"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Samples6/three-interfaces/shorewall6.conf.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

shorewall6.conf.annotated  (shorewall6-5.2.3.6.tar.bz2)	:	shorewall6.conf.annotated  (shorewall6-5.2.6.tar.bz2)
###############################################################################		###############################################################################
#		#
# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf		# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
#		#
# For information about the settings in this file, type "man shorewall6.conf"		# For information about the settings in this file, type "man shorewall6.conf"
#		#
# Manpage also online at		# Manpage also online at
# http://www.shorewall.net/manpages6/shorewall6.conf.html		# https://shorewall.org/manpages/shorewall.conf.html
###############################################################################		###############################################################################
# S T A R T U P E N A B L E D		# S T A R T U P E N A B L E D
###############################################################################		###############################################################################
#		#
# OPTIONS		# OPTIONS
#		#
# Many options have as their value a log-level. Log levels are a method of		# Many options have as their value a log-level. Log levels are a method of
# describing to syslog (8) the importance of a message and a number of parameter s		# describing to syslog (8) the importance of a message and a number of parameter s
# in this file have log levels as their value.		# in this file have log levels as their value.
#		#
skipping to change at line 434		skipping to change at line 434
# being compiled for export (-e option specified or if running one of the		# being compiled for export (-e option specified or if running one of the
# remote-* commands) . This prevents the compiler from looking in /etc/		# remote-* commands) . This prevents the compiler from looking in /etc/
# shorewall[6]/ when compilation is being done by a non-root user or if the		# shorewall[6]/ when compilation is being done by a non-root user or if the
# generated script is to be sent to a remote firewall system.		# generated script is to be sent to a remote firewall system.
#		#
GEOIPDIR=/usr/share/xt_geoip/LE		GEOIPDIR=/usr/share/xt_geoip/LE
#		#
# GEOIPDIR=[pathname]		# GEOIPDIR=[pathname]
#		#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory		# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/		# containing the GeoIP Match database. See https://shorewall.org/
# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/		# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.		# LE which is the default location of the little-endian database.
#		#
IP6TABLES=		IP6TABLES=
#		#
# IP6TABLES=[pathname]		# IP6TABLES=[pathname]
#		#
# IPv6 only.		# IPv6 only.
#		#
# This parameter names the ip6tables executable to be used by Shorewall6. If		# This parameter names the ip6tables executable to be used by Shorewall6. If
skipping to change at line 969		skipping to change at line 969
# using this option. Note that the blacklist command can override the		# using this option. Note that the blacklist command can override the
# ipset's timeout setting.		# ipset's timeout setting.
#		#
# Important		# Important
#		#
# Once the dynamic blacklisting ipset has been created, changing this		# Once the dynamic blacklisting ipset has been created, changing this
# option setting requires a complete restart of the firewall; shorewall		# option setting requires a complete restart of the firewall; shorewall
# [-6] restart if RESTART=restart, otherwise shorewall [-6] [-l] stop &&		# [-6] restart if RESTART=restart, otherwise shorewall [-6] [-l] stop &&
# shorewall [-6] [-l] start		# shorewall [-6] [-l] start
#		#
		# log
		#
		# Added in Shorewall 5.2.5. When specified, successful 'blacklist' and
		# 'allow' commands will log a message to the system log.
		#
		# noupdate
		#
		# Added in Shorewall 5.2.5. Normally, once an address has been
		# blacklisted, each time that a packet is received from the packet, the
		# ipset's entry for the address is updated to reset the timeout to the
		# value specifyed in the timeout option above. Setting the noupdate
		# option, inhibits this resetting of the entry's timeout. This option is
		# ignored when the timeout option is not specified.
		#
# When ipset-based dynamic blacklisting is enabled, the contents of the		# When ipset-based dynamic blacklisting is enabled, the contents of the
# blacklist will be preserved over stop/reboot/start sequences if SAVE_IPSET		# blacklist will be preserved over stop/reboot/start sequences.
S
# =Yes, SAVE_IPSETS=ipv4 or if setname is included in the list of sets to be
# saved in SAVE_IPSETS.
#		#
EXPAND_POLICIES=Yes		EXPAND_POLICIES=Yes
#		#
# EXPAND_POLICIES={Yes|No}		# EXPAND_POLICIES={Yes|No}
#		#
# Normally, when the SOURCE or DEST columns in shorewall-policy(5) contains		# Normally, when the SOURCE or DEST columns in shorewall-policy(5) contains
# 'all', a single policy chain is created and thes policy is enforced in tha t		# 'all', a single policy chain is created and thes policy is enforced in tha t
# chain. For example, if the policy entry is		# chain. For example, if the policy entry is
#		#
# #SOURCE DEST POLICY LOG		# #SOURCE DEST POLICY LOG
End of changes. 4 change blocks.
6 lines changed or deleted		17 lines changed or added

---