[Qa-jenkins-scm] [jenkins.debian.net] 01/06: update shorewall.conf to the stretch version, retaining the local changes

Mattia Rizzolo mattia at debian.org
Sat Apr 7 11:46:21 UTC 2018 

This is an automated email from the git hooks/post-receive script.

mattia pushed a commit to branch master
in repository jenkins.debian.net.

commit 55504fb0d5b7811280e515072ec0d6575e860bd8
Author: Mattia Rizzolo <mattia at debian.org>
Date:   Sat Apr 7 13:28:38 2018 +0200

    update shorewall.conf to the stretch version, retaining the local changes
    
    local changes coming from etckeeper, commit bbc9c4e51aa9e5b34075247d603e5647683f5b07
    
    Signed-off-by: Mattia Rizzolo <mattia at debian.org>
---
 TODO4stretch-host-upgrades.txt             |   1 -
 hosts/jenkins/etc/shorewall/shorewall.conf | 132 +++++++++++++++++++----------
 2 files changed, 89 insertions(+), 44 deletions(-)

diff --git a/TODO4stretch-host-upgrades.txt b/TODO4stretch-host-upgrades.txt
index 67fdfac..63a330a 100644
--- a/TODO4stretch-host-upgrades.txt
+++ b/TODO4stretch-host-upgrades.txt
@@ -2,7 +2,6 @@ things to look at on jenkins.d.n. after the upgrade
 ---------------------------------------------------
 kept the jessie versions:
 	Configuration file '/etc/default/shorewall'
-	Configuration file '/etc/shorewall/shorewall.conf'
 	Configuration file '/etc/shorewall6/shorewall6.conf'
 	Configuration file '/etc/apache2/conf-available/security.conf'
 
diff --git a/hosts/jenkins/etc/shorewall/shorewall.conf b/hosts/jenkins/etc/shorewall/shorewall.conf
index f491c51..ce99c6e 100644
--- a/hosts/jenkins/etc/shorewall/shorewall.conf
+++ b/hosts/jenkins/etc/shorewall/shorewall.conf
@@ -1,21 +1,10 @@
 ###############################################################################
 #
-# Shorewall version 4.0 - Sample shorewall.conf for one-interface
-#                         configuration.
-# Copyright (C) 2006 by the Shorewall Team
+#  Shorewall Version 5 -- /etc/shorewall/shorewall.conf
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# See the file README.txt for further details.
-#
-# For information about the settings in this file, type "man shorewall.conf"
-#
-# The manpage is also online at
-# http://shorewall.net/manpages/shorewall.conf.html
+#  For information about the settings in this file, type "man shorewall.conf"
 #
+#  Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################
@@ -23,16 +12,32 @@
 STARTUP_ENABLED=Yes
 
 ###############################################################################
-#		              V E R B O S I T Y
+#			     V E R B O S I T Y
 ###############################################################################
 
 VERBOSITY=1
 
 ###############################################################################
-#		                L O G G I N G
+#			        P A G E R
+###############################################################################
+
+PAGER=
+
+###############################################################################
+#			     F I R E W A L L
 ###############################################################################
 
-BLACKLIST_LOGLEVEL=
+FIREWALL=
+
+###############################################################################
+#			       L O G G I N G
+###############################################################################
+
+BLACKLIST_LOG_LEVEL=
+
+INVALID_LOG_LEVEL=
+
+LOG_BACKEND=
 
 LOG_MARTIANS=Yes
 
@@ -52,6 +57,8 @@ MACLIST_LOG_LEVEL=info
 
 RELATED_LOG_LEVEL=
 
+RPFILTER_LOG_LEVEL=info
+
 SFILTER_LOG_LEVEL=info
 
 SMURF_LOG_LEVEL=info
@@ -60,11 +67,15 @@ STARTUP_LOG=/var/log/shorewall-init.log
 
 TCP_FLAGS_LOG_LEVEL=info
 
+UNTRACKED_LOG_LEVEL=
+
 ###############################################################################
 #	L O C A T I O N	  O F	F I L E S   A N D   D I R E C T O R I E S
 ###############################################################################
 
-CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
+ARPTABLES=
+
+CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
 
 GEOIPDIR=/usr/share/xt_geoip/LE
 
@@ -78,15 +89,17 @@ LOCKFILE=
 
 MODULESDIR=
 
-PERL=/usr/bin/perl
+NFACCT=
+
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
 
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+PERL=/usr/bin/perl
 
 RESTOREFILE=restore
 
 SHOREWALL_SHELL=/bin/sh
 
-SUBSYSLOCK=
+SUBSYSLOCK=""
 
 TC=
 
@@ -94,14 +107,14 @@ TC=
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
 
-ACCEPT_DEFAULT="none"
-DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT=none
+DROP_DEFAULT=Drop
+NFQUEUE_DEFAULT=none
+QUEUE_DEFAULT=none
+REJECT_DEFAULT=Reject
 
 ###############################################################################
-#                        R S H / R C P  C O M M A N D S
+#			 R S H / R C P	C O M M A N D S
 ###############################################################################
 
 RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
@@ -121,11 +134,17 @@ ADD_SNAT_ALIASES=No
 
 ADMINISABSENTMINDED=Yes
 
-AUTO_COMMENT=Yes
+AUTOCOMMENT=Yes
+
+AUTOHELPERS=Yes
 
 AUTOMAKE=No
 
-BLACKLISTNEWONLY=Yes
+BASIC_FILTERS=No
+
+BLACKLIST="NEW,INVALID,UNTRACKED"
+
+CHAIN_SCRIPTS=Yes
 
 CLAMPMSS=No
 
@@ -133,12 +152,16 @@ CLEAR_TC=Yes
 
 COMPLETE=No
 
-DISABLE_IPV6=No
+DEFER_DNS_RESOLUTION=Yes
 
 DELETE_THEN_ADD=Yes
 
 DETECT_DNAT_IPADDRS=No
 
+DISABLE_IPV6=No
+
+DOCKER=No
+
 DONT_LOAD=
 
 DYNAMIC_BLACKLIST=Yes
@@ -151,8 +174,14 @@ FASTACCEPT=No
 
 FORWARD_CLEAR_MARK=
 
+HELPERS=
+
+IGNOREUNKNOWNVARIABLES=No
+
 IMPLICIT_CONTINUE=No
 
+INLINE_MATCHES=No
+
 IPSET_WARNINGS=Yes
 
 IP_FORWARDING=Off
@@ -161,8 +190,6 @@ KEEP_RT_TABLES=No
 
 LOAD_HELPERS_ONLY=Yes
 
-LEGACY_FASTSTART=No
-
 MACLIST_TABLE=filter
 
 MACLIST_TTL=
@@ -173,6 +200,8 @@ MAPOLDACTIONS=No
 
 MARK_IN_FORWARD_CHAIN=No
 
+MINIUPNPD=No
+
 MODULE_SUFFIX=ko
 
 MULTICAST=No
@@ -185,14 +214,22 @@ OPTIMIZE=1
 
 OPTIMIZE_ACCOUNTING=No
 
+REJECT_ACTION=
+
 REQUIRE_INTERFACE=No
 
+RESTART=restart
+
 RESTORE_DEFAULT_ROUTE=Yes
 
+RESTORE_ROUTEMARKS=Yes
+
 RETAIN_ALIASES=No
 
 ROUTE_FILTER=No
 
+SAVE_ARPTABLES=No
+
 SAVE_IPSETS=No
 
 TC_ENABLED=Internal
@@ -203,11 +240,23 @@ TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
 
 TRACK_PROVIDERS=Yes
 
-USE_DEFAULT_RT=No
+TRACK_RULES=No
+
+USE_DEFAULT_RT=Yes
 
 USE_PHYSICAL_NAMES=No
 
-ZONE2ZONE=2
+USE_RT_NAMES=No
+
+VERBOSE_MESSAGES=Yes
+
+WARNOLDCAPVERSION=Yes
+
+WORKAROUNDS=No
+
+ZERO_MARKS=No
+
+ZONE2ZONE=-
 
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
@@ -215,16 +264,22 @@ ZONE2ZONE=2
 
 BLACKLIST_DISPOSITION=DROP
 
+INVALID_DISPOSITION=CONTINUE
+
 MACLIST_DISPOSITION=REJECT
 
 RELATED_DISPOSITION=ACCEPT
 
+RPFILTER_DISPOSITION=DROP
+
 SMURF_DISPOSITION=DROP
 
 SFILTER_DISPOSITION=DROP
 
 TCP_FLAGS_DISPOSITION=DROP
 
+UNTRACKED_DISPOSITION=CONTINUE
+
 ################################################################################
 #			P A C K E T  M A R K  L A Y O U T
 ################################################################################
@@ -238,12 +293,3 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
-
-################################################################################
-#                            L E G A C Y  O P T I O N
-#                      D O  N O T  D E L E T E  O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
-
-#LAST LINE -- DO NOT REMOVE

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

More information about the Qa-jenkins-scm mailing list