel contains multiport match support,
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# only a single Netfilter rule will be generated if
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# this list and the DEST PORT(S) list above:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 1. There are 15 or less ports listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 2. No port ranges are included.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Otherwise, a separate rule will be generated for
each''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# port.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ORIGINAL DEST (0ptional -- only allowed if ACTION is DNAT[-]
or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT[-}) If included and different from the IP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address given in the SERVER column, this is an
address''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# on some interface on the firewall and connections
to''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# that address will be forwarded to the IP and port''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# specified in the DEST column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# A comma-separated list of addresses may also be
used.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This is usually most useful with the REDIRECT
target''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# where you want to redirect traffic destined for''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a particular set of hosts.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Finally, if the list of addresses begins with "!"
then''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the rule will be followed only if the original''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# destination address in the connection request does
not''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# match any of the addresses listed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The address may optionally be followed by''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a colon (":") and a second IP address. This
causes''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall to use the second IP address as the
source''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address in forwarded packets. See the Shorewall''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# documentation for restrictions concerning this
feature.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If no source IP address is given, the original
source''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# address is not altered.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# RATE LIMIT You may rate-limit the rule by placing a value in
this column:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <rate>/<interval>[:<burst>]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Where <rate> is the number of connections per
<interval>
("sec"''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# or "min") and <burst> is the largest burst
permitted. If no''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <burst> is given, a value of 5 is assummed. There may
be no''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# whitespace embedded in the specification.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# 10/sec:20''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# If you place a rate limit in this column, you may not
place''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# a similiar limit in the ACTION column.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# USER/GROUP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This column may only be non-empty if the SOURCE is the
firewall itself.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This column may contain:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# [!][<user name or number>][:<group name or
number>]''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# When this column is non-empty, the rule applies only if the
program''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# generating the output is running under the effective
<user>
and/or''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# <group> specified (or is NOT running under that id if
"!''\''''
is given).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Examples:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# joe # program must be run by joe''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# :kids # program must be run by a member of the
''\''''kids''\''''
group.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# !:kids # program must not be run by a member of the
''\''''kids''\''''
group.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Note: Most one interface rules are of the type ACCEPT,
REDIRECT or REJECT.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# DNAT, DNAT-, CONTINUE rules are for multiple interface
firewall.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Also by default all outbound fw -> net communications are
allowed.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# (One Interface Only) You can change this behavior in the
sample policy file.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Accept www requests to the one interface
server.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S) DEST LIMIT GROUP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ACCEPT net fw tcp http''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Example: Redirect port 88 Internet traffic to fw port
80''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# # PORT PORT(S) DEST LIMIT GROUP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# REDIRECT net 80 tcp 88''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x##############################################################################
= xINCLUDE '']''
+ echo
''##############################################################################
''
+ read first rest
+ ''['' x#ACTION = xINCLUDE '']''
+ echo ''#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT net fw icmp 8''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT fw net icmp''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ strip_file proxyarp
+ local fname
+ ''['' 1 = 1 '']''
++ find_file proxyarp
++ local saveifs= directory
++ ''['' -n '''' -a -f /proxyarp
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/proxyarp '']''
++ ''['' -f /usr/share/shorewall/proxyarp '']''
++ IFS=
++ echo /etc/shorewall/proxyarp
+ fname=/etc/shorewall/proxyarp
+ ''['' -f /etc/shorewall/proxyarp '']''
+ strip_file maclist
+ local fname
+ ''['' 1 = 1 '']''
++ find_file maclist
++ local saveifs= directory
++ ''['' -n '''' -a -f /maclist
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/maclist '']''
++ ''['' -f /usr/share/shorewall/maclist '']''
++ IFS=
++ echo /etc/shorewall/maclist
+ fname=/etc/shorewall/maclist
+ ''['' -f /etc/shorewall/maclist '']''
+ strip_file nat
+ local fname
+ ''['' 1 = 1 '']''
++ find_file nat
++ local saveifs= directory
++ ''['' -n '''' -a -f /nat
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/nat '']''
++ ''['' -f /usr/share/shorewall/nat '']''
++ IFS=
++ echo /etc/shorewall/nat
+ fname=/etc/shorewall/nat
+ ''['' -f /etc/shorewall/nat '']''
+ strip_file netmap
+ local fname
+ ''['' 1 = 1 '']''
++ find_file netmap
++ local saveifs= directory
++ ''['' -n '''' -a -f /netmap
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/netmap '']''
++ ''['' -f /usr/share/shorewall/netmap '']''
++ IFS=
++ echo /etc/shorewall/netmap
+ fname=/etc/shorewall/netmap
+ ''['' -f /etc/shorewall/netmap '']''
+ terminator=fatal_error
+ deletechain shorewall
+ qt iptables -L shorewall -n
+ iptables -L shorewall -n
+ ''['' -n Yes '']''
+ delete_nat
+ run_iptables -t nat -F
+ ''['' -n '''' '']''
+ iptables -t nat -F
+ run_iptables -t nat -X
+ ''['' -n '''' '']''
+ iptables -t nat -X
+ ''['' -f /var/lib/shorewall/nat '']''
+ read external interface
+ rm -f ''{/var/lib/shorewall}/nat''
+ ''['' -d /var/lib/shorewall '']''
+ touch /var/lib/shorewall/nat
+ delete_proxy_arp
+ ''['' -f /var/lib/shorewall/proxyarp '']''
+ read address interface external haveroute
+ rm -f /var/lib/shorewall/proxyarp
+ ''['' -d /var/lib/shorewall '']''
+ touch /var/lib/shorewall/proxyarp
++
ls /proc/sys/net/ipv4/conf/all/proxy_arp
/proc/sys/net/ipv4/conf/default/proxy_arp /proc/sys/net/ipv4/conf/eth0/proxy_arp
/proc/sys/net/ipv4/conf/lo/proxy_arp
+ echo 0
+ echo 0
+ echo 0
+ echo 0
+ ''['' -n Yes '']''
+ run_iptables -t mangle -F
+ ''['' -n '''' '']''
+ iptables -t mangle -F
+ run_iptables -t mangle -X
+ ''['' -n '''' '']''
+ iptables -t mangle -X
+ ''['' -n '''' '']''
+ echo ''Deleting user chains...''
+ setpolicy INPUT DROP
+ run_iptables -P INPUT DROP
+ ''['' -n '''' '']''
+ iptables -P INPUT DROP
+ setpolicy OUTPUT DROP
+ run_iptables -P OUTPUT DROP
+ ''['' -n '''' '']''
+ iptables -P OUTPUT DROP
+ setpolicy FORWARD DROP
+ run_iptables -P FORWARD DROP
+ ''['' -n '''' '']''
+ iptables -P FORWARD DROP
+ deleteallchains
+ run_iptables -F
+ ''['' -n '''' '']''
+ iptables -F
+ run_iptables -X
+ ''['' -n '''' '']''
+ iptables -X
+ setcontinue FORWARD
+ run_iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ setcontinue INPUT
+ run_iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ setcontinue OUTPUT
+ run_iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ run_iptables -A INPUT -i lo -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A INPUT -i lo -j ACCEPT
+ run_iptables -A OUTPUT -o lo -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -o lo -j ACCEPT
++ find_file accounting
++ local saveifs= directory
++ ''['' -n '''' -a -f /accounting
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/accounting '']''
++ ''['' -f /usr/share/shorewall/accounting
'']''
++ IFS=
++ echo /etc/shorewall/accounting
+ accounting_file=/etc/shorewall/accounting
+ ''['' -f /etc/shorewall/accounting '']''
+ run_iptables -A INPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A INPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ run_iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ run_iptables -A FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ ''['' -n Yes '']''
+ run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
+ ''['' -n '''' '']''
+ iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
+ ''['' -z Yes '']''
+ createchain icmpdef no
++ chain_base icmpdef
++ local c=icmpdef
++ true
++ echo icmpdef
++ return
+ local c=icmpdef
+ run_iptables -N icmpdef
+ ''['' -n '''' '']''
+ iptables -N icmpdef
+ ''['' no = yes '']''
+ eval exists_icmpdef=Yes
++ exists_icmpdef=Yes
+ createchain reject no
++ chain_base reject
++ local c=reject
++ true
++ echo reject
++ return
+ local c=reject
+ run_iptables -N reject
+ ''['' -n '''' '']''
+ iptables -N reject
+ ''['' no = yes '']''
+ eval exists_reject=Yes
++ exists_reject=Yes
+ createchain dynamic no
++ chain_base dynamic
++ local c=dynamic
++ true
++ echo dynamic
++ return
+ local c=dynamic
+ run_iptables -N dynamic
+ ''['' -n '''' '']''
+ iptables -N dynamic
+ ''['' no = yes '']''
+ eval exists_dynamic=Yes
++ exists_dynamic=Yes
+ createchain smurfs no
++ chain_base smurfs
++ local c=smurfs
++ true
++ echo smurfs
++ return
+ local c=smurfs
+ run_iptables -N smurfs
+ ''['' -n '''' '']''
+ iptables -N smurfs
+ ''['' no = yes '']''
+ eval exists_smurfs=Yes
++ exists_smurfs=Yes
+ ''['' -f /var/lib/shorewall/save '']''
+ ''['' -n Yes '']''
+ state=-m state --state NEW,INVALID
+ echo ''Creating Interface Chains...''
++ forward_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_fwd
+ createchain eth0_fwd no
++ chain_base eth0_fwd
++ local c=eth0_fwd
++ true
++ echo eth0_fwd
++ return
+ local c=eth0_fwd
+ run_iptables -N eth0_fwd
+ ''['' -n '''' '']''
+ iptables -N eth0_fwd
+ ''['' no = yes '']''
+ eval exists_eth0_fwd=Yes
++ exists_eth0_fwd=Yes
++ forward_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_fwd
+ run_iptables -A eth0_fwd -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ iptables -A eth0_fwd -m state --state NEW,INVALID -j dynamic
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
+ createchain eth0_in no
++ chain_base eth0_in
++ local c=eth0_in
++ true
++ echo eth0_in
++ return
+ local c=eth0_in
+ run_iptables -N eth0_in
+ ''['' -n '''' '']''
+ iptables -N eth0_in
+ ''['' no = yes '']''
+ eval exists_eth0_in=Yes
++ exists_eth0_in=Yes
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
+ run_iptables -A eth0_in -m state --state NEW,INVALID -j dynamic
+ ''['' -n '''' '']''
+ iptables -A eth0_in -m state --state NEW,INVALID -j dynamic
+ echo ''Configuring Proxy ARP''
+ setup_proxy_arp
+ save_progress_message ''Restoring Proxy ARP...''
+ echo
+ echo ''progress_message "Restoring Proxy ARP..."''
+ echo
+ read address interface external haveroute persistent
++ find_interfaces_by_option proxyarp
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search proxyarp dhcp
++ local e=proxyarp
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xproxyarp = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ interfaces+ echo ''Setting up NAT...''
+ setup_nat
+ local allints
+ save_progress_message ''Restoring one-to-one NAT...''
+ echo
+ echo ''progress_message "Restoring one-to-one
NAT..."''
+ echo
+ read external interface internal allints localnat
+ echo ''Setting up NETMAP...''
+ setup_netmap
+ read type net1 interface net2
+ echo ''Adding Common Rules''
+ add_common_rules
+ local savelogparms++ find_broadcasts
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''bcast=$eth0_broadcast''
+++ bcast=detect
++ ''['' xdetect = xdetect '']''
++ ip -f inet addr show eth0
++ grep ''inet.*brd''
++ sed ''s/inet.*brd //; s/scope.*//;''
++ sort -u
+ local ''broadcasts= 192.168.0.255 255.255.255.255
224.0.0.0/4''
+ ''['' -n info '']''
+ log_rule info smurfs DROP -s 192.168.0.255
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ shift
+ shift
+ shift
+ log_rule_limit info smurfs DROP '''' '''' -s
192.168.0.255
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: smurfs DROP
+ prefix=Shorewall:smurfs:DROP:
+ ''['' 22 -gt 29 '']''
+ iptables -A smurfs -s 192.168.0.255 -j LOG --log-level info
--log-prefix Shorewall:smurfs:DROP:
+ ''['' 0 -ne 0 '']''
+ run_iptables -A smurfs -s 192.168.0.255 -j DROP
+ ''['' -n '''' '']''
+ iptables -A smurfs -s 192.168.0.255 -j DROP
+ ''['' -n info '']''
+ log_rule info smurfs DROP -s 255.255.255.255
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ shift
+ shift
+ shift
+ log_rule_limit info smurfs DROP '''' '''' -s
255.255.255.255
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: smurfs DROP
+ prefix=Shorewall:smurfs:DROP:
+ ''['' 22 -gt 29 '']''
+ iptables -A smurfs -s 255.255.255.255 -j LOG --log-level info
--log-prefix Shorewall:smurfs:DROP:
+ ''['' 0 -ne 0 '']''
+ run_iptables -A smurfs -s 255.255.255.255 -j DROP
+ ''['' -n '''' '']''
+ iptables -A smurfs -s 255.255.255.255 -j DROP
+ ''['' -n info '']''
+ log_rule info smurfs DROP -s 224.0.0.0/4
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ shift
+ shift
+ shift
+ log_rule_limit info smurfs DROP '''' '''' -s
224.0.0.0/4
+ local level=info
+ local chain=smurfs
+ local disposition=DROP
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: smurfs DROP
+ prefix=Shorewall:smurfs:DROP:
+ ''['' 22 -gt 29 '']''
+ iptables -A smurfs -s 224.0.0.0/4 -j LOG --log-level info --log-prefix
Shorewall:smurfs:DROP:
+ ''['' 0 -ne 0 '']''
+ run_iptables -A smurfs -s 224.0.0.0/4 -j DROP
+ ''['' -n '''' '']''
+ iptables -A smurfs -s 224.0.0.0/4 -j DROP
+ ''['' -n Yes '']''
+ qt iptables -A reject -m pkttype --pkt-type broadcast -j DROP
+ iptables -A reject -m pkttype --pkt-type broadcast -j DROP
+ qt iptables -A reject -m pkttype --pkt-type multicast -j DROP
+ iptables -A reject -m pkttype --pkt-type multicast -j DROP
+ run_iptables -A reject -s 192.168.0.255 -j DROP
+ ''['' -n '''' '']''
+ iptables -A reject -s 192.168.0.255 -j DROP
+ run_iptables -A reject -s 255.255.255.255 -j DROP
+ ''['' -n '''' '']''
+ iptables -A reject -s 255.255.255.255 -j DROP
+ run_iptables -A reject -s 224.0.0.0/4 -j DROP
+ ''['' -n '''' '']''
+ iptables -A reject -s 224.0.0.0/4 -j DROP
+ run_iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
+ ''['' -n '''' '']''
+ iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
+ run_iptables -A reject -p udp -j REJECT
+ ''['' -n '''' '']''
+ iptables -A reject -p udp -j REJECT
+ qt iptables -A reject -p icmp -j REJECT --reject-with
icmp-host-unreachable
+ iptables -A reject -p icmp -j REJECT --reject-with
icmp-host-unreachable
+ qt iptables -A reject -j REJECT --reject-with icmp-host-prohibited
+ iptables -A reject -j REJECT --reject-with icmp-host-prohibited
+ run_user_exit initdone
++ find_file initdone
++ local saveifs= directory
++ ''['' -n '''' -a -f /initdone
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/initdone '']''
++ ''['' -f /usr/share/shorewall/initdone '']''
++ IFS=
++ echo /etc/shorewall/initdone
+ local user_exit=/etc/shorewall/initdone
+ ''['' -f /etc/shorewall/initdone '']''
+ setup_blacklist
++ find_hosts_by_option blacklist
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 blacklist
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search blacklist dhcp
++ local e=blacklist
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xblacklist = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ local hosts++ find_file blacklist
++ local saveifs= directory
++ ''['' -n '''' -a -f /blacklist
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/blacklist '']''
++ ''['' -f /usr/share/shorewall/blacklist '']''
++ IFS=
++ echo /etc/shorewall/blacklist
+ local f=/etc/shorewall/blacklist
+ local disposition=DROP
+ ''['' -n '''' -a -f /etc/shorewall/blacklist
'']''
++ find_hosts_by_option nosmurfs
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 nosmurfs
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search nosmurfs dhcp
++ local e=nosmurfs
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xnosmurfs = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ hosts+ ''['' -n '''' '']''
++ find_interfaces_by_option dhcp
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search dhcp dhcp
++ local e=dhcp
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xdhcp = xdhcp '']''
++ return 0
++ echo eth0
+ interfaces=eth0
+ ''['' -n eth0 '']''
+ echo ''Adding rules for DHCP''
+ ''['' -n '''' '']''
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
+ run_iptables -A eth0_in -p udp --dport 67:68 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A eth0_in -p udp --dport 67:68 -j ACCEPT
+ run_iptables -A OUTPUT -o eth0 -p udp --dport 67:68 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -o eth0 -p udp --dport 67:68 -j ACCEPT
++ find_hosts_by_option norfc1918
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 norfc1918
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search norfc1918 dhcp
++ local e=norfc1918
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xnorfc1918 = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ hosts+ ''['' -n '''' '']''
++ find_hosts_by_option nobogons
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 nobogons
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search nobogons dhcp
++ local e=nobogons
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xnobogons = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ hosts+ ''['' -n '''' '']''
++ find_hosts_by_option tcpflags
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 tcpflags
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search tcpflags dhcp
++ local e=tcpflags
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xtcpflags = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ hosts+ ''['' -n '''' '']''
+ save_progress_message ''Restoring ARP filtering...''
+ echo
+ echo ''progress_message "Restoring ARP
filtering..."''
+ echo
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/conf/all/arp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/all/arp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/all/arp_filter
++ echo 0
+ run_and_save_command ''echo 0> /proc/sys/net/ipv4/conf/default/arp_filter''
+ echo ''echo 0 >
/proc/sys/net/ipv4/conf/default/arp_filter''
+ eval echo 0 ''>''
/proc/sys/net/ipv4/conf/default/arp_filter
++ echo 0
+ run_and_save_command ''echo 0> /proc/sys/net/ipv4/conf/eth0/arp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/eth0/arp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/eth0/arp_filter
++ echo 0
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/conf/lo/arp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/lo/arp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/lo/arp_filter
++ echo 0
++ find_interfaces_by_option arp_filter
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search arp_filter dhcp
++ local e=arp_filter
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xarp_filter = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ interfaces+ ''['' -n ''''
'']''
++ find_interfaces_by_option routefilter
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search routefilter dhcp
++ local e=routefilter
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xroutefilter = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ interfaces+ ''['' -n '''' -o -n Yes
'']''
+ echo ''Setting up Kernel Route Filtering...''
+ save_progress_message ''Restoring Route Filtering...''
+ echo
+ echo ''progress_message "Restoring Route
Filtering..."''
+ echo
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/conf/all/rp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/all/rp_filter
++ echo 0
+ run_and_save_command ''echo 0> /proc/sys/net/ipv4/conf/default/rp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/default/rp_filter
++ echo 0
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/conf/eth0/rp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/eth0/rp_filter
++ echo 0
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/conf/lo/rp_filter''
+ echo ''echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/conf/lo/rp_filter
++ echo 0
+ run_and_save_command ''echo 1 >
/proc/sys/net/ipv4/conf/all/rp_filter''
+ echo ''echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter''
+ eval echo 1 ''>'' /proc/sys/net/ipv4/conf/all/rp_filter
++ echo 1
+ ''['' -n Yes '']''
+ run_and_save_command ''echo 1> /proc/sys/net/ipv4/conf/default/rp_filter''
+ echo ''echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter''
+ eval echo 1 ''>'' /proc/sys/net/ipv4/conf/default/rp_filter
++ echo 1
+ run_and_save_command ip route flush cache
+ echo ip route flush cache
+ eval ip route flush cache
++ ip route flush cache
+ ''['' -n '''' '']''
+ setup_forwarding
+ save_progress_message ''Restoring IP Forwarding...''
+ echo
+ echo ''progress_message "Restoring IP
Forwarding..."''
+ echo
+ run_and_save_command ''echo 0 >
/proc/sys/net/ipv4/ip_forward''
+ echo ''echo 0 > /proc/sys/net/ipv4/ip_forward''
+ eval echo 0 ''>'' /proc/sys/net/ipv4/ip_forward
++ echo 0
+ echo ''IP Forwarding Disabled!''
++ find_file tunnels
++ local saveifs= directory
++ ''['' -n '''' -a -f /tunnels
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/tunnels '']''
++ ''['' -f /usr/share/shorewall/tunnels '']''
++ IFS=
++ echo /etc/shorewall/tunnels
+ tunnels=/etc/shorewall/tunnels
+ ''['' -f /etc/shorewall/tunnels '']''
++ find_hosts_by_option maclist
++ local ignore hosts interface address addresses options
++ read ignore hosts options
++ interface_has_option eth0 maclist
++ local options
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ eval ''options=$eth0_options''
+++ options=dhcp
++ list_search maclist dhcp
++ local e=maclist
++ ''['' 2 -gt 1 '']''
++ shift
++ ''['' xmaclist = xdhcp '']''
++ ''['' 1 -gt 1 '']''
++ return 1
+ maclist_hosts+ ''['' -n ''''
'']''
+ echo ''Pre-processing Actions...''
+ process_actions1
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid
+ USEDACTIONS+ strip_file actions
+ local fname
+ ''['' 1 = 1 '']''
++ find_file actions
++ local saveifs= directory
++ ''['' -n '''' -a -f /actions
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/actions '']''
++ ''['' -f /usr/share/shorewall/actions '']''
++ IFS=
++ echo /etc/shorewall/actions
+ fname=/etc/shorewall/actions
+ ''['' -f /etc/shorewall/actions '']''
+ strip_file actions.std /usr/share/shorewall/actions.std
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/actions.std
+ ''['' -f /usr/share/shorewall/actions.std
'']''
+ read_file /usr/share/shorewall/actions.std 0
+ local first rest
+ ''['' -f /usr/share/shorewall/actions.std
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /usr/share/shorewall/actions.std''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Builtin Actions are:''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropBcast #Silently Drop
Broadcast/multicast''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropNonSyn #Silently Drop Non-syn TCP
packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# rejNonSyn #Silently Reject Non-syn TCP
packets''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# logNonSyn #Log Non-syn TCP packets with disposition
LOG''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dLogNonSyn #Log Non-syn TCP packets with disposition
DROP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ echo ''# rLogNonSyn #Log Non-syn TCP packets with disposition
REJECT''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# dropInvalid #Silently Drop packets that are in the
INVALID''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #conntrack state.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# allowInvalid #Accept packets that are in the INVALID
conntrack''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# #state''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The NonSyn logging builtins log at the level specified by
LOGNEWNOTSYN in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# shorewall.conf. If that option
isn''\''''t specified then
''\''''info''\'''' is
used.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x#ACTION = xINCLUDE '']''
+ echo ''#ACTION ''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xDropSMB = xINCLUDE '']''
+ echo ''DropSMB #Silently Drops Microsoft SMB Traffic''
+ read first rest
+ ''['' xRejectSMB = xINCLUDE '']''
+ echo ''RejectSMB #Silently Reject Microsoft SMB Traffic''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP #Silently Drop UPnP Probes''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth #Silently Reject Auth''
+ read first rest
+ ''['' xDropPing = xINCLUDE '']''
+ echo ''DropPing #Silently Drop Ping''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep #Silently Drop DNS Replies''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xAllowPing = xINCLUDE '']''
+ echo ''AllowPing #Accept Ping''
+ read first rest
+ ''['' xAllowFTP = xINCLUDE '']''
+ echo ''AllowFTP #Accept FTP''
+ read first rest
+ ''['' xAllowDNS = xINCLUDE '']''
+ echo ''AllowDNS #Accept DNS''
+ read first rest
+ ''['' xAllowSSH = xINCLUDE '']''
+ echo ''AllowSSH #Accept SSH''
+ read first rest
+ ''['' xAllowWeb = xINCLUDE '']''
+ echo ''AllowWeb #Allow Web Browsing''
+ read first rest
+ ''['' xAllowSMB = xINCLUDE '']''
+ echo ''AllowSMB #Allow MS Networking''
+ read first rest
+ ''['' xAllowAuth = xINCLUDE '']''
+ echo ''AllowAuth #Allow Auth (identd)''
+ read first rest
+ ''['' xAllowSMTP = xINCLUDE '']''
+ echo ''AllowSMTP #Allow SMTP (Email)''
+ read first rest
+ ''['' xAllowPOP3 = xINCLUDE '']''
+ echo ''AllowPOP3 #Allow reading mail via POP3''
+ read first rest
+ ''['' xAllowIMAP = xINCLUDE '']''
+ echo ''AllowIMAP #Allow reading mail via IMAP''
+ read first rest
+ ''['' xAllowTelnet = xINCLUDE '']''
+ echo ''AllowTelnet #Allow Telnet Access (not recommended for use over
the''
+ read first rest
+ ''['' ''x#Internet)'' = xINCLUDE
'']''
+ echo ''#Internet) ''
+ read first rest
+ ''['' xAllowVNC = xINCLUDE '']''
+ echo ''AllowVNC #Allow VNC viewer->server, Displays 0-9''
+ read first rest
+ ''['' xAllowVNCL = xINCLUDE '']''
+ echo ''AllowVNCL #Allow VNC server->viewer in listening
mode''
+ read first rest
+ ''['' xAllowNTP = xINCLUDE '']''
+ echo ''AllowNTP #Allow Network Time Protocol (ntpd)''
+ read first rest
+ ''['' xAllowRdate = xINCLUDE '']''
+ echo ''AllowRdate #Allow remote time (rdate).''
+ read first rest
+ ''['' xAllowNNTP = xINCLUDE '']''
+ echo ''AllowNNTP #Allow network news (Usenet).''
+ read first rest
+ ''['' xAllowTrcrt = xINCLUDE '']''
+ echo ''AllowTrcrt #Allows Traceroute (20 hops)''
+ read first rest
+ ''['' xAllowSNMP = xINCLUDE '']''
+ echo ''AllowSNMP #Allows SNMP (including traps)''
+ read first rest
+ ''['' xAllowPCA = xINCLUDE '']''
+ echo ''AllowPCA #Allows PCAnywhere (tm)''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Added in Debian Packaging''
+ read first rest
+ ''['' xAllowSPAMD = xINCLUDE '']''
+ echo ''AllowSPAMD #Allows SpamAssassin daemon''
+ read first rest
+ ''['' xAllowSyslog = xINCLUDE '']''
+ echo ''AllowSyslog #Allows syslog udp traffic''
+ read first rest
+ ''['' xAllowAmanda = xINCLUDE '']''
+ echo ''AllowAmanda # Allow connections required by the Amanda backup
system''
+ read first rest
+ ''['' xAllowLDAP = xINCLUDE '']''
+ echo ''AllowLDAP # accepts LDAP traffic''
+ read first rest
+ ''['' xAllowICQ = xINCLUDE '']''
+ echo ''AllowICQ # Accepts ICQ traffic''
+ read first rest
+ ''['' xAllowBitTorrent = xINCLUDE '']''
+ echo ''AllowBitTorrent # Accepts BitTorrent traffic''
+ read first rest
+ ''['' xAllowSMBswat = xINCLUDE '']''
+ echo ''AllowSMBswat # Allows Samba Swat''
+ read first rest
+ ''['' xDropSMTP = xINCLUDE '']''
+ echo ''DropSMTP # silently drops SMTP traffic''
+ read first rest
+ ''['' xAllowCVS = xINCLUDE '']''
+ echo ''AllowCVS # accept cvs pserver traffic''
+ read first rest
+ ''['' xAllowSVN = xINCLUDE '']''
+ echo ''AllowSVN # accept Subversion traffic''
+ read first rest
+ ''['' xAllowMySQL = xINCLUDE '']''
+ echo ''AllowMySQL # accept MySQL traffic''
+ read first rest
+ ''['' xAllowPostgreSQL = xINCLUDE '']''
+ echo ''AllowPostgreSQL # accept PostgreSQL traffic''
+ read first rest
+ ''['' xAllowRsync = xINCLUDE '']''
+ echo ''AllowRsync # accept rsync traffic''
+ read first rest
+ ''['' xAllowDistcc = xINCLUDE '']''
+ echo ''AllowDistcc # accept Distributed Compiler traffic''
+ read first rest
+ ''['' xAllowBaculaDIR = xINCLUDE '']''
+ echo ''AllowBaculaDIR # accept BaculaDIR traffic''
+ read first rest
+ ''['' xAllowBaculaFD = xINCLUDE '']''
+ echo ''AllowBaculaFD # accept BaculaFD traffic''
+ read first rest
+ ''['' xAllowBaculaSD = xINCLUDE '']''
+ echo ''AllowBaculaSD # accept BaculaSD traffic''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xDrop:DROP = xINCLUDE '']''
+ echo ''Drop:DROP #Common Action for DROP policy''
+ read first rest
+ ''['' xReject:REJECT = xINCLUDE '']''
+ echo ''Reject:REJECT #Common Action for REJECT policy''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT
REMOVE''
+ read first rest
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z DropSMB '']''
++ chain_base DropSMB
++ local c=DropSMB
++ true
++ echo DropSMB
++ return
+ ''['' DropSMB = DropSMB '']''
+ list_search DropSMB dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid
+ local e=DropSMB
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNonSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrejNotSyn '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xlogNotSyn '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrLogNotSyn '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdLogNotSyn '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowInvalid '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropSMB
++ find_file action.DropSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropSMB '']''
++ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
++ echo /usr/share/shorewall/action.DropSMB
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropSMB...''
+ strip_file action.DropSMB /usr/share/shorewall/action.DropSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropSMB
+ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
+ read_file /usr/share/shorewall/action.DropSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
+ read first rest
+ cut -d# -f1
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 135''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 139''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp 445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z RejectSMB '']''
++ chain_base RejectSMB
++ local c=RejectSMB
++ true
++ echo RejectSMB
++ return
+ ''['' RejectSMB = RejectSMB '']''
+ list_search RejectSMB dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
+ local e=RejectSMB
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNonSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrejNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xlogNotSyn '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrLogNotSyn '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdLogNotSyn '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowInvalid '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.RejectSMB
++ find_file action.RejectSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.RejectSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.RejectSMB
'']''
++ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
++ echo /usr/share/shorewall/action.RejectSMB
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.RejectSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.RejectSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.RejectSMB...''
+ strip_file action.RejectSMB /usr/share/shorewall/action.RejectSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.RejectSMB
+ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
+ read_file /usr/share/shorewall/action.RejectSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.RejectSMB''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently rejects Microsoft SMB traffic''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 135''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 137:139''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - udp 445''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 135''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 139''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z DropUPnP '']''
++ chain_base DropUPnP
++ local c=DropUPnP
++ true
++ echo DropUPnP
++ return
+ ''['' DropUPnP = DropUPnP '']''
+ list_search DropUPnP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB
+ local e=DropUPnP
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xlogNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrLogNotSyn '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdLogNotSyn '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropUPnP
++ find_file action.DropUPnP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropUPnP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropUPnP '']''
++ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
++ echo /usr/share/shorewall/action.DropUPnP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropUPnP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropUPnP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropUPnP...''
+ strip_file action.DropUPnP /usr/share/shorewall/action.DropUPnP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropUPnP
+ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
+ read_file /usr/share/shorewall/action.DropUPnP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.DropUPnP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops UPnP probes on UDP port
1900''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp 1900''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z RejectAuth '']''
++ chain_base RejectAuth
++ local c=RejectAuth
++ true
++ echo RejectAuth
++ return
+ ''['' RejectAuth = RejectAuth '']''
+ list_search RejectAuth dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP
+ local e=RejectAuth
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xlogNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrLogNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdLogNotSyn '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.RejectAuth
++ find_file action.RejectAuth
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.RejectAuth
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.RejectAuth
'']''
++ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
++ echo /usr/share/shorewall/action.RejectAuth
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.RejectAuth
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.RejectAuth '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.RejectAuth...''
+ strip_file action.RejectAuth /usr/share/shorewall/action.RejectAuth
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.RejectAuth
+ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
+ read_file /usr/share/shorewall/action.RejectAuth 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
+ cut -d# -f1
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.RejectAuth''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xREJECT = xINCLUDE '']''
+ echo ''REJECT - - tcp 113''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=REJECT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z DropPing '']''
++ chain_base DropPing
++ local c=DropPing
++ true
++ echo DropPing
++ return
+ ''['' DropPing = DropPing '']''
+ list_search DropPing dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth
+ local e=DropPing
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropBcast '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropNonSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropPing = xrejNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropPing = xlogNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropPing = xrLogNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdLogNotSyn '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropPing = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropPing = xallowInvalid '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropPing = xDropSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropPing = xRejectSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropPing = xDropUPnP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropPing = xRejectAuth '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropPing
++ find_file action.DropPing
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropPing
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropPing '']''
++ ''['' -f /usr/share/shorewall/action.DropPing
'']''
++ echo /usr/share/shorewall/action.DropPing
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropPing
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropPing '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropPing...''
+ strip_file action.DropPing /usr/share/shorewall/action.DropPing
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropPing
+ ''['' -f /usr/share/shorewall/action.DropPing
'']''
+ read_file /usr/share/shorewall/action.DropPing 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropPing
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.DropPing''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops
''\''''ping''\''''
requests.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - icmp 8''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z DropDNSrep '']''
++ chain_base DropDNSrep
++ local c=DropDNSrep
++ true
++ echo DropDNSrep
++ return
+ ''['' DropDNSrep = DropDNSrep '']''
+ list_search DropDNSrep dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing
+ local e=DropDNSrep
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xlogNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrLogNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdLogNotSyn '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropDNSrep
++ find_file action.DropDNSrep
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropDNSrep
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropDNSrep
'']''
++ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
++ echo /usr/share/shorewall/action.DropDNSrep
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropDNSrep
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropDNSrep '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropDNSrep...''
+ strip_file action.DropDNSrep /usr/share/shorewall/action.DropDNSrep
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropDNSrep
+ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
+ read_file /usr/share/shorewall/action.DropDNSrep 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.DropDNSrep''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops DNS UDP replies''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - udp - 53''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowPing '']''
++ chain_base AllowPing
++ local c=AllowPing
++ true
++ echo AllowPing
++ return
+ ''['' AllowPing = AllowPing '']''
+ list_search AllowPing dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep
+ local e=AllowPing
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropBcast '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropNonSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xrejNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xlogNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xrLogNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdLogNotSyn '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xdropInvalid '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xallowInvalid '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xRejectSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xRejectAuth '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropPing '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPing = xDropDNSrep '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPing
++ find_file action.AllowPing
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowPing
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowPing
'']''
++ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
++ echo /usr/share/shorewall/action.AllowPing
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowPing
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPing '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPing...''
+ strip_file action.AllowPing /usr/share/shorewall/action.AllowPing
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPing
+ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
+ read_file /usr/share/shorewall/action.AllowPing 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPing
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowPing''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts
''\''''ping''\''''
requests.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ cut -d# -f1
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowFTP '']''
++ chain_base AllowFTP
++ local c=AllowFTP
++ true
++ echo AllowFTP
++ return
+ ''['' AllowFTP = AllowFTP '']''
+ list_search AllowFTP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing
+ local e=AllowFTP
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropBcast '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropNonSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xrejNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xlogNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xrLogNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdLogNotSyn '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xdropInvalid '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xallowInvalid '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xRejectSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropUPnP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xRejectAuth '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropPing '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xDropDNSrep '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowFTP = xAllowPing '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowFTP
++ find_file action.AllowFTP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowFTP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowFTP '']''
++ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
++ echo /usr/share/shorewall/action.AllowFTP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowFTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowFTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowFTP...''
+ strip_file action.AllowFTP /usr/share/shorewall/action.AllowFTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowFTP
+ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
+ read_file /usr/share/shorewall/action.AllowFTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowFTP
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowFTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts FTP traffic. See''
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# http://www.shorewall.net/FTP.html for additional
considerations.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 21''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowDNS '']''
++ chain_base AllowDNS
++ local c=AllowDNS
++ true
++ echo AllowDNS
++ return
+ ''['' AllowDNS = AllowDNS '']''
+ list_search AllowDNS dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
+ local e=AllowDNS
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropBcast '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropNonSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xrejNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xlogNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xrLogNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdLogNotSyn '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xdropInvalid '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xallowInvalid '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xRejectSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropUPnP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xRejectAuth '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropPing '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xDropDNSrep '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xAllowPing '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowDNS = xAllowFTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowDNS
++ find_file action.AllowDNS
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowDNS
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowDNS '']''
++ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
++ echo /usr/share/shorewall/action.AllowDNS
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowDNS
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowDNS '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowDNS...''
+ strip_file action.AllowDNS /usr/share/shorewall/action.AllowDNS
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowDNS
+ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
+ read_file /usr/share/shorewall/action.AllowDNS 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowDNS
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowDNS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts DNS traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 53''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 53''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSSH '']''
++ chain_base AllowSSH
++ local c=AllowSSH
++ true
++ echo AllowSSH
++ return
+ ''['' AllowSSH = AllowSSH '']''
+ list_search AllowSSH dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS
+ local e=AllowSSH
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropBcast '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropNonSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xrejNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xlogNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xrLogNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdLogNotSyn '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xdropInvalid '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xallowInvalid '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xRejectSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropUPnP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xRejectAuth '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropPing '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xDropDNSrep '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowPing '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowFTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSSH = xAllowDNS '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSSH
++ find_file action.AllowSSH
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSSH
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSSH '']''
++ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
++ echo /usr/share/shorewall/action.AllowSSH
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSSH
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSSH '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSSH...''
+ strip_file action.AllowSSH /usr/share/shorewall/action.AllowSSH
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSSH
+ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
+ read_file /usr/share/shorewall/action.AllowSSH 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSSH
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSSH''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts secure shell (SSH) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 22''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowWeb '']''
++ chain_base AllowWeb
++ local c=AllowWeb
++ true
++ echo AllowWeb
++ return
+ ''['' AllowWeb = AllowWeb '']''
+ list_search AllowWeb dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH
+ local e=AllowWeb
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropBcast '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropNonSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xrejNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xlogNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xrLogNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdLogNotSyn '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xdropInvalid '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xallowInvalid '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xRejectSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropUPnP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xRejectAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropPing '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xDropDNSrep '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowPing '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowFTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowDNS '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowWeb = xAllowSSH '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowWeb
++ find_file action.AllowWeb
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowWeb
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowWeb '']''
++ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
++ echo /usr/share/shorewall/action.AllowWeb
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowWeb
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowWeb '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowWeb...''
+ strip_file action.AllowWeb /usr/share/shorewall/action.AllowWeb
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowWeb
+ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
+ read_file /usr/share/shorewall/action.AllowWeb 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowWeb
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowWeb''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts WWW traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 80''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - TCP 443''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSMB '']''
++ chain_base AllowSMB
++ local c=AllowSMB
++ true
++ echo AllowSMB
++ return
+ ''['' AllowSMB = AllowSMB '']''
+ list_search AllowSMB dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb
+ local e=AllowSMB
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropBcast '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropNonSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xrejNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xlogNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xrLogNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdLogNotSyn '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xdropInvalid '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xallowInvalid '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xRejectSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropUPnP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropPing '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xDropDNSrep '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowPing '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowFTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowDNS '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowSSH '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSMB = xAllowWeb '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSMB
++ find_file action.AllowSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSMB '']''
++ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
++ echo /usr/share/shorewall/action.AllowSMB
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSMB
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSMB '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSMB...''
+ strip_file action.AllowSMB /usr/share/shorewall/action.AllowSMB
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSMB
+ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
+ read_file /usr/share/shorewall/action.AllowSMB 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSMB
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSMB''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Allow Microsoft SMB traffic. You need to invoke this action
in''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# both directions.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 135,445''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 137:139''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 1024: 137''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp
135,139,445''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowAuth '']''
++ chain_base AllowAuth
++ local c=AllowAuth
++ true
++ echo AllowAuth
++ return
+ ''['' AllowAuth = AllowAuth '']''
+ list_search AllowAuth dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB
+ local e=AllowAuth
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropBcast '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropNonSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xrejNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xlogNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xrLogNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdLogNotSyn '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xdropInvalid '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xallowInvalid '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xRejectSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropUPnP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xRejectAuth '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropPing '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xDropDNSrep '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowPing '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowFTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowDNS '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowSSH '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowWeb '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowAuth = xAllowSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowAuth
++ find_file action.AllowAuth
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowAuth
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowAuth
'']''
++ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
++ echo /usr/share/shorewall/action.AllowAuth
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowAuth
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowAuth '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowAuth...''
+ strip_file action.AllowAuth /usr/share/shorewall/action.AllowAuth
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowAuth
+ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
+ read_file /usr/share/shorewall/action.AllowAuth 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowAuth
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowAuth''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Auth (identd) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 113''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSMTP '']''
++ chain_base AllowSMTP
++ local c=AllowSMTP
++ true
++ echo AllowSMTP
++ return
+ ''['' AllowSMTP = AllowSMTP '']''
+ list_search AllowSMTP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth
+ local e=AllowSMTP
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropBcast '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropNonSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xrejNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xlogNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xrLogNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdLogNotSyn '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xdropInvalid '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xallowInvalid '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xRejectSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropUPnP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xRejectAuth '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropPing '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xDropDNSrep '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowPing '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowFTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowDNS '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowSSH '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowWeb '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSMTP = xAllowAuth '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSMTP
++ find_file action.AllowSMTP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSMTP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSMTP
'']''
++ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
++ echo /usr/share/shorewall/action.AllowSMTP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSMTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSMTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSMTP...''
+ strip_file action.AllowSMTP /usr/share/shorewall/action.AllowSMTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSMTP
+ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
+ read_file /usr/share/shorewall/action.AllowSMTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSMTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSMTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts SMTP (email) traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Note: This action allows traffic between an MUA (Email
client)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# and an MTA (mail server) or between MTAs. It does not
enable''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# reading of email via POP3 or IMAP. For those you need to
use''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# the AllowPOP3 or AllowIMAP actions.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 25''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowPOP3 '']''
++ chain_base AllowPOP3
++ local c=AllowPOP3
++ true
++ echo AllowPOP3
++ return
+ ''['' AllowPOP3 = AllowPOP3 '']''
+ list_search AllowPOP3 dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP
+ local e=AllowPOP3
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropBcast '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropNonSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xrejNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xlogNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xrLogNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdLogNotSyn '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xdropInvalid '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xallowInvalid '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xRejectSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropUPnP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xRejectAuth '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropPing '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xDropDNSrep '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowPing '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowFTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowDNS '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSSH '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowWeb '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowAuth '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPOP3 = xAllowSMTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPOP3
++ find_file action.AllowPOP3
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowPOP3
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowPOP3
'']''
++ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
++ echo /usr/share/shorewall/action.AllowPOP3
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowPOP3
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPOP3 '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPOP3...''
+ strip_file action.AllowPOP3 /usr/share/shorewall/action.AllowPOP3
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPOP3
+ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
+ read_file /usr/share/shorewall/action.AllowPOP3 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPOP3
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowPOP3''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts POP3 traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 110 #Unsecure POP3''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 995 #Secure POP3''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowIMAP '']''
++ chain_base AllowIMAP
++ local c=AllowIMAP
++ true
++ echo AllowIMAP
++ return
+ ''['' AllowIMAP = AllowIMAP '']''
+ list_search AllowIMAP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
+ local e=AllowIMAP
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropBcast '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropNonSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xrejNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xlogNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xrLogNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdLogNotSyn '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xdropInvalid '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xallowInvalid '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xRejectSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropUPnP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xRejectAuth '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropPing '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xDropDNSrep '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowPing '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowFTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowDNS '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSSH '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowWeb '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowAuth '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowSMTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowIMAP = xAllowPOP3 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowIMAP
++ find_file action.AllowIMAP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowIMAP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowIMAP
'']''
++ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
++ echo /usr/share/shorewall/action.AllowIMAP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowIMAP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowIMAP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowIMAP...''
+ strip_file action.AllowIMAP /usr/share/shorewall/action.AllowIMAP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowIMAP
+ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
+ read_file /usr/share/shorewall/action.AllowIMAP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowIMAP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowIMAP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts IMAP traffic (secure and
insecure):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 143 #Unsecure IMAP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 993 #Secure IMAP''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowTelnet '']''
++ chain_base AllowTelnet
++ local c=AllowTelnet
++ true
++ echo AllowTelnet
++ return
+ ''['' AllowTelnet = AllowTelnet '']''
+ list_search AllowTelnet dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP
+ local e=AllowTelnet
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropBcast '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropNonSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xrejNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xlogNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xrLogNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdLogNotSyn '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xdropInvalid '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xallowInvalid '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xRejectSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropUPnP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xRejectAuth '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropPing '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xDropDNSrep '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowPing '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowFTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowDNS '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSSH '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowWeb '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowAuth '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowSMTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowPOP3 '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowTelnet = xAllowIMAP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowTelnet
++ find_file action.AllowTelnet
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowTelnet
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowTelnet
'']''
++ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
++ echo /usr/share/shorewall/action.AllowTelnet
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowTelnet
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowTelnet '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowTelnet...''
+ strip_file action.AllowTelnet /usr/share/shorewall/action.AllowTelnet
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowTelnet
+ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
+ read_file /usr/share/shorewall/action.AllowTelnet 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowTelnet
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowTelnet''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Telnet traffic. For traffic over
the''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# internet, telnet is inappropriate; use SSH instead''
+ cut -d# -f1
+ echo ''ACCEPT - - tcp 23''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowVNC '']''
++ chain_base AllowVNC
++ local c=AllowVNC
++ true
++ echo AllowVNC
++ return
+ ''['' AllowVNC = AllowVNC '']''
+ list_search AllowVNC dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet
+ local e=AllowVNC
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropBcast '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropNonSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xrejNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xlogNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xrLogNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdLogNotSyn '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xdropInvalid '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xallowInvalid '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropSMB '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xRejectSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropUPnP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xRejectAuth '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropPing '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xDropDNSrep '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowPing '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowFTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowDNS '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSSH '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowWeb '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSMB '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowAuth '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowSMTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowPOP3 '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowIMAP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowVNC = xAllowTelnet '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowVNC
++ find_file action.AllowVNC
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowVNC
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowVNC '']''
++ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
++ echo /usr/share/shorewall/action.AllowVNC
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowVNC
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowVNC '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowVNC...''
+ strip_file action.AllowVNC /usr/share/shorewall/action.AllowVNC
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowVNC
+ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
+ read_file /usr/share/shorewall/action.AllowVNC 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowVNC
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ cut -d# -f1
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowVNC''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts VNC traffic for VNC
display''\''''s 0 - 9.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ grep -v ''^[[:space:]]*$''
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5900:5909''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowVNCL '']''
++ chain_base AllowVNCL
++ local c=AllowVNCL
++ true
++ echo AllowVNCL
++ return
+ ''['' AllowVNCL = AllowVNCL '']''
+ list_search AllowVNCL dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC
+ local e=AllowVNCL
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropBcast '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropNonSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xrejNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xlogNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xrLogNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdLogNotSyn '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xdropInvalid '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xallowInvalid '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropSMB '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xRejectSMB '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropUPnP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xRejectAuth '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropPing '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xDropDNSrep '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowPing '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowFTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowDNS '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSSH '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowWeb '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSMB '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowAuth '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowSMTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowPOP3 '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowIMAP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowTelnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowVNCL = xAllowVNC '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowVNCL
++ find_file action.AllowVNCL
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowVNCL
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowVNCL
'']''
++ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
++ echo /usr/share/shorewall/action.AllowVNCL
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowVNCL
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowVNCL '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowVNCL...''
+ strip_file action.AllowVNCL /usr/share/shorewall/action.AllowVNCL
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowVNCL
+ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
+ read_file /usr/share/shorewall/action.AllowVNCL 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowVNCL
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowVNC''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts VNC traffic from Vncservers to Vncviewers
in listen mode.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5500''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowNTP '']''
++ chain_base AllowNTP
++ local c=AllowNTP
++ true
++ echo AllowNTP
++ return
+ ''['' AllowNTP = AllowNTP '']''
+ list_search AllowNTP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL
+ local e=AllowNTP
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropBcast '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropNonSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xrejNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xlogNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xrLogNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdLogNotSyn '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xdropInvalid '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xallowInvalid '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropSMB '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xRejectSMB '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropUPnP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xRejectAuth '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropPing '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xDropDNSrep '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowPing '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowFTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowDNS '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSSH '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowWeb '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSMB '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowSMTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowPOP3 '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowIMAP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowTelnet '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowVNC '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowNTP = xAllowVNCL '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowNTP
++ find_file action.AllowNTP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowNTP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowNTP '']''
++ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
++ echo /usr/share/shorewall/action.AllowNTP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowNTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowNTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowNTP...''
+ strip_file action.AllowNTP /usr/share/shorewall/action.AllowNTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowNTP
+ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
+ read_file /usr/share/shorewall/action.AllowNTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowNTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowNTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts NTP traffic (ntpd).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ cut -d# -f1
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) DEST LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 123''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowRdate '']''
++ chain_base AllowRdate
++ local c=AllowRdate
++ true
++ echo AllowRdate
++ return
+ ''['' AllowRdate = AllowRdate '']''
+ list_search AllowRdate dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP
+ local e=AllowRdate
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropBcast '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropNonSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xrejNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xlogNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xrLogNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdLogNotSyn '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xdropInvalid '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xallowInvalid '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropSMB '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xRejectSMB '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropUPnP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xRejectAuth '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropPing '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xDropDNSrep '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowPing '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowFTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowDNS '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSSH '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowWeb '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSMB '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowSMTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowPOP3 '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowIMAP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowTelnet '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowVNC '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowVNCL '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowRdate = xAllowNTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowRdate
++ find_file action.AllowRdate
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowRdate
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowRdate
'']''
++ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
++ echo /usr/share/shorewall/action.AllowRdate
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowRdate
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowRdate '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowRdate...''
+ strip_file action.AllowRdate /usr/share/shorewall/action.AllowRdate
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowRdate
+ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
+ read_file /usr/share/shorewall/action.AllowRdate 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowRdate
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowRdate''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts remote time retrieval (rdate).''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 37''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowNNTP '']''
++ chain_base AllowNNTP
++ local c=AllowNNTP
++ true
++ echo AllowNNTP
++ return
+ ''['' AllowNNTP = AllowNNTP '']''
+ list_search AllowNNTP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate
+ local e=AllowNNTP
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropBcast '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropNonSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xrejNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xlogNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xrLogNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdLogNotSyn '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xdropInvalid '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xallowInvalid '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropSMB '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xRejectSMB '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropUPnP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xRejectAuth '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropPing '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xDropDNSrep '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowPing '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowFTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowDNS '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSSH '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowWeb '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSMB '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowAuth '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowSMTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowPOP3 '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowIMAP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowTelnet '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowVNC '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowVNCL '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowNTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowNNTP = xAllowRdate '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowNNTP
++ find_file action.AllowNNTP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowNNTP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowNNTP
'']''
++ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
++ echo /usr/share/shorewall/action.AllowNNTP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowNNTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowNNTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowNNTP...''
+ strip_file action.AllowNNTP /usr/share/shorewall/action.AllowNNTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowNNTP
+ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
+ read_file /usr/share/shorewall/action.AllowNNTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowNNTP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# Shorewall 2.0 /usr/share/shorewall/action.AllowNNTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts NNTP traffic (Usenet) and encrypted NNTP
(NNTPS)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 119''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 563''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowTrcrt '']''
++ chain_base AllowTrcrt
++ local c=AllowTrcrt
++ true
++ echo AllowTrcrt
++ return
+ ''['' AllowTrcrt = AllowTrcrt '']''
+ list_search AllowTrcrt dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
+ local e=AllowTrcrt
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropBcast '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropNonSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xrejNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xlogNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xrLogNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdLogNotSyn '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xdropInvalid '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xallowInvalid '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropSMB '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xRejectSMB '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropUPnP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xRejectAuth '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropPing '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xDropDNSrep '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowPing '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowFTP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowDNS '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSSH '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowWeb '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSMB '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowAuth '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowSMTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowPOP3 '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowIMAP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowTelnet '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowVNC '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowVNCL '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowNTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowRdate '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowTrcrt = xAllowNNTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowTrcrt
++ find_file action.AllowTrcrt
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowTrcrt
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowTrcrt
'']''
++ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
++ echo /usr/share/shorewall/action.AllowTrcrt
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowTrcrt
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowTrcrt '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowTrcrt...''
+ strip_file action.AllowTrcrt /usr/share/shorewall/action.AllowTrcrt
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowTrcrt
+ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
+ read_file /usr/share/shorewall/action.AllowTrcrt 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowTrcrt
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowTrcrt''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts Traceroute (for up to 30 hops):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 33434:33524 #UDP
Traceroute''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - icmp 8 #ICMP Traceroute''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSNMP '']''
++ chain_base AllowSNMP
++ local c=AllowSNMP
++ true
++ echo AllowSNMP
++ return
+ ''['' AllowSNMP = AllowSNMP '']''
+ list_search AllowSNMP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt
+ local e=AllowSNMP
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropBcast '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropNonSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xrejNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xlogNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xrLogNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdLogNotSyn '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xdropInvalid '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xallowInvalid '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropSMB '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xRejectSMB '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropUPnP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xRejectAuth '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropPing '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xDropDNSrep '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowPing '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowFTP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowDNS '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSSH '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowWeb '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSMB '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowAuth '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowSMTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowPOP3 '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowIMAP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowTelnet '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowVNC '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowVNCL '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowNTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowRdate '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowNNTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSNMP = xAllowTrcrt '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSNMP
++ find_file action.AllowSNMP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSNMP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSNMP
'']''
++ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
++ echo /usr/share/shorewall/action.AllowSNMP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSNMP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSNMP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSNMP...''
+ strip_file action.AllowSNMP /usr/share/shorewall/action.AllowSNMP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSNMP
+ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
+ read_file /usr/share/shorewall/action.AllowSNMP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSNMP
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSNMP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts SNMP traffic (including traps):''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 161:162''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 161''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowPCA '']''
++ chain_base AllowPCA
++ local c=AllowPCA
++ true
++ echo AllowPCA
++ return
+ ''['' AllowPCA = AllowPCA '']''
+ list_search AllowPCA dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP
+ local e=AllowPCA
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropBcast '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropNonSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xrejNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xlogNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xrLogNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdLogNotSyn '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xdropInvalid '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xallowInvalid '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropSMB '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xRejectSMB '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropUPnP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xRejectAuth '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropPing '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xDropDNSrep '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowPing '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowFTP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowDNS '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSSH '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowWeb '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSMB '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowAuth '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSMTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowPOP3 '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowIMAP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowTelnet '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowVNC '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowVNCL '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowNTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowRdate '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowNNTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowTrcrt '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPCA = xAllowSNMP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPCA
++ find_file action.AllowPCA
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowPCA
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowPCA '']''
++ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
++ echo /usr/share/shorewall/action.AllowPCA
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowPCA
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPCA '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowPCA...''
+ strip_file action.AllowPCA /usr/share/shorewall/action.AllowPCA
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPCA
+ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
+ read_file /usr/share/shorewall/action.AllowPCA 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPCA
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowPCA''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts PCAnywere (tm)''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp 5631''
+ grep -v ''^[[:space:]]*$''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5632''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSPAMD '']''
++ chain_base AllowSPAMD
++ local c=AllowSPAMD
++ true
++ echo AllowSPAMD
++ return
+ ''['' AllowSPAMD = AllowSPAMD '']''
+ list_search AllowSPAMD dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA
+ local e=AllowSPAMD
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xdropBcast '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xdropNonSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xdropNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xrejNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xlogNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xrLogNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xdLogNotSyn '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xdropInvalid '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xallowInvalid '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xDropSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xRejectSMB '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xDropUPnP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xRejectAuth '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xDropPing '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xDropDNSrep '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowPing '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowFTP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowDNS '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowSSH '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowWeb '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowSMB '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowAuth '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowSMTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowPOP3 '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowIMAP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowTelnet '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowVNC '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowVNCL '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowNTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowRdate '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowNNTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowTrcrt '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowSNMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSPAMD = xAllowPCA '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSPAMD
++ find_file action.AllowSPAMD
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSPAMD
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSPAMD
'']''
++ ''['' -f /usr/share/shorewall/action.AllowSPAMD
'']''
++ echo /usr/share/shorewall/action.AllowSPAMD
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSPAMD
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSPAMD '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSPAMD...''
+ strip_file action.AllowSPAMD /usr/share/shorewall/action.AllowSPAMD
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSPAMD
+ ''['' -f /usr/share/shorewall/action.AllowSPAMD
'']''
+ read_file /usr/share/shorewall/action.AllowSPAMD 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSPAMD
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSPAMD''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts SPAMD traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 783''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSyslog '']''
++ chain_base AllowSyslog
++ local c=AllowSyslog
++ true
++ echo AllowSyslog
++ return
+ ''['' AllowSyslog = AllowSyslog '']''
+ list_search AllowSyslog dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD
+ local e=AllowSyslog
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xdropBcast '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xdropNonSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xdropNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xrejNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xlogNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xrLogNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xdLogNotSyn '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xdropInvalid '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xallowInvalid '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xDropSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xRejectSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xDropUPnP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xRejectAuth '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xDropPing '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xDropDNSrep '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowPing '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowFTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowDNS '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowSSH '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowWeb '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowSMB '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowAuth '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowSMTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowPOP3 '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowIMAP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowTelnet '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowVNC '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowVNCL '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowNTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowRdate '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowNNTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowTrcrt '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowSNMP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowPCA '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSyslog = xAllowSPAMD '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSyslog
++ find_file action.AllowSyslog
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSyslog
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSyslog
'']''
++ ''['' -f /usr/share/shorewall/action.AllowSyslog
'']''
++ echo /usr/share/shorewall/action.AllowSyslog
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSyslog
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSyslog '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSyslog...''
+ strip_file action.AllowSyslog /usr/share/shorewall/action.AllowSyslog
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSyslog
+ ''['' -f /usr/share/shorewall/action.AllowSyslog
'']''
+ read_file /usr/share/shorewall/action.AllowSyslog 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSyslog
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSyslog''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts syslog UDP traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp syslog''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowAmanda '']''
++ chain_base AllowAmanda
++ local c=AllowAmanda
++ true
++ echo AllowAmanda
++ return
+ ''['' AllowAmanda = AllowAmanda '']''
+ list_search AllowAmanda dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog
+ local e=AllowAmanda
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xdropBcast '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xdropNonSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xdropNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xrejNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xlogNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xrLogNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xdLogNotSyn '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xdropInvalid '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xallowInvalid '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xDropSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xRejectSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xDropUPnP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xRejectAuth '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xDropPing '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xDropDNSrep '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowPing '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowFTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowDNS '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSSH '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowWeb '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSMB '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowAuth '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSMTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowPOP3 '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowIMAP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowTelnet '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowVNC '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowVNCL '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowNTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowRdate '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowNNTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowTrcrt '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSNMP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowPCA '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSPAMD '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowAmanda = xAllowSyslog '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowAmanda
++ find_file action.AllowAmanda
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowAmanda
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowAmanda
'']''
++ ''['' -f /usr/share/shorewall/action.AllowAmanda
'']''
++ echo /usr/share/shorewall/action.AllowAmanda
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowAmanda
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowAmanda '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowAmanda...''
+ strip_file action.AllowAmanda /usr/share/shorewall/action.AllowAmanda
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowAmanda
+ ''['' -f /usr/share/shorewall/action.AllowAmanda
'']''
+ read_file /usr/share/shorewall/action.AllowAmanda 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowAmanda
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowAmanda''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Amanda backup
system.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - udp amanda''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp
50000:50100''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ cut -d# -f1
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowLDAP '']''
++ chain_base AllowLDAP
++ local c=AllowLDAP
++ true
++ echo AllowLDAP
++ return
+ ''['' AllowLDAP = AllowLDAP '']''
+ list_search AllowLDAP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
+ local e=AllowLDAP
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xdropBcast '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xdropNonSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xdropNotSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xrejNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xlogNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xrLogNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xdLogNotSyn '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xdropInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xallowInvalid '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xDropSMB '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xRejectSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xDropUPnP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xRejectAuth '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xDropPing '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xDropDNSrep '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowPing '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowFTP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowDNS '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSSH '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowWeb '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSMB '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowAuth '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSMTP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowPOP3 '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowIMAP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowTelnet '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowVNC '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowVNCL '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowNTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowRdate '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowNNTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowTrcrt '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSNMP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowPCA '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSPAMD '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowSyslog '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowLDAP = xAllowAmanda '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowLDAP
++ find_file action.AllowLDAP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowLDAP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowLDAP
'']''
++ ''['' -f /usr/share/shorewall/action.AllowLDAP
'']''
++ echo /usr/share/shorewall/action.AllowLDAP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowLDAP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowLDAP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowLDAP...''
+ strip_file action.AllowLDAP /usr/share/shorewall/action.AllowLDAP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowLDAP
+ ''['' -f /usr/share/shorewall/action.AllowLDAP
'']''
+ read_file /usr/share/shorewall/action.AllowLDAP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowLDAP
'']''
+ read first rest
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowLDAP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts LDAP traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp ldap''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowICQ '']''
++ chain_base AllowICQ
++ local c=AllowICQ
++ true
++ echo AllowICQ
++ return
+ ''['' AllowICQ = AllowICQ '']''
+ list_search AllowICQ dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP
+ local e=AllowICQ
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xdropBcast '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xdropNonSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xdropNotSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xrejNotSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xlogNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xrLogNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xdLogNotSyn '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xdropInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xallowInvalid '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xDropSMB '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xRejectSMB '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xDropUPnP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xRejectAuth '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xDropPing '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xDropDNSrep '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowPing '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowFTP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowDNS '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSSH '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowWeb '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSMB '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowAuth '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSMTP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowPOP3 '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowIMAP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowTelnet '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowVNC '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowVNCL '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowNTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowRdate '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowNNTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowTrcrt '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSNMP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowPCA '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSPAMD '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowSyslog '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowAmanda '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowICQ = xAllowLDAP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowICQ
++ find_file action.AllowICQ
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowICQ
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowICQ '']''
++ ''['' -f /usr/share/shorewall/action.AllowICQ
'']''
++ echo /usr/share/shorewall/action.AllowICQ
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowICQ
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowICQ '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowICQ...''
+ strip_file action.AllowICQ /usr/share/shorewall/action.AllowICQ
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowICQ
+ ''['' -f /usr/share/shorewall/action.AllowICQ
'']''
+ read_file /usr/share/shorewall/action.AllowICQ 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowICQ
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowICQ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts ICQ traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5190''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowBitTorrent '']''
++ chain_base AllowBitTorrent
++ local c=AllowBitTorrent
++ true
++ echo AllowBitTorrent
++ return
+ ''['' AllowBitTorrent = AllowBitTorrent '']''
+ list_search AllowBitTorrent dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ
+ local e=AllowBitTorrent
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xdropBcast '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xdropNonSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xdropNotSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xrejNotSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xlogNotSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xrLogNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xdLogNotSyn '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xdropInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xallowInvalid '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xDropSMB '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xRejectSMB '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xDropUPnP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xRejectAuth '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xDropPing '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xDropDNSrep '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowPing '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowFTP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowDNS '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSSH '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowWeb '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSMB '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowAuth '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSMTP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowPOP3 '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowIMAP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowTelnet '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowVNC '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowVNCL '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowNTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowRdate '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowNNTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowTrcrt '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSNMP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowPCA '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSPAMD '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowSyslog '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowAmanda '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowLDAP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowBitTorrent = xAllowICQ '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowBitTorrent
++ find_file action.AllowBitTorrent
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowBitTorrent
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowBitTorrent
'']''
++ ''['' -f /usr/share/shorewall/action.AllowBitTorrent
'']''
++ echo /usr/share/shorewall/action.AllowBitTorrent
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowBitTorrent
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowBitTorrent '']''
+ echo ''
Pre-processing /usr/share/shorewall/action.AllowBitTorrent...''
+ strip_file
action.AllowBitTorrent /usr/share/shorewall/action.AllowBitTorrent
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowBitTorrent
+ ''['' -f /usr/share/shorewall/action.AllowBitTorrent
'']''
+ read_file /usr/share/shorewall/action.AllowBitTorrent 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowBitTorrent
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowBitTorrent''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts BitTorrent traffic.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp
6881:6889''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSMBswat '']''
++ chain_base AllowSMBswat
++ local c=AllowSMBswat
++ true
++ echo AllowSMBswat
++ return
+ ''['' AllowSMBswat = AllowSMBswat '']''
+ list_search AllowSMBswat dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent
+ local e=AllowSMBswat
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xdropBcast '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xdropNonSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xdropNotSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xrejNotSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xlogNotSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xrLogNotSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xdLogNotSyn '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xdropInvalid '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xallowInvalid '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xDropSMB '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xRejectSMB '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xDropUPnP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xRejectAuth '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xDropPing '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xDropDNSrep '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowPing '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowFTP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowDNS '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSSH '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowWeb '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSMB '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowAuth '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSMTP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowPOP3 '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowIMAP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowTelnet '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowVNC '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowVNCL '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowNTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowRdate '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowNNTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowTrcrt '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSNMP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowPCA '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSPAMD '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowSyslog '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowAmanda '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowLDAP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowICQ '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSMBswat = xAllowBitTorrent '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSMBswat
++ find_file action.AllowSMBswat
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSMBswat
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSMBswat
'']''
++ ''['' -f /usr/share/shorewall/action.AllowSMBswat
'']''
++ echo /usr/share/shorewall/action.AllowSMBswat
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSMBswat
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSMBswat '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSMBswat...''
+ strip_file
action.AllowSMBswat /usr/share/shorewall/action.AllowSMBswat
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSMBswat
+ ''['' -f /usr/share/shorewall/action.AllowSMBswat
'']''
+ read_file /usr/share/shorewall/action.AllowSMBswat 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSMBswat
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSMBswat''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Amanda backup
system.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 901''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z DropSMTP '']''
++ chain_base DropSMTP
++ local c=DropSMTP
++ true
++ echo DropSMTP
++ return
+ ''['' DropSMTP = DropSMTP '']''
+ list_search DropSMTP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat
+ local e=DropSMTP
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xdropBcast '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xdropNonSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xdropNotSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xrejNotSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xlogNotSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xrLogNotSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xdLogNotSyn '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xdropInvalid '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xallowInvalid '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xDropSMB '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xRejectSMB '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xDropUPnP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xRejectAuth '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xDropPing '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xDropDNSrep '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowPing '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowFTP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowDNS '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSSH '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowWeb '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSMB '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowAuth '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSMTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowPOP3 '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowIMAP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowTelnet '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowVNC '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowVNCL '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowNTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowRdate '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowNNTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowTrcrt '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSNMP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowPCA '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSPAMD '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSyslog '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowAmanda '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowLDAP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowICQ '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowBitTorrent '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropSMTP = xAllowSMBswat '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.DropSMTP
++ find_file action.DropSMTP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropSMTP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropSMTP '']''
++ ''['' -f /usr/share/shorewall/action.DropSMTP
'']''
++ echo /usr/share/shorewall/action.DropSMTP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropSMTP
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.DropSMTP '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.DropSMTP...''
+ strip_file action.DropSMTP /usr/share/shorewall/action.DropSMTP
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.DropSMTP
+ ''['' -f /usr/share/shorewall/action.DropSMTP
'']''
+ read_file /usr/share/shorewall/action.DropSMTP 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.DropSMTP
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.DropSMTP''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action silently drops SMTP traffic.''
+ grep -v ''^[[:spa+ ''['' x# = xINCLUDE
'']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xDROP = xINCLUDE '']''
+ echo ''DROP - - tcp smtp''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DROP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowCVS '']''
++ chain_base AllowCVS
++ local c=AllowCVS
++ true
++ echo AllowCVS
++ return
+ ''['' AllowCVS = AllowCVS '']''
+ list_search AllowCVS dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP
+ local e=AllowCVS
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xdropBcast '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xdropNonSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xdropNotSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xrejNotSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xlogNotSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xrLogNotSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xdLogNotSyn '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xdropInvalid '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xallowInvalid '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xDropSMB '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xRejectSMB '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xDropUPnP '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xRejectAuth '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xDropPing '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xDropDNSrep '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowPing '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowFTP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowDNS '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSSH '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowWeb '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSMB '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowAuth '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSMTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowPOP3 '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowIMAP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowTelnet '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowVNC '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowVNCL '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowNTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowRdate '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowNNTP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowTrcrt '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSNMP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowPCA '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSPAMD '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSyslog '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowAmanda '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowLDAP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowICQ '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowBitTorrent '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xAllowSMBswat '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowCVS = xDropSMTP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowCVS
++ find_file action.AllowCVS
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowCVS
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowCVS '']''
++ ''['' -f /usr/share/shorewall/action.AllowCVS
'']''
++ echo /usr/share/shorewall/action.AllowCVS
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowCVS
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowCVS '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowCVS...''
+ strip_file action.AllowCVS /usr/share/shorewall/action.AllowCVS
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowCVS
+ ''['' -f /usr/share/shorewall/action.AllowCVS
'']''
+ read_file /usr/share/shorewall/action.AllowCVS 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowCVS
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowCVS''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the CVS
server''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 2401''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowSVN '']''
++ chain_base AllowSVN
++ local c=AllowSVN
++ true
++ echo AllowSVN
++ return
+ ''['' AllowSVN = AllowSVN '']''
+ list_search AllowSVN dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
+ local e=AllowSVN
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xdropBcast '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xdropNonSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xdropNotSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xrejNotSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xlogNotSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xrLogNotSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xdLogNotSyn '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xdropInvalid '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xallowInvalid '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xDropSMB '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xRejectSMB '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xDropUPnP '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xRejectAuth '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xDropPing '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xDropDNSrep '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowPing '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowFTP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowDNS '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSSH '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowWeb '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSMB '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowAuth '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSMTP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowPOP3 '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowIMAP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowTelnet '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowVNC '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowVNCL '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowNTP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowRdate '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowNNTP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowTrcrt '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSNMP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowPCA '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSPAMD '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSyslog '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowAmanda '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowLDAP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowICQ '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowBitTorrent '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowSMBswat '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xDropSMTP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowSVN = xAllowCVS '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowSVN
++ find_file action.AllowSVN
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowSVN
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowSVN '']''
++ ''['' -f /usr/share/shorewall/action.AllowSVN
'']''
++ echo /usr/share/shorewall/action.AllowSVN
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowSVN
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowSVN '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowSVN...''
+ strip_file action.AllowSVN /usr/share/shorewall/action.AllowSVN
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowSVN
+ ''['' -f /usr/share/shorewall/action.AllowSVN
'']''
+ read_file /usr/share/shorewall/action.AllowSVN 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowSVN
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowSVN''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Subversion
server''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowMySQL '']''
++ chain_base AllowMySQL
++ local c=AllowMySQL
++ true
++ echo AllowMySQL
++ return
+ ''['' AllowMySQL = AllowMySQL '']''
+ list_search AllowMySQL dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN
+ local e=AllowMySQL
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xdropBcast '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xdropNonSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xdropNotSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xrejNotSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xlogNotSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xrLogNotSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xdLogNotSyn '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xdropInvalid '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xallowInvalid '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xDropSMB '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xRejectSMB '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xDropUPnP '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xRejectAuth '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xDropPing '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xDropDNSrep '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowPing '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowFTP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowDNS '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSSH '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowWeb '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSMB '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowAuth '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSMTP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowPOP3 '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowIMAP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowTelnet '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowVNC '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowVNCL '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowNTP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowRdate '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowNNTP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowTrcrt '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSNMP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowPCA '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSPAMD '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSyslog '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowAmanda '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowLDAP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowICQ '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowBitTorrent '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSMBswat '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xDropSMTP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowCVS '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowMySQL = xAllowSVN '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowMySQL
++ find_file action.AllowMySQL
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowMySQL
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowMySQL
'']''
++ ''['' -f /usr/share/shorewall/action.AllowMySQL
'']''
++ echo /usr/share/shorewall/action.AllowMySQL
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowMySQL
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowMySQL '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowMySQL...''
+ strip_file action.AllowMySQL /usr/share/shorewall/action.AllowMySQL
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowMySQL
+ ''['' -f /usr/share/shorewall/action.AllowMySQL
'']''
+ read_file /usr/share/shorewall/action.AllowMySQL 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowMySQL
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowMySQL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the MySQL
server''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ cut -d# -f1
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 3306''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowPostgreSQL '']''
++ chain_base AllowPostgreSQL
++ local c=AllowPostgreSQL
++ true
++ echo AllowPostgreSQL
++ return
+ ''['' AllowPostgreSQL = AllowPostgreSQL '']''
+ list_search AllowPostgreSQL dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL
+ local e=AllowPostgreSQL
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xdropBcast '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xdropNonSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xdropNotSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xrejNotSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xlogNotSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xrLogNotSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xdLogNotSyn '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xdropInvalid '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xallowInvalid '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xDropSMB '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xRejectSMB '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xDropUPnP '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xRejectAuth '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xDropPing '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xDropDNSrep '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowPing '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowFTP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowDNS '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSSH '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowWeb '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSMB '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowAuth '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSMTP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowPOP3 '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowIMAP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowTelnet '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowVNC '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowVNCL '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowNTP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowRdate '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowNNTP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowTrcrt '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSNMP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowPCA '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSPAMD '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSyslog '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowAmanda '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowLDAP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowICQ '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowBitTorrent
'']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSMBswat '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xDropSMTP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowCVS '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowSVN '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowPostgreSQL = xAllowMySQL '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowPostgreSQL
++ find_file action.AllowPostgreSQL
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowPostgreSQL
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowPostgreSQL
'']''
++ ''['' -f /usr/share/shorewall/action.AllowPostgreSQL
'']''
++ echo /usr/share/shorewall/action.AllowPostgreSQL
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowPostgreSQL
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowPostgreSQL '']''
+ echo ''
Pre-processing /usr/share/shorewall/action.AllowPostgreSQL...''
+ strip_file
action.AllowPostgreSQL /usr/share/shorewall/action.AllowPostgreSQL
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowPostgreSQL
+ ''['' -f /usr/share/shorewall/action.AllowPostgreSQL
'']''
+ read_file /usr/share/shorewall/action.AllowPostgreSQL 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowPostgreSQL
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowPostgreSQL''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the PostgreSQL
server''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 5432''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowRsync '']''
++ chain_base AllowRsync
++ local c=AllowRsync
++ true
++ echo AllowRsync
++ return
+ ''['' AllowRsync = AllowRsync '']''
+ list_search AllowRsync dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL
+ local e=AllowRsync
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xdropBcast '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xdropNonSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xdropNotSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xrejNotSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xlogNotSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xrLogNotSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xdLogNotSyn '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xdropInvalid '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xallowInvalid '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xDropSMB '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xRejectSMB '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xDropUPnP '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xRejectAuth '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xDropPing '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xDropDNSrep '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowPing '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowFTP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowDNS '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSSH '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowWeb '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSMB '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowAuth '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSMTP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowPOP3 '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowIMAP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowTelnet '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowVNC '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowVNCL '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowNTP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowRdate '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowNNTP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowTrcrt '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSNMP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowPCA '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSPAMD '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSyslog '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowAmanda '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowLDAP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowICQ '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowBitTorrent '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSMBswat '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xDropSMTP '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowCVS '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowSVN '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowMySQL '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowRsync = xAllowPostgreSQL '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowRsync
++ find_file action.AllowRsync
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowRsync
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowRsync
'']''
++ ''['' -f /usr/share/shorewall/action.AllowRsync
'']''
++ echo /usr/share/shorewall/action.AllowRsync
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowRsync
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowRsync '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowRsync...''
+ strip_file action.AllowRsync /usr/share/shorewall/action.AllowRsync
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowRsync
+ ''['' -f /usr/share/shorewall/action.AllowRsync
'']''
+ read_file /usr/share/shorewall/action.AllowRsync 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowRsync
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowRsync''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Rsync
server''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp rsync''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowDistcc '']''
++ chain_base AllowDistcc
++ local c=AllowDistcc
++ true
++ echo AllowDistcc
++ return
+ ''['' AllowDistcc = AllowDistcc '']''
+ list_search AllowDistcc dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync
+ local e=AllowDistcc
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xdropBcast '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xdropNonSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xdropNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xrejNotSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xlogNotSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xrLogNotSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xdLogNotSyn '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xdropInvalid '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xallowInvalid '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xDropSMB '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xRejectSMB '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xDropUPnP '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xRejectAuth '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xDropPing '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xDropDNSrep '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowPing '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowFTP '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowDNS '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSSH '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowWeb '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSMB '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowAuth '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSMTP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowPOP3 '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowIMAP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowTelnet '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowVNC '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowVNCL '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowNTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowRdate '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowNNTP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowTrcrt '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSNMP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowPCA '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSPAMD '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSyslog '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowAmanda '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowLDAP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowICQ '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowBitTorrent '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSMBswat '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xDropSMTP '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowCVS '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowSVN '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowMySQL '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowPostgreSQL '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowDistcc = xAllowRsync '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowDistcc
++ find_file action.AllowDistcc
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowDistcc
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowDistcc
'']''
++ ''['' -f /usr/share/shorewall/action.AllowDistcc
'']''
++ echo /usr/share/shorewall/action.AllowDistcc
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowDistcc
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowDistcc '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowDistcc...''
+ strip_file action.AllowDistcc /usr/share/shorewall/action.AllowDistcc
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowDistcc
+ ''['' -f /usr/share/shorewall/action.AllowDistcc
'']''
+ read_file /usr/share/shorewall/action.AllowDistcc 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowDistcc
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowDistcc''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# This action accepts connections required by the Distributed
Compiler service''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp 3632''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowBaculaDIR '']''
++ chain_base AllowBaculaDIR
++ local c=AllowBaculaDIR
++ true
++ echo AllowBaculaDIR
++ return
+ ''['' AllowBaculaDIR = AllowBaculaDIR '']''
+ list_search AllowBaculaDIR dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
+ local e=AllowBaculaDIR
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xdropBcast '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xdropNonSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xdropNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xrejNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xlogNotSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xrLogNotSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xdLogNotSyn '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xdropInvalid '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xallowInvalid '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xDropSMB '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xRejectSMB '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xDropUPnP '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xRejectAuth '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xDropPing '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xDropDNSrep '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowPing '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowFTP '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowDNS '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSSH '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowWeb '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSMB '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowAuth '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSMTP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowPOP3 '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowIMAP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowTelnet '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowVNC '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowVNCL '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowNTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowRdate '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowNNTP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowTrcrt '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSNMP '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowPCA '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSPAMD '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSyslog '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowAmanda '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowLDAP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowICQ '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowBitTorrent '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSMBswat '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xDropSMTP '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowCVS '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowSVN '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowMySQL '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowPostgreSQL '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowRsync '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaDIR = xAllowDistcc '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowBaculaDIR
++ find_file action.AllowBaculaDIR
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowBaculaDIR
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowBaculaDIR
'']''
++ ''['' -f /usr/share/shorewall/action.AllowBaculaDIR
'']''
++ echo /usr/share/shorewall/action.AllowBaculaDIR
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowBaculaDIR
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowBaculaDIR '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowBaculaDIR...''
+ strip_file
action.AllowBaculaDIR /usr/share/shorewall/action.AllowBaculaDIR
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowBaculaDIR
+ ''['' -f /usr/share/shorewall/action.AllowBaculaDIR
'']''
+ read_file /usr/share/shorewall/action.AllowBaculaDIR 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowBaculaDIR
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowBacula''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Bacula backup
system.''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp bacula-dir''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowBaculaFD '']''
++ chain_base AllowBaculaFD
++ local c=AllowBaculaFD
++ true
++ echo AllowBaculaFD
++ return
+ ''['' AllowBaculaFD = AllowBaculaFD '']''
+ list_search AllowBaculaFD dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR
+ local e=AllowBaculaFD
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xdropBcast '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xdropNonSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xdropNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xrejNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xlogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xrLogNotSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xdLogNotSyn '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xdropInvalid '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xallowInvalid '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xDropSMB '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xRejectSMB '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xDropUPnP '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xRejectAuth '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xDropPing '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xDropDNSrep '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowPing '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowFTP '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowDNS '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSSH '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowWeb '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSMB '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowAuth '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSMTP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowPOP3 '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowIMAP '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowTelnet '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowVNC '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowVNCL '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowNTP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowRdate '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowNNTP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowTrcrt '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSNMP '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowPCA '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSPAMD '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSyslog '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowAmanda '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowLDAP '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowICQ '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowBitTorrent '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSMBswat '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xDropSMTP '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowCVS '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowSVN '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowMySQL '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowPostgreSQL '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowRsync '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowDistcc '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaFD = xAllowBaculaDIR '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowBaculaFD
++ find_file action.AllowBaculaFD
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowBaculaFD
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowBaculaFD
'']''
++ ''['' -f /usr/share/shorewall/action.AllowBaculaFD
'']''
++ echo /usr/share/shorewall/action.AllowBaculaFD
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowBaculaFD
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowBaculaFD '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowBaculaFD...''
+ strip_file
action.AllowBaculaFD /usr/share/shorewall/action.AllowBaculaFD
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowBaculaFD
+ ''['' -f /usr/share/shorewall/action.AllowBaculaFD
'']''
+ read_file /usr/share/shorewall/action.AllowBaculaFD 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowBaculaFD
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowBacula''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Bacula backup
system.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp bacula-fd''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
+ read xaction rest
+ ''['' x = x '']''
+ ''['' -z AllowBaculaSD '']''
++ chain_base AllowBaculaSD
++ local c=AllowBaculaSD
++ true
++ echo AllowBaculaSD
++ return
+ ''['' AllowBaculaSD = AllowBaculaSD '']''
+ list_search AllowBaculaSD dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD
+ local e=AllowBaculaSD
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xdropBcast '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xdropNonSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xdropNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xrejNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xlogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xrLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xdLogNotSyn '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xdropInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xallowInvalid '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xDropSMB '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xRejectSMB '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xDropUPnP '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xRejectAuth '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xDropPing '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xDropDNSrep '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowPing '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowFTP '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowDNS '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSSH '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowWeb '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSMB '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowAuth '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSMTP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowPOP3 '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowIMAP '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowTelnet '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowVNC '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowVNCL '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowNTP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowRdate '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowNNTP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowTrcrt '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSNMP '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowPCA '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSPAMD '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSyslog '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowAmanda '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowLDAP '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowICQ '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowBitTorrent '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSMBswat '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xDropSMTP '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowCVS '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowSVN '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowMySQL '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowPostgreSQL '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowRsync '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowDistcc '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowBaculaDIR '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xAllowBaculaSD = xAllowBaculaFD '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.AllowBaculaSD
++ find_file action.AllowBaculaSD
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.AllowBaculaSD
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.AllowBaculaSD
'']''
++ ''['' -f /usr/share/shorewall/action.AllowBaculaSD
'']''
++ echo /usr/share/shorewall/action.AllowBaculaSD
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.AllowBaculaSD
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.AllowBaculaSD '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.AllowBaculaSD...''
+ strip_file
action.AllowBaculaSD /usr/share/shorewall/action.AllowBaculaSD
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.AllowBaculaSD
+ ''['' -f /usr/share/shorewall/action.AllowBaculaSD
'']''
+ read_file /usr/share/shorewall/action.AllowBaculaSD 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.AllowBaculaSD
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.AllowBacula''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# This action accepts connections required by the Bacula backup
system.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ cut -d# -f1
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT''
+ read first rest
+ ''['' xACCEPT = xINCLUDE '']''
+ echo ''ACCEPT - - tcp
bacula-sd''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ grep -v ''^[[:space:]]*$''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=ACCEPT
+ eval ''xtarget="ACCEPT"''
++ xtarget=ACCEPT
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=ACCEPT
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
AllowBaculaSD
+ read xaction rest
+ ''['' x = x '']''
+ temp=DROP
+ xaction=Drop
+ eval DROP_common=Drop
++ DROP_common=Drop
+ ''['' -n Drop '']''
+ list_search Drop
+ local e=Drop
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop
+ ''['' start = check '']''
+ createactionchain Drop
+ createchain Drop no
++ chain_base Drop
++ local c=Drop
++ true
++ echo Drop
++ return
+ local c=Drop
+ run_iptables -N Drop
+ ''['' -n '''' '']''
+ iptables -N Drop
+ ''['' no = yes '']''
+ eval exists_Drop=Yes
++ exists_Drop=Yes
+ run_user_exit Drop
++ find_file Drop
++ local saveifs= directory
++ ''['' -n '''' -a -f /Drop
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/Drop '']''
++ ''['' -f /usr/share/shorewall/Drop '']''
++ IFS=
++ echo /etc/shorewall/Drop
+ local user_exit=/etc/shorewall/Drop
+ ''['' -f /etc/shorewall/Drop '']''
+ ''['' -z Drop '']''
++ chain_base Drop
++ local c=Drop
++ true
++ echo Drop
++ return
+ ''['' Drop = Drop '']''
+ list_search Drop dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn
rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS
AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP
AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt
AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
AllowBaculaSD
+ local e=Drop
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDrop = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDrop = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDrop = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDrop = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDrop = xdropInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDrop = xallowInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDrop = xRejectSMB '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropUPnP '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xDrop = xRejectAuth '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropPing '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropDNSrep '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPing '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowFTP '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowDNS '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSSH '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowWeb '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSMB '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowAuth '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSMTP '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPOP3 '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowIMAP '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowTelnet '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowVNC '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowVNCL '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowNTP '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowRdate '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowNNTP '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowTrcrt '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSNMP '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPCA '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSPAMD '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSyslog '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowAmanda '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowLDAP '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowICQ '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowBitTorrent '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSMBswat '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDrop = xDropSMTP '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowCVS '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowSVN '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowMySQL '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowPostgreSQL '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowRsync '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowDistcc '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowBaculaDIR '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowBaculaFD '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDrop = xAllowBaculaSD '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.Drop
++ find_file action.Drop
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.Drop
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.Drop '']''
++ ''['' -f /usr/share/shorewall/action.Drop
'']''
++ echo /usr/share/shorewall/action.Drop
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.Drop
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.Drop '']''
+ echo '' Pre-processing /usr/share/shorewall/action.Drop...''
+ strip_file action.Drop /usr/share/shorewall/action.Drop
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.Drop
+ ''['' -f /usr/share/shorewall/action.Drop
'']''
+ read_file /usr/share/shorewall/action.Drop 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.Drop
'']''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.Drop''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The default DROP common rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth ''
+ read first rest
+ ''['' xdropBcast = xINCLUDE '']''
+ echo ''dropBcast ''
+ read first rest
+ ''['' xdropInvalid = xINCLUDE '']''
+ echo ''dropInvalid ''
+ read first rest
+ ''['' xDropSMB = xINCLUDE '']''
+ echo ''DropSMB ''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP ''
+ read first rest
+ ''['' xdropNotSyn = xINCLUDE '']''
+ echo ''dropNotSyn ''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectAuth
+ list_search RejectAuth dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=RejectAuth
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''RejectAuth"''
++ requiredby_Drop= RejectAuth
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropBcast
+ list_search dropBcast dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=dropBcast
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropBcast"''
++ requiredby_Drop= RejectAuth dropBcast
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropInvalid
+ list_search dropInvalid dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=dropInvalid
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropInvalid"''
++ requiredby_Drop= RejectAuth dropBcast dropInvalid
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropSMB
+ eval ''xtarget="DropSMB"''
++ xtarget=DropSMB
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropSMB
+ list_search DropSMB dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=DropSMB
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xallowInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xDropSMB '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropSMB"''
++ requiredby_Drop= RejectAuth dropBcast dropInvalid DropSMB
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropUPnP
+ list_search DropUPnP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=DropUPnP
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropUPnP"''
++ requiredby_Drop= RejectAuth dropBcast dropInvalid DropSMB DropUPnP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropNotSyn
+ list_search dropNotSyn dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=dropNotSyn
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''dropNotSyn"''
++ requiredby_Drop= RejectAuth dropBcast dropInvalid DropSMB DropUPnP
dropNotSyn
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropDNSrep
+ list_search DropDNSrep dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD
+ local e=DropDNSrep
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xlogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdLogNotSyn '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''requiredby_Drop="$requiredby_Drop''
''DropDNSrep"''
++ requiredby_Drop= RejectAuth dropBcast dropInvalid DropSMB DropUPnP
dropNotSyn DropDNSrep
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
AllowBaculaSD Drop
+ read xaction rest
+ ''['' x = x '']''
+ temp=REJECT
+ xaction=Reject
+ eval REJECT_common=Reject
++ REJECT_common=Reject
+ ''['' -n Reject '']''
+ list_search Reject Drop
+ local e=Reject
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xReject = xDrop '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject
+ ''['' start = check '']''
+ createactionchain Reject
+ createchain Reject no
++ chain_base Reject
++ local c=Reject
++ true
++ echo Reject
++ return
+ local c=Reject
+ run_iptables -N Reject
+ ''['' -n '''' '']''
+ iptables -N Reject
+ ''['' no = yes '']''
+ eval exists_Reject=Yes
++ exists_Reject=Yes
+ run_user_exit Reject
++ find_file Reject
++ local saveifs= directory
++ ''['' -n '''' -a -f /Reject
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/Reject '']''
++ ''['' -f /usr/share/shorewall/Reject '']''
++ IFS=
++ echo /etc/shorewall/Reject
+ local user_exit=/etc/shorewall/Reject
+ ''['' -f /etc/shorewall/Reject '']''
+ ''['' -z Reject '']''
++ chain_base Reject
++ local c=Reject
++ true
++ echo Reject
++ return
+ ''['' Reject = Reject '']''
+ list_search Reject dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn
rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB
DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS
AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP
AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt
AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
AllowBaculaSD Drop
+ local e=Reject
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xReject = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xReject = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xReject = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xReject = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xReject = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xReject = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xReject = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xReject = xdropInvalid '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xReject = xallowInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xReject = xDropSMB '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xReject = xRejectSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xReject = xDropUPnP '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xReject = xRejectAuth '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xReject = xDropPing '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xReject = xDropDNSrep '']''
+ ''['' 38 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPing '']''
+ ''['' 37 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowFTP '']''
+ ''['' 36 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowDNS '']''
+ ''['' 35 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSSH '']''
+ ''['' 34 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowWeb '']''
+ ''['' 33 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSMB '']''
+ ''['' 32 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowAuth '']''
+ ''['' 31 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSMTP '']''
+ ''['' 30 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPOP3 '']''
+ ''['' 29 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowIMAP '']''
+ ''['' 28 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowTelnet '']''
+ ''['' 27 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowVNC '']''
+ ''['' 26 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowVNCL '']''
+ ''['' 25 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowNTP '']''
+ ''['' 24 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowRdate '']''
+ ''['' 23 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowNNTP '']''
+ ''['' 22 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowTrcrt '']''
+ ''['' 21 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSNMP '']''
+ ''['' 20 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPCA '']''
+ ''['' 19 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSPAMD '']''
+ ''['' 18 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSyslog '']''
+ ''['' 17 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowAmanda '']''
+ ''['' 16 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowLDAP '']''
+ ''['' 15 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowICQ '']''
+ ''['' 14 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowBitTorrent '']''
+ ''['' 13 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSMBswat '']''
+ ''['' 12 -gt 1 '']''
+ shift
+ ''['' xReject = xDropSMTP '']''
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowCVS '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowSVN '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowMySQL '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowPostgreSQL '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowRsync '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowDistcc '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowBaculaDIR '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowBaculaFD '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xReject = xAllowBaculaSD '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xReject = xDrop '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ f=action.Reject
++ find_file action.Reject
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.Reject
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.Reject '']''
++ ''['' -f /usr/share/shorewall/action.Reject
'']''
++ echo /usr/share/shorewall/action.Reject
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.Reject
+ eval requiredby_++ requiredby_+ ''['' -f
/usr/share/shorewall/action.Reject '']''
+ echo '' Pre-processing
/usr/share/shorewall/action.Reject...''
+ strip_file action.Reject /usr/share/shorewall/action.Reject
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/usr/share/shorewall/action.Reject
+ ''['' -f /usr/share/shorewall/action.Reject
'']''
+ read_file /usr/share/shorewall/action.Reject 0
+ local first rest
+ ''['' -f /usr/share/shorewall/action.Reject
'']''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# Shorewall 2.0 /etc/shorewall/action.Reject''
+ read first rest
+ cut -d# -f1
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# The default REJECT action common rules''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''[''
x######################################################################################
= xINCLUDE '']''
+ echo
''######################################################################################
''
+ read first rest
+ ''['' x#TARGET = xINCLUDE '']''
+ echo ''#TARGET SOURCE DEST PROTO DEST SOURCE RATE
USER/''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# PORT PORT(S) LIMIT GROUP''
+ read first rest
+ ''['' xRejectAuth = xINCLUDE '']''
+ echo ''RejectAuth ''
+ read first rest
+ ''['' xdropBcast = xINCLUDE '']''
+ echo ''dropBcast ''
+ read first rest
+ ''['' xdropInvalid = xINCLUDE '']''
+ echo ''dropInvalid ''
+ read first rest
+ ''['' xRejectSMB = xINCLUDE '']''
+ grep -v ''^[[:space:]]*$''
+ echo ''RejectSMB ''
+ read first rest
+ ''['' xDropUPnP = xINCLUDE '']''
+ echo ''DropUPnP ''
+ read first rest
+ ''['' xdropNotSyn = xINCLUDE '']''
+ echo ''dropNotSyn ''
+ read first rest
+ ''['' xDropDNSrep = xINCLUDE '']''
+ echo ''DropDNSrep ''
+ read first rest
+ ''['' x#LAST = xINCLUDE '']''
+ echo ''#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT
REMOVE''
+ read first rest
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectAuth
+ list_search RejectAuth dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=RejectAuth
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xdropInvalid '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xallowInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropSMB '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDropUPnP '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''RejectAuth"''
++ requiredby_Reject= RejectAuth
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropBcast
+ list_search dropBcast dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=dropBcast
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropBcast"''
++ requiredby_Reject= RejectAuth dropBcast
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropInvalid
+ list_search dropInvalid dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=dropInvalid
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropInvalid"''
++ requiredby_Reject= RejectAuth dropBcast dropInvalid
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectSMB
+ eval ''xtarget="RejectSMB"''
++ xtarget=RejectSMB
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=RejectSMB
+ list_search RejectSMB dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=RejectSMB
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xallowInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xRejectSMB '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''RejectSMB"''
++ requiredby_Reject= RejectAuth dropBcast dropInvalid RejectSMB
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropUPnP
+ list_search DropUPnP dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=DropUPnP
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xallowInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''DropUPnP"''
++ requiredby_Reject= RejectAuth dropBcast dropInvalid RejectSMB
DropUPnP
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=dropNotSyn
+ list_search dropNotSyn dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=dropNotSyn
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''dropNotSyn"''
++ requiredby_Reject= RejectAuth dropBcast dropInvalid RejectSMB
DropUPnP dropNotSyn
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ expandv xtarget
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 0 -gt 0 '']''
+ temp=DropDNSrep
+ list_search DropDNSrep dropBcast dropNonSyn dropNotSyn rejNotSyn
logNotSyn rLogNotSyn dLogNotSyn dropInvalid allowInvalid DropSMB
RejectSMB DropUPnP RejectAuth DropPing DropDNSrep AllowPing AllowFTP
AllowDNS AllowSSH AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3
AllowIMAP AllowTelnet AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP
AllowTrcrt AllowSNMP AllowPCA AllowSPAMD AllowSyslog AllowAmanda
AllowLDAP AllowICQ AllowBitTorrent AllowSMBswat DropSMTP AllowCVS
AllowSVN AllowMySQL AllowPostgreSQL AllowRsync AllowDistcc
AllowBaculaDIR AllowBaculaFD AllowBaculaSD Drop
+ local e=DropDNSrep
+ ''['' 53 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 52 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNonSyn '']''
+ ''['' 51 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 50 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrejNotSyn '']''
+ ''['' 49 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xlogNotSyn '']''
+ ''['' 48 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xrLogNotSyn '']''
+ ''['' 47 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdLogNotSyn '']''
+ ''['' 46 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 45 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xallowInvalid '']''
+ ''['' 44 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 43 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectSMB '']''
+ ''['' 42 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 41 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 40 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropPing '']''
+ ''['' 39 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''requiredby_Reject="$requiredby_Reject''
''DropDNSrep"''
++ requiredby_Reject= RejectAuth dropBcast dropInvalid RejectSMB
DropUPnP dropNotSyn DropDNSrep
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
+ ACTIONS=dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn
dLogNotSyn dropInvalid allowInvalid DropSMB RejectSMB DropUPnP
RejectAuth DropPing DropDNSrep AllowPing AllowFTP AllowDNS AllowSSH
AllowWeb AllowSMB AllowAuth AllowSMTP AllowPOP3 AllowIMAP AllowTelnet
AllowVNC AllowVNCL AllowNTP AllowRdate AllowNNTP AllowTrcrt AllowSNMP
AllowPCA AllowSPAMD AllowSyslog AllowAmanda AllowLDAP AllowICQ
AllowBitTorrent AllowSMBswat DropSMTP AllowCVS AllowSVN AllowMySQL
AllowPostgreSQL AllowRsync AllowDistcc AllowBaculaDIR AllowBaculaFD
AllowBaculaSD Drop Reject
+ read xaction rest
+ read xaction rest
++ find_file rules
++ local saveifs= directory
++ ''['' -n '''' -a -f /rules
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/rules '']''
++ echo /etc/shorewall/rules
++ IFS=
++ return
+ echo ''Processing /etc/shorewall/rules...''
+ process_rules
+ read xtarget xclients xservers xprotocol xports xcports xaddress
xratelimit xuserspec
+ temp=ACCEPT
+ do_it
+ expandv xclients xservers xprotocol xports xcports xaddress xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=net
+ eval ''xclients="net"''
++ xclients=net
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=fw
+ eval ''xservers="fw"''
++ xservers=fw
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=8
+ eval ''xports="8"''
++ xports=8
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xnet = xall '']''
+ ''['' xfw = xall '']''
+ process_rule ACCEPT net fw icmp 8
+ local target=ACCEPT
+ local clients=net
+ local servers=fw
+ local protocol=icmp
+ local ports=8
+ local cports+ local address+ local ratelimit+ local userspec+ local
userandgroup++ echo ACCEPT net fw icmp 8
+ local ''rule=ACCEPT net fw icmp 8''
+ local logtag+ local nonat+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ ''['' ACCEPT = ACCEPT '']''
+ dnat_only+ ''['' x = x- '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' net = net '']''
+ clientzone=net
+ clients+ ''['' net = net '']''
+ excludezones+ validate_zone net
+ list_search net net fw
+ local e=net
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ source=net
+ ''['' net = fw '']''
+ ''['' -n '''' '']''
+ eval ''source_hosts="$net_hosts"''
++ source_hosts=eth0:0.0.0.0/0
+ ''['' fw = fw '']''
+ serverzone=fw
+ servers+ serverport+ validate_zone fw
+ list_search fw net fw
+ local e=fw
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ dest=fw
+ chain=net2fw
+ eval ''policy=$net2fw_policy''
++ policy=DROP
+ ''['' -z DROP '']''
+ ''['' DROP = NONE '']''
+ ''['' start = check '']''
+ ensurechain net2fw
+ havechain net2fw
++ chain_base net2fw
++ local c=net2fw
++ true
++ echo net2fw
++ return
+ local c=net2fw
+ eval test ''"$exists_net2fw"'' = Yes
++ test '''' = Yes
+ createchain net2fw yes
++ chain_base net2fw
++ local c=net2fw
++ true
++ echo net2fw
++ return
+ local c=net2fw
+ run_iptables -N net2fw
+ ''['' -n '''' '']''
+ iptables -N net2fw
+ ''['' yes = yes '']''
+ run_iptables -A net2fw -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A net2fw -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -z Yes '']''
+ eval exists_net2fw=Yes
++ exists_net2fw=Yes
+ protocol=icmp
+ ''['' -n Yes '']''
+ list_search icmp icmp ICMP 1
+ local e=icmp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xicmp = xicmp '']''
+ return 0
+ multioption++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list 8
++ local list
++ local part
++ local newlist
++ list=8
++ part=8
++ newlist=8
++ ''['' x8 ''!='' x8 '']''
++ echo 8
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ add_a_rule
+ local natrule+ cli+ dest_interface+ serv+ sports+ dports+ proto=icmp
+ addr+ servport+ multiport+ ''['' x8 = x- '']''
+ ''['' x- = x- '']''
+ cport+ ''['' -n 8 '']''
+ dports=--icmp-type 8
+ proto=-p icmp
+ ''['' ACCEPT = REJECT -a -n ''''
'']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z '''' -a -z
'''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT ''!='' LOG '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT ''!='' NONAT
'']''
+ run_iptables2 -A net2fw -p icmp --icmp-type 8 -j ACCEPT
+ ''['' ''x-A net2fw -p icmp --icmp-type 8 -j
ACCEPT'' = ''x-A net2fw -p icmp
--icmp-type 8 -j ACCEPT'' '']''
+ run_iptables -A net2fw -p icmp --icmp-type 8 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A net2fw -p icmp --icmp-type 8 -j ACCEPT
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "ACCEPT net fw icmp 8"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "ACCEPT net fw icmp 8" added.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
xratelimit xuserspec
+ temp=ACCEPT
+ do_it
+ expandv xclients xservers xprotocol xports xcports xaddress xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=net
+ eval ''xservers="net"''
++ xservers=net
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xnet = xall '']''
+ process_rule ACCEPT fw net icmp
+ local target=ACCEPT
+ local clients=fw
+ local servers=net
+ local protocol=icmp
+ local ports+ local cports+ local address+ local ratelimit+ local userspec+
local userandgroup++ echo ACCEPT fw net icmp
+ local ''rule=ACCEPT fw net icmp''
+ local logtag+ local nonat+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ ''['' ACCEPT = ACCEPT '']''
+ dnat_only+ ''['' x = x- '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw net fw
+ local e=fw
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xnet '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' net = net '']''
+ serverzone=net
+ servers+ serverport+ validate_zone net
+ list_search net net fw
+ local e=net
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xnet = xnet '']''
+ return 0
+ dest=net
+ chain=fw2net
+ eval ''policy=$fw2net_policy''
++ policy=ACCEPT
+ ''['' -z ACCEPT '']''
+ ''['' ACCEPT = NONE '']''
+ ''['' start = check '']''
+ ensurechain fw2net
+ havechain fw2net
++ chain_base fw2net
++ local c=fw2net
++ true
++ echo fw2net
++ return
+ local c=fw2net
+ eval test ''"$exists_fw2net"'' = Yes
++ test '''' = Yes
+ createchain fw2net yes
++ chain_base fw2net
++ local c=fw2net
++ true
++ echo fw2net
++ return
+ local c=fw2net
+ run_iptables -N fw2net
+ ''['' -n '''' '']''
+ iptables -N fw2net
+ ''['' yes = yes '']''
+ run_iptables -A fw2net -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A fw2net -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -z Yes '']''
+ eval exists_fw2net=Yes
++ exists_fw2net=Yes
+ protocol=icmp
+ ''['' -n Yes '']''
+ list_search icmp icmp ICMP 1
+ local e=icmp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xicmp = xicmp '']''
+ return 0
+ multioption++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ add_a_rule
+ local natrule+ cli+ dest_interface+ serv+ sports+ dports+ proto=icmp
+ addr+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p icmp
+ ''['' ACCEPT = REJECT -a -n ''''
'']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z '''' -a -z
'''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT ''!='' LOG '']''
+ ''['' -n '''' '']''
+ ''['' ACCEPT ''!='' NONAT
'']''
+ run_iptables2 -A fw2net -p icmp -j ACCEPT
+ ''['' ''x-A fw2net -p icmp -j ACCEPT'' =
''x-A fw2net -p icmp -j ACCEPT''
'']''
+ run_iptables -A fw2net -p icmp -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A fw2net -p icmp -j ACCEPT
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "ACCEPT fw net icmp"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "ACCEPT fw net icmp" added.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
xratelimit xuserspec
+ echo ''Processing Actions...''
+ process_actions2
+ changed=Yes
+ ''['' -n Yes '']''
+ changed+ eval ''required="$requiredby_Drop"''
++ required= RejectAuth dropBcast dropInvalid DropSMB DropUPnP
dropNotSyn DropDNSrep
+ list_search RejectAuth Drop Reject
+ local e=RejectAuth
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDrop '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xReject '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth
+ ''['' start = check '']''
+ createactionchain RejectAuth
+ createchain RejectAuth no
++ chain_base RejectAuth
++ local c=RejectAuth
++ true
++ echo RejectAuth
++ return
+ local c=RejectAuth
+ run_iptables -N RejectAuth
+ ''['' -n '''' '']''
+ iptables -N RejectAuth
+ ''['' no = yes '']''
+ eval exists_RejectAuth=Yes
++ exists_RejectAuth=Yes
+ run_user_exit RejectAuth
++ find_file RejectAuth
++ local saveifs= directory
++ ''['' -n '''' -a -f /RejectAuth
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/RejectAuth '']''
++ ''['' -f /usr/share/shorewall/RejectAuth
'']''
++ IFS=
++ echo /etc/shorewall/RejectAuth
+ local user_exit=/etc/shorewall/RejectAuth
+ ''['' -f /etc/shorewall/RejectAuth '']''
+ changed=Yes
+ list_search dropBcast Drop Reject RejectAuth
+ local e=dropBcast
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xDrop '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xReject '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xRejectAuth '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast
+ ''['' start = check '']''
+ createactionchain dropBcast
+ createchain dropBcast no
++ chain_base dropBcast
++ local c=dropBcast
++ true
++ echo dropBcast
++ return
+ local c=dropBcast
+ run_iptables -N dropBcast
+ ''['' -n '''' '']''
+ iptables -N dropBcast
+ ''['' no = yes '']''
+ eval exists_dropBcast=Yes
++ exists_dropBcast=Yes
+ run_user_exit dropBcast
++ find_file dropBcast
++ local saveifs= directory
++ ''['' -n '''' -a -f /dropBcast
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/dropBcast '']''
++ ''['' -f /usr/share/shorewall/dropBcast '']''
++ IFS=
++ echo /etc/shorewall/dropBcast
+ local user_exit=/etc/shorewall/dropBcast
+ ''['' -f /etc/shorewall/dropBcast '']''
+ changed=Yes
+ list_search dropInvalid Drop Reject RejectAuth dropBcast
+ local e=dropInvalid
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xDrop '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xReject '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xRejectAuth '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid
+ ''['' start = check '']''
+ createactionchain dropInvalid
+ createchain dropInvalid no
++ chain_base dropInvalid
++ local c=dropInvalid
++ true
++ echo dropInvalid
++ return
+ local c=dropInvalid
+ run_iptables -N dropInvalid
+ ''['' -n '''' '']''
+ iptables -N dropInvalid
+ ''['' no = yes '']''
+ eval exists_dropInvalid=Yes
++ exists_dropInvalid=Yes
+ run_user_exit dropInvalid
++ find_file dropInvalid
++ local saveifs= directory
++ ''['' -n '''' -a -f /dropInvalid
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/dropInvalid '']''
++ ''['' -f /usr/share/shorewall/dropInvalid
'']''
++ IFS=
++ echo /etc/shorewall/dropInvalid
+ local user_exit=/etc/shorewall/dropInvalid
+ ''['' -f /etc/shorewall/dropInvalid '']''
+ changed=Yes
+ list_search DropSMB Drop Reject RejectAuth dropBcast dropInvalid
+ local e=DropSMB
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xDrop '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xReject '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xRejectAuth '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid DropSMB
+ ''['' start = check '']''
+ createactionchain DropSMB
+ createchain DropSMB no
++ chain_base DropSMB
++ local c=DropSMB
++ true
++ echo DropSMB
++ return
+ local c=DropSMB
+ run_iptables -N DropSMB
+ ''['' -n '''' '']''
+ iptables -N DropSMB
+ ''['' no = yes '']''
+ eval exists_DropSMB=Yes
++ exists_DropSMB=Yes
+ run_user_exit DropSMB
++ find_file DropSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /DropSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/DropSMB '']''
++ ''['' -f /usr/share/shorewall/DropSMB '']''
++ IFS=
++ echo /etc/shorewall/DropSMB
+ local user_exit=/etc/shorewall/DropSMB
+ ''['' -f /etc/shorewall/DropSMB '']''
+ changed=Yes
+ list_search DropUPnP Drop Reject RejectAuth dropBcast dropInvalid
DropSMB
+ local e=DropUPnP
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDrop '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xReject '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectAuth '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid DropSMB
DropUPnP
+ ''['' start = check '']''
+ createactionchain DropUPnP
+ createchain DropUPnP no
++ chain_base DropUPnP
++ local c=DropUPnP
++ true
++ echo DropUPnP
++ return
+ local c=DropUPnP
+ run_iptables -N DropUPnP
+ ''['' -n '''' '']''
+ iptables -N DropUPnP
+ ''['' no = yes '']''
+ eval exists_DropUPnP=Yes
++ exists_DropUPnP=Yes
+ run_user_exit DropUPnP
++ find_file DropUPnP
++ local saveifs= directory
++ ''['' -n '''' -a -f /DropUPnP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/DropUPnP '']''
++ ''['' -f /usr/share/shorewall/DropUPnP '']''
++ IFS=
++ echo /etc/shorewall/DropUPnP
+ local user_exit=/etc/shorewall/DropUPnP
+ ''['' -f /etc/shorewall/DropUPnP '']''
+ changed=Yes
+ list_search dropNotSyn Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP
+ local e=dropNotSyn
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDrop '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xReject '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xRejectAuth '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropInvalid '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropSMB '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropUPnP '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid DropSMB
DropUPnP dropNotSyn
+ ''['' start = check '']''
+ createactionchain dropNotSyn
+ createchain dropNotSyn no
++ chain_base dropNotSyn
++ local c=dropNotSyn
++ true
++ echo dropNotSyn
++ return
+ local c=dropNotSyn
+ run_iptables -N dropNotSyn
+ ''['' -n '''' '']''
+ iptables -N dropNotSyn
+ ''['' no = yes '']''
+ eval exists_dropNotSyn=Yes
++ exists_dropNotSyn=Yes
+ run_user_exit dropNotSyn
++ find_file dropNotSyn
++ local saveifs= directory
++ ''['' -n '''' -a -f /dropNotSyn
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/dropNotSyn '']''
++ ''['' -f /usr/share/shorewall/dropNotSyn
'']''
++ IFS=
++ echo /etc/shorewall/dropNotSyn
+ local user_exit=/etc/shorewall/dropNotSyn
+ ''['' -f /etc/shorewall/dropNotSyn '']''
+ changed=Yes
+ list_search DropDNSrep Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn
+ local e=DropDNSrep
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDrop '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xReject '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid DropSMB
DropUPnP dropNotSyn DropDNSrep
+ ''['' start = check '']''
+ createactionchain DropDNSrep
+ createchain DropDNSrep no
++ chain_base DropDNSrep
++ local c=DropDNSrep
++ true
++ echo DropDNSrep
++ return
+ local c=DropDNSrep
+ run_iptables -N DropDNSrep
+ ''['' -n '''' '']''
+ iptables -N DropDNSrep
+ ''['' no = yes '']''
+ eval exists_DropDNSrep=Yes
++ exists_DropDNSrep=Yes
+ run_user_exit DropDNSrep
++ find_file DropDNSrep
++ local saveifs= directory
++ ''['' -n '''' -a -f /DropDNSrep
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/DropDNSrep '']''
++ ''['' -f /usr/share/shorewall/DropDNSrep
'']''
++ IFS=
++ echo /etc/shorewall/DropDNSrep
+ local user_exit=/etc/shorewall/DropDNSrep
+ ''['' -f /etc/shorewall/DropDNSrep '']''
+ changed=Yes
+ eval ''required="$requiredby_Reject"''
++ required= RejectAuth dropBcast dropInvalid RejectSMB DropUPnP
dropNotSyn DropDNSrep
+ list_search RejectAuth Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep
+ local e=RejectAuth
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDrop '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xReject '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ list_search dropBcast Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep
+ local e=dropBcast
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xDrop '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xReject '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xRejectAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ list_search dropInvalid Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep
+ local e=dropInvalid
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xDrop '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xReject '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xRejectAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ list_search RejectSMB Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep
+ local e=RejectSMB
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDrop '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xReject '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xRejectAuth '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropUPnP '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropDNSrep '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ USEDACTIONS= Drop Reject RejectAuth dropBcast dropInvalid DropSMB
DropUPnP dropNotSyn DropDNSrep RejectSMB
+ ''['' start = check '']''
+ createactionchain RejectSMB
+ createchain RejectSMB no
++ chain_base RejectSMB
++ local c=RejectSMB
++ true
++ echo RejectSMB
++ return
+ local c=RejectSMB
+ run_iptables -N RejectSMB
+ ''['' -n '''' '']''
+ iptables -N RejectSMB
+ ''['' no = yes '']''
+ eval exists_RejectSMB=Yes
++ exists_RejectSMB=Yes
+ run_user_exit RejectSMB
++ find_file RejectSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /RejectSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/RejectSMB '']''
++ ''['' -f /usr/share/shorewall/RejectSMB '']''
++ IFS=
++ echo /etc/shorewall/RejectSMB
+ local user_exit=/etc/shorewall/RejectSMB
+ ''['' -f /etc/shorewall/RejectSMB '']''
+ changed=Yes
+ list_search DropUPnP Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropUPnP
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ list_search dropNotSyn Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropNotSyn
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ list_search DropDNSrep Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropDNSrep
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ ''['' -n Yes '']''
+ changed+ eval ''required="$requiredby_Drop"''
++ required= RejectAuth dropBcast dropInvalid DropSMB DropUPnP
dropNotSyn DropDNSrep
+ list_search RejectAuth Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=RejectAuth
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ list_search dropBcast Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropBcast
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ list_search dropInvalid Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropInvalid
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ list_search DropSMB Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropSMB
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropSMB = xDropSMB '']''
+ return 0
+ list_search DropUPnP Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropUPnP
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ list_search dropNotSyn Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropNotSyn
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ list_search DropDNSrep Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropDNSrep
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''required="$requiredby_Reject"''
++ required= RejectAuth dropBcast dropInvalid RejectSMB DropUPnP
dropNotSyn DropDNSrep
+ list_search RejectAuth Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=RejectAuth
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectAuth = xRejectAuth '']''
+ return 0
+ list_search dropBcast Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropBcast
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropBcast = xdropBcast '']''
+ return 0
+ list_search dropInvalid Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropInvalid
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropInvalid = xdropInvalid '']''
+ return 0
+ list_search RejectSMB Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=RejectSMB
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xdropNotSyn '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xDropDNSrep '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xRejectSMB = xRejectSMB '']''
+ return 0
+ list_search DropUPnP Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropUPnP
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropUPnP = xDropUPnP '']''
+ return 0
+ list_search dropNotSyn Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=dropNotSyn
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xdropNotSyn = xdropNotSyn '']''
+ return 0
+ list_search DropDNSrep Drop Reject RejectAuth dropBcast dropInvalid
DropSMB DropUPnP dropNotSyn DropDNSrep RejectSMB
+ local e=DropDNSrep
+ ''['' 11 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDrop '']''
+ ''['' 10 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xReject '']''
+ ''['' 9 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xRejectAuth '']''
+ ''['' 8 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropBcast '']''
+ ''['' 7 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropInvalid '']''
+ ''['' 6 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropSMB '']''
+ ''['' 5 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropUPnP '']''
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xdropNotSyn '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xDropDNSrep = xDropDNSrep '']''
+ return 0
+ eval ''required="$requiredby_RejectAuth"''
++ required+ eval ''required="$requiredby_dropBcast"''
++ required+ eval
''required="$requiredby_dropInvalid"''
++ required+ eval ''required="$requiredby_DropSMB"''
++ required+ eval ''required="$requiredby_DropUPnP"''
++ required+ eval
''required="$requiredby_dropNotSyn"''
++ required+ eval
''required="$requiredby_DropDNSrep"''
++ required+ eval ''required="$requiredby_RejectSMB"''
++ required+ ''['' -n '''' '']''
+ f=action.Drop
++ find_file action.Drop
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.Drop
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.Drop '']''
++ ''['' -f /usr/share/shorewall/action.Drop
'']''
++ echo /usr/share/shorewall/action.Drop
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.Drop
+ echo ''Processing /usr/share/shorewall/action.Drop...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop RejectAuth
+ local action=Drop
+ local target=RejectAuth
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo RejectAuth
+ local rule=RejectAuth
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' RejectAuth = RejectAuth '']''
+ loglevel+ logtarget=RejectAuth
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j RejectAuth
+ ''['' ''x-A Drop -p all -j RejectAuth'' =
''x-A Drop -p all -j RejectAuth''
'']''
+ run_iptables -A Drop -p all -j RejectAuth
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j RejectAuth
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "RejectAuth" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "RejectAuth" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop dropBcast
+ local action=Drop
+ local target=dropBcast
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropBcast
+ local rule=dropBcast
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropBcast = dropBcast '']''
+ loglevel+ logtarget=dropBcast
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j dropBcast
+ ''['' ''x-A Drop -p all -j dropBcast'' =
''x-A Drop -p all -j dropBcast''
'']''
+ run_iptables -A Drop -p all -j dropBcast
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j dropBcast
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropBcast" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropBcast" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop dropInvalid
+ local action=Drop
+ local target=dropInvalid
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropInvalid
+ local rule=dropInvalid
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropInvalid = dropInvalid '']''
+ loglevel+ logtarget=dropInvalid
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j dropInvalid
+ ''['' ''x-A Drop -p all -j dropInvalid'' =
''x-A Drop -p all -j
dropInvalid'' '']''
+ run_iptables -A Drop -p all -j dropInvalid
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j dropInvalid
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropInvalid" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropInvalid" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropSMB
+ eval ''xtarget="DropSMB"''
++ xtarget=DropSMB
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop DropSMB
+ local action=Drop
+ local target=DropSMB
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo DropSMB
+ local rule=DropSMB
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DropSMB = DropSMB '']''
+ loglevel+ logtarget=DropSMB
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j DropSMB
+ ''['' ''x-A Drop -p all -j DropSMB'' =
''x-A Drop -p all -j DropSMB'' '']''
+ run_iptables -A Drop -p all -j DropSMB
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j DropSMB
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DropSMB" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DropSMB" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop DropUPnP
+ local action=Drop
+ local target=DropUPnP
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo DropUPnP
+ local rule=DropUPnP
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DropUPnP = DropUPnP '']''
+ loglevel+ logtarget=DropUPnP
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j DropUPnP
+ ''['' ''x-A Drop -p all -j DropUPnP'' =
''x-A Drop -p all -j DropUPnP'' '']''
+ run_iptables -A Drop -p all -j DropUPnP
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j DropUPnP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DropUPnP" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DropUPnP" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop dropNotSyn
+ local action=Drop
+ local target=dropNotSyn
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropNotSyn
+ local rule=dropNotSyn
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropNotSyn = dropNotSyn '']''
+ loglevel+ logtarget=dropNotSyn
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j dropNotSyn
+ ''['' ''x-A Drop -p all -j dropNotSyn'' =
''x-A Drop -p all -j dropNotSyn''
'']''
+ run_iptables -A Drop -p all -j dropNotSyn
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j dropNotSyn
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropNotSyn" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropNotSyn" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Drop DropDNSrep
+ local action=Drop
+ local target=DropDNSrep
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo DropDNSrep
+ local rule=DropDNSrep
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DropDNSrep = DropDNSrep '']''
+ loglevel+ logtarget=DropDNSrep
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Drop -p all -j DropDNSrep
+ ''['' ''x-A Drop -p all -j DropDNSrep'' =
''x-A Drop -p all -j DropDNSrep''
'']''
+ run_iptables -A Drop -p all -j DropDNSrep
+ ''['' -n '''' '']''
+ iptables -A Drop -p all -j DropDNSrep
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DropDNSrep" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DropDNSrep" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ f=action.Reject
++ find_file action.Reject
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.Reject
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.Reject '']''
++ ''['' -f /usr/share/shorewall/action.Reject
'']''
++ echo /usr/share/shorewall/action.Reject
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.Reject
+ echo ''Processing /usr/share/shorewall/action.Reject...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectAuth
+ eval ''xtarget="RejectAuth"''
++ xtarget=RejectAuth
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject RejectAuth
+ local action=Reject
+ local target=RejectAuth
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo RejectAuth
+ local rule=RejectAuth
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' RejectAuth = RejectAuth '']''
+ loglevel+ logtarget=RejectAuth
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j RejectAuth
+ ''['' ''x-A Reject -p all -j RejectAuth'' =
''x-A Reject -p all -j
RejectAuth'' '']''
+ run_iptables -A Reject -p all -j RejectAuth
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j RejectAuth
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "RejectAuth" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "RejectAuth" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropBcast
+ eval ''xtarget="dropBcast"''
++ xtarget=dropBcast
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject dropBcast
+ local action=Reject
+ local target=dropBcast
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropBcast
+ local rule=dropBcast
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropBcast = dropBcast '']''
+ loglevel+ logtarget=dropBcast
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j dropBcast
+ ''['' ''x-A Reject -p all -j dropBcast'' =
''x-A Reject -p all -j
dropBcast'' '']''
+ run_iptables -A Reject -p all -j dropBcast
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j dropBcast
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropBcast" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropBcast" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropInvalid
+ eval ''xtarget="dropInvalid"''
++ xtarget=dropInvalid
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject dropInvalid
+ local action=Reject
+ local target=dropInvalid
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropInvalid
+ local rule=dropInvalid
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropInvalid = dropInvalid '']''
+ loglevel+ logtarget=dropInvalid
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j dropInvalid
+ ''['' ''x-A Reject -p all -j dropInvalid'' =
''x-A Reject -p all -j
dropInvalid'' '']''
+ run_iptables -A Reject -p all -j dropInvalid
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j dropInvalid
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropInvalid" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropInvalid" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=RejectSMB
+ eval ''xtarget="RejectSMB"''
++ xtarget=RejectSMB
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject RejectSMB
+ local action=Reject
+ local target=RejectSMB
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo RejectSMB
+ local rule=RejectSMB
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' RejectSMB = RejectSMB '']''
+ loglevel+ logtarget=RejectSMB
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j RejectSMB
+ ''['' ''x-A Reject -p all -j RejectSMB'' =
''x-A Reject -p all -j
RejectSMB'' '']''
+ run_iptables -A Reject -p all -j RejectSMB
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j RejectSMB
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "RejectSMB" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "RejectSMB" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropUPnP
+ eval ''xtarget="DropUPnP"''
++ xtarget=DropUPnP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject DropUPnP
+ local action=Reject
+ local target=DropUPnP
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo DropUPnP
+ local rule=DropUPnP
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DropUPnP = DropUPnP '']''
+ loglevel+ logtarget=DropUPnP
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j DropUPnP
+ ''['' ''x-A Reject -p all -j DropUPnP'' =
''x-A Reject -p all -j DropUPnP''
'']''
+ run_iptables -A Reject -p all -j DropUPnP
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j DropUPnP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DropUPnP" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DropUPnP" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=dropNotSyn
+ eval ''xtarget="dropNotSyn"''
++ xtarget=dropNotSyn
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject dropNotSyn
+ local action=Reject
+ local target=dropNotSyn
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo dropNotSyn
+ local rule=dropNotSyn
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' dropNotSyn = dropNotSyn '']''
+ loglevel+ logtarget=dropNotSyn
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j dropNotSyn
+ ''['' ''x-A Reject -p all -j dropNotSyn'' =
''x-A Reject -p all -j
dropNotSyn'' '']''
+ run_iptables -A Reject -p all -j dropNotSyn
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j dropNotSyn
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "dropNotSyn" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "dropNotSyn" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DropDNSrep
+ eval ''xtarget="DropDNSrep"''
++ xtarget=DropDNSrep
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval+ eval ''xclients=""''
++ xclients+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval+ eval ''xservers=""''
++ xservers+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval+ eval ''xprotocol=""''
++ xprotocol+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action Reject DropDNSrep
+ local action=Reject
+ local target=DropDNSrep
+ local clients+ local servers+ local protocol+ local ports+ local cports+ local
ratelimit+ local userspec++ echo DropDNSrep
+ local rule=DropDNSrep
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DropDNSrep = DropDNSrep '']''
+ loglevel+ logtarget=DropDNSrep
+ ''['' x = x- '']''
+ protocol=all
+ ''['' -n Yes '']''
+ list_search all icmp ICMP 1
+ local e=all
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xall = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xall = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xall = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=all
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x- = x- '']''
+ cport+ ''['' -n '''' '']''
+ proto=-p all
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A Reject -p all -j DropDNSrep
+ ''['' ''x-A Reject -p all -j DropDNSrep'' =
''x-A Reject -p all -j
DropDNSrep'' '']''
+ run_iptables -A Reject -p all -j DropDNSrep
+ ''['' -n '''' '']''
+ iptables -A Reject -p all -j DropDNSrep
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DropDNSrep" added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DropDNSrep" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ f=action.RejectAuth
++ find_file action.RejectAuth
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.RejectAuth
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.RejectAuth
'']''
++ ''['' -f /usr/share/shorewall/action.RejectAuth
'']''
++ echo /usr/share/shorewall/action.RejectAuth
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.RejectAuth
+ echo ''Processing /usr/share/shorewall/action.RejectAuth...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=113
+ eval ''xports="113"''
++ xports=113
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectAuth REJECT - - tcp 113
+ local action=RejectAuth
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=113
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - tcp 113
+ local ''rule=REJECT - - tcp 113''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 113
+++ separate_list 113
+++ local list
+++ local part
+++ local newlist
+++ list=113
+++ part=113
+++ newlist=113
+++ ''['' x113 ''!='' x113 '']''
+++ echo 113
++ list_count1 113
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 113 = 113 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=113
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x113 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 113 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 113
''!='' 113 '']''
+ dports=--dport 113
+ ''['' -n '''' '']''
+ ''['' reject = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectAuth -p tcp --dport 113 -j reject
+ ''['' ''x-A RejectAuth -p tcp --dport 113 -j
reject'' = ''x-A RejectAuth -p
tcp --dport 113 -j reject'' '']''
+ run_iptables -A RejectAuth -p tcp --dport 113 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectAuth -p tcp --dport 113 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - tcp 113"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - tcp 113" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ ''['' start ''!='' check '']''
+ ''['' -n Yes '']''
+ qt iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP
+ iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP
+ qt iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP
+ iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP
+ ''['' start ''!='' check '']''
+ run_iptables -A dropInvalid -m state --state INVALID -j DROP
+ ''['' -n '''' '']''
+ iptables -A dropInvalid -m state --state INVALID -j DROP
+ f=action.DropSMB
++ find_file action.DropSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropSMB '']''
++ ''['' -f /usr/share/shorewall/action.DropSMB
'']''
++ echo /usr/share/shorewall/action.DropSMB
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropSMB
+ echo ''Processing /usr/share/shorewall/action.DropSMB...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=135
+ eval ''xports="135"''
++ xports=135
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - udp 135
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=135
+ local cports+ local ratelimit+ local userspec++ echo DROP - - udp 135
+ local ''rule=DROP - - udp 135''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 135
+++ separate_list 135
+++ local list
+++ local part
+++ local newlist
+++ list=135
+++ part=135
+++ newlist=135
+++ ''['' x135 ''!='' x135 '']''
+++ echo 135
++ list_count1 135
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 135 = 135 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=135
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x135 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 135 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 135
''!='' 135 '']''
+ dports=--dport 135
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p udp --dport 135 -j DROP
+ ''['' ''x-A DropSMB -p udp --dport 135 -j
DROP'' = ''x-A DropSMB -p udp
--dport 135 -j DROP'' '']''
+ run_iptables -A DropSMB -p udp --dport 135 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p udp --dport 135 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - udp 135"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - udp 135" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=137:139
+ eval ''xports="137:139"''
++ xports=137:139
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - udp 137:139
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=137:139
+ local cports+ local ratelimit+ local userspec++ echo DROP - - udp 137:139
+ local ''rule=DROP - - udp 137:139''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 137:139
+++ separate_list 137:139
+++ local list
+++ local part
+++ local newlist
+++ list=137:139
+++ part=137:139
+++ newlist=137:139
+++ ''['' x137:139 ''!='' x137:139
'']''
+++ echo 137:139
++ list_count1 137:139
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 137:139 = 137 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list 137:139
++ local list
++ local part
++ local newlist
++ list=137:139
++ part=137:139
++ newlist=137:139
++ ''['' x137:139 ''!='' x137:139
'']''
++ echo 137:139
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x137:139 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 137:139 '']''
+ dports=--dport
+ ''['' -n '''' -a 137:139
''!='' 137:139 '']''
+ dports=--dport 137:139
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p udp --dport 137:139 -j DROP
+ ''['' ''x-A DropSMB -p udp --dport 137:139 -j
DROP'' = ''x-A DropSMB -p udp
--dport 137:139 -j DROP'' '']''
+ run_iptables -A DropSMB -p udp --dport 137:139 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p udp --dport 137:139 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - udp 137:139"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - udp 137:139" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=445
+ eval ''xports="445"''
++ xports=445
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - udp 445
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=445
+ local cports+ local ratelimit+ local userspec++ echo DROP - - udp 445
+ local ''rule=DROP - - udp 445''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 445
+++ separate_list 445
+++ local list
+++ local part
+++ local newlist
+++ list=445
+++ part=445
+++ newlist=445
+++ ''['' x445 ''!='' x445 '']''
+++ echo 445
++ list_count1 445
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 445 = 445 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=445
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x445 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 445 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 445
''!='' 445 '']''
+ dports=--dport 445
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p udp --dport 445 -j DROP
+ ''['' ''x-A DropSMB -p udp --dport 445 -j
DROP'' = ''x-A DropSMB -p udp
--dport 445 -j DROP'' '']''
+ run_iptables -A DropSMB -p udp --dport 445 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p udp --dport 445 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - udp 445"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - udp 445" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=135
+ eval ''xports="135"''
++ xports=135
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - tcp 135
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=135
+ local cports+ local ratelimit+ local userspec++ echo DROP - - tcp 135
+ local ''rule=DROP - - tcp 135''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 135
+++ separate_list 135
+++ local list
+++ local part
+++ local newlist
+++ list=135
+++ part=135
+++ newlist=135
+++ ''['' x135 ''!='' x135 '']''
+++ echo 135
++ list_count1 135
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 135 = 135 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=135
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x135 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 135 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 135
''!='' 135 '']''
+ dports=--dport 135
+ ''['' -n '''' '']''
+ ''['' DROP = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p tcp --dport 135 -j DROP
+ ''['' ''x-A DropSMB -p tcp --dport 135 -j
DROP'' = ''x-A DropSMB -p tcp
--dport 135 -j DROP'' '']''
+ run_iptables -A DropSMB -p tcp --dport 135 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p tcp --dport 135 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - tcp 135"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - tcp 135" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=139
+ eval ''xports="139"''
++ xports=139
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - tcp 139
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=139
+ local cports+ local ratelimit+ local userspec++ echo DROP - - tcp 139
+ local ''rule=DROP - - tcp 139''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 139
+++ separate_list 139
+++ local list
+++ local part
+++ local newlist
+++ list=139
+++ part=139
+++ newlist=139
+++ ''['' x139 ''!='' x139 '']''
+++ echo 139
++ list_count1 139
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 139 = 139 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=139
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x139 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 139 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 139
''!='' 139 '']''
+ dports=--dport 139
+ ''['' -n '''' '']''
+ ''['' DROP = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p tcp --dport 139 -j DROP
+ ''['' ''x-A DropSMB -p tcp --dport 139 -j
DROP'' = ''x-A DropSMB -p tcp
--dport 139 -j DROP'' '']''
+ run_iptables -A DropSMB -p tcp --dport 139 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p tcp --dport 139 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - tcp 139"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - tcp 139" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=445
+ eval ''xports="445"''
++ xports=445
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropSMB DROP - - tcp 445
+ local action=DropSMB
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=445
+ local cports+ local ratelimit+ local userspec++ echo DROP - - tcp 445
+ local ''rule=DROP - - tcp 445''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 445
+++ separate_list 445
+++ local list
+++ local part
+++ local newlist
+++ list=445
+++ part=445
+++ newlist=445
+++ ''['' x445 ''!='' x445 '']''
+++ echo 445
++ list_count1 445
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 445 = 445 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=445
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x445 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 445 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 445
''!='' 445 '']''
+ dports=--dport 445
+ ''['' -n '''' '']''
+ ''['' DROP = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropSMB -p tcp --dport 445 -j DROP
+ ''['' ''x-A DropSMB -p tcp --dport 445 -j
DROP'' = ''x-A DropSMB -p tcp
--dport 445 -j DROP'' '']''
+ run_iptables -A DropSMB -p tcp --dport 445 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropSMB -p tcp --dport 445 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - tcp 445"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - tcp 445" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ f=action.DropUPnP
++ find_file action.DropUPnP
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropUPnP
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropUPnP '']''
++ ''['' -f /usr/share/shorewall/action.DropUPnP
'']''
++ echo /usr/share/shorewall/action.DropUPnP
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropUPnP
+ echo ''Processing /usr/share/shorewall/action.DropUPnP...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=1900
+ eval ''xports="1900"''
++ xports=1900
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropUPnP DROP - - udp 1900
+ local action=DropUPnP
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=1900
+ local cports+ local ratelimit+ local userspec++ echo DROP - - udp 1900
+ local ''rule=DROP - - udp 1900''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 1900
+++ separate_list 1900
+++ local list
+++ local part
+++ local newlist
+++ list=1900
+++ part=1900
+++ newlist=1900
+++ ''['' x1900 ''!='' x1900
'']''
+++ echo 1900
++ list_count1 1900
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 1900 = 1900 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=1900
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x1900 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 1900 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 1900
''!='' 1900 '']''
+ dports=--dport 1900
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropUPnP -p udp --dport 1900 -j DROP
+ ''['' ''x-A DropUPnP -p udp --dport 1900 -j
DROP'' = ''x-A DropUPnP -p udp
--dport 1900 -j DROP'' '']''
+ run_iptables -A DropUPnP -p udp --dport 1900 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropUPnP -p udp --dport 1900 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - udp 1900"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - udp 1900" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ ''['' start ''!='' check '']''
+ run_iptables -A dropNotSyn -p tcp ''!'' --syn -j DROP
+ ''['' -n '''' '']''
+ iptables -A dropNotSyn -p tcp ''!'' --syn -j DROP
+ f=action.DropDNSrep
++ find_file action.DropDNSrep
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.DropDNSrep
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.DropDNSrep
'']''
++ ''['' -f /usr/share/shorewall/action.DropDNSrep
'']''
++ echo /usr/share/shorewall/action.DropDNSrep
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.DropDNSrep
+ echo ''Processing /usr/share/shorewall/action.DropDNSrep...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=DROP
+ eval ''xtarget="DROP"''
++ xtarget=DROP
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=-
+ eval ''xports="-"''
++ xports=-
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval=53
+ eval ''xcports="53"''
++ xcports=53
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action DropDNSrep DROP - - udp - 53
+ local action=DropDNSrep
+ local target=DROP
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=-
+ local cports=53
+ local ratelimit+ local userspec++ echo DROP - - udp - 53
+ local ''rule=DROP - - udp - 53''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' DROP = DROP '']''
+ loglevel+ logtarget=DROP
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count -
+++ separate_list -
+++ local list
+++ local part
+++ local newlist
+++ list=-
+++ part=-
+++ newlist=-
+++ ''['' x- ''!='' x- '']''
+++ echo -
++ list_count1 -
++ echo 1
++ list_count 53
+++ separate_list 53
+++ local list
+++ local part
+++ local newlist
+++ list=53
+++ part=53
+++ newlist=53
+++ ''['' x53 ''!='' x53 '']''
+++ echo 53
++ list_count1 53
++ echo 1
+ ''['' - = - -a 53 = 53 -a 1 -le 15 -a 1 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=53
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x- = x- '']''
+ port+ ''['' x53 = x- '']''
+ do_ports
+ ''['' -n '''' '']''
+ ''['' -n 53 '']''
+ sports=--sport
+ ''['' -n ''-m multiport'' -a 53
''!='' 53 '']''
+ sports=--sport 53
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A DropDNSrep -p udp --sport 53 -j DROP
+ ''['' ''x-A DropDNSrep -p udp --sport 53 -j
DROP'' = ''x-A DropDNSrep -p
udp --sport 53 -j DROP'' '']''
+ run_iptables -A DropDNSrep -p udp --sport 53 -j DROP
+ ''['' -n '''' '']''
+ iptables -A DropDNSrep -p udp --sport 53 -j DROP
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "DROP - - udp - 53"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "DROP - - udp - 53" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ f=action.RejectSMB
++ find_file action.RejectSMB
++ local saveifs= directory
++ ''['' -n '''' -a -f /action.RejectSMB
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/action.RejectSMB
'']''
++ ''['' -f /usr/share/shorewall/action.RejectSMB
'']''
++ echo /usr/share/shorewall/action.RejectSMB
++ IFS=
++ return
+ fn=/usr/share/shorewall/action.RejectSMB
+ echo ''Processing /usr/share/shorewall/action.RejectSMB...''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=135
+ eval ''xports="135"''
++ xports=135
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - udp 135
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=135
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - udp 135
+ local ''rule=REJECT - - udp 135''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 135
+++ separate_list 135
+++ local list
+++ local part
+++ local newlist
+++ list=135
+++ part=135
+++ newlist=135
+++ ''['' x135 ''!='' x135 '']''
+++ echo 135
++ list_count1 135
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 135 = 135 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=135
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x135 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 135 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 135
''!='' 135 '']''
+ dports=--dport 135
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p udp --dport 135 -j reject
+ ''['' ''x-A RejectSMB -p udp --dport 135 -j
reject'' = ''x-A RejectSMB -p
udp --dport 135 -j reject'' '']''
+ run_iptables -A RejectSMB -p udp --dport 135 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p udp --dport 135 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - udp 135"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - udp 135" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=137:139
+ eval ''xports="137:139"''
++ xports=137:139
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - udp 137:139
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=137:139
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - udp 137:139
+ local ''rule=REJECT - - udp 137:139''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 137:139
+++ separate_list 137:139
+++ local list
+++ local part
+++ local newlist
+++ list=137:139
+++ part=137:139
+++ newlist=137:139
+++ ''['' x137:139 ''!='' x137:139
'']''
+++ echo 137:139
++ list_count1 137:139
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 137:139 = 137 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list 137:139
++ local list
++ local part
++ local newlist
++ list=137:139
++ part=137:139
++ newlist=137:139
++ ''['' x137:139 ''!='' x137:139
'']''
++ echo 137:139
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x137:139 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 137:139 '']''
+ dports=--dport
+ ''['' -n '''' -a 137:139
''!='' 137:139 '']''
+ dports=--dport 137:139
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p udp --dport 137:139 -j reject
+ ''['' ''x-A RejectSMB -p udp --dport 137:139 -j
reject'' = ''x-A RejectSMB
-p udp --dport 137:139 -j reject'' '']''
+ run_iptables -A RejectSMB -p udp --dport 137:139 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p udp --dport 137:139 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - udp 137:139"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - udp 137:139" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=445
+ eval ''xports="445"''
++ xports=445
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - udp 445
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=udp
+ local ports=445
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - udp 445
+ local ''rule=REJECT - - udp 445''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xudp = x- '']''
+ protocol=udp
+ ''['' -n Yes '']''
+ list_search udp icmp ICMP 1
+ local e=udp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xudp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xudp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xudp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 445
+++ separate_list 445
+++ local list
+++ local part
+++ local newlist
+++ list=445
+++ part=445
+++ newlist=445
+++ ''['' x445 ''!='' x445 '']''
+++ echo 445
++ list_count1 445
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 445 = 445 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=445
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=udp
+ servport+ multiport+ ''['' x445 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 445 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 445
''!='' 445 '']''
+ dports=--dport 445
+ ''['' -n '''' '']''
+ proto=-p udp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p udp --dport 445 -j reject
+ ''['' ''x-A RejectSMB -p udp --dport 445 -j
reject'' = ''x-A RejectSMB -p
udp --dport 445 -j reject'' '']''
+ run_iptables -A RejectSMB -p udp --dport 445 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p udp --dport 445 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - udp 445"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - udp 445" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=135
+ eval ''xports="135"''
++ xports=135
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - tcp 135
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=135
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - tcp 135
+ local ''rule=REJECT - - tcp 135''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 135
+++ separate_list 135
+++ local list
+++ local part
+++ local newlist
+++ list=135
+++ part=135
+++ newlist=135
+++ ''['' x135 ''!='' x135 '']''
+++ echo 135
++ list_count1 135
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 135 = 135 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=135
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x135 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 135 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 135
''!='' 135 '']''
+ dports=--dport 135
+ ''['' -n '''' '']''
+ ''['' reject = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p tcp --dport 135 -j reject
+ ''['' ''x-A RejectSMB -p tcp --dport 135 -j
reject'' = ''x-A RejectSMB -p
tcp --dport 135 -j reject'' '']''
+ run_iptables -A RejectSMB -p tcp --dport 135 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p tcp --dport 135 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - tcp 135"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - tcp 135" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=139
+ eval ''xports="139"''
++ xports=139
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - tcp 139
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=139
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - tcp 139
+ local ''rule=REJECT - - tcp 139''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 139
+++ separate_list 139
+++ local list
+++ local part
+++ local newlist
+++ list=139
+++ part=139
+++ newlist=139
+++ ''['' x139 ''!='' x139 '']''
+++ echo 139
++ list_count1 139
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 139 = 139 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=139
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x139 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 139 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 139
''!='' 139 '']''
+ dports=--dport 139
+ ''['' -n '''' '']''
+ ''['' reject = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p tcp --dport 139 -j reject
+ ''['' ''x-A RejectSMB -p tcp --dport 139 -j
reject'' = ''x-A RejectSMB -p
tcp --dport 139 -j reject'' '']''
+ run_iptables -A RejectSMB -p tcp --dport 139 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p tcp --dport 139 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - tcp 139"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - tcp 139" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ expandv xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
+ local varval
+ ''['' 8 -gt 0 '']''
+ eval ''varval=$xtarget''
++ varval=REJECT
+ eval ''xtarget="REJECT"''
++ xtarget=REJECT
+ shift
+ ''['' 7 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=-
+ eval ''xclients="-"''
++ xclients=-
+ shift
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=-
+ eval ''xservers="-"''
++ xservers=-
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=445
+ eval ''xports="445"''
++ xports=445
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xratelimit''
++ varval+ eval ''xratelimit=""''
++ xratelimit+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xuserspec''
++ varval+ eval ''xuserspec=""''
++ xuserspec+ shift
+ ''['' 0 -gt 0 '']''
+ process_action RejectSMB REJECT - - tcp 445
+ local action=RejectSMB
+ local target=REJECT
+ local clients=-
+ local servers=-
+ local protocol=tcp
+ local ports=445
+ local cports+ local ratelimit+ local userspec++ echo REJECT - - tcp 445
+ local ''rule=REJECT - - tcp 445''
+ local userandgroup+ local logtag+ ''['' -n
'''' '']''
+ ''['' x = x- '']''
+ ''['' -n '''' '']''
+ ''['' REJECT = REJECT '']''
+ loglevel+ logtarget=REJECT
+ target=reject
+ ''['' xtcp = x- '']''
+ protocol=tcp
+ ''['' -n Yes '']''
+ list_search tcp icmp ICMP 1
+ local e=tcp
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xtcp = xicmp '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xtcp = xICMP '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xtcp = x1 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
++ list_count 445
+++ separate_list 445
+++ local list
+++ local part
+++ local newlist
+++ list=445
+++ part=445
+++ newlist=445
+++ ''['' x445 ''!='' x445 '']''
+++ echo 445
++ list_count1 445
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ list_count1
++ echo 0
+ ''['' 445 = 445 -a '''' = ''''
-a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=445
+ cport=-
+ add_an_action
+ cli+ dest_interface+ serv+ sports+ dports+ proto=tcp
+ servport+ multiport+ ''['' x445 = x- '']''
+ ''['' x- = x- '']''
+ cport+ do_ports
+ ''['' -n 445 '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 445
''!='' 445 '']''
+ dports=--dport 445
+ ''['' -n '''' '']''
+ ''['' reject = QUEUE '']''
+ proto=-p tcp
+ ''['' start ''!='' check '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ run_iptables2 -A RejectSMB -p tcp --dport 445 -j reject
+ ''['' ''x-A RejectSMB -p tcp --dport 445 -j
reject'' = ''x-A RejectSMB -p
tcp --dport 445 -j reject'' '']''
+ run_iptables -A RejectSMB -p tcp --dport 445 -j reject
+ ''['' -n '''' '']''
+ iptables -A RejectSMB -p tcp --dport 445 -j reject
+ return
+ ''['' start = check '']''
+ progress_message '' Rule "REJECT - - tcp 445"
added.''
+ ''['' -n '''' '']''
+ echo '' Rule "REJECT - - tcp 445" added.''
+ read xtarget xclients xservers xprotocol xports xcports xratelimit
xuserspec
++ find_file policy
++ local saveifs= directory
++ ''['' -n '''' -a -f /policy
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/policy '']''
++ echo /etc/shorewall/policy
++ IFS=
++ return
+ echo ''Processing /etc/shorewall/policy...''
+ apply_policy_rules
+ eval ''policy=$fw2net_policy''
++ policy=ACCEPT
+ eval ''loglevel=$fw2net_loglevel''
++ loglevel+ eval ''synparams=$fw2net_synparams''
++ synparams+ ''['' -n ''''
'']''
+ havechain fw2net
++ chain_base fw2net
++ local c=fw2net
++ true
++ echo fw2net
++ return
+ local c=fw2net
+ eval test ''"$exists_fw2net"'' = Yes
++ test Yes = Yes
+ ''['' -n '''' '']''
+ eval ''policy=$net2all_policy''
++ policy=DROP
+ eval ''loglevel=$net2all_loglevel''
++ loglevel=info
+ eval ''synparams=$net2all_synparams''
++ synparams+ ''['' -n ''''
'']''
+ havechain net2all
++ chain_base net2all
++ local c=net2all
++ true
++ echo net2all
++ return
+ local c=net2all
+ eval test ''"$exists_net2all"'' = Yes
++ test '''' = Yes
+ createchain net2all yes
++ chain_base net2all
++ local c=net2all
++ true
++ echo net2all
++ return
+ local c=net2all
+ run_iptables -N net2all
+ ''['' -n '''' '']''
+ iptables -N net2all
+ ''['' yes = yes '']''
+ run_iptables -A net2all -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A net2all -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -z Yes '']''
+ eval exists_net2all=Yes
++ exists_net2all=Yes
+ policy_rules net2all DROP info
+ local target=DROP
+ ''['' -n Drop '']''
+ run_iptables -A net2all -j Drop
+ ''['' -n '''' '']''
+ iptables -A net2all -j Drop
+ ''['' 3 -eq 3 -a xinfo ''!='' x-
'']''
+ log_rule info net2all DROP
+ local level=info
+ local chain=net2all
+ local disposition=DROP
+ shift
+ shift
+ shift
+ log_rule_limit info net2all DROP '''' ''''
+ local level=info
+ local chain=net2all
+ local disposition=DROP
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: net2all DROP
+ prefix=Shorewall:net2all:DROP:
+ ''['' 23 -gt 29 '']''
+ iptables -A net2all -j LOG --log-level info --log-prefix
Shorewall:net2all:DROP:
+ ''['' 0 -ne 0 '']''
+ ''['' -n DROP '']''
+ run_iptables -A net2all -j DROP
+ ''['' -n '''' '']''
+ iptables -A net2all -j DROP
+ ''['' -n '''' '']''
+ eval ''policy=$all2all_policy''
++ policy=REJECT
+ eval ''loglevel=$all2all_loglevel''
++ loglevel=info
+ eval ''synparams=$all2all_synparams''
++ synparams+ ''['' -n ''''
'']''
+ havechain all2all
++ chain_base all2all
++ local c=all2all
++ true
++ echo all2all
++ return
+ local c=all2all
+ eval test ''"$exists_all2all"'' = Yes
++ test '''' = Yes
+ createchain all2all yes
++ chain_base all2all
++ local c=all2all
++ true
++ echo all2all
++ return
+ local c=all2all
+ run_iptables -N all2all
+ ''['' -n '''' '']''
+ iptables -N all2all
+ ''['' yes = yes '']''
+ run_iptables -A all2all -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A all2all -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -z Yes '']''
+ eval exists_all2all=Yes
++ exists_all2all=Yes
+ policy_rules all2all REJECT info
+ local target=REJECT
+ ''['' -n Reject '']''
+ run_iptables -A all2all -j Reject
+ ''['' -n '''' '']''
+ iptables -A all2all -j Reject
+ target=reject
+ ''['' 3 -eq 3 -a xinfo ''!='' x-
'']''
+ log_rule info all2all REJECT
+ local level=info
+ local chain=all2all
+ local disposition=REJECT
+ shift
+ shift
+ shift
+ log_rule_limit info all2all REJECT '''' ''''
+ local level=info
+ local chain=all2all
+ local disposition=REJECT
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: all2all REJECT
+ prefix=Shorewall:all2all:REJECT:
+ ''['' 25 -gt 29 '']''
+ iptables -A all2all -j LOG --log-level info --log-prefix
Shorewall:all2all:REJECT:
+ ''['' 0 -ne 0 '']''
+ ''['' -n reject '']''
+ run_iptables -A all2all -j reject
+ ''['' -n '''' '']''
+ iptables -A all2all -j reject
+ ''['' -n '''' '']''
+ chain=fw2fw
+ havechain fw2fw
++ chain_base fw2fw
++ local c=fw2fw
++ true
++ echo fw2fw
++ return
+ local c=fw2fw
+ eval test ''"$exists_fw2fw"'' = Yes
++ test '''' = Yes
+ chain=fw2net
+ havechain fw2net
++ chain_base fw2net
++ local c=fw2net
++ true
++ echo fw2net
++ return
+ local c=fw2net
+ eval test ''"$exists_fw2net"'' = Yes
++ test Yes = Yes
+ run_user_exit fw2net
++ find_file fw2net
++ local saveifs= directory
++ ''['' -n '''' -a -f /fw2net
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/fw2net '']''
++ ''['' -f /usr/share/shorewall/fw2net '']''
++ IFS=
++ echo /etc/shorewall/fw2net
+ local user_exit=/etc/shorewall/fw2net
+ ''['' -f /etc/shorewall/fw2net '']''
+ default_policy fw net
+ local chain=fw2net
+ local policy+ local loglevel+ local chain1
+ eval ''chain1=$fw2net_policychain''
++ chain1=fw2net
+ ''['' -n fw2net '']''
+ apply_default fw net
+ eval ''policy=$fw2net_policy''
++ policy=ACCEPT
+ eval ''loglevel=$fw2net_loglevel''
++ loglevel+ eval ''synparams=$fw2net_synparams''
++ synparams+ ''['' fw2net = fw2net '']''
+ policy_rules fw2net ACCEPT
+ local target=ACCEPT
+ ''['' -n '''' '']''
+ ''['' 2 -eq 3 -a x ''!='' x-
'']''
+ ''['' -n ACCEPT '']''
+ run_iptables -A fw2net -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -A fw2net -j ACCEPT
+ progress_message '' Policy ACCEPT for fw to net using chain
fw2net''
+ ''['' -n '''' '']''
+ echo '' Policy ACCEPT for fw to net using chain fw2net''
+ chain=net2fw
+ havechain net2fw
++ chain_base net2fw
++ local c=net2fw
++ true
++ echo net2fw
++ return
+ local c=net2fw
+ eval test ''"$exists_net2fw"'' = Yes
++ test Yes = Yes
+ run_user_exit net2fw
++ find_file net2fw
++ local saveifs= directory
++ ''['' -n '''' -a -f /net2fw
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/net2fw '']''
++ ''['' -f /usr/share/shorewall/net2fw '']''
++ IFS=
++ echo /etc/shorewall/net2fw
+ local user_exit=/etc/shorewall/net2fw
+ ''['' -f /etc/shorewall/net2fw '']''
+ default_policy net fw
+ local chain=net2fw
+ local policy+ local loglevel+ local chain1
+ eval ''chain1=$net2fw_policychain''
++ chain1=net2all
+ ''['' -n net2all '']''
+ apply_default net fw
+ eval ''policy=$net2all_policy''
++ policy=DROP
+ eval ''loglevel=$net2all_loglevel''
++ loglevel=info
+ eval ''synparams=$net2all_synparams''
++ synparams+ ''['' net2fw = net2all '']''
+ ''['' -n '''' '']''
+ jump_to_policy_chain
+ run_iptables -A net2fw -j net2all
+ ''['' -n '''' '']''
+ iptables -A net2fw -j net2all
+ chain=net2all
+ progress_message '' Policy DROP for net to fw using chain
net2all''
+ ''['' -n '''' '']''
+ echo '' Policy DROP for net to fw using chain net2all''
+ chain=net2net
+ havechain net2net
++ chain_base net2net
++ local c=net2net
++ true
++ echo net2net
++ return
+ local c=net2net
+ eval test ''"$exists_net2net"'' = Yes
++ test '''' = Yes
++ find_file masq
++ local saveifs= directory
++ ''['' -n '''' -a -f /masq
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/masq '']''
++ ''['' -f /usr/share/shorewall/masq '']''
++ IFS=
++ echo /etc/shorewall/masq
+ masq=/etc/shorewall/masq
+ ''['' -f /etc/shorewall/masq '']''
++ find_file tos
++ local saveifs= directory
++ ''['' -n '''' -a -f /tos
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/tos '']''
++ ''['' -f /usr/share/shorewall/tos '']''
++ IFS=
++ echo /etc/shorewall/tos
+ tos=/etc/shorewall/tos
+ ''['' -f /etc/shorewall/tos '']''
++ find_file ecn
++ local saveifs= directory
++ ''['' -n '''' -a -f /ecn
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/ecn '']''
++ ''['' -f /usr/share/shorewall/ecn '']''
++ IFS=
++ echo /etc/shorewall/ecn
+ ecn=/etc/shorewall/ecn
+ ''['' -f /etc/shorewall/ecn '']''
+ ''['' -n '''' '']''
+ echo ''Activating Rules...''
+ activate_rules
+ local PREROUTING_rule=1
+ local POSTROUTING_rule=1
+ ''['' -n '''' '']''
+ addnatjump PREROUTING nat_in
+ local sourcechain=PREROUTING destchain=nat_in
+ shift
+ shift
+ havenatchain nat_in
+ eval test ''"$exists_nat_nat_in"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
+ addnatjump POSTROUTING nat_out
+ local sourcechain=POSTROUTING destchain=nat_out
+ shift
+ shift
+ havenatchain nat_out
+ eval test ''"$exists_nat_nat_out"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
+ addnatjump PREROUTING eth0_in -i eth0
+ local sourcechain=PREROUTING destchain=eth0_in
+ shift
+ shift
+ havenatchain eth0_in
+ eval test ''"$exists_nat_eth0_in"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
++ output_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_out
+ addnatjump POSTROUTING eth0_out -o eth0
+ local sourcechain=POSTROUTING destchain=eth0_out
+ shift
+ shift
+ havenatchain eth0_out
+ eval test ''"$exists_nat_eth0_out"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
+ eval ''source_hosts=$net_hosts''
++ source_hosts=eth0:0.0.0.0/0
++ rules_chain fw net
++ local chain=fw2net
++ havechain fw2net
+++ chain_base fw2net
+++ local c=fw2net
+++ true
+++ echo fw2net
+++ return
++ local c=fw2net
++ eval test ''"$exists_fw2net"'' = Yes
+++ test Yes = Yes
++ echo fw2net
++ return
+ chain1=fw2net
++ rules_chain net fw
++ local chain=net2fw
++ havechain net2fw
+++ chain_base net2fw
+++ local c=net2fw
+++ true
+++ echo net2fw
+++ return
++ local c=net2fw
++ eval test ''"$exists_net2fw"'' = Yes
+++ test Yes = Yes
++ echo net2fw
++ return
+ chain2=net2fw
+ eval ''complex=$net_is_complex''
++ complex+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ need_broadcast+ interface=eth0
+ networks=0.0.0.0/0
++ match_dest_hosts 0.0.0.0/0
++ ''['' -n '''' '']''
++ echo -d 0.0.0.0/0
+ run_iptables -A OUTPUT -o eth0 -d 0.0.0.0/0 -j fw2net
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -o eth0 -d 0.0.0.0/0 -j fw2net
++ dnat_chain net
++ echo net_dnat
++ match_source_hosts 0.0.0.0/0
++ ''['' -n '''' '']''
++ echo -s 0.0.0.0/0
+ addrulejump PREROUTING net_dnat -i eth0 -s 0.0.0.0/0
+ local sourcechain=PREROUTING destchain=net_dnat
+ shift
+ shift
+ havenatchain net_dnat
+ eval test ''"$exists_nat_net_dnat"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
++ snat_chain net
+++ chain_base net
+++ local c=net
+++ true
+++ echo net
+++ return
++ echo net_snat
++ match_dest_hosts 0.0.0.0/0
++ ''['' -n '''' '']''
++ echo -d 0.0.0.0/0
+ addrulejump POSTROUTING net_snat -o eth0 -d 0.0.0.0/0
+ local sourcechain=POSTROUTING destchain=net_snat
+ shift
+ shift
+ havenatchain net_snat
+ eval test ''"$exists_nat_net_snat"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
++ match_source_hosts 0.0.0.0/0
++ ''['' -n '''' '']''
++ echo -s 0.0.0.0/0
+ run_iptables -A eth0_in -s 0.0.0.0/0 -j net2fw
+ ''['' -n '''' '']''
+ iptables -A eth0_in -s 0.0.0.0/0 -j net2fw
+ ''['' -n '''' '']''
+ ''['' 0.0.0.0/0 ''!='' 0.0.0.0/0
'']''
+ eval ''policy=$net2net_policy''
++ policy=DROP
+ ''['' DROP = NONE '']''
+ eval ''dest_hosts=$net_hosts''
++ dest_hosts=eth0:0.0.0.0/0
++ rules_chain net net
++ local chain=net2net
++ havechain net2net
+++ chain_base net2net
+++ local c=net2net
+++ true
+++ echo net2net
+++ return
++ local c=net2net
++ eval test ''"$exists_net2net"'' = Yes
+++ test '''' = Yes
++ ''['' net = net '']''
++ echo ACCEPT
++ return
+ chain=ACCEPT
+ ''['' -n '''' '']''
+ ''['' net = net '']''
+ eval ''routeback="$net_routeback"''
++ routeback+ eval ''interfaces="$net_interfaces"''
++ interfaces=eth0
+ eval ''ports=$net_ports''
++ ports++ list_count1 eth0
++ echo 1
+ num_ifaces=1
+ ''['' 1 -eq 1 -a -n '''' '']''
+ ''['' 1 -lt 2 -a -z '''' '']''
+ continue
++ forward_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_fwd
+ run_iptables -A FORWARD -i eth0 -j eth0_fwd
+ ''['' -n '''' '']''
+ iptables -A FORWARD -i eth0 -j eth0_fwd
++ input_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_in
+ run_iptables -A INPUT -i eth0 -j eth0_in
+ ''['' -n '''' '']''
+ iptables -A INPUT -i eth0 -j eth0_in
++ masq_chain eth0
+++ chain_base eth0
+++ local c=eth0
+++ true
+++ echo eth0
+++ return
++ echo eth0_masq
+ addnatjump POSTROUTING eth0_masq -o eth0
+ local sourcechain=POSTROUTING destchain=eth0_masq
+ shift
+ shift
+ havenatchain eth0_masq
+ eval test ''"$exists_nat_eth0_masq"'' = Yes
++ test '''' = Yes
+ ''['' -n '''' -a -f
/tmp/shorewall.jtrmfH/physdev '']''
++ chain_base eth0
++ local c=eth0
++ true
++ echo eth0
++ return
+ eval ''ports=$eth0_ports''
++ ports+ chain=fw2fw
+ havechain fw2fw
++ chain_base fw2fw
++ local c=fw2fw
++ true
++ echo fw2fw
++ return
+ local c=fw2fw
+ eval test ''"$exists_fw2fw"'' = Yes
++ test '''' = Yes
+ complete_standard_chain INPUT all fw
+ local policy+ local loglevel+ local policychain+ run_user_exit INPUT
++ find_file INPUT
++ local saveifs= directory
++ ''['' -n '''' -a -f /INPUT
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/INPUT '']''
++ ''['' -f /usr/share/shorewall/INPUT '']''
++ IFS=
++ echo /etc/shorewall/INPUT
+ local user_exit=/etc/shorewall/INPUT
+ ''['' -f /etc/shorewall/INPUT '']''
+ eval ''policychain=$all2fw_policychain''
++ policychain=all2all
+ ''['' -n all2all '']''
+ eval ''policy=$all2all_policy''
++ policy=REJECT
+ eval ''loglevel=$all2all_loglevel''
++ loglevel=info
+ policy_rules INPUT REJECT info
+ local target=REJECT
+ ''['' -n Reject '']''
+ run_iptables -A INPUT -j Reject
+ ''['' -n '''' '']''
+ iptables -A INPUT -j Reject
+ target=reject
+ ''['' 3 -eq 3 -a xinfo ''!='' x-
'']''
+ log_rule info INPUT REJECT
+ local level=info
+ local chain=INPUT
+ local disposition=REJECT
+ shift
+ shift
+ shift
+ log_rule_limit info INPUT REJECT '''' ''''
+ local level=info
+ local chain=INPUT
+ local disposition=REJECT
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: INPUT REJECT
+ prefix=Shorewall:INPUT:REJECT:
+ ''['' 23 -gt 29 '']''
+ iptables -A INPUT -j LOG --log-level info --log-prefix
Shorewall:INPUT:REJECT:
+ ''['' 0 -ne 0 '']''
+ ''['' -n reject '']''
+ run_iptables -A INPUT -j reject
+ ''['' -n '''' '']''
+ iptables -A INPUT -j reject
+ complete_standard_chain OUTPUT fw all
+ local policy+ local loglevel+ local policychain+ run_user_exit OUTPUT
++ find_file OUTPUT
++ local saveifs= directory
++ ''['' -n '''' -a -f /OUTPUT
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/OUTPUT '']''
++ ''['' -f /usr/share/shorewall/OUTPUT '']''
++ IFS=
++ echo /etc/shorewall/OUTPUT
+ local user_exit=/etc/shorewall/OUTPUT
+ ''['' -f /etc/shorewall/OUTPUT '']''
+ eval ''policychain=$fw2all_policychain''
++ policychain=all2all
+ ''['' -n all2all '']''
+ eval ''policy=$all2all_policy''
++ policy=REJECT
+ eval ''loglevel=$all2all_loglevel''
++ loglevel=info
+ policy_rules OUTPUT REJECT info
+ local target=REJECT
+ ''['' -n Reject '']''
+ run_iptables -A OUTPUT -j Reject
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -j Reject
+ target=reject
+ ''['' 3 -eq 3 -a xinfo ''!='' x-
'']''
+ log_rule info OUTPUT REJECT
+ local level=info
+ local chain=OUTPUT
+ local disposition=REJECT
+ shift
+ shift
+ shift
+ log_rule_limit info OUTPUT REJECT '''' ''''
+ local level=info
+ local chain=OUTPUT
+ local disposition=REJECT
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: OUTPUT REJECT
+ prefix=Shorewall:OUTPUT:REJECT:
+ ''['' 24 -gt 29 '']''
+ iptables -A OUTPUT -j LOG --log-level info --log-prefix
Shorewall:OUTPUT:REJECT:
+ ''['' 0 -ne 0 '']''
+ ''['' -n reject '']''
+ run_iptables -A OUTPUT -j reject
+ ''['' -n '''' '']''
+ iptables -A OUTPUT -j reject
+ complete_standard_chain FORWARD all all
+ local policy+ local loglevel+ local policychain+ run_user_exit FORWARD
++ find_file FORWARD
++ local saveifs= directory
++ ''['' -n '''' -a -f /FORWARD
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/FORWARD '']''
++ ''['' -f /usr/share/shorewall/FORWARD '']''
++ IFS=
++ echo /etc/shorewall/FORWARD
+ local user_exit=/etc/shorewall/FORWARD
+ ''['' -f /etc/shorewall/FORWARD '']''
+ eval ''policychain=$all2all_policychain''
++ policychain=all2all
+ ''['' -n all2all '']''
+ eval ''policy=$all2all_policy''
++ policy=REJECT
+ eval ''loglevel=$all2all_loglevel''
++ loglevel=info
+ policy_rules FORWARD REJECT info
+ local target=REJECT
+ ''['' -n Reject '']''
+ run_iptables -A FORWARD -j Reject
+ ''['' -n '''' '']''
+ iptables -A FORWARD -j Reject
+ target=reject
+ ''['' 3 -eq 3 -a xinfo ''!='' x-
'']''
+ log_rule info FORWARD REJECT
+ local level=info
+ local chain=FORWARD
+ local disposition=REJECT
+ shift
+ shift
+ shift
+ log_rule_limit info FORWARD REJECT '''' ''''
+ local level=info
+ local chain=FORWARD
+ local disposition=REJECT
+ local rulenum+ local limit+ local tag+ local prefix
++ chain_base
++ local c++ true
++ echo common
++ return
+ local base=common
+ shift
+ shift
+ shift
+ shift
+ shift
+ ''['' -n '''' '']''
++ printf Shorewall:%s:%s: FORWARD REJECT
+ prefix=Shorewall:FORWARD:REJECT:
+ ''['' 25 -gt 29 '']''
+ iptables -A FORWARD -j LOG --log-level info --log-prefix
Shorewall:FORWARD:REJECT:
+ ''['' 0 -ne 0 '']''
+ ''['' -n reject '']''
+ run_iptables -A FORWARD -j reject
+ ''['' -n '''' '']''
+ iptables -A FORWARD -j reject
+ run_iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ run_iptables -D INPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D INPUT -p udp --dport 53 -j ACCEPT
+ run_iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ run_iptables -D OUTPUT -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D OUTPUT -p udp --dport 53 -j ACCEPT
+ run_iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+ run_iptables -D FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ iptables -D FORWARD -p udp --dport 53 -j ACCEPT
+ ''['' -n '''' '']''
+ append_file chains
+ save_command ''cat > /var/lib/shorewall/chains <<
__EOF__''
+ echo ''cat > /var/lib/shorewall/chains << __EOF__''
+ cat /var/lib/shorewall/chains
+ save_command __EOF__
+ echo __EOF__
+ append_file nat
+ save_command ''cat > /var/lib/shorewall/nat <<
__EOF__''
+ echo ''cat > /var/lib/shorewall/nat << __EOF__''
+ cat /var/lib/shorewall/nat
+ save_command __EOF__
+ echo __EOF__
+ append_file proxyarp
+ save_command ''cat > /var/lib/shorewall/proxyarp <<
__EOF__''
+ echo ''cat > /var/lib/shorewall/proxyarp << __EOF__''
+ cat /var/lib/shorewall/proxyarp
+ save_command __EOF__
+ echo __EOF__
+ append_file zones
+ save_command ''cat > /var/lib/shorewall/zones <<
__EOF__''
+ echo ''cat > /var/lib/shorewall/zones << __EOF__''
+ cat /var/lib/shorewall/zones
+ save_command __EOF__
+ echo __EOF__
+ save_progress_message ''Restoring Netfilter Configuration...''
+ echo
+ echo ''progress_message "Restoring Netfilter
Configuration..."''
+ echo
+ save_command ''iptables-restore << __EOF__''
+ echo ''iptables-restore << __EOF__''
+ mv
-f /var/lib/shorewall/shorewall.XjCV4W /var/lib/shorewall/restore-base-6412
+ save_command ''#''
+ echo ''#''
++ date
+ save_command ''# Restore tail file generated by Shorewall 2.0.16 - Sun
Feb 27 22:57:22 EST 2005''
+ echo ''# Restore tail file generated by Shorewall 2.0.16 - Sun Feb 27
22:57:22 EST 2005''
+ save_command ''#''
+ echo ''#''
+ save_command ''date > /var/lib/shorewall/restarted''
+ echo ''date > /var/lib/shorewall/restarted''
+ run_user_exit start
++ find_file start
++ local saveifs= directory
++ ''['' -n '''' -a -f /start
'']''
++ saveifs=
++ IFS=:
++ ''['' -f /etc/shorewall/start '']''
++ ''['' -f /usr/share/shorewall/start '']''
++ IFS=
++ echo /etc/shorewall/start
+ local user_exit=/etc/shorewall/start
+ ''['' -f /etc/shorewall/start '']''
+ createchain shorewall no
++ chain_base shorewall
++ local c=shorewall
++ true
++ echo shorewall
++ return
+ local c=shorewall
+ run_iptables -N shorewall
+ ''['' -n '''' '']''
+ iptables -N shorewall
+ ''['' no = yes '']''
+ eval exists_shorewall=Yes
++ exists_shorewall=Yes
+ date
+ report ''Shorewall Started''
+ echo ''Shorewall Started''
+ logger ''Shorewall Started''
+ rm -rf /tmp/shorewall.jtrmfH
+ mv
-f /var/lib/shorewall/restore-base-6412 /var/lib/shorewall/restore-base
+ mv
-f /var/lib/shorewall/shorewall.XjCV4W /var/lib/shorewall/restore-tail
+ ''['' -n '''' '']''
+ my_mutex_off
+ ''['' -n Yes '']''
+ mutex_off
+ rm -f /var/lib/shorewall/lock
+ have_mutex=