summaryrefslogtreecommitdiff
path: root/recipes/shorewall/files/shorewall-conf-nylon.diff
blob: 43b2abd7457baaf709884900b823db84c3906946 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
diff -Nurb shorewall/action.AllowMM shorewall.confed/action.AllowMM
--- shorewall/action.AllowMM	1970-01-01 01:00:00.000000000 +0100
+++ shorewall.confed/action.AllowMM	2004-10-14 16:50:21.200725304 +0200
@@ -0,0 +1,15 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowMM
+#
+#	This action accepts MobileMesh routing protocol traffic.
+#
+#	Note: This action allows traffic for the MobileMesh routing protocol
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		udp	20470
+ACCEPT	 -		-		udp	20471
+ACCEPT	 -		-		tcp	20473
+ACCEPT	 -		224.1.2.3
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/action.AllowNetperf shorewall.confed/action.AllowNetperf
--- shorewall/action.AllowNetperf	1970-01-01 01:00:00.000000000 +0100
+++ shorewall.confed/action.AllowNetperf	2004-10-14 15:46:36.000000000 +0200
@@ -0,0 +1,17 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowSMTP
+#
+#	This action accepts SMTP (email) traffic.
+#
+#	Note: This action allows traffic between an MUA (Email client)
+#	and an MTA (mail server) or between MTAs. It does not enable
+#	reading of email via POP3 or IMAP. For those you need to use
+#	the AllowPOP3 or AllowIMAP actions.
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		tcp	12865
+ACCEPT	 -		-		tcp	1024:
+ACCEPT	 -		-		udp	1024:
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/action.AllowOLSR shorewall.confed/action.AllowOLSR
--- shorewall/action.AllowOLSR	1970-01-01 01:00:00.000000000 +0100
+++ shorewall.confed/action.AllowOLSR	2004-10-14 15:45:29.000000000 +0200
@@ -0,0 +1,12 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowOLSR
+#
+#	This action accepts OLSR routing protocol traffic.
+#
+#	Note: This action allows traffic from the OLSR routing protocol.
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		udp	698
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/action.AllowTinc shorewall.confed/action.AllowTinc
--- shorewall/action.AllowTinc	1970-01-01 01:00:00.000000000 +0100
+++ shorewall.confed/action.AllowTinc	2004-10-14 15:48:13.000000000 +0200
@@ -0,0 +1,13 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowOLSR
+#
+#	This action accepts OLSR routing protocol traffic.
+#
+#	Note: This action allows traffic from the OLSR routing protocol.
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		tcp	655	655
+ACCEPT	 -		-		udp	655	655
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/action.AllowIPSEC shorewall.confed/action.AllowIPSEC
--- shorewall/action.AllowIPSEC	1970-01-01 01:00:00.000000000 +0100
+++ shorewall.confed/action.AllowIPSEC	2004-10-14 15:48:13.000000000 +0200
@@ -0,0 +1,15 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowIPSEC
+#
+#	This action accepts IPSEC traffic.
+#
+#	Note: This action allows IPSEC encrypted traffic (ESP and AH) 
+#            and IPSEC key negotioation (IKE).
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		50
+ACCEPT	 -		-		51
+ACCEPT	 -		-		udp	500	500
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/actions shorewall.confed/actions
--- shorewall/actions	2004-10-14 17:04:41.547932648 +0200
+++ shorewall.confed/actions	2004-10-14 15:52:38.000000000 +0200
@@ -25,5 +25,9 @@
 #	itself, the associated policy will have no common action. 
 #
 #ACTION
-
+AllowMM
+AllowNetperf
+AllowOLSR
+AllowTinc
+AllowIPSEC
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff -Nurb shorewall/interfaces shorewall.confed/interfaces
--- shorewall/interfaces	2004-10-14 17:04:41.546932800 +0200
+++ shorewall.confed/interfaces	2004-10-14 16:04:41.000000000 +0200
@@ -190,5 +190,10 @@
 #			net	ppp0	-
 ##############################################################################
 #ZONE	 INTERFACE	BROADCAST	OPTIONS
+net	ppp0		detect		norfc1918
+net	eth0		detect		dhcp
+loc	wlan0		detect		dhcp
+loc	ipsec0		detect
+mesh	wlan1		detect		routeback
 #
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/masq shorewall.confed/masq
--- shorewall/masq	2004-10-14 17:04:41.547932648 +0200
+++ shorewall.confed/masq	2004-10-14 15:27:24.000000000 +0200
@@ -137,4 +137,6 @@
 #
 ###############################################################################
 #INTERFACE	        SUBNET		ADDRESS		PROTO	PORT(S)
+eth0			0.0.0.0/0
+ppp0			0.0.0.0/0
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
diff -Nurb shorewall/policy shorewall.confed/policy
--- shorewall/policy	2004-10-14 17:04:41.546932800 +0200
+++ shorewall.confed/policy	2004-10-14 16:06:33.000000000 +0200
@@ -77,6 +77,9 @@
 #SOURCE		DEST		POLICY		LOG		LIMIT:BURST
 #						LEVEL
 loc		net		ACCEPT
+mesh		net		ACCEPT
+loc		mesh		ACCEPT
+fw		all		ACCEPT
 net		all		DROP		info
 #
 # THE FOLLOWING POLICY MUST BE LAST
diff -Nurb shorewall/rules shorewall.confed/rules
--- shorewall/rules	2004-10-14 17:04:41.547932648 +0200
+++ shorewall.confed/rules	2004-10-14 16:56:41.874854040 +0200
@@ -310,4 +310,18 @@
 ####################################################################################################
 #ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL	RATE		USER/
 #                       	        	PORT    PORT(S)    DEST		LIMIT		GROUP
+AllowPing all		all
+AllowTrcrt all		all
+AllowDNS loc		fw
+AllowDNS mesh		fw
+AllowSSH all		fw
+AllowWeb loc		fw
+AllowSNMP loc		fw
+AllowOLSR mesh		fw
+AllowOLSR fw		mesh
+AllowMM	 mesh		fw
+AllowMM	 fw		mesh
+AllowNetperf loc	fw
+AllowNetperf mesh	fw
+AllowIPSEC all		fw
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff -Nurb shorewall/zones shorewall.confed/zones
--- shorewall/zones	2004-10-14 17:04:41.546932800 +0200
+++ shorewall.confed/zones	2004-10-14 15:04:59.000000000 +0200
@@ -15,5 +15,5 @@
 #ZONE	DISPLAY		COMMENTS
 net	Net		Internet
 loc	Local		Local networks
-dmz	DMZ		Demilitarized zone
+mesh	Mesh		The Mesh Netwok
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE