shorewall-4.5.21.6/0000755000175000017500000000000012272556446013660 5ustar teastepteastepshorewall-4.5.21.6/Contrib/0000755000175000017500000000000012272540615015247 5ustar teastepteastepshorewall-4.5.21.6/Contrib/ipsecvpn0000644000175000017500000001560612272540615017031 0ustar teastepteastep#!/bin/sh ################################################################################ # # ipsecvpn -- script for use on a roadwarrior to start/stop a tunnel-mode # IPSEC connection # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2004,2005 - Tom Eastep (teastep@shorewall.net) # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. RCDLINKS="2,S42 3,S42 6,K42" #### BEGIN INIT INFO # Provides: ipsecvpn # Required-Start: $shorewall # Required-Stop: # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: starts and stops a tunnel-mode VPN connection ### END INIT INFO # chkconfig: 2345 26 89 # description: IPSEC tunnel-mode connection # ################################################################################ # # External Interface # INTERFACE=eth0 # # Remote IPSEC Gateway # GATEWAY=1.2.3.4 # # Networks behind the remote gateway (space-separated list) # NETWORKS="192.168.1.0/24" # # Directory where X.509 certificates are stored. # CERTS=/etc/certs # # Certificate to be used for this connection. The cert # directory must contain: # # ${CERT}.pem - the certificate # ${CERT}_key.pem - the certificates's key # CERT=roadwarrior # # The setkey binary # SETKEY=/usr/sbin/setkey # # The racoon binary # RACOON=/usr/sbin/racoon # # Message to stderr # error_message() # $* = Error Message { echo " $@" >&2 } # # Fatal error -- stops the firewall after issuing the error message # fatal_error() # $* = Error Message { echo " Error: $@" >&2 exit 2 } # # Find interface address--returns the first IP address assigned to the passed # device # find_first_interface_address() # $1 = interface { # # get the line of output containing the first IP address # addr=$(ip -f inet addr show $1 2> /dev/null | grep inet | head -n1) # # If there wasn't one, bail out now # [ -n "$addr" ] || fatal_error "Can't determine the IP address of $1" # # Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link) # along with everything else on the line # echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//' } # # Create a Racoon configuration file using the variables above # make_racoon_conf() { echo "path certificate \"$CERTS\";" echo echo "listen" echo "{" echo " isakmp $IPADDR;" echo "}" echo echo "remote $GATEWAY" echo "{" echo " exchange_mode main;" echo " certificate_type x509 \"$CERT.pem\" \"${CERT}_key.pem\";" echo " verify_cert on;" echo " my_identifier asn1dn ;" echo " peers_identifier asn1dn ;" echo " verify_identifier on ;" echo " lifetime time 24 hour ;" echo " proposal {" echo " encryption_algorithm blowfish;" echo " hash_algorithm sha1;" echo " authentication_method rsasig ;" echo " dh_group 2 ;" echo " }" echo "}" echo for network in $NETWORKS; do echo "sainfo address $IPADDR/32 any address $network any" echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" echo echo "sainfo address $network any address $IPADDR/32 any" echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" done echo "sainfo address $IPADDR/32 any address $GATEWAY/32 any" echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" echo echo "sainfo address $GATEWAY/32 any address $IPADDR/32 any" echo "{" echo " pfs_group 2;" echo " lifetime time 12 hour ;" echo " encryption_algorithm blowfish ;" echo " authentication_algorithm hmac_sha1, hmac_md5 ;" echo " compression_algorithm deflate ;" echo "}" } # # Make a setkey configuration file using the variables above # make_setkey_conf() { echo "flush;" echo "spdflush;" echo "spdadd $IPADDR/32 $GATEWAY/32 any -P out ipsec esp/tunnel/${IPADDR}-${GATEWAY}/require;" echo "spdadd $GATEWAY/32 $IPADDR/32 any -P in ipsec esp/tunnel/${GATEWAY}-${IPADDR}/require;" for network in $NETWORKS; do echo "spdadd $IPADDR/32 $network any -P out ipsec esp/tunnel/${IPADDR}-${GATEWAY}/require;" echo "spdadd $network $IPADDR/32 any -P in ipsec esp/tunnel/${GATEWAY}-${IPADDR}/require;" done } # # Start the Tunnel # start() { # # Get the first IP address configured on the device in INTERFACE # IPADDR=$(find_first_interface_address $INTERFACE) # # Create the name of the setkey temporary file # TEMPFILE=$(mktemp /tmp/$(basename $0).XXXXXXXX) [ $? -eq 0 ] || fatal_error "Can't create temporary file name" # # Create the file # make_setkey_conf > $TEMPFILE # # Create the SPD # $SETKEY -f $TEMPFILE # # We can now remove the file # rm -f $TEMPFILE # # Create another name -- make this distict to aid debugging # (just comment out the 'rm' commands) # TEMPFILE=$(mktemp /tmp/$(basename $0).XXXXXXXX) [ $? -eq 0 ] || fatal_error "Can't create temporary file name" # # Create the file # make_racoon_conf > $TEMPFILE # # Start Racoon Daemon # $RACOON -4 -f $TEMPFILE # # Once the Daemon is running, we can remove the file # rm -f $TEMPFILE } # # Stop the Tunnel # stop() { # # Kill any racoon daemons # killall racoon # # Purge the SAD and SPD # setkey -F -FP } # # Display command syntax and abend # usage() { error_message "usage: $(basename $0) [start|stop|restart]" exit 1 } ################################################################################ # C O D E S T A R T S H E R E ################################################################################ [ $# -eq 1 ] || usage case $1 in start) start ;; stop) stop ;; restart) stop sleep 2 start ;; *) usage ;; esac shorewall-4.5.21.6/Contrib/tunnel0000755000175000017500000000720712272540615016510 0ustar teastepteastep#!/bin/sh RCDLINKS="2,S45 3,S45 6,K45" ################################################################################ # Script to create a gre or ipip tunnel -- Shorewall 4 # # Modified - Steve Cowles 5/9/2000 # Incorporated init {start|stop} syntax and iproute2 usage # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) # # Modify the following variables to match your configuration # # chkconfig: 2345 26 89 # description: GRE/IP Tunnel # ################################################################################ # # Type of tunnel (gre or ipip) # tunnel_type=gre # Name of the tunnel # tunnel="dfwbos" # # Address of your External Interface (only required for gre tunnels) # myrealip="x.x.x.x" # Address of the local system -- this is the address of one of your # local interfaces (or for a mobile host, the address that this system has # when attached to the local network). # myip="192.168.1.254" # Address of the Remote system -- this is the address of one of the # remote system's local interfaces (or if the remote system is a mobile host, # the address that it uses when attached to the local network). hisip="192.168.9.1" # Internet address of the Remote system # gateway="x.x.x.x" # Remote sub-network -- if the remote system is a gateway for a # private subnetwork that you wish to # access, enter it here. If the remote # system is a stand-alone/mobile host, leave this # empty subnet="192.168.9.0/24" # GRE Key -- set this to a number or to a dotted quad if you want # a keyed GRE tunnel. You must specify a KEY if you # intend to load ip_conntrack_proto_gre on either # gateway system key= PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin load_modules () { case $tunnel_type in ipip) echo "Loading IP-ENCAP Module" modprobe ipip ;; gre) echo "Loading GRE Module" modprobe ip_gre ;; esac } do_stop() { if [ -n "`ip link show $tunnel 2>/dev/null`" ]; then echo "Stopping $tunnel" ip link set dev $tunnel down fi if [ -n "`ip addr show $tunnel 2>/dev/null`" ]; then echo "Deleting $tunnel" ip tunnel del $tunnel fi } do_start() { #NOTE: Comment out the next line if you have built gre/ipip into your kernel load_modules if [ -n "`ip link show $tunnel 2>/dev/null`" ]; then do_stop fi echo "Adding $tunnel" case $tunnel_type in gre) ip tunnel add $tunnel mode gre remote $gateway local $myrealip ttl 255 ${key:+key $key} ;; *) ip tunnel add $tunnel mode ipip remote $gateway ;; esac echo "Starting $tunnel" ip link set dev $tunnel up case $tunnel_type in gre) ip addr add $myip dev $tunnel ;; *) ip addr add $myip peer $hisip dev $tunnel ;; esac # # As with all interfaces, the 2.4 kernels will add the obvious host # route for this point-to-point interface # if [ -n "$subnet" ]; then echo "Adding Routes" case $tunnel_type in gre) ip route add $subnet dev $tunnel ;; ipip) ip route add $subnet via $gateway dev $tunnel onlink ;; esac fi } case "$1" in start) do_start ;; stop) do_stop ;; restart) do_stop sleep 1 do_start ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 esac exit 0 shorewall-4.5.21.6/Contrib/swping.init0000755000175000017500000000461012272540615017447 0ustar teastepteastep#!/bin/sh # Shorewall WAN Interface monitor - V4.4 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # # Complete documentation is available at http://shorewall.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # Commands are: # # swping start Starts the monitor # swping restart Restarts the monitor # swping stop Stops the monitor # swping status Displays monitor status # ### BEGIN INIT INFO # Provides: swping # Required-Start: shorewall # Should-Start: # Required-Stop: # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: Monitor External links and restart Shorewall when a link goes up or down. ### END INIT INFO PROG=/usr/local/sbin/swping # The 'swping' script. STATEDIR=/var/lib/shorewall/ # Where to maintain the '.pid' file. start() { echo "Starting swping." if [ -f $STATEDIR/swping.pid ] && ps -p $(cat $STATEDIR/swping.pid) > /dev/null 2>&1; then echo "swping is already running" >&2 exit 0 fi /usr/local/sbin/swping >> /var/log/swping & if [ $? -eq 0 ]; then echo $! > $STATEDIR/swping.pid echo "Done." else rm -f $STATEDIR/swping.pid fi } stop() { echo "Stoping swping." if [ -f $STATEDIR/swping.pid ]; then kill -9 $(cat $STATEDIR/swping.pid) rm -f $STATEDIR/swping.pid fi echo "Done." } command="$1" case "$command" in start) start ;; stop) stop ;; restart) stop start ;; status) if [ -f $STATEDIR/swping.pid ]; then echo "swping is running" exit 0 else echo "swping is stopped" exit 3 fi ;; *) echo "Usage /etc/init.d/swping start|stop|restart|status" ;; esac shorewall-4.5.21.6/Contrib/swping0000644000175000017500000001366112272540615016510 0ustar teastepteastep#!/bin/sh # # Shorewall WAN Interface monitor - V4.4 # # Inspired by Angsuman Chakraborty's gwping script. # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2009 - Tom Eastep (teastep@shorewall.net) # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # For information about this script, see http://www.shorewall.net/MultiISP.html#swping. # ########################################################################################### # # IP Family == 4 or 6 # FAMILY=4 # # The command to run when the status of a line changes. Can include multiple commands # separated by semicolons (";"). # COMMAND= if [ $FAMILY -eq 4 ]; then if [ -f /usr/share/shorewall-lite/lib.base ]; then . /usr/share/shorewall-lite/lib.base [ -f /etc/shorewall-lite/params ] && . /etc/shorewall-lite/params [ -n "${COMMAND:="/sbin/shorewall-lite restart; /sbin/ip -4 route ls"}" ] CONFDIR=/etc/shorewall-lite VARDIR=/var/lib/shorewall-lite elif [ -f /usr/share/shorewall/lib.base ]; then . /usr/share/shorewall/lib.base [ -f /etc/shorewall/params ] && . /etc/shorewall/params [ -n "${COMMAND:="/sbin/shorewall restart -f; /sbin/ip -4 route ls"}" ] CONFDIR=/etc/shorewall VARDIR=/var/lib/shorewall fi else if [ -f /usr/share/shorewall6-lite/lib.base ]; then . /usr/share/shorewall6-lite/lib.base [ -f /etc/shorewall6-lite/params ] && . /etc/shorewall6-lite/params [ -n "${COMMAND:="/sbin/shorewall6-lite restart; /sbin/ip -4 route ls"}" ] CONFDIR=/etc/shorewall6-lite VARDIR=/var/lib/shorewall6-lite elif [ -f /usr/share/shorewall6/lib.base ]; then . /usr/share/shorewal6l/lib.base [ -f /etc/shorewall6/params ] && . /etc/shorewall6/params [ -n "${COMMAND:="/sbin/shorewall6 restart -f; /sbin/ip -4 route ls"}" ] CONFDIR=/etc/shorewall6 VARDIR=/var/lib/shorewall6 fi fi [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir # # Interfaces to monitor -- you may use shell variables from your params file # IF1=eth0 IF2=eth1 # # Sites to Ping. Must depend only on routes in the 'main' routing table. If not specified, # the interface is assumed to be managed by dhcpcd and the script uses the gateway address # from /var/lib/dhcpcd/dhcpcd-${IFx}.info # TARGET1=xxx.xxx.xxx.xxx TARGET2=yyy.yyy.yyy.yyy # # How often to ping # PING_INTERVAL=5 # # Value for ping's -W option # PING_TIMEOUT=2 # # This many successive pings must succeed for the interface to be marked up when it is down # UP_COUNT=5 # # This many successive pings must fail for the interface to be marked down when it is up # DOWN_COUNT=2 ################################################################################################# # Variables private to the script ################################################################################################# up=0 down=1 if1_state=$up if2_state=$up last_if1_ping=$up last_if2_ping=$up state_changed= current_if1_ping= current_if2_ping= count1=0 count2=0 [ $FAMILY -eq 4 ] && ping=ping || ping=ping6 ################################################################################################# # Determine the GATEWAY of a DHCP interface ################################################################################################# get_target() { local GATEWAYS GATEWAYS= if [ -f /var/lib/dhcpcd/dhcpcd-${1}.info ]; then eval $(grep ^GATEWAYS= /var/lib/dhcpcd/dhcpcd-${1}.info 2> /dev/null) [ -n "$GATEWAYS" ] && GATEWAYS=${GATEWAYS%,*} && echo $GATEWAYS fi } # # Script starts here # rm -f $VARDIR/${IF1}.status rm -f $VARDIR/${IF2}.status while : ; do target=$TARGET1 [ -n "$target" ] || target=$(get_target $IF1) if [ -n "$target" ]; then $ping -n -W $PING_TIMEOUT -I $IF1 -c 1 $target > /dev/null 2>&1 && current_if1_ping=0 || current_if1_ping=1 else current_if1_ping=1 fi if [ $current_if1_ping -ne $last_if1_ping ]; then last_if1_ping=$current_if1_ping count1=1 elif [ $current_if1_ping -ne $if1_state ]; then count1=$(($count1 + 1 )) fi case $if1_state in 0) # # Interface is currently up # if [ $count1 -ge $DOWN_COUNT ]; then state_changed=Yes count1=0 echo "$IF1 is Down!" if1_state=1 fi ;; 1) # # Interface is currently down # if [ $count1 -ge $UP_COUNT ]; then state_changed=Yes count1=0 echo "$IF1 is Up!" if1_state=0 fi ;; esac target=$TARGET2 [ -n "$target" ] || target=$(get_target $IF2) if [ -n "$target" ]; then $ping -n -W $PING_TIMEOUT -I $IF2 -c 1 $target > /dev/null 2>&1 && current_if2_ping=0 || current_if2_ping=1 else current_if2_ping=1 fi if [ $current_if2_ping -ne $last_if2_ping ]; then last_if2_ping=$current_if2_ping count2=1 elif [ $current_if2_ping -ne $if2_state ]; then count2=$(($count2 + 1 )) fi case $if2_state in 0) # # Interface is currently up # if [ $count2 -ge $DOWN_COUNT ]; then state_changed=Yes count2=0 echo "$IF2 is Down!" if2_state=1 fi ;; 1) # # Interface is currently down # if [ $count2 -ge $UP_COUNT ]; then state_changed=Yes count2=0 echo "$IF2 is Up!" if2_state=0 fi ;; esac if [ -n "$state_changed" ]; then # # One of the interfaces changed state -- restart Shorewall # echo $if1_state > $VARDIR/${IF1}.status echo $if2_state > $VARDIR/${IF2}.status eval $COMMAND state_changed= fi sleep $PING_INTERVAL done shorewall-4.5.21.6/shorewall.spec0000644000175000017500000007767512272556446016562 0ustar teastepteastep%define name shorewall %define version 4.5.21 %define release 6 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} Version: %{version} Release: %{release} License: GPLv2 Packager: Tom Eastep Group: Networking/Utilities Source: %{name}-%{version}.tgz URL: http://www.shorewall.net/ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-root1 Requires: iptables iproute perl shorewall-core perl-Digest-SHA1 Provides: shoreline_firewall = %{version}-%{release} Obsoletes: shorewall-common shorewall-perl shorewall-shell %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %prep %setup %build %install ./configure.pl --host=%{_vendor} \ --prefix=%{_prefix} \ --tmpdir=%{_tmpdir} \ --perllibdir=%{perl_vendorlib} \ --libexecdir=%{_libexecdir} DESTDIR=%{buildroot} ./install.sh touch %{buildroot}/etc/shorewall/isusable touch %{buildroot}/etc/shorewall/notrack %clean rm -rf %{buildroot} %post if [ $1 -eq 1 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv %{_initddir}/shorewall elif [ -x /sbin/chkconfig ]; then /sbin/chkconfig --add shorewall; fi fi %preun if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r %{_initddir}/shorewall elif [ -x /sbin/chkconfig ]; then /sbin/chkconfig --del shorewall fi rm -f /etc/shorewall/startup_disabled fi %triggerpostun -- shorewall-common < 4.4.0 if [ -x /sbin/insserv ]; then /sbin/insserv /etc/rc.d/shorewall elif [ -x /sbin/chkconfig ]; then /sbin/chkconfig --add shorewall; fi %files %defattr(0644,root,root,0755) %attr(0544,root,root) %{_initddir}/shorewall %attr(0755,root,root) %dir /etc/shorewall %ghost %attr(0644,root,root) /etc/shorewall/isusable %ghost %attr(0644,root,root) /etc/shorewall/notrack %attr(0755,root,root) %dir /usr/share/shorewall/configfiles %attr(0700,root,root) %dir /var/lib/shorewall %attr(0644,root,root) %config(noreplace) /etc/shorewall/* %attr(0644,root,root) /etc/logrotate.d/shorewall %attr(0755,root,root) /sbin/shorewall %attr(0644,root,root) /usr/share/shorewall/version %attr(0644,root,root) /usr/share/shorewall/actions.std %attr(0644,root,root) /usr/share/shorewall/action.Broadcast %attr(0644,root,root) /usr/share/shorewall/action.Drop %attr(0644,root,root) /usr/share/shorewall/action.DropSmurfs %attr(0644,root,root) /usr/share/shorewall/action.A_Drop %attr(0644,root,root) /usr/share/shorewall/action.AutoBL %attr(0644,root,root) /usr/share/shorewall/action.AutoBLL %attr(0644,root,root) /usr/share/shorewall/action.Established %attr(0644,root,root) /usr/share/shorewall/action.IfEvent %attr(0644,root,root) /usr/share/shorewall/action.Invalid %attr(0644,root,root) /usr/share/shorewall/action.New %attr(0644,root,root) /usr/share/shorewall/action.NotSyn %attr(0644,root,root) /usr/share/shorewall/action.RST %attr(0644,root,root) /usr/share/shorewall/action.Reject %attr(0644,root,root) /usr/share/shorewall/action.Related %attr(0644,root,root) /usr/share/shorewall/action.A_Reject %attr(0644,root,root) /usr/share/shorewall/action.ResetEvent %attr(0644,root,root) /usr/share/shorewall/action.SetEvent %attr(0644,root,root) /usr/share/shorewall/action.TCPFlags %attr(0644,root,root) /usr/share/shorewall/action.allowInvalid %attr(0644,root,root) /usr/share/shorewall/action.dropInvalid %attr(0644,root,root) /usr/share/shorewall/action.template %attr(0644,root,root) /usr/share/shorewall/action.Untracked %attr(0644,root,root) /usr/share/shorewall/lib.cli-std %attr(0644,root,root) /usr/share/shorewall/lib.core %attr(0644,root,root) /usr/share/shorewall/macro.* %attr(0644,root,root) /usr/share/shorewall/modules* %attr(0644,root,root) /usr/share/shorewall/helpers %attr(0644,root,root) /usr/share/shorewall/configpath %attr(755,root,root) %{_libexecdir}/shorewall/compiler.pl %attr(755,root,root) %{_libexecdir}/shorewall/getparams %attr(0644,root,root) /usr/share/shorewall/prog.* %attr(0644,root,root) %{perl_vendorlib}/Shorewall/*.pm %attr(0644,root,root) /usr/share/shorewall/configfiles/* %attr(0644,root,root) %{_mandir}/man5/* %attr(0644,root,root) %{_mandir}/man8/* %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog * Thu Jan 30 2014 Tom Eastep tom@shorewall.net - Updated to 4.5.21-6 * Thu Dec 19 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-5 * Mon Nov 04 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-4 * Fri Oct 25 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-3 * Mon Oct 21 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-2 * Fri Oct 04 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-1 * Fri Sep 27 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-0base * Thu Sep 19 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-0RC1 * Thu Sep 12 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-0Beta3 * Fri Sep 06 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-0Beta2 * Sun Sep 01 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.21-0Beta1 * Sun Aug 18 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.20-0base * Sun Aug 11 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.20-0RC1 * Tue Aug 06 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.20-0Beta3 * Mon Jul 29 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.20-0Beta2 * Mon Jul 22 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.20-0Beta1 * Sun Jul 21 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.19-0base * Mon Jul 15 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.19-0RC1 * Thu Jul 11 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.19-0Beta3 * Tue Jul 09 2013 Tom Eastep tom@shorewall.net - Added Event actions * Mon Jul 08 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.19-0Beta2 * Mon Jul 01 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.19-0Beta1 * Thu Jun 27 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0base * Mon Jun 24 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0RC2 * Mon Jun 17 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0RC1 * Tue Jun 11 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0Beta3 * Tue Jun 04 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0Beta2 * Thu May 30 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.18-0Beta1 * Mon May 27 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0base * Sun May 26 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0RC2 * Wed May 22 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0RC1 * Sun May 12 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0Beta3 * Sat May 11 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0Beta2 * Tue May 07 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.17-0Beta1 * Wed May 01 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-2 * Wed May 01 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-1 * Tue Apr 30 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0base * Fri Apr 26 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0RC2 * Sat Apr 20 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0RC1 * Sat Apr 20 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta6 * Wed Apr 17 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta5 * Mon Apr 15 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta4 * Thu Apr 11 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta3 * Fri Apr 05 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta2 * Fri Mar 29 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.16-0Beta1 * Thu Mar 28 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.15-0base * Sun Mar 24 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.15-0RC1 * Fri Mar 22 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.15-0Beta3 * Sun Mar 17 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.15-0Beta2 * Tue Mar 05 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.15-0Beta1 * Sat Mar 02 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.14-0base * Sat Feb 23 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.14-0RC1 * Sun Feb 17 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.14-0Beta3 * Wed Feb 13 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.14-0Beta2 * Tue Feb 12 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.14-0Beta1 * Fri Feb 08 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0base * Mon Feb 04 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0RC3 * Sun Feb 03 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0RC2 * Thu Jan 31 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0RC1 * Tue Jan 29 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0Beta4 * Mon Jan 21 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0Beta3 * Sun Jan 20 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0Beta2 * Tue Jan 15 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.13-0Beta1 * Tue Jan 15 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0base * Thu Jan 10 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0RC1 * Tue Jan 08 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0Beta5 * Sat Jan 05 2013 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0Beta4 * Mon Dec 31 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0Beta3 * Thu Dec 27 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0Beta2 * Wed Dec 26 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.12-0Beta1 * Wed Dec 19 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.11-0RC1 * Thu Dec 13 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.11-0Beta3 * Thu Dec 13 2012 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0Beta3 * Sun Dec 09 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.11-0Beta2 * Mon Dec 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.11-0Beta1 * Sun Dec 02 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.10-0base * Wed Nov 28 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.10-0RC1 * Sat Nov 24 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.10-0Beta3 * Tue Nov 20 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.10-0Beta2 * Fri Nov 16 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.10-0Beta1 * Sun Nov 11 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-2 * Sat Nov 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-1 * Fri Oct 26 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-0base * Sun Oct 21 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-0RC1 * Tue Oct 16 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-0Beta3 * Thu Oct 04 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-0Beta2 * Thu Sep 20 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.9-0Beta1 * Wed Sep 19 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0base * Thu Sep 13 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0RC2 * Mon Sep 10 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0RC1 * Tue Sep 04 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0Beta3 * Mon Sep 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0Beta2 * Thu Aug 09 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.8-0Beta1 * Tue Aug 07 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0RC1 * Mon Aug 06 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0Beta5 * Sun Aug 05 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0Beta4 * Sat Aug 04 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0Beta3 * Sun Jul 29 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0RC1 * Tue Jul 17 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0Beta2 * Sun Jul 08 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.7-0Beta1 * Thu Jul 05 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0base * Sat Jun 30 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0RC1 * Wed Jun 27 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0Beta4 * Mon Jun 18 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0Beta3 * Fri Jun 15 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0Beta2 * Sat Jun 09 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.6-0Beta1 * Wed Jun 06 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.5-0base * Tue Jun 05 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.5-0RC1 * Sat Jun 02 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.5-0Beta2 * Thu May 24 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.5-0Beta1 * Thu May 24 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0base * Tue May 22 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0RC2 * Fri May 18 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0RC1 * Thu May 17 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0Beta3 * Tue May 15 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0Beta2 * Sun May 13 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0Beta2 * Thu May 10 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.4-0Beta1 * Sun May 06 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.3-0base * Thu May 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.3-0RC1 * Fri Apr 27 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.3-0Beta2 * Tue Apr 10 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-1 * Sat Apr 07 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0base * Wed Apr 04 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0RC2 * Sun Apr 01 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0RC1 * Thu Mar 29 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0Beta5 * Mon Mar 26 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0Beta4 * Tue Mar 20 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0Beta3 * Sat Mar 17 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0Beta2 * Wed Mar 14 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.2-0Beta1 * Sat Mar 10 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.1-0base * Sat Mar 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.1-0RC1 * Thu Feb 23 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.1-0Beta3 * Sun Feb 19 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.1-0Beta2 * Fri Feb 03 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.1-0Beta1 * Wed Jan 18 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.0-0RC1 * Sun Jan 15 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.0-0Beta4 * Thu Jan 05 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.0-0Beta3 * Mon Jan 02 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.0-0Beta2 * Sun Jan 01 2012 Tom Eastep tom@shorewall.net - Updated to 4.5.0-0Beta1 * Sun Dec 25 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0base * Fri Dec 23 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0RC2 * Sat Dec 17 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0RC1 * Sun Dec 11 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0Beta3 * Mon Dec 05 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0Beta2 * Sat Dec 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.27-0Beta1 * Sat Dec 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-1 * Tue Nov 29 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0base * Sun Nov 20 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0RC1 * Sat Nov 19 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0Beta4 * Thu Nov 17 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0Beta3 * Sat Nov 12 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0Beta2 * Wed Nov 02 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.26-0Beta1 * Sun Oct 30 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-1 * Thu Oct 27 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0base * Sun Oct 23 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0RC1 * Sat Oct 22 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0Beta4 * Tue Oct 18 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0Beta3 * Tue Oct 11 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0Beta2 * Tue Oct 04 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.25-0Beta1 * Sat Oct 01 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.24-0RC1 * Mon Sep 26 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.24-0Beta4 * Wed Sep 21 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.24-0Beta3 * Sun Sep 18 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.24-0Beta2 * Thu Sep 15 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.24-0Beta1 * Tue Sep 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-3 * Fri Sep 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-2 * Wed Sep 07 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-1 * Sat Sep 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0base * Fri Sep 02 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0RC2 * Mon Aug 29 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0RC1 * Sat Aug 27 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0Beta4 * Sun Aug 21 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0Beta3 * Wed Aug 17 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0Beta2 * Fri Aug 05 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.23-0Beta1 * Wed Aug 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-2 * Tue Aug 02 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-1 * Sat Jul 30 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0base * Sat Jul 30 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0RC2 * Fri Jul 22 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0RC1 * Thu Jul 21 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0Beta3 * Mon Jul 18 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0Beta2 * Mon Jul 04 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.22-0Beta1 * Wed Jun 29 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.21-0base * Thu Jun 23 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.21-0RC1 * Sun Jun 19 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.21-0Beta3 * Sat Jun 18 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.21-0Beta2 * Tue Jun 07 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.21-0Beta1 * Mon Jun 06 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-1 * Tue May 31 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0base * Fri May 27 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0RC1 * Tue May 24 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0Beta5 * Sun May 22 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0Beta4 * Thu May 19 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0Beta3 * Wed May 18 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0Beta2 * Fri Apr 15 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.20-0Beta1 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0RC1 * Sun Apr 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0Beta5 * Sat Apr 02 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0Beta4 * Sat Mar 26 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0Beta3 * Sat Mar 05 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0Beta1 * Wed Mar 02 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0base * Mon Feb 28 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0RC1 * Sun Feb 20 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0Beta4 * Sat Feb 19 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0Beta3 * Sun Feb 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0Beta2 * Sat Feb 05 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.18-0Beta1 * Fri Feb 04 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.17-0base * Sun Jan 30 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.17-0RC1 * Fri Jan 28 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.17-0Beta3 * Wed Jan 19 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.17-0Beta2 * Sat Jan 08 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.17-0Beta1 * Mon Jan 03 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0base * Thu Dec 30 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0RC1 * Thu Dec 30 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta8 * Sun Dec 26 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta7 * Mon Dec 20 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta6 * Fri Dec 10 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta5 * Sat Dec 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta4 * Fri Dec 03 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta3 * Fri Dec 03 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta2 * Tue Nov 30 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.16-0Beta1 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.15-0base * Mon Nov 22 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.15-0RC1 * Mon Nov 15 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.15-0Beta2 * Sun Nov 14 2010 Tom Eastep tom@shorewall.net - Added getparams to installed files * Sat Oct 30 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.15-0Beta1 * Sat Oct 23 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0base * Wed Oct 06 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0RC1 * Fri Oct 01 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0Beta4 * Sun Sep 26 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0Beta3 * Thu Sep 23 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0Beta2 * Tue Sep 21 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.14-0Beta1 * Fri Sep 17 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0RC1 * Fri Sep 17 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta6 * Mon Sep 13 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta5 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta4 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta3 * Wed Aug 25 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta2 * Wed Aug 18 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.13-0Beta1 * Sun Aug 15 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0base * Fri Aug 06 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0RC1 * Sun Aug 01 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0Beta4 * Sat Jul 31 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0Beta3 * Sun Jul 25 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0Beta2 * Wed Jul 21 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.12-0Beta1 * Fri Jul 09 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0base * Mon Jul 05 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0RC1 * Sat Jul 03 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0Beta3 * Thu Jul 01 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0Beta2 * Sun Jun 06 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.11-0Beta1 * Sat Jun 05 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0base * Fri Jun 04 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0RC2 * Thu May 27 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0RC1 * Wed May 26 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0Beta4 * Tue May 25 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0Beta3 * Thu May 20 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0Beta2 * Thu May 20 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0Beta2 * Thu May 13 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.10-0Beta1 * Mon May 03 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0base * Sun May 02 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0RC2 * Sun Apr 25 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0RC1 * Sat Apr 24 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0Beta5 * Fri Apr 16 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0Beta4 * Fri Apr 09 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0Beta3 * Thu Apr 08 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0Beta2 * Sat Mar 20 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.9-0Beta1 * Fri Mar 19 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0base * Tue Mar 16 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0RC2 * Mon Mar 08 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0RC1 * Sun Feb 28 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0Beta2 * Thu Feb 11 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0Beta1 * Fri Feb 05 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0base * Tue Feb 02 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0RC2 * Wed Jan 27 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0RC1 * Mon Jan 25 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0Beta4 * Fri Jan 22 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0Beta3 * Fri Jan 22 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0Beta2 * Thu Jan 21 2010 Tom Eastep tom@shorewall.net - Add /usr/share/shorewall/helpers * Sun Jan 17 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.7-0Beta1 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.6-0base * Wed Jan 13 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.6-0Beta1 * Thu Dec 24 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.5-0base * Sat Nov 21 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.4-0base * Fri Nov 13 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.4-0Beta2 * Wed Nov 11 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.4-0Beta1 * Tue Nov 03 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.3-0base * Sun Sep 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Sep 04 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Aug 14 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.1-0base * Sun Aug 09 2009 Tom Eastep tom@shorewall.net - Made Perl a dependency * Mon Aug 03 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0base * Tue Jul 28 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0RC2 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0RC1 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0Beta4 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0Beta3 * Mon Jun 15 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0Beta2 * Fri Jun 12 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-0Beta1 * Sun Jun 07 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.13-0base * Fri Jun 05 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.12-0base * Fri Jun 05 2009 Tom Eastep tom@shorewall.net - Remove 'rfc1918' file * Sun May 10 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.11-0base * Sun Apr 19 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.10-0base * Sat Apr 11 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.9-0base * Tue Mar 17 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.8-0base * Sun Mar 01 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.7-0base * Fri Feb 27 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.6-0base * Sun Feb 22 2009 Tom Eastep tom@shorewall.net - Updated to 4.3.5-0base * Sat Feb 21 2009 Tom Eastep tom@shorewall.net - Updated to 4.2.7-0base * Thu Feb 05 2009 Tom Eastep tom@shorewall.net - Add 'restored' script * Wed Feb 04 2009 Tom Eastep tom@shorewall.net - Updated to 4.2.6-0base * Fri Jan 30 2009 Tom Eastep tom@shorewall.net - Added swping files to the doc directory * Thu Jan 29 2009 Tom Eastep tom@shorewall.net - Updated to 4.2.6-0base * Tue Jan 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.2.5-0base * Thu Dec 25 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.4-0base * Sun Dec 21 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.4-0RC2 * Wed Dec 17 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.4-0RC1 * Tue Dec 16 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.4-0base * Sat Dec 13 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.3-0base * Fri Dec 12 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.2-0base * Thu Dec 11 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.1-0base * Thu Dec 11 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.1-0base * Wed Dec 10 2008 Tom Eastep tom@shorewall.net - Updated to 4.3.0-0base * Wed Dec 10 2008 Tom Eastep tom@shorewall.net - Updated to 2.3.0-0base * Fri Dec 05 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.3-0base * Wed Nov 05 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.2-0base * Wed Oct 08 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.1-0base * Fri Oct 03 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0base * Tue Sep 23 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0RC4 * Mon Sep 15 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0RC3 * Mon Sep 08 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0RC2 * Tue Aug 19 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0RC1 * Thu Jul 03 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta3 * Mon Jun 02 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta2 * Wed May 07 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta1 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net - Updated to 4.1.8-0base * Mon Mar 24 2008 Tom Eastep tom@shorewall.net - Updated to 4.1.7-0base * Thu Mar 13 2008 Tom Eastep tom@shorewall.net - Updated to 4.1.6-0base * Tue Feb 05 2008 Tom Eastep tom@shorewall.net - Updated to 4.1.5-0base * Fri Jan 04 2008 Tom Eastep tom@shorewall.net - Updated to 4.1.4-0base * Wed Dec 12 2007 Tom Eastep tom@shorewall.net - Updated to 4.1.3-0base * Fri Dec 07 2007 Tom Eastep tom@shorewall.net - Updated to 4.1.3-1 * Tue Nov 27 2007 Tom Eastep tom@shorewall.net - Updated to 4.1.2-1 * Wed Nov 21 2007 Tom Eastep tom@shorewall.net - Updated to 4.1.1-1 * Mon Nov 19 2007 Tom Eastep tom@shorewall.net - Updated to 4.1.0-1 * Thu Nov 15 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.6-1 * Sat Nov 10 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.6-0RC3 * Wed Nov 07 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.6-0RC2 * Thu Oct 25 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.6-0RC1 * Tue Oct 03 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.5-1 * Wed Sep 05 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.4-1 * Mon Aug 13 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.3-1 * Thu Aug 09 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.2-1 * Sat Jul 21 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.1-1 * Wed Jul 11 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-1 * Sun Jul 08 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0RC2 * Fri Jun 29 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0RC1 * Sun Jun 24 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta7 * Wed Jun 20 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta6 * Thu Jun 14 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta5 * Fri Jun 08 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta4 * Tue Jun 05 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta3 * Tue May 15 2007 Tom Eastep tom@shorewall.net - Updated to 4.0.0-0Beta1 * Fri May 11 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.7-1 * Sat May 05 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.6-1 * Mon Apr 30 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.5-1 * Mon Apr 23 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.4-1 * Wed Apr 18 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.3-1 * Mon Apr 16 2007 Tom Eastep tom@shorewall.net - Moved lib.dynamiczones from Shorewall-shell * Sat Apr 14 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.2-1 * Tue Apr 03 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.1-1 * Thu Mar 24 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.2-1 * Thu Mar 15 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.1-1 * Sat Mar 10 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-1 * Sun Feb 25 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0RC3 * Sun Feb 04 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0RC2 * Wed Jan 24 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0RC1 * Mon Jan 22 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0Beta3 * Wed Jan 03 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0Beta2 * Thu Dec 14 2006 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0Beta1 * Sat Nov 25 2006 Tom Eastep tom@shorewall.net - Added shorewall-exclusion(5) - Updated to 3.3.6-1 * Sun Nov 19 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.5-1 * Sat Nov 18 2006 Tom Eastep tom@shorewall.net - Add Man Pages. * Sun Oct 29 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.4-1 * Mon Oct 16 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.3-1 * Sat Sep 30 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.2-1 * Wed Aug 30 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.1-1 * Sun Aug 27 2006 Tom Eastep tom@shorewall.net - Updated to 3.3.0-1 * Fri Aug 25 2006 Tom Eastep tom@shorewall.net - Updated to 3.2.3-1 shorewall-4.5.21.6/modules0000644000175000017500000000132312272540615015241 0ustar teastepteastep# # Shorewall version 4 - Modules File # # /usr/share/shorewall/modules # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### # # Essential Modules # INCLUDE modules.essential # # Other xtables modules # INCLUDE modules.xtables # # Helpers # INCLUDE helpers # # Ipset # INCLUDE modules.ipset # # Traffic Shaping # INCLUDE modules.tc # # Extensions # INCLUDE modules.extensions shorewall-4.5.21.6/action.ResetEvent0000644000175000017500000000367212272540615017142 0ustar teastepteastep# # Shorewall version 4 - Reset an Event # # /etc/shorewall/action.ResetEvent # # Parameters: # Event: Must start with a letter and be composed of letters, digits, '-', and '_'. # Action: Action to perform after setting the event. Default is ACCEPT # Src or Dest: 'src' (default) or 'dst'. Determines if the event is associated with the source # address (src) or destination address (dst) # Disposition: Disposition for any rule generated. # # For additional information, see http://www.shorewall.net/Events.html # ####################################################################################################### # DO NOT REMOVE THE FOLLOWING LINE ?format 2 ################################################################################################################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S) DEST LIMIT GROUP DEFAULTS -,ACCEPT,src,- ?begin perl use Shorewall::Config; use Shorewall::Chains; use Shorewall::Rules; use strict; my ( $event, $action, $destination, $disposition ) = get_action_params( 4 ); require_capability 'RECENT_MATCH', 'Use of events', 's'; require_capability 'MARK_ANYWHERE', 'Use of events', 's'; fatal_error "An event name is required" unless supplied $event; fatal_error "Invalid event name ($event)" unless $event =~ /^[a-zA-z][-\w]*$/; fatal_error "Invalid Src or Dest ($destination)" unless $destination =~ /^(?:src|dst)$/; set_action_disposition( $disposition) if supplied $disposition; set_action_name_to_caller; if ( $destination eq 'dst' ) { perl_action_helper( $action, "-m recent --name $event --remove --rdest" ); } else { perl_action_helper( $action, "-m recent --name $event --remove --rsource" ); } 1; ?end perl shorewall-4.5.21.6/Makefile0000644000175000017500000000101212272540615015301 0ustar teastepteastep# Shorewall Makefile to restart if config-files are newer than last restart VARDIR=$(shell /sbin/shorewall show vardir) CONFDIR=/etc/shorewall RESTOREFILE?=firewall all: $(VARDIR)/$(RESTOREFILE) $(VARDIR)/$(RESTOREFILE): $(CONFDIR)/* @/sbin/shorewall -q save >/dev/null; \ if \ /sbin/shorewall -q restart >/dev/null 2>&1; \ then \ /sbin/shorewall -q save >/dev/null; \ else \ /sbin/shorewall -q restart 2>&1 | tail >&2; exit 1; \ fi clean: @rm -f $(CONFDIR)/*~ $(CONFDIR)/.*~ .PHONY: clean # EOF shorewall-4.5.21.6/helpers0000644000175000017500000000301412272540615015232 0ustar teastepteastep# # Shorewall version 4 - Helpers File # # /usr/share/shorewall/helpers # # This file loads the kernel helper modules. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### # Helpers # loadmodule ip_conntrack_amanda loadmodule ip_conntrack_ftp loadmodule ip_conntrack_h323 loadmodule ip_conntrack_irc loadmodule ip_conntrack_netbios_ns loadmodule ip_conntrack_pptp loadmodule ip_conntrack_sip loadmodule ip_conntrack_tftp loadmodule ip_nat_amanda loadmodule ip_nat_ftp loadmodule ip_nat_h323 loadmodule ip_nat_irc loadmodule ip_nat_pptp loadmodule ip_nat_sip loadmodule ip_nat_snmp_basic loadmodule ip_nat_tftp # # 2.6.20+ helpers # loadmodule nf_conntrack_ftp loadmodule nf_conntrack_h323 loadmodule nf_conntrack_irc loadmodule nf_conntrack_netbios_ns loadmodule nf_conntrack_netlink loadmodule nf_conntrack_pptp loadmodule nf_conntrack_proto_gre loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_proto_udplite loadmodule nf_conntrack_sip sip_direct_media=0 loadmodule nf_conntrack_tftp loadmodule nf_conntrack_sane loadmodule nf_nat_amanda loadmodule nf_nat_ftp loadmodule nf_nat_h323 loadmodule nf_nat_irc loadmodule nf_nat loadmodule nf_nat_pptp loadmodule nf_nat_proto_gre loadmodule nf_nat_sip loadmodule nf_nat_snmp_basic loadmodule nf_nat_tftp shorewall-4.5.21.6/Macros/0000755000175000017500000000000012272540615015073 5ustar teastepteastepshorewall-4.5.21.6/Macros/macro.SNMP0000644000175000017500000000072712272540615016701 0ustar teastepteastep# # Shorewall version 4 - SNMP Macro # # /usr/share/shorewall/macro.SNMP # # This macro handles SNMP traffic. # # Note: To allow SNMP Traps, use the SNMPTrap macro # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER ) PARAM - - udp 161 ; helper=snmp ?else PARAM - - udp 161 ?endif shorewall-4.5.21.6/Macros/macro.SMB0000644000175000017500000000140012272540615016532 0ustar teastepteastep# # Shorewall version 4 - SMB Macro # # /usr/share/shorewall/macro.SMB # # This macro handles Microsoft SMB traffic. You need to invoke # this macro in both directions. Beware! This rule opens a lot # of ports, and could possibly be used to compromise your firewall # if not used with care. You should only allow SMB traffic # between hosts you fully trust. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 135,445 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) PARAM - - udp 137 ; helper=netbios-ns PARAM - - udp 138:139 ?else PARAM - - udp 137:139 ?endif PARAM - - udp 1024: 137 PARAM - - tcp 135,139,445 shorewall-4.5.21.6/Macros/macro.Jetdirect0000644000175000017500000000047212272540615020036 0ustar teastepteastep# # Shorewall version 3.2 - Jetdirect Macro # # /usr/share/shorewall/macro.Jetdirect # # This macro handles HP Jetdirect printing. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 9100 shorewall-4.5.21.6/Macros/macro.Puppet0000644000175000017500000000053612272540615017377 0ustar teastepteastep# # Shorewall version 4 - Puppet Macro # # /usr/share/shorewall/macro.Puppet # # This macro handles client-to-server for the Puppet configuration # management system. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 8140 shorewall-4.5.21.6/Macros/macro.FTP0000644000175000017500000000061612272540615016552 0ustar teastepteastep# # Shorewall version 4 - FTP Macro # # /usr/share/shorewall/macro.FTP # # This macro handles FTP traffic. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER ) PARAM - - tcp 21 ; helper=ftp ?else PARAM - - tcp 21 ?endif shorewall-4.5.21.6/Macros/macro.MSSQL0000644000175000017500000000046612272540615017023 0ustar teastepteastep# # Shorewall version 4 - MSSQL Macro # # /usr/share/shorewall/macro.MSSQL # # This macro handles MSSQL (Microsoft SQL Server) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 1433 shorewall-4.5.21.6/Macros/macro.Kerberos0000644000175000017500000000050012272540615017665 0ustar teastepteastep# # Shorewall version 4 - Kerberos Macro # # /usr/share/shorewall/macro.Kerberos # # This macro handles Kerberos traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 88 PARAM - - udp 88 shorewall-4.5.21.6/Macros/macro.NTPbi0000644000175000017500000000053512272540615017075 0ustar teastepteastep# # Shorewall version 4 - NTPbi Macro # # /usr/share/shorewall/macro.NTPbi # # This macro handles bi-directional NTP (for NTP peers) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 123 PARAM DEST SOURCE udp 123 shorewall-4.5.21.6/Macros/macro.IPPbrd0000644000175000017500000000067612272540615017247 0ustar teastepteastep# # Shorewall version 4 - IPP Broadcast Macro # # /usr/share/shorewall/macro.IPPbrd # # This macro handles Internet Printing Protocol (IPP) broadcasts. # If you also need to handle TCP 631 connections in the opposite # direction, use the IPPserver Macro ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 631 shorewall-4.5.21.6/Macros/macro.SANE0000644000175000017500000000133412272540615016645 0ustar teastepteastep# # Shorewall version 4 - SANE Macro # # /usr/share/shorewall/macro.SANE # # This macro handles SANE network scanning. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER ) PARAM - - tcp 6566 ; helper=sane ?else PARAM - - tcp 6566 ?endif # # Kernels 2.6.23+ has nf_conntrack_sane module which will handle # sane data connection. # # If you don't have sane conntracking support you need to open whole dynamic # port range. # # This is for normal linux 2.4+ #PARAM - - tcp 32768:61000 # This is generic rule for any os running saned. #PARAM - - tcp 1024: shorewall-4.5.21.6/Macros/macro.SMBswat0000644000175000017500000000052712272540615017442 0ustar teastepteastep# # Shorewall version 4 - SMBswat Macro # # /usr/share/shorewall/macro.SMBswat # # This macro handles connections to the Samba Web Administration Tool # (SWAT). # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 901 shorewall-4.5.21.6/Macros/macro.Citrix0000644000175000017500000000070312272540615017360 0ustar teastepteastep# # Shorewall version 4 - Citrix/ICA Macro # # /usr/share/shorewall/macro.Citrix # # This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a. # ICA Session Reliability) # #################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 1494 # ICA PARAM - - udp 1604 # ICA Browser PARAM - - tcp 2598 # CGP Session Reliabilty shorewall-4.5.21.6/Macros/macro.IPsecah0000644000175000017500000000077012272540615017436 0ustar teastepteastep# # Shorewall version 4 - IPsecah Macro # # /usr/share/shorewall/macro.IPsecah # # This macro (bidirectional) handles IPsec authentication (AH) traffic. # This is insecure. You should use ESP with encryption for security. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 500 500 # IKE PARAM - - 51 # AH PARAM DEST SOURCE udp 500 500 # IKE PARAM DEST SOURCE 51 # AH shorewall-4.5.21.6/Macros/macro.Gnutella0000644000175000017500000000050412272540615017670 0ustar teastepteastep# # Shorewall version 4 - Gnutella Macro # # /usr/share/shorewall/macro.Gnutella # # This macro handles Gnutella traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 6346 PARAM - - udp 6346 shorewall-4.5.21.6/Macros/macro.HTTP0000644000175000017500000000046312272540615016700 0ustar teastepteastep# # Shorewall version 4 - HTTP Macro # # /usr/share/shorewall/macro.HTTP # # This macro handles plaintext HTTP (WWW) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 80 shorewall-4.5.21.6/Macros/macro.Syslog0000644000175000017500000000047412272540615017403 0ustar teastepteastep# # Shorewall version 4 - Syslog Macro # # /usr/share/shorewall/macro.Syslog # # This macro handles syslog traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 514 PARAM - - tcp 514 shorewall-4.5.21.6/Macros/macro.ActiveDir0000644000175000017500000000300212272540615017763 0ustar teastepteastep# # Shorewall version 4 - Samba 4 Macro # # /usr/share/shorewall/macro.ActiveDir # # This macro handles ports for Samba 4 Active Directory Service # # You can comment out the ports you do not want open # # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 389 #LDAP services PARAM - - udp 389 PARAM - - tcp 636 #LDAP SSL PARAM - - tcp 3268 #LDAP GC PARAM - - tcp 3269 #LDAP GC SSL PARAM - - tcp 88 #Kerberos PARAM - - udp 88 # Use macro.DNS for DNS sevice PARAM - - tcp 445 #Replication, User and Computer Authentication, Group Policy, Trusts PARAM - - udp 445 # Use macro.SMTP for Mail service PARAM - - tcp 135 #RPC, EPM PARAM - - tcp 5722 #RPC, DFSR (SYSVOL) PARAM - - udp 123 #Windows Time PARAM - - tcp 464 #Kerberosb change/set password PARAM - - udp 464 PARAM - - udp 138 #DFS, Group Policy PARAM - - tcp 9389 #SOAP PARAM - - tcp 2535 #MADCAP PARAM - - udp 2535 PARAM - - udp 137 #NetLogon, NetBIOS Name Resolution PARAM - - tcp 139 #DFSN, NetBIOS Session Service, NetLogon shorewall-4.5.21.6/Macros/macro.BLACKLIST0000644000175000017500000000062312272540615017427 0ustar teastepteastep# # Shorewall version 4 - blacklist Macro # # /usr/share/shorewall/macro.blacklist # # This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if $BLACKLIST_LOGLEVEL blacklog ?else $BLACKLIST_DISPOSITION ?endif shorewall-4.5.21.6/Macros/macro.Jabberd0000644000175000017500000000053012272540615017445 0ustar teastepteastep# # Shorewall version 3.4 - Jabberd (server intercommunication) # # /usr/share/shorewall/macro.Jabberd # # This macro accepts Jabberd intercommunication traffic # ############################################################################### #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5269 shorewall-4.5.21.6/Macros/macro.Munin0000644000175000017500000000050512272540615017204 0ustar teastepteastep# # Shorewall version 4 - Munin Macro # # /usr/share/shorewall/macro.Munin # # This macro handles Munin networked resource monitoring traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 4949 shorewall-4.5.21.6/Macros/macro.JabberSecure0000644000175000017500000000050512272540615020452 0ustar teastepteastep# # Shorewall version 3.4 - JabberSecure (ssl) Macro # # /usr/share/shorewall/macro.JabberSecure # # This macro accepts Jabber traffic (ssl). # ############################################################################### #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5223 shorewall-4.5.21.6/Macros/macro.LDAP0000644000175000017500000000117212272540615016637 0ustar teastepteastep# # Shorewall version 4 - LDAP Macro # # /usr/share/shorewall/macro.LDAP # # This macro handles plaintext LDAP traffic. For encrypted LDAP # traffic, see macro.LDAPS. Use of LDAPS is recommended (and is # required by some directory services) if you want to do user # authentication over LDAP. Note that some LDAP implementations # support initiating TLS connections via the plaintext LDAP port. # Consult your LDAP server documentation for details. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 389 shorewall-4.5.21.6/Macros/macro.Git0000644000175000017500000000044212272540615016641 0ustar teastepteastep# # Shorewall version 4 - Git Macro # # /usr/share/shorewall/macro.Git # # This macro handles Git traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 9418 shorewall-4.5.21.6/Macros/macro.DAAP0000644000175000017500000000063612272540615016630 0ustar teastepteastep# # Shorewall version 4 - DAAP Macro # # /usr/share/shorewall/macro.DAAP # # This macro handles DAAP (Digital Audio Access Protocol) traffic. # The protocol is used by iTunes, Rythmbox and other similar daemons. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3689 PARAM - - udp 3689 shorewall-4.5.21.6/Macros/macro.Rfc19180000644000175000017500000000100412272540615017146 0ustar teastepteastep# # Shorewall version 4 - Macro Template # # /usr/share/shorewall/macro.Rfc1918 # # This macro handles pkts with a SOURCE or ORIGINAL DEST address reserved by RFC 1918 ############################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT(S) PORT(S) DEST LIMIT GROUP ?FORMAT 2 PARAM SOURCE:10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \ DEST - - - - - - PARAM SOURCE DEST - - - 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 shorewall-4.5.21.6/Macros/macro.VNC0000644000175000017500000000047712272540615016554 0ustar teastepteastep# # Shorewall version 4 - VNC Macro # # /usr/share/shorewall/macro.VNC # # This macro handles VNC traffic for VNC display's 0 - 9. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5900:5909 shorewall-4.5.21.6/Macros/macro.DCC0000644000175000017500000000057012272540615016511 0ustar teastepteastep# # Shorewall version 4 - DCC Macro # # /usr/share/shorewall/macro.DCC # # This macro handles DCC (Distributed Checksum Clearinghouse) traffic. # DCC is a distributed spam filtering mechanism. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 6277 shorewall-4.5.21.6/Macros/macro.IRC0000644000175000017500000000064712272540615016542 0ustar teastepteastep# # Shorewall version 4 IRC Macro # # /usr/share/shorewall/macro.IRC # # This macro handles IRC traffic (Internet Relay Chat). # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER ) PARAM - - tcp 6667 ; helper=irc ?else PARAM - - tcp 6667 ?endif shorewall-4.5.21.6/Macros/macro.Printer0000644000175000017500000000047612272540615017550 0ustar teastepteastep# # Shorewall version 3.2 - Printer Macro # # /usr/share/shorewall/macro.Printer # # This macro handles Line Printer protocol printing. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 515 shorewall-4.5.21.6/Macros/macro.SMTPS0000644000175000017500000000103312272540615017021 0ustar teastepteastep# # Shorewall version 4 - SMTPS Macro # # /usr/share/shorewall/macro.SMTPS # # This macro handles encrypted SMTPS (email) traffic. # # Note: This macro handles traffic between an MUA (Email client) # and an MTA (mail server) or between MTAs. It does not enable # reading of email via POP3 or IMAP. For those you need to use # the POP3(S) or IMAP(S) macros. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 465 shorewall-4.5.21.6/Macros/macro.JabberPlain0000644000175000017500000000050312272540615020265 0ustar teastepteastep# # Shorewall version 3.4 - JabberPlain Macro # # /usr/share/shorewall/macro.JabberPlain # # This macro accepts Jabber traffic (plaintext). # ############################################################################### #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5222 shorewall-4.5.21.6/Macros/macro.Webcache0000644000175000017500000000056712272540615017627 0ustar teastepteastep# # Shorewall version 4 - Web Cache Macro # # /usr/share/shorewall/macro.WebCache # # This macro handles Web Caches and Dan't Guardian # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 8080 shorewall-4.5.21.6/Macros/macro.HKP0000644000175000017500000000047712272540615016550 0ustar teastepteastep# # Shorewall version 4 - HKP Macro # # /usr/share/shorewall/macro.HKP # # This macro handles OpenPGP HTTP keyserver protocol traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 11371 shorewall-4.5.21.6/Macros/macro.Web0000644000175000017500000000071012272540615016631 0ustar teastepteastep# # Shorewall version 4 - Web Macro # # /usr/share/shorewall/macro.Web # # This macro handles WWW traffic (secure and insecure). This # macro is deprecated - use of macro.HTTP and macro.HTTPS instead # is recommended. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 80 # HTTP (plaintext) PARAM - - tcp 443 # HTTPS (over SSL) shorewall-4.5.21.6/Macros/macro.LDAPS0000644000175000017500000000117312272540615016763 0ustar teastepteastep# # Shorewall version 4 - LDAPS Macro # # /usr/share/shorewall/macro.LDAPS # # This macro handles encrypted LDAP traffic. For plaintext LDAP # traffic, see macro.LDAP. Use of LDAPS is recommended (and is # required by some directory services) if you want to do user # authentication over LDAP. Note that some LDAP implementations # support initiating TLS connections via the plaintext LDAP port. # Consult your LDAP server documentation for details. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 636 shorewall-4.5.21.6/Macros/macro.IPP0000644000175000017500000000047012272540615016547 0ustar teastepteastep# # Shorewall version 3.2 - IPP Macro # # /usr/share/shorewall/macro.IPP # # This macro handles Internet Printing Protocol (IPP). # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 631 shorewall-4.5.21.6/Macros/macro.Teredo0000644000175000017500000000050212272540615017335 0ustar teastepteastep# # Shorewall version 4 - Teredo Macro # # /usr/share/shorewall/macro.Teredo # # This macro handles Teredo IPv6 over UDP tunneling traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 3544 shorewall-4.5.21.6/Macros/macro.SSH0000644000175000017500000000045712272540615016561 0ustar teastepteastep# # Shorewall version 4 - SSH Macro # # /usr/share/shorewall/macro.SSH # # This macro handles secure shell (SSH) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 22 shorewall-4.5.21.6/Macros/macro.Reject0000644000175000017500000000226712272540615017341 0ustar teastepteastep# # Shorewall version 4 - Reject Macro # # /usr/share/shorewall/macro.Reject # # This macro generates the same rules as the Reject default action # It is used in place of action.Reject when USE_ACTIONS=No. # # Example: # # Reject loc fw # # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP # # Don't log 'auth' REJECT # REJECT - - tcp 113 # # Drop Broadcasts so they don't clutter up the log # (broadcasts must *not* be rejected). # dropBcast # # ACCEPT critical ICMP types # ACCEPT - - icmp fragmentation-needed ACCEPT - - icmp time-exceeded # # Drop packets that are in the INVALID state -- these are usually ICMP packets # and just confuse people when they appear in the log (these ICMPs cannot be # rejected). # dropInvalid # # Reject Microsoft noise so that it doesn't clutter up the log. # REJECT - - udp 135,445 REJECT - - udp 137:139 REJECT - - udp 1024: 137 REJECT - - tcp 135,139,445 DROP - - udp 1900 # # Drop 'newnotsyn' traffic so that it doesn't get logged. # dropNotSyn # # Drop late-arriving DNS replies. These are just a nuisance and clutter up # the log. # DROP - - udp - 53 shorewall-4.5.21.6/Macros/macro.DropUPnP0000644000175000017500000000054012272540615017564 0ustar teastepteastep# # Shorewall version 4 - DropUPnP Macro # # /usr/share/shorewall/macro.DropUPnP # # This macro silently drops UPnP probes on UDP port 1900 # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT UPnP DEFAULT DROP PARAM - - udp 1900 shorewall-4.5.21.6/Macros/macro.TFTP0000644000175000017500000000077112272540615016700 0ustar teastepteastep# # Shorewall version 3.2 - TFTP Macro # # /usr/share/shorewall/macro.TFTP # # This macro handles Trivial File Transfer Protocol (TFTP) # Because TFTP lacks all security you should not enable it over # Internet. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER ) PARAM - - udp 69 ; helper=tftp ?else PARAM - - udp 69 ?endif shorewall-4.5.21.6/Macros/macro.Submission0000644000175000017500000000050312272540615020247 0ustar teastepteastep# # Shorewall version 4 - Submission Macro # # /usr/share/shorewall/macro.Submission # # This macro handles mail message submission traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 587 shorewall-4.5.21.6/Macros/macro.Rdate0000644000175000017500000000101612272540615017153 0ustar teastepteastep# # Shorewall version 4 - Rdate Macro # # /usr/share/shorewall/macro.Rdate # # This macro handles remote time retrieval (rdate). # Unless you are supporting extremely old hardware or software, # you shouldn't be using this. NTP is a superior alternative. # And even if you need to use rfc 868 Time protocol you should # use Time macro instead. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 37 shorewall-4.5.21.6/Macros/macro.SMTP0000644000175000017500000000133112272540615016677 0ustar teastepteastep# # Shorewall version 4 - SMTP Macro # # /usr/share/shorewall/macro.SMTP # # This macro handles plaintext SMTP (email) traffic. For SMTP # encrypted over SSL, use macro.SMTPS. Note that STARTTLS can be # used over the standard STMP port, so the use of this macro # doesn't necessarily imply the use of an insecure connection. # # Note: This macro handles traffic between an MUA (Email client) # and an MTA (mail server) or between MTAs. It does not enable # reading of email via POP3 or IMAP. For those you need to use # the POP3 or IMAP macros. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 25 shorewall-4.5.21.6/Macros/macro.Drop0000644000175000017500000000224212272540615017022 0ustar teastepteastep# # Shorewall version 4 - Drop Macro # # /usr/share/shorewall/macro.Drop # # This macro generates the same rules as the Drop default action # It is used in place of action.Drop when USE_ACTIONS=No. # # Example: # # Drop net all # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP # # Don't log 'auth' REJECT # REJECT - - tcp 113 # # Drop Broadcasts so they don't clutter up the log # (broadcasts must *not* be rejected). # dropBcast # # ACCEPT critical ICMP types # ACCEPT - - icmp fragmentation-needed ACCEPT - - icmp time-exceeded # # Drop packets that are in the INVALID state -- these are usually ICMP packets # and just confuse people when they appear in the log (these ICMPs cannot be # rejected). # dropInvalid # # Drop Microsoft noise so that it doesn't clutter up the log. # DROP - - udp 135,445 DROP - - udp 137:139 DROP - - udp 1024: 137 DROP - - tcp 135,139,445 DROP - - udp 1900 # # Drop 'newnotsyn' traffic so that it doesn't get logged. # dropNotSyn # # Drop late-arriving DNS replies. These are just a nuisance and clutter up # the log. # DROP - - udp - 53 shorewall-4.5.21.6/Macros/macro.Distcc0000644000175000017500000000051412272540615017327 0ustar teastepteastep# # Shorewall version 4 - Distcc Macro # # /usr/share/shorewall/macro.Distcc # # This macro handles connections to the Distributed Compiler service. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3632 shorewall-4.5.21.6/Macros/macro.Ping0000644000175000017500000000044612272540615017017 0ustar teastepteastep# # Shorewall version 4 - Ping Macro # # /usr/share/shorewall/macro.Ping # # This macro handles 'ping' requests. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - icmp 8 shorewall-4.5.21.6/Macros/macro.SPAMD0000644000175000017500000000046512272540615016767 0ustar teastepteastep# # Shorewall version 4 - SPAMD Macro # # /usr/share/shorewall/macro.SPAMD # # This macro handles Spam Assassin SPAMD traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 783 shorewall-4.5.21.6/Macros/macro.IPPserver0000644000175000017500000000175512272540615020005 0ustar teastepteastep# # Shorewall version 4 - IPPserver Macro # # /usr/share/shorewall/macro.IPPserver # # This macro handles Internet Printing Protocol (IPP), indicating # that DEST is a printing server for SOURCE. The macro allows # print queue broadcasts from the server to the client, and # printing connections from the client to the server. # # Example usage on a single-interface firewall which is a print # client: # IPPserver/ACCEPT $FW net # # Example for a two-interface firewall which acts as a print # server for loc: # IPPserver/ACCEPT loc $FW # # NOTE: If you want both to serve requests for local printers and # listen to requests for remote printers (i.e. your CUPS server is # also a client), you need to apply the rule twice, e.g. # IPPserver/ACCEPT loc $FW # IPPserver/ACCEPT $FW loc # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM SOURCE DEST tcp 631 PARAM DEST SOURCE udp 631 shorewall-4.5.21.6/Macros/macro.GRE0000644000175000017500000000056412272540615016540 0ustar teastepteastep# # Shorewall version 4 - GRE Macro # # /usr/share/shorewall/macro.GRE # # This macro (bi-directional) handles Generic Routing Encapsulation # traffic (RFC 1701) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - 47 # GRE PARAM DEST SOURCE 47 # GRE shorewall-4.5.21.6/Macros/macro.Whois0000644000175000017500000000046012272540615017207 0ustar teastepteastep# # Shorewall version 4 - Whois Macro # # /usr/share/shorewall/macro.Whois # # This macro handles whois (nicname) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 43 shorewall-4.5.21.6/Macros/macro.IMAPS0000644000175000017500000000055112272540615016770 0ustar teastepteastep# # Shorewall version 4 - IMAPS Macro # # /usr/share/shorewall/macro.IMAPS # # This macro handles encrypted IMAP traffic. For plaintext IMAP # (not recommended), see macro.IMAP. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 993 shorewall-4.5.21.6/Macros/macro.DHCPfwd0000644000175000017500000000057312272540615017342 0ustar teastepteastep# # Shorewall version 4 - DHCPfwd Macro # # /usr/share/shorewall/macro.DHCPfwd # # This macro (bidirectional) handles forwarded DHCP traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 67:68 67:68 # DHCP PARAM DEST SOURCE udp 67:68 67:68 # DHCP shorewall-4.5.21.6/Macros/macro.Amanda0000644000175000017500000000154712272540615017306 0ustar teastepteastep# # Shorewall version 4 - Amanda Macro # # /usr/share/shorewall/macro.Amanda # # This macro handles connections required by the AMANDA backup system # to back up remote nodes. It does not provide the ability to restore # files from those nodes. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER ) PARAM - - udp 10080 ; helper=amanda ?else PARAM - - udp 10080 ?endif PARAM - - tcp 10080 # # You may also need this rule. With AMANDA 2.4.4 on Linux kernel 2.6, # it should not be necessary to use this. The ip_conntrack_amanda # kernel module should be loaded (via /etc/shorewall/modules) on all # systems which need to pass AMANDA traffic through netfilter. #PARAM - - tcp 50000:50100 # shorewall-4.5.21.6/Macros/macro.SVN0000644000175000017500000000051012272540615016560 0ustar teastepteastep# # Shorewall version 4 - SVN Macro # # /usr/share/shorewall/macro.SVN # # This macro handles connections to the Subversion server (svnserve). # # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3690 shorewall-4.5.21.6/Macros/macro.OpenVPN0000644000175000017500000000046412272540615017407 0ustar teastepteastep# # Shorewall version 4 - OpenVPN Macro # # /usr/share/shorewall/macro.OpenVPN Macro # # This macro handles OpenVPN traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 1194 shorewall-4.5.21.6/Macros/macro.RNDC0000644000175000017500000000050612272540615016645 0ustar teastepteastep# # Shorewall version 4 - RNDC Macro # # /usr/share/shorewall/macro.RNDC # # This macro handles RNDC (BIND remote management protocol) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 953 shorewall-4.5.21.6/Macros/macro.SNMPTrap0000644000175000017500000000046112272540615017523 0ustar teastepteastep# # Shorewall version 4 - SNMP Trap Macro # # /usr/share/shorewall/macro.SNMP # # This macro handles SNMP traps. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 162 shorewall-4.5.21.6/Macros/macro.SixXS0000644000175000017500000000130712272540615017135 0ustar teastepteastep# # Shorewall version 4 - SIXXS Macro # # /usr/share/shorewall/macro.SixXS # # This macro handles SixXS -- An IPv6 Deployment and Tunnel Broker # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP # # Used for retrieving the tunnel information (eg by AICCU) PARAM - - tcp 3874 # # Used for signaling where the current IPv4 endpoint # of the tunnel is and that it is alive PARAM - - udp 3740 # # Used for tunneling IPv6 over IPv4 (static + heartbeat tunnels) PARAM - - 41 # # Used for tunneling IPv6 over IPv4 (AYIYA # tunnels)(5072 is official port, 8374 is used in the beta) PARAM - - udp 5072,8374 shorewall-4.5.21.6/Macros/macro.NTPbrd0000644000175000017500000000107412272540615017251 0ustar teastepteastep# # Shorewall version 4 - NTPbrd Macro # # /usr/share/shorewall/macro.NTPbrd # # This macro handles NTP traffic (ntpd) including replies to Broadcast # NTP traffic. # # It is recommended only to use this where the source host is trusted - # otherwise it opens up a large hole in your firewall because # Netfilter doesn't track connections for broadcast traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 123 PARAM - - udp 1024: 123 shorewall-4.5.21.6/Macros/macro.Rsync0000644000175000017500000000047112272540615017216 0ustar teastepteastep# # Shorewall version 4 - Rsync Macro # # /usr/share/shorewall/macro.Rsync # # This macro handles connections to the rsync server. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 873 shorewall-4.5.21.6/Macros/macro.VRRP0000644000175000017500000000050112272540615016703 0ustar teastepteastep# # Shorewall version 4 - VRRP Macro # # /usr/share/shorewall/macro.VRRP # # This macro handles VRRP traffic. # ############################################################################### #ACTION SOURCE DEST PROTO PARAM SOURCE DEST:224.0.0.18 vrrp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE shorewall-4.5.21.6/Macros/macro.BitTorrent0000644000175000017500000000077412272540615020222 0ustar teastepteastep# # Shorewall version 4 - BitTorrent Macro # # /usr/share/shorewall/macro.BitTorrent # # This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier. # # If you are running BitTorrent 3.2 or later, you should use the # BitTorrent32 macro. ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 6881:6889 # # It may also be necessary to allow UDP traffic: # PARAM - - udp 6881 # shorewall-4.5.21.6/Macros/macro.DNS0000644000175000017500000000046112272540615016543 0ustar teastepteastep# # Shorewall version 4 - DNS Macro # # /usr/share/shorewall/macro.DNS # # This macro handles DNS traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 53 PARAM - - tcp 53 shorewall-4.5.21.6/Macros/macro.VNCL0000644000175000017500000000052212272540615016657 0ustar teastepteastep# # Shorewall version 4 -VNCL Macro # # /usr/share/shorewall/macro.VNCL # # This macro handles VNC traffic from Vncservers to Vncviewers in listen # mode. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5500 shorewall-4.5.21.6/Macros/macro.A_DropDNSrep0000644000175000017500000000055412272540615020342 0ustar teastepteastep# # Shorewall version 4 - Audited DropDNSrep Macro # # /usr/share/shorewall/macro.ADropDNSrep # # This macro silently audites and drops DNS UDP replies # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT Late DNS Replies A_DROP - - udp - 53 shorewall-4.5.21.6/Macros/macro.Mail0000644000175000017500000000120212272540615016773 0ustar teastepteastep# # Shorewall version 4 - Mail Macro # # /usr/share/shorewall/macro.Mail # # This macro handles SMTP (email secure and insecure) traffic. # It's the aggregate of macro.SMTP, macro.SMTPS, macro.Submission. # # Note: This macro handles traffic between an MUA (Email client) # and an MTA (mail server) or between MTAs. It does not enable # reading of email via POP3 or IMAP. For those you need to use # the POP3 or IMAP macros. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 25 PARAM - - tcp 465 PARAM - - tcp 587 shorewall-4.5.21.6/Macros/macro.NNTP0000644000175000017500000000053512272540615016700 0ustar teastepteastep# # Shorewall version 4 NNTP Macro # # /usr/share/shorewall/macro.NNTP # # This macro handles plaintext NNTP traffic (Usenet). For # encrypted NNTP, see macro.NNTPS. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 119 shorewall-4.5.21.6/Macros/macro.IPsec0000644000175000017500000000062612272540615017125 0ustar teastepteastep# # Shorewall version 4 - IPsec Macro # # /usr/share/shorewall/macro.IPsec # # This macro (bidirectional) handles IPsec traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 500 500 # IKE PARAM - - 50 # ESP PARAM DEST SOURCE udp 500 500 # IKE PARAM DEST SOURCE 50 # ESP shorewall-4.5.21.6/Macros/macro.Telnet0000644000175000017500000000056312272540615017355 0ustar teastepteastep# # Shorewall version 4 - Telnet Macro # # /usr/share/shorewall/macro.Telnet # # This macro handles Telnet traffic. For traffic over the # internet, telnet is inappropriate; use SSH instead # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 23 shorewall-4.5.21.6/Macros/macro.AllowICMPs0000644000175000017500000000061712272540615020034 0ustar teastepteastep# # Shorewall version 4 - AllowICMPs Macro # # /usr/share/shorewall/macro.AllowICMPs # # This macro ACCEPTs needed ICMP types # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT Needed ICMP types DEFAULT ACCEPT PARAM - - icmp fragmentation-needed PARAM - - icmp time-exceeded shorewall-4.5.21.6/Macros/macro.NNTPS0000644000175000017500000000053612272540615017024 0ustar teastepteastep# # Shorewall version 4 NNTPS Macro # # /usr/share/shorewall/macro.NNTPS # # This macro handles encrypted NNTP traffic (Usenet). For # plaintext NNTP, see macro.NNTP. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 563 shorewall-4.5.21.6/Macros/macro.L2TP0000644000175000017500000000060012272540615016633 0ustar teastepteastep# # Shorewall version 4 - L2TP Macro # # /usr/share/shorewall/macro.L2TP # # This macro (bidirectional) handles Layer 2 Tunneling Protocol traffic # (RFC 2661) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 1701 # L2TP PARAM DEST SOURCE udp 1701 # L2TP shorewall-4.5.21.6/Macros/macro.POP3S0000644000175000017500000000054512272540615016766 0ustar teastepteastep# # Shorewall version 4 - POP3S Macro # # /usr/share/shorewall/macro.POP3S # # This macro handles encrypted POP3 traffic. For plaintext POP3, # see macro.POP3. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 995 # Secure POP3 shorewall-4.5.21.6/Macros/macro.Time0000644000175000017500000000065312272540615017020 0ustar teastepteastep# # Shorewall version 4 - Time Macro # # /usr/share/shorewall/macro.Time # # This macro handles rfc 868 Time protocol. # Unless you are supporting extremely old hardware or software, # you shouldn't be using this. NTP is a superior alternative. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 37 shorewall-4.5.21.6/Macros/macro.SIP0000644000175000017500000000062312272540615016552 0ustar teastepteastep# # Shorewall version 4 - SIP Macro # # /usr/share/shorewall/macro.SIP # # This macro handles SIP traffic. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER ) PARAM - - udp 5060 ; helper=sip ?else PARAM - - udp 5060 ?endif shorewall-4.5.21.6/Macros/macro.RDP0000644000175000017500000000047712272540615016553 0ustar teastepteastep# # Shorewall version 3.2 - RDP Macro # # /usr/share/shorewall/macro.RDP # # This macro handles Microsoft RDP (Remote Desktop) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3389 shorewall-4.5.21.6/Macros/macro.HTTPS0000644000175000017500000000046612272540615017026 0ustar teastepteastep# # Shorewall version 4 - HTTPS Macro # # /usr/share/shorewall/macro.HTTPS # # This macro handles HTTPS (WWW over SSL) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 443 shorewall-4.5.21.6/Macros/macro.Telnets0000644000175000017500000000057412272540615017542 0ustar teastepteastep# # Shorewall version 4 - Telnet Macro # # /usr/share/shorewall/macro.Telnets # # This macro handles Telnets (Telnet over SSL) traffic. # For traffic over the internet, SSH might be more practical. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 992 shorewall-4.5.21.6/Macros/macro.A_DropUPnP0000644000175000017500000000052612272540615020030 0ustar teastepteastep# # Shorewall version 4 - ADropUPnP Macro # # /usr/share/shorewall/macro.ADropUPnP # # This macro silently drops UPnP probes on UDP port 1900 # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT UPnP A_DROP - - udp 1900 shorewall-4.5.21.6/Macros/macro.ICQ0000644000175000017500000000050512272540615016532 0ustar teastepteastep# # Shorewall version 4 - ICQ Macro # # /usr/share/shorewall/macro.ICQ # # This macro handles ICQ, now called AOL Instant Messenger (or AIM). # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5190 shorewall-4.5.21.6/Macros/macro.BGP0000644000175000017500000000045112272540615016526 0ustar teastepteastep# # Shorewall version 4 - BGP Macro # # /usr/share/shorewall/macro.BGP # # This macro handles BGP4 traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 179 # BGP4 shorewall-4.5.21.6/Macros/macro.MySQL0000644000175000017500000000047212272540615017066 0ustar teastepteastep# # Shorewall version 4 - MySQL Macro # # /usr/share/shorewall/macro.MySQL # # This macro handles connections to the MySQL server. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3306 shorewall-4.5.21.6/Macros/macro.ICPV20000644000175000017500000000050412272540615016740 0ustar teastepteastep# # Shorewall version 4 - ICPV2 Macro # # /usr/share/shorewall/macro.ICPV2 # # This macro handles Internet Cache Protocol V2 (Squid) traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 3130 shorewall-4.5.21.6/Macros/macro.Trcrt0000644000175000017500000000056712272540615017224 0ustar teastepteastep# # Shorewall version 4 -Trcrt Macro # # /usr/share/shorewall/macro.Trcrt # # This macro handles Traceroute (for up to 30 hops). # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 33434:33524 # UDP Traceroute PARAM - - icmp 8 # ICMP Traceroute shorewall-4.5.21.6/Macros/macro.GNUnet0000644000175000017500000000060512272540615017257 0ustar teastepteastep# # Shorewall version 4 - GNUnet Macro # # /usr/share/shorewall/macro.GNUnet # # This macro handles GNUnet (secure peer-to-peer networking) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 2086 PARAM - - udp 2086 PARAM - - tcp 1080 PARAM - - udp 1080 shorewall-4.5.21.6/Macros/macro.Webmin0000644000175000017500000000045412272540615017342 0ustar teastepteastep# # Shorewall version 4 - Webmin Macro # # /usr/share/shorewall/macro.Webmin # # This macro handles Webmin traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 10000 shorewall-4.5.21.6/Macros/macro.RIPbi0000644000175000017500000000065312272540615017067 0ustar teastepteastep# # Shorewall version 4 - RIPbi Macro # # /usr/share/shorewall/macro.RIPbi # # This macro handles RIP (Routing Information Protocol) - bidirectional # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 520 PARAM DEST SOURCE udp 520 shorewall-4.5.21.6/Macros/macro.Razor0000644000175000017500000000065312272540615017217 0ustar teastepteastep# # Shorewall version 4 - Razor Macro # # /usr/share/shorewall/macro.Razor # # This macro handles traffic for the Razor Antispam System # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ACCEPT - - tcp 2703 shorewall-4.5.21.6/Macros/macro.IMAP0000644000175000017500000000052612272540615016647 0ustar teastepteastep# # Shorewall version 4 - IMAP Macro # # /usr/share/shorewall/macro.IMAP # # This macro handles plaintext IMAP traffic. For encrypted IMAP, # see macro.IMAPS. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 143 shorewall-4.5.21.6/Macros/macro.BitTorrent320000644000175000017500000000065112272540615020361 0ustar teastepteastep# # Shorewall version 4 - BitTorrent 3.2 Macro # # /usr/share/shorewall/macro.BitTorrent32 # # This macro handles BitTorrent traffic for BitTorrent 3.2 and later. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 6881:6999 # # It may also be necessary to allow UDP traffic: # PARAM - - udp 6881 # shorewall-4.5.21.6/Macros/macro.POP30000644000175000017500000000052612272540615016642 0ustar teastepteastep# # Shorewall version 4 - POP3 Macro # # /usr/share/shorewall/macro.POP3 # # This macro handles plaintext POP3 traffic. For encrypted POP3, # see macro.POP3S. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 110 shorewall-4.5.21.6/Macros/macro.JAP0000644000175000017500000000100612272540615016525 0ustar teastepteastep# # Shorewall version 4 - JAP Macro # # /usr/share/shorewall/macro.JAP # # This macro handles JAP Anon Proxy traffic. This macro is for # administrators running a Mix server. It is NOT for people trying # to browse anonymously! # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 8080 # HTTP port PARAM - - tcp 6544 # HTTP port PARAM - - tcp 6543 # InfoService port HTTPS(PARAM) SSH(PARAM) shorewall-4.5.21.6/Macros/macro.PPtP0000644000175000017500000000067712272540615016753 0ustar teastepteastep# # Shorewall version 4 - PPTP Macro # # /usr/share/shorewall/macro.PPtP Macro # # This macro handles PPTP traffic. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - 47 PARAM DEST SOURCE 47 ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER ) PARAM - - tcp 1723 ; helper=pptp ?else PARAM - - tcp 1723 ?endif shorewall-4.5.21.6/Macros/macro.IPIP0000644000175000017500000000053512272540615016662 0ustar teastepteastep# # Shorewall version 4 - IPIP Macro # # /usr/share/shorewall/macro.IPIP # # This macro (bidirectional) handles IPIP capsulation traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - 94 # IPIP PARAM DEST SOURCE 94 # IPIP shorewall-4.5.21.6/Macros/macro.A_AllowICMPs0000644000175000017500000000063712272540615020276 0ustar teastepteastep# # Shorewall version 4 - Audited AllowICMPs Macro # # /usr/share/shorewall/macro.AAllowICMPs # # This macro A_ACCEPTs needed ICMP types # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT Needed ICMP types A_ACCEPT - - icmp fragmentation-needed A_ACCEPT - - icmp time-exceeded shorewall-4.5.21.6/Macros/macro.CVS0000644000175000017500000000046512272540615016556 0ustar teastepteastep# # Shorewall version 4 - CVS Macro # # /usr/share/shorewall/macro.CVS # # This macro handles connections to the CVS pserver. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 2401 shorewall-4.5.21.6/Macros/macro.DropDNSrep0000644000175000017500000000054312272540615020100 0ustar teastepteastep# # Shorewall version 4 - DropDNSrep Macro # # /usr/share/shorewall/macro.DropDNSrep # # This macro silently drops DNS UDP replies # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP ?COMMENT Late DNS Replies DEFAULT DROP PARAM - - udp - 53 shorewall-4.5.21.6/Macros/macro.mDNS0000644000175000017500000000114212272540615016715 0ustar teastepteastep# # Shorewall version 4 - Multicast DNS Macro -- this macro assumes that only # the DEST zone sends mDNS queries. If both zones send # queries, use the mDNSbi macro. # # /usr/share/shorewall/macro.mDNS # # This macro handles multicast DNS traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - 224.0.0.251 udp 5353 PARAM - - udp 1024: 5353 PARAM - 224.0.0.251 2 PARAM DEST SOURCE:224.0.0.251 udp 5353 PARAM DEST SOURCE:224.0.0.251 2 shorewall-4.5.21.6/Macros/macro.SMBBI0000644000175000017500000000201012272540615016743 0ustar teastepteastep# # Shorewall version 4 - SMB Bi-directional Macro # # /usr/share/shorewall/macro.SMBBI # # This macro (bidirectional) handles Microsoft SMB traffic. # # Beware! This macro opens a lot of ports, and could possibly be used # to compromise your firewall if not used with care. You should only # allow SMB traffic between hosts you fully trust. # ############################################################################### ?FORMAT 2 #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 135,445 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) PARAM - - udp 137 ; helper=netbios-ns PARAM - - udp 138:139 ?else PARAM - - udp 137:139 ?endif PARAM - - udp 1024: 137 PARAM - - tcp 135,139,445 PARAM DEST SOURCE udp 135,445 ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) PARAM DEST SOURCE udp 137 ; helper=netbios-ns PARAM DEST SOURCE udp 138:139 ?else PARAM DEST SOURCE udp 137:139 ?endif PARAM DEST SOURCE udp 1024: 137 PARAM DEST SOURCE tcp 135,139,445 shorewall-4.5.21.6/Macros/macro.mDNSbi0000644000175000017500000000076312272540615017240 0ustar teastepteastep# # Shorewall version 4 - Bi-directional Multicast DNS Macro. # # /usr/share/shorewall/macro.mDNSbi # # This macro handles multicast DNS traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - 224.0.0.251 udp 5353 PARAM - - udp 1024: 5353 PARAM - 224.0.0.251 2 PARAM DEST SOURCE:224.0.0.251 udp 5353 PARAM DEST SOURCE udp 1024: 5353 PARAM DEST SOURCE:224.0.0.251 2 shorewall-4.5.21.6/Macros/macro.Edonkey0000644000175000017500000000206012272540615017512 0ustar teastepteastep# # Shorewall version 4 - Edonkey Macro # # /usr/share/shorewall/macro.Edonkey # # This macro handles Edonkey traffic. # # # http://www.portforward.com/english/routers/port_forwarding/2wire/1000s/eDonkey.htm # says to use udp 5737 rather than 4665. # # http://www.amule.org/wiki/index.php/FAQ_ed2k says this: # # 4661 TCP (outgoing) Port, on which a server listens for connection # (defined by server). # # 4665 UDP (outgoing) used for global server searches and global source # queries. This is always Server TCP port (in this case 4661) + 4. # # 4662 TCP (outgoing and incoming) Client to client transfers. # # 4672 UDP (outgoing and incoming) Extended eMule protocol, Queue # Rating, File Reask Ping # # 4711 TCP WebServer listening port. # # 4712 TCP External Connection port. Used to communicate aMule with other # applications such as aMule WebServer or aMuleCMD. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 4662 PARAM - - udp 4665 shorewall-4.5.21.6/Macros/macro.Finger0000644000175000017500000000055712272540615017337 0ustar teastepteastep# # Shorewall version 4 - Finger Macro # # /usr/share/shorewall/macro.Finger # # This macro handles Finger protocol. You should not generally open # your finger information to internet. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 79 shorewall-4.5.21.6/Macros/macro.Squid0000644000175000017500000000046112272540615017204 0ustar teastepteastep# # Shorewall version 4 - Squid Macro # # /usr/share/shorewall/macro.Squid # # This macro handles Squid web proxy traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 3128 shorewall-4.5.21.6/Macros/macro.template0000644000175000017500000000631612272540615017737 0ustar teastepteastep# # Shorewall version 4 - Macro Template # # /usr/share/shorewall/macro.template # # Macro files are similar to action files with the following exceptions: # # - A macro file is not processed unless the marcro that it defines is # referenced in the /etc/shorewall/rules file or in an action # definition file. # # - Macros are translated directly into one or more rules whereas # actions become their own chain. # # - All entries in a macro undergo substitution when the macro is # invoked in the rules file. # # Columns are the same as in /etc/shorewall/rules. # A few examples should help show how Macros work. # # /etc/shorewall/macro.FwdFTP: # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # # PORT(S) PORT(S) DEST LIMIT GROUP # DNAT - - tcp 21 # # /etc/shorewall/rules: # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # # PORT(S) PORT(S) DEST LIMIT GROUP # FwdFTP net loc:192.168.1.5 # # The result is equivalent to: # # #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # # PORT(S) PORT(S) DEST LIMIT GROUP # DNAT net loc:192.168.1.5 tcp 21 # # The substitution rules are as follows: # # ACTION column If in the invocation of the macro, the macro # name is followed by slash ("/") and a second # name, the second name is substituted for each # entry in the macro whose ACTION is PARAM # # For example, if macro FOO is invoked as # FOO/ACCEPT then when expanding macro.FOO, # Shorewall will substitute ACCEPT in each # entry in macro.FOO whose ACTION column # contains PARAM. PARAM may be optionally # followed by a colon and a log level. # # You may also follow the # # Any logging specified when the macro is # invoked is applied to each entry in the macros. # # SOURCE and DEST If the column in the macro is empty then the # columns value in the rules file is used. If the column # in the macro is non-empty then any value in # the rules file is appended with a ":" # separator. # # Example: ############################################### # #ACTION SOURCE DEST PROTO DEST # # PORT(S) # macro.FTP File PARAM net loc tcp 21 # rules File FTP/DNAT - 192.168.1.5 # Result DNAT net loc:192.168.1.5 tcp 21 # # Remaining Any value in the rules file REPLACES the value # columns given in the macro file. # # Multiple parameters may be passed to a macro. Within this file, $1 refers to the first parameter, # $2 to the second an so on. $1 is a synonym for PARAM but may be used anywhere in the file whereas # PARAM may only be used in the ACTION column. # # You can specify default values for parameters by using DEFAULT or DEFAULTS entry: # # DEFAULTS ,,... # ####################################################################################################### # DO NOT REMOVE THE FOLLOWING LINE ?FORMAT 2 ################################################################################################################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORT PORT(S) DEST LIMIT GROUP shorewall-4.5.21.6/Macros/macro.PostgreSQL0000644000175000017500000000051112272540615020116 0ustar teastepteastep# # Shorewall version 4 - PostgreSQL Macro # # /usr/share/shorewall/macro.PostgreSQL # # This macro handles connections to the PostgreSQL server. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 5432 shorewall-4.5.21.6/Macros/macro.NTP0000644000175000017500000000052712272540615016563 0ustar teastepteastep# # Shorewall version 4 - NTP Macro # # /usr/share/shorewall/macro.NTP # # This macro handles NTP traffic (ntpd). # For broadcast NTP traffic, use NTPbrd Macro. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 123 shorewall-4.5.21.6/Macros/macro.MSNP0000644000175000017500000000047612272540615016702 0ustar teastepteastep# # Shorewall version 4 - MSNP Macro # # /usr/share/shorewall/macro.MSNP # # This macro handles MSNP (MicroSoft Notification Protocol) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 1863 shorewall-4.5.21.6/Macros/macro.Xymon0000644000175000017500000000045012272540615017227 0ustar teastepteastep# # Shorewall version 4 - Xymon Macro # # /usr/share/shorewall/macro.Xymon # # This macro handles Xymon traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 1984 shorewall-4.5.21.6/Macros/macro.PCA0000644000175000017500000000046712272540615016530 0ustar teastepteastep# # Shorewall version 4 - PCA Macro # # /usr/share/shorewall/macro.PCA # # This macro handles PCAnywere (tm) # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 5632 PARAM - - tcp 5631 shorewall-4.5.21.6/Macros/macro.IPsecnat0000644000175000017500000000074212272540615017627 0ustar teastepteastep# # Shorewall version 4 - IPsecnat Macro # # /usr/share/shorewall/macro.IPsecnat # # This macro (bidirectional) handles IPsec traffic and Nat-Traversal # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 500 # IKE PARAM - - udp 4500 # NAT-T PARAM - - 50 # ESP PARAM DEST SOURCE udp 500 # IKE PARAM DEST SOURCE udp 4500 # NAT-T PARAM DEST SOURCE 50 # ESP shorewall-4.5.21.6/Macros/macro.OSPF0000644000175000017500000000045712272540615016673 0ustar teastepteastep# # Shorewall version 4 - OSPF Macro # # /usr/share/shorewall/macro.OSPF # # This macro handles OSPF multicast traffic # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - 89 # OSPF shorewall-4.5.21.6/Macros/macro.Auth0000644000175000017500000000045512272540615017023 0ustar teastepteastep# # Shorewall version 4 - Auth Macro # # /usr/share/shorewall/macro.Auth # # This macro handles Auth (identd) traffic. # ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - tcp 113 shorewall-4.5.21.6/action.NotSyn0000644000175000017500000000302112272540615016274 0ustar teastepteastep# # Shorewall 4 - NotSyn Action # # /usr/share/shorewall/action.NotSyn # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2011 - Tom Eastep (teastep@shorewall.net) # # Complete documentation is available at http://shorewall.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # NotSyn[([])] # # Default action is DROP # ########################################################################################## ?format 2 DEFAULTS DROP,- ?begin perl; use strict; use Shorewall::IPAddrs; use Shorewall::Config; use Shorewall::Chains; use Shorewall::Rules; my ( $action, $audit ) = get_action_params( 2 ); if ( supplied $audit ) { fatal_error "Invalid parameter ($audit) to action NotSyn" if $audit ne 'audit'; $action = "A_$action"; } perl_action_tcp_helper( $action, '-p 6 ! --syn' ); 1; ?end perl; shorewall-4.5.21.6/configure.pl0000755000175000017500000001130112272556446016175 0ustar teastepteastep#! /usr/bin/perl -w # # Shorewall Packet Filtering Firewall RPM configuration program - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2012 - Tom Eastep (teastep@shorewall.net) # # Shorewall documentation is available at http://www.shorewall.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # Usage: ./configure.pl