shorewall-5.1.12.2/0000775000000000000000000000000013243350235012440 5ustar rootrootshorewall-5.1.12.2/lib.uninstaller0000664000000000000000000000441413243350235015473 0ustar rootroot# # # Shorewall 5.1 -- /usr/share/shorewall/lib.installer. # # (c) 2017 - Tom Eastep (teastep@shorewall.net) # (c) 2017 - Matt Darfeuille (matdarf@gmail.com) # # Complete documentation is available at http://shorewall.net # # This program is part of Shorewall. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 2 of the license or, at your # option, any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # The purpose of this library is to hold those functions used by the products uninstaller. # ######################################################################################### fatal_error() { echo " ERROR: $@" >&2 exit 1 } split() { local ifs ifs=$IFS IFS=: set -- $1 echo $* IFS=$ifs } qt() { "$@" >/dev/null 2>&1 } mywhich() { local dir for dir in $(split $PATH); do if [ -x $dir/$1 ]; then return 0 fi done return 2 } remove_file() # $1 = file to remove { if [ -n "$1" ] ; then if [ -f $1 -o -L $1 ] ; then rm -f $1 echo "$1 Removed" fi fi } remove_directory() # $1 = directory to remove { if [ -n "$1" ] ; then if [ -d $1 ] ; then rm -rf $1 echo "$1 Removed" fi fi } remove_file_with_wildcard() # $1 = file with wildcard to remove { if [ -n "$1" ] ; then for f in $1; do if [ -d $f ] ; then rm -rf $f echo "$f Removed" elif [ -f $f -o -L $f ] ; then rm -f $f echo "$f Removed" fi done fi } restore_file() # $1 = file to restore { if [ -f ${1}-shorewall.bkout ]; then if (mv -f ${1}-shorewall.bkout $1); then echo echo "$1 restored" else exit 1 fi fi } shorewall-5.1.12.2/modules0000664000000000000000000000132313243347103014032 0ustar rootroot# # Shorewall version 5 - Modules File # # /usr/share/shorewall/modules # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### # # Essential Modules # INCLUDE modules.essential # # Other xtables modules # INCLUDE modules.xtables # # Helpers # INCLUDE helpers # # Ipset # INCLUDE modules.ipset # # Traffic Shaping # INCLUDE modules.tc # # Extensions # INCLUDE modules.extensions shorewall-5.1.12.2/modules.essential0000664000000000000000000000147013243347103016023 0ustar rootroot# # Shorewall -- /usr/share/shorewall/modules.essential # # Essential Modules File # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### # # Essential Modules # loadmodule nfnetlink loadmodule x_tables loadmodule ip_tables loadmodule iptable_filter loadmodule iptable_mangle loadmodule ip_conntrack loadmodule nf_conntrack loadmodule nf_conntrack_ipv4 loadmodule iptable_nat loadmodule nf_nat loadmodule nf_nat_ipv4 loadmodule iptable_raw loadmodule xt_state loadmodule xt_tcpudp shorewall-5.1.12.2/lib.installer0000664000000000000000000000361613243350235015133 0ustar rootroot# # # Shorewall 5.1 -- /usr/share/shorewall/lib.installer. # # (c) 2017 - Tom Eastep (teastep@shorewall.net) # (c) 2017 - Matt Darfeuille (matdarf@gmail.com) # # Complete documentation is available at http://shorewall.net # # This program is part of Shorewall. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 2 of the license or, at your # option, any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # The purpose of this library is to hold those functions used by the products installer. # ######################################################################################### fatal_error() { echo " ERROR: $@" >&2 exit 1 } split() { local ifs ifs=$IFS IFS=: set -- $1 echo $* IFS=$ifs } qt() { "$@" >/dev/null 2>&1 } mywhich() { local dir for dir in $(split $PATH); do if [ -x $dir/$1 ]; then return 0 fi done return 2 } delete_file() # $1 = file to delete { rm -f $1 } require() { eval [ -n "\$$1" ] || fatal_error "Required option $1 not set" } make_directory() # $1 = directory , $2 = mode { mkdir $1 chmod $2 $1 [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1 } make_parent_directory() # $1 = directory , $2 = mode { mkdir -p $1 chmod $2 $1 [ -n "$OWNERSHIP" ] && chown $OWNER:$GROUP $1 } cant_autostart() { echo echo "WARNING: Unable to configure $Product to start automatically at boot" >&2 } shorewall-5.1.12.2/shorewallrc.debian.systemd0000664000000000000000000000310013243350235017612 0ustar rootroot# # Debian Shorewall 5.0 rc file # BUILD= #Default is to detect the build system HOST=debian PREFIX=/usr #Top-level directory for shared files, libraries, etc. SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory CONFDIR=/etc #Directory where subsystem configurations are installed SBINDIR=/sbin #Directory where system administration programs are installed MANDIR=${PREFIX}/share/man #Directory where manpages are installed. INITDIR= #Directory where SysV init scripts are installed. INITFILE= #Name of the product's installed SysV init script INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script ANNOTATED= #If non-zero, annotated configuration files are installed SYSCONFFILE=default.debian.systemd #Name of the distributed file to be installed in $SYSCONFDIR SERVICEFILE=$PRODUCT.service.debian #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only) SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR VARLIB=/var/lib #Directory where product variable data is stored. VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored. DEFAULT_PAGER=/usr/bin/less #Pager to use if none specified in shorewall[6].conf shorewall-5.1.12.2/INSTALL0000664000000000000000000000171113243347103013471 0ustar rootrootShoreline Firewall (Shorewall) Version 5 ----- ---- ----------------------------------------------------------------------------- This program is free software; you can redistribute it and/or modify it under the terms of Version 2 of the GNU General Public License as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. --------------------------------------------------------------------------- Please see http://www.shorewall.net/Install.htm for installation instructions. shorewall-5.1.12.2/default.debian.systemd0000664000000000000000000000033113243347103016714 0ustar rootroot# # Global start/restart/reload/stop options # OPTIONS="" # # Start options # STARTOPTIONS="" # # Restart options # RESTARTOPTIONS="" # # Reload options # RELOADOPTIONS="" # # Stop options # STOPOPTIONS="" # EOF shorewall-5.1.12.2/modules.ipset0000664000000000000000000000136613243347103015164 0ustar rootroot# # Shorewall -- /usr/share/shorewall/modules.ipset # # IP Set Modules File # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### loadmodule xt_set loadmodule ip_set loadmodule ip_set_iphash loadmodule ip_set_ipmap loadmodule ip_set_ipporthash loadmodule ip_set_iptree loadmodule ip_set_iptreemap loadmodule ip_set_macipmap loadmodule ip_set_nethash loadmodule ip_set_portmap loadmodule ipt_SET loadmodule ipt_set shorewall-5.1.12.2/changelog.txt0000664000000000000000000003111113243350235015125 0ustar rootrootChanges in 5.1.12.2 1) Update release documents. 2) Alter documentation to prefer ';;' over ';' in INLINE and IP[6]TABLES rules. 3) Make 'update' convert ';' to ';;' in INLINE, IPTABLES and IP6TABLES rules. 4) Correct typo that resulted in an "unknown function" Perl diagnostic. 4) Correct "Invalid policy" message. 5) Fix omitted SYN limiting. Changes in 5.1.12.1 1) Update release documents. 2) Replace macro.SSDPServer with corrected macro.SSDPserver. Changes in 5.1.12 Final 1) Update release documents. 2) Add INLINE_MATCHES=Yes to the deprecated list. Changes in 5.1.12 RC 1 1) Update release documents. 2) Minor performance enhancements to Optimize Category 8. 3) Always report IPSET_MATCH. Changes in 5.1.12 Beta 2 1) Update release documents. 2) Delete undocumented OPTIMIZE_USE_FIRST option. 3) Merge 5.1.11. 4) Suppress trailing whitespace. 5) Avoid awkward blank lines. Changes in 5.1.12 Beta 1 1) Update release documents. 2) Code and manpage cleanup. 3) Allow SNAT in the INPUT chain. Changes in 5.1.11 Final 1) Update release documents. Changes in 5.1.11 RC 1 1) Update release documents. 2) Update versions and copyrights. 3) Clear the connection mark on forwarded IPSEC tunneled connections. 4) Make TRACK_PROVIDERS=Yes the default. Changes in 5.1.11 Beta 2 1) Update release documents. 2) Be selective about verification of the conntrack utility when DYNAMIC_BLACKLIST=ipset,disconnect... 3) Don't require shorewall to be started for 'allow' with ipset-based DBL. 4) Make address variables play nice with the 'clear' command. 5) Don't unconditionally enable forwarding during 'clear'. Changes in 5.1.11 Beta 1 1) Update release documents. 2) Allow non-root to run some 'show' commands. 3) Use synchain name in log messages rather than base chain name. 3) Assume :syn for TCP CT entries in the conntrack file and HELPER. 4) Limit depth of 'find' search when AUTOMAKE=Yes. Changes in 5.1.10.2 1) Update release documents. 2) Limit 'find' to depth 1. 3) Don't run find in an empty entry in $CONFIG_PATH Changes in 5.1.10.1 1) Update release documents. 2) Fix Shorewall-core installer for sandbox case. 3) Make /etc and /configfiles the same. Changes in 5.1.10 Final 1) Update release documents. Changes in 5.1.10 RC 2 1) Update release documents. 2) Add warning re wildcard and OPTIONS. 3) Correct IPv6 Universal interfaces file. Changes in 5.1.10 RC 1 1) Update release documents. 2) Correct ingress policing. 3) Fix Shorewall-init recompilation problem. Changes in 5.1.10 Beta 2 1) Update release documents. 2) Allow a protocol to be associated with a regular action. 3) Remove the PSH flag from the FIN action. Changes in 5.1.10 Beta 1 1) Update release documents. 2) Allow CONFIG_PATH setting to begin with ':' to allow dropping the first directory by non-root. 3) Correct several typos in the manpages (Roberto Sánchez). 4) Correct typo in 'dump' processing. 5) Reset all table counters during 'reset'. Changes in 5.1.9 Final 1) Update release documents. 2) Use logical interface names in the Sample configs. Changes in 5.1.9 RC 1 1) Update release documents. 2) Apply W Van den Akker's OpenWRT/Lede patches. 3) Don't verify IP and SHOREWALL_SHELL paths when compiling for export. 4) Support for Redfish remote console in macro.IPMI Changes in 5.1.9 Beta 2 1) Update release documents. 2) Merge content from 5.1.8. Changes in 5.1.9 Beta 1 1) Update release documents. 2) Add TCPMSS action in the mangle file. 3) Inline the Broadcast action when ADDRTYPE match is available. 4) Support logging in the snat file. 5) Add shorewall-logging(5). Changes in 5.1.8 Final 1) Update release documents. Changes in 5.1.8 RC 1 1) Update release documents. 2) Correct 'delete_default_routes()'. 3) Delete default routes from 'main' when a fallback provider is successfully enabled. 4) Don't restore default route when a fallback provider is enabled. 5) Issue a warning when 'persistent' is used with RESTORE_DEFAULT_ROUTE=Yes. 6) Don't dump SPD entries for the other address family. Changes in 5.1.8 Beta 2 1) Update release documents. 2) Fix 'persistent' provider issues. Changes in 5.1.8 Beta 1 1) Update release documents. 2) Treat LOG_TARGET the same as all other capabilities. 3) Allow merging of rules with IPSEC policies Changes in 5.1.7.1 1) Update release documents. 2) Correct 'reenable' logic for persistent providers. 3) Align progress messages produced by 'reenable'. Changes in 5.1.7 Final 1) Update release documents. Changes in 5.1.7 RC 2 1) Update release documents. 2) Correct module loading. 3) Add DOCKER-INGRESS support. Changes in 5.1.7 RC 1 1) Update release documents. 2) Correct handling of ipsets in the DEST column of the snat file. 3) Allow NAT rules to be passed to perl_action_helper() 4) Split NAT and ACCEPT rules in the Event actions. 5) Correct VLSM verification logic in the 'ipcalc' command. 6) Fix ADD_IP_ALIASES default. 7) Remove empty/useless .tmp files created during shorewall-init stop. Changes in 5.1.7 Beta 2 1) Update release documents. 2) Improve dynamic gateway detection. Changes in 5.1.7 Beta 1 1) Update release documents. 2) Simplify Module Loading (Tuomo Soini) 3) Eliminate MODULE_SUFFIX. Changes in 5.1.6 Final 1) Update release documents. 2) Allow port variables as server port in DNAT rules. 3) Change MODULE_SUFFIX standard default to "ko ko.xz" 4) Added UDP rule to macro.RDP. Changes in 5.1.6 RC 2 1) Update release documents. 2) Use MUTEX_TIMEOUT for ip[6]tables-restore --wait interval Changes in 5.1.6 RC 1 1) Update release documents. 2) Make Shorewall's handling of '+' consistent with Netfilter's. 3) Verify that parent and child zones have an interface in common. 4) Allow runtime address variables as the DNAT server address. 5) Prevent IPv4 and IPv6 firewalls from starting simultaneously under systemd. 6) Use the ip[6]-tables --wait option, if available. Changes in 5.1.6 Beta 2 1) Update release documents. 2) Pass arguments to the enable and disable user exit functions 3) Export CONFDIR and SHAREDIR to the generated script. 4) Correct handling of combining a policy chain with a normal chain. Changes in 5.1.6 Beta 1 1) Update release documents. 2) Apply Bernhard M. Wiedemann's patch for reproducible builds. 3) Patch configure.pl to support reproducible builds. 4) Merge content from 5.1.5.1. Changes in 5.1.5.2 1) Update release documents. 2) Correct source port handling when BASIC_FILTERS=Yes. 3) Correct handling of USER/GROUP in the OUTPUT section of the accounting file. 4) Correct handling of MAC addresses in the accounting file. Changes in 5.1.5.1 1) Update release documents. 2) Process the snat file if the masq file is empty. 3) Apply Bernhard Wiedemann's configure change. 4) Make a similar change to configure.pl. Changes in 5.1.5 Final 1) Update release documents. 2) Include IPv6 annotated config files. 3) Add RESTORE_DEFAULT_ROUTE to shorewall6.conf. Changes in 5.1.5 RC 1 1) Update release documents. 2) USE_NFLOG_SIZE option. 3) Improve editing of port numbers/service names. 4) Add dropBcasts action. Changes in 5.1.5 Beta 2 1) Update release documents. 2) Consolidate Shorewall/Shorewall6 manpages. Changes in 5.1.5 Beta 1 1) Update release documents. 2) Add defect repair through 5.1.4.2. 3) Implement runtime port variables. Changes in 5.1.4.4 1) Update release documents. 2) Correct handling of two or more fallback providers Changes in 5.1.4.3 1) Update release documents. 2) Don't generate multihop routes unnecessarily Changes in 5.1.4.2 1) Update release documents. 2) Correct many broken links in the manpages. 3) Correct NFQUEUE without the 'c' option. Changes in 5.1.4.1 1) Update release documents. 2) Update shorewall-rules(5). 3) Expand LOGFORMAT documentation. 4) Restore the BLACKLIST action in Shorewall6. Changes in 5.1.4 Final 1) Update release documents. Changes in 5.1.4 RC 1 1) Update release documents. 2) Add PERL_HASH_SEED option. Changes in 5.1.4 Beta 2 1) Update release documents. 2) Correct validation of string interface options. 3) Correct handling of IPv6 tunnel-src and tunnel-dst. 4) Documentation cleanup. Changes in 5.1.4 Beta 1 1) Update release documents. 2) Unify Actions 3) Report invocation site when generating ?info and ?warning messages 4) Add IPv6 UPnP support. 5) ?reset of action variable now sets $parmsmodified. 6) Clean up column/value pair editing. Changes in 5.1.3.1 1) Update release documents. 2) Correct typo in BLACKLIST_DEFAULT settings 3) Fix 'add+' handling. 4) Correct two-interface snat file. Changes in 5.1.3 Final 1) Update release documents. 2) Quote 'none' AND SMURF_LOG_LEVEL in _DEFAULT settings. 3) Correct IPv6 Multicast action. 4) Tabify new actions. 5) Add Multicast to the deprecated A_Drop and A_Reject actions. 6) Correct log message from IPv6 Multicast action. Changes in 5.1.3 RC 2 1) Update release documents. 2) Enclose _LEVEL and _DEFAULT settings in quotes during update. 3) Expand variables during .conf processing except when updating. Changes in 5.1.3 RC 1 1) Update release documents. 2) Re-add Multicast to IPv6 samples. 3) Add dropInvalid to IPv6 samples. Changes in 5.1.3 Beta 2 1) Update release documents. 2) Clear firewall on Debian systemd 'stop'. 3) Correct tcp-reset handling. 4) Implement PROTO=tcp:!syn. 5) Quote "$LOG_LEVEL" in shorewall[6].conf samples. 6) Modify rejNotSyn and dropNotSyn to use the two preceding changes. 7) Merge 5.1.2.2/3 fixes. 8) Quote $LOG_LEVEL in shorewall[6].conf samples. 9) 'reload' documentation corrections. 10) Set TC_ENABLED=Shared in IPv6 samples. 11) Remove Multicast from IPv6 policy actions. Changes in 5.1.3 Beta 1 1) Update release documents. 2) Installer/uninstaller changes from Matt Darfeuille. 3) Replace determinism sorts with PERL_HASH_SEED. 4) Correct recent compiler directives WRT omitting 5) Eliminate builtin actions. Changes in 5.1.2.1 1) Update release documents. 2) Document fix for 'show action allowinUPdP'. 3) Document fix for logging in BLACKLIST. Changes in 5.1.2 1) Update release documents. Changes in 5.1.2 RC 1 1) Update release documents. 2) Fix LOG_LEVEL 3) Fix allowMcast 4) Make 'show action' work (sort of) with builtin actions. Changes in 5.1.2 Beta 2 1) Update release documents. 2) Change policy actions. 3) Fix IPv6 dropBcasts. 4) Add LOG_LEVEL option. 5) Separate broadcast and multicast handling Changes in 5.1.2 Beta 1 1) Update release documents. 2) Implement default action lists. 3) Manpage updates. Changes in 5.1.0 Final. 1) Update release documents. Changes in 5.1.1 RC 1 1) Update release documents. 2) Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT. 3) Add BLACKLIST policy 4) Add BLACKLIST action 5) Implement ?REQUIRE 6) Implement 'show action ' 7) Implement 'section' action option 8) Embed BLACKLIST macro logic into the BLACKLIST action. Changes in 5.1.1 Beta 2 1) Update release documents. 2) Replace USE_DEFAULT_RT=Exact with BALANCE_PROVIDERS=No. 3) Handle optional interfaces correctly in process_a_provider(). Changes in 5.1.1 Beta 1 1) Update release documents. 2) Catch routefilter/provider conflicts. 3) Set 'logmartians' along with 'routefilter'. 4) Implement USE_DEFAULT_RT=Exact. Changes in 5.1.0.1 1) Update release documents. 2) Correct Shorewall6-lite .service file 3) Propagate PAGER setting to -lite systems. Changes in 5.1.0 Final 1) Update release documents. 2) Ignore SUBSYSLOCK when $SERVICEDIR is non-empty 3) Correct splitting of IP(6)TABLES options. 4) Allow compact IPv6 addresses in IP6TABLES() parameters. Changes in 5.1.0 RC 2 1) Update release documents. 2) Eliminate use of 'echo' escape sequences 3) Update kernel module files Changes in 5.1.0 RC 1 1) Update release documents. 2) Move the action files into their own directory. 3) Add the 'show ipsec' command. 4) Remove rawpost support. 5) Add Stateful IPv6 netmapping Changes in 5.1.0 Beta 2 1) Update release documents. 2) Fatal error on empty action file and presense of a file with the same name as the action. 3) Use 'ip xfrm' to dump SPD and SAD 4) Create CLI symlinks 5) Correct intra-zone processing in policies. Changes in 5.1.0 Beta 1 1) Update release documents. 2) Unify the CLI 3) Extend SOURCE/DEST syntax in the rules files 4) Remove CHAIN_SCRIPT support. 5) Avoid needless duplicate action chains. 6) Implement support for NFQUEUE CPU Fanout. shorewall-5.1.12.2/logrotate0000664000000000000000000000012113243347103014355 0ustar rootroot/var/log/shorewall-init.log { missingok notifempty create 0600 root root } shorewall-5.1.12.2/shorewallrc.apple0000664000000000000000000000237713243350235016021 0ustar rootroot# # Apple OS X Shorewall 5.0 rc file # BUILD=apple HOST=apple PREFIX=/usr #Top-level directory for shared files, libraries, etc. SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory CONFDIR=/etc #Directory where subsystem configurations are installed SBINDIR=/sbin #Directory where system administration programs are installed MANDIR=${SHAREDIR}/man #Directory where manpages are installed. INITDIR= #Unused on OS X INITFILE= #Unused on OS X INITSOURCE= #Unused on OS X ANNOTATED= #Unused on OS X SERVICEDIR= #Unused on OS X SERVICEFILE= #Unused on OS X SYSCONFDIR= #Unused on OS X SPARSE=Yes #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR. VARLIB=/var/lib #Unused on OS X DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf shorewall-5.1.12.2/shorewall.service.debian0000664000000000000000000000117413243347103017246 0ustar rootroot# # The Shoreline Firewall (Shorewall) Packet Filtering Firewall # # Copyright 2011 Jonathan Underwood # Copyright 2015 Tom Eastep # [Unit] Description=Shorewall IPv4 firewall Wants=network-online.target After=network-online.target Conflicts=iptables.service firewalld.service [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=-/etc/default/shorewall StandardOutput=syslog ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS ExecStop=/sbin/shorewall $OPTIONS clear ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS [Install] WantedBy=basic.target shorewall-5.1.12.2/init.suse.sh0000775000000000000000000000572113243347103014725 0ustar rootroot#!/bin/sh # # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.2 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # # Complete documentation is available at http://shorewall.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # If an error occurs while starting or restarting the firewall, the # firewall is automatically stopped. # # Commands are: # # shorewall start Starts the firewall # shorewall restart Restarts the firewall # shorewall reload Reload the firewall # shorewall stop Stops the firewall # shorewall status Displays firewall status # ### BEGIN INIT INFO # Provides: shorewall # Required-Start: $network $remote_fs # Required-Stop: $network $remote_fs # Default-Start: 2 3 5 # Default-Stop: 0 6 # Short-Description: Configure the firewall at boot time # Description: Configure the firewall according to the rules specified in # /etc/shorewall ### END INIT INFO ################################################################################ # Give Usage Information # ################################################################################ usage() { echo "Usage: $0 start|stop|reload|restart|status" >&2 exit 1 } ################################################################################ # Get startup options (override default) ################################################################################ OPTIONS="-v0" # # The installer may alter this # . /usr/share/shorewall/shorewallrc if [ -f ${SYSCONFDIR}/shorewall ]; then . ${SYSCONFDIR}/shorewall fi export SHOREWALL_INIT_SCRIPT=1 ################################################################################ # E X E C U T I O N B E G I N S H E R E # ################################################################################ command="$1" shift case "$command" in start) exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS ;; reload) exec $SBINDIR/shorewall $OPTIONS restart $RELOADOPTIONS ;; restart) exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS ;; status|stop) exec $SBINDIR/shorewall $OPTIONS $command ;; *) usage ;; esac shorewall-5.1.12.2/install.sh0000775000000000000000000012437013243350235014454 0ustar rootroot#!/bin/sh # # Script to install Shoreline Firewall # # (c) 2000-2018 - Tom Eastep (teastep@shorewall.net) # # Shorewall documentation is available at http://shorewall.net # # This program is part of Shorewall. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 2 of the license or, at your # option, any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # VERSION=5.1.12.2 usage() # $1 = exit status { ME=$(basename $0) echo "usage: $ME [