"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "configfiles/shorewall6.conf.annotated" between
shorewall6-5.2.3.6.tar.bz2 and shorewall6-5.2.6.tar.bz2

About: Shorewall (The Shoreline Firewall) is an iptables based firewall Requires the Shorewall package and adds the capability to create an IPv6 firewall.

shorewall6.conf.annotated  (shorewall6-5.2.3.6.tar.bz2):shorewall6.conf.annotated  (shorewall6-5.2.6.tar.bz2)
############################################################################### ###############################################################################
# #
# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf # Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
# #
# For information about the settings in this file, type "man shorewall6.conf" # For information about the settings in this file, type "man shorewall6.conf"
# #
# Manpage also online at # Manpage also online at
# http://www.shorewall.net/manpages6/shorewall6.conf.html # https://shorewall.org/manpages/shorewall.conf.html
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
############################################################################### ###############################################################################
# #
# OPTIONS # OPTIONS
# #
# Many options have as their value a log-level. Log levels are a method of # Many options have as their value a log-level. Log levels are a method of
# describing to syslog (8) the importance of a message and a number of parameter s # describing to syslog (8) the importance of a message and a number of parameter s
# in this file have log levels as their value. # in this file have log levels as their value.
# #
skipping to change at line 434 skipping to change at line 434
# being compiled for export (-e option specified or if running one of the # being compiled for export (-e option specified or if running one of the
# remote-* commands) . This prevents the compiler from looking in /etc/ # remote-* commands) . This prevents the compiler from looking in /etc/
# shorewall[6]/ when compilation is being done by a non-root user or if the # shorewall[6]/ when compilation is being done by a non-root user or if the
# generated script is to be sent to a remote firewall system. # generated script is to be sent to a remote firewall system.
# #
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE
# #
# GEOIPDIR=[pathname] # GEOIPDIR=[pathname]
# #
# Added in Shorewall 4.5.4. Specifies the pathname of the directory # Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/ # containing the GeoIP Match database. See https://shorewall.org/
# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/ # ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database. # LE which is the default location of the little-endian database.
# #
IP6TABLES= IP6TABLES=
# #
# IP6TABLES=[pathname] # IP6TABLES=[pathname]
# #
# IPv6 only. # IPv6 only.
# #
# This parameter names the ip6tables executable to be used by Shorewall6. If # This parameter names the ip6tables executable to be used by Shorewall6. If
skipping to change at line 969 skipping to change at line 969
# using this option. Note that the blacklist command can override the # using this option. Note that the blacklist command can override the
# ipset's timeout setting. # ipset's timeout setting.
# #
# Important # Important
# #
# Once the dynamic blacklisting ipset has been created, changing this # Once the dynamic blacklisting ipset has been created, changing this
# option setting requires a complete restart of the firewall; shorewall # option setting requires a complete restart of the firewall; shorewall
# [-6] restart if RESTART=restart, otherwise shorewall [-6] [-l] stop && # [-6] restart if RESTART=restart, otherwise shorewall [-6] [-l] stop &&
# shorewall [-6] [-l] start # shorewall [-6] [-l] start
# #
# log
#
# Added in Shorewall 5.2.5. When specified, successful 'blacklist' and
# 'allow' commands will log a message to the system log.
#
# noupdate
#
# Added in Shorewall 5.2.5. Normally, once an address has been
# blacklisted, each time that a packet is received from the packet, the
# ipset's entry for the address is updated to reset the timeout to the
# value specifyed in the timeout option above. Setting the noupdate
# option, inhibits this resetting of the entry's timeout. This option is
# ignored when the timeout option is not specified.
#
# When ipset-based dynamic blacklisting is enabled, the contents of the # When ipset-based dynamic blacklisting is enabled, the contents of the
# blacklist will be preserved over stop/reboot/start sequences if SAVE_IPSET # blacklist will be preserved over stop/reboot/start sequences.
S
# =Yes, SAVE_IPSETS=ipv4 or if setname is included in the list of sets to be
# saved in SAVE_IPSETS.
# #
EXPAND_POLICIES=Yes EXPAND_POLICIES=Yes
# #
# EXPAND_POLICIES={Yes|No} # EXPAND_POLICIES={Yes|No}
# #
# Normally, when the SOURCE or DEST columns in shorewall-policy(5) contains # Normally, when the SOURCE or DEST columns in shorewall-policy(5) contains
# 'all', a single policy chain is created and thes policy is enforced in tha t # 'all', a single policy chain is created and thes policy is enforced in tha t
# chain. For example, if the policy entry is # chain. For example, if the policy entry is
# #
# #SOURCE DEST POLICY LOG # #SOURCE DEST POLICY LOG
 End of changes. 4 change blocks. 
6 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)