[Qa-jenkins-scm] [jenkins.debian.net] 01/06: update shorewall.conf to the stretch version, retaining the local changes
Mattia Rizzolo
mattia at debian.org
Sat Apr 7 11:46:21 UTC 2018
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to branch master
in repository jenkins.debian.net.
commit 55504fb0d5b7811280e515072ec0d6575e860bd8
Author: Mattia Rizzolo <mattia at debian.org>
Date: Sat Apr 7 13:28:38 2018 +0200
update shorewall.conf to the stretch version, retaining the local changes
local changes coming from etckeeper, commit bbc9c4e51aa9e5b34075247d603e5647683f5b07
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
---
TODO4stretch-host-upgrades.txt | 1 -
hosts/jenkins/etc/shorewall/shorewall.conf | 132 +++++++++++++++++++----------
2 files changed, 89 insertions(+), 44 deletions(-)
diff --git a/TODO4stretch-host-upgrades.txt b/TODO4stretch-host-upgrades.txt
index 67fdfac..63a330a 100644
--- a/TODO4stretch-host-upgrades.txt
+++ b/TODO4stretch-host-upgrades.txt
@@ -2,7 +2,6 @@ things to look at on jenkins.d.n. after the upgrade
---------------------------------------------------
kept the jessie versions:
Configuration file '/etc/default/shorewall'
- Configuration file '/etc/shorewall/shorewall.conf'
Configuration file '/etc/shorewall6/shorewall6.conf'
Configuration file '/etc/apache2/conf-available/security.conf'
diff --git a/hosts/jenkins/etc/shorewall/shorewall.conf b/hosts/jenkins/etc/shorewall/shorewall.conf
index f491c51..ce99c6e 100644
--- a/hosts/jenkins/etc/shorewall/shorewall.conf
+++ b/hosts/jenkins/etc/shorewall/shorewall.conf
@@ -1,21 +1,10 @@
###############################################################################
#
-# Shorewall version 4.0 - Sample shorewall.conf for one-interface
-# configuration.
-# Copyright (C) 2006 by the Shorewall Team
+# Shorewall Version 5 -- /etc/shorewall/shorewall.conf
#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#
-# For information about the settings in this file, type "man shorewall.conf"
-#
-# The manpage is also online at
-# http://shorewall.net/manpages/shorewall.conf.html
+# For information about the settings in this file, type "man shorewall.conf"
#
+# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
@@ -23,16 +12,32 @@
STARTUP_ENABLED=Yes
###############################################################################
-# V E R B O S I T Y
+# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
-# L O G G I N G
+# P A G E R
+###############################################################################
+
+PAGER=
+
+###############################################################################
+# F I R E W A L L
###############################################################################
-BLACKLIST_LOGLEVEL=
+FIREWALL=
+
+###############################################################################
+# L O G G I N G
+###############################################################################
+
+BLACKLIST_LOG_LEVEL=
+
+INVALID_LOG_LEVEL=
+
+LOG_BACKEND=
LOG_MARTIANS=Yes
@@ -52,6 +57,8 @@ MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
+RPFILTER_LOG_LEVEL=info
+
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
@@ -60,11 +67,15 @@ STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
+UNTRACKED_LOG_LEVEL=
+
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
-CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
+ARPTABLES=
+
+CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
@@ -78,15 +89,17 @@ LOCKFILE=
MODULESDIR=
-PERL=/usr/bin/perl
+NFACCT=
+
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
-SUBSYSLOCK=
+SUBSYSLOCK=""
TC=
@@ -94,14 +107,14 @@ TC=
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
-ACCEPT_DEFAULT="none"
-DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT=none
+DROP_DEFAULT=Drop
+NFQUEUE_DEFAULT=none
+QUEUE_DEFAULT=none
+REJECT_DEFAULT=Reject
###############################################################################
-# R S H / R C P C O M M A N D S
+# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
@@ -121,11 +134,17 @@ ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
-AUTO_COMMENT=Yes
+AUTOCOMMENT=Yes
+
+AUTOHELPERS=Yes
AUTOMAKE=No
-BLACKLISTNEWONLY=Yes
+BASIC_FILTERS=No
+
+BLACKLIST="NEW,INVALID,UNTRACKED"
+
+CHAIN_SCRIPTS=Yes
CLAMPMSS=No
@@ -133,12 +152,16 @@ CLEAR_TC=Yes
COMPLETE=No
-DISABLE_IPV6=No
+DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
+DISABLE_IPV6=No
+
+DOCKER=No
+
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
@@ -151,8 +174,14 @@ FASTACCEPT=No
FORWARD_CLEAR_MARK=
+HELPERS=
+
+IGNOREUNKNOWNVARIABLES=No
+
IMPLICIT_CONTINUE=No
+INLINE_MATCHES=No
+
IPSET_WARNINGS=Yes
IP_FORWARDING=Off
@@ -161,8 +190,6 @@ KEEP_RT_TABLES=No
LOAD_HELPERS_ONLY=Yes
-LEGACY_FASTSTART=No
-
MACLIST_TABLE=filter
MACLIST_TTL=
@@ -173,6 +200,8 @@ MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
+MINIUPNPD=No
+
MODULE_SUFFIX=ko
MULTICAST=No
@@ -185,14 +214,22 @@ OPTIMIZE=1
OPTIMIZE_ACCOUNTING=No
+REJECT_ACTION=
+
REQUIRE_INTERFACE=No
+RESTART=restart
+
RESTORE_DEFAULT_ROUTE=Yes
+RESTORE_ROUTEMARKS=Yes
+
RETAIN_ALIASES=No
ROUTE_FILTER=No
+SAVE_ARPTABLES=No
+
SAVE_IPSETS=No
TC_ENABLED=Internal
@@ -203,11 +240,23 @@ TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
-USE_DEFAULT_RT=No
+TRACK_RULES=No
+
+USE_DEFAULT_RT=Yes
USE_PHYSICAL_NAMES=No
-ZONE2ZONE=2
+USE_RT_NAMES=No
+
+VERBOSE_MESSAGES=Yes
+
+WARNOLDCAPVERSION=Yes
+
+WORKAROUNDS=No
+
+ZERO_MARKS=No
+
+ZONE2ZONE=-
###############################################################################
# P A C K E T D I S P O S I T I O N
@@ -215,16 +264,22 @@ ZONE2ZONE=2
BLACKLIST_DISPOSITION=DROP
+INVALID_DISPOSITION=CONTINUE
+
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
+RPFILTER_DISPOSITION=DROP
+
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
+UNTRACKED_DISPOSITION=CONTINUE
+
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
@@ -238,12 +293,3 @@ PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
-
-################################################################################
-# L E G A C Y O P T I O N
-# D O N O T D E L E T E O R A L T E R
-################################################################################
-
-IPSECFILE=zones
-
-#LAST LINE -- DO NOT REMOVE
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list