firewall-init: firewall - reality check, updating to current kernel subsystems
baggins
baggins at pld-linux.org
Tue Dec 29 21:52:29 CET 2009
Author: baggins Date: Tue Dec 29 20:52:29 2009 GMT
Module: firewall-init Tag: HEAD
---- Log message:
- reality check, updating to current kernel subsystems
---- Files affected:
firewall-init:
firewall (1.7 -> 1.8)
---- Diffs:
================================================================
Index: firewall-init/firewall
diff -u firewall-init/firewall:1.7 firewall-init/firewall:1.8
--- firewall-init/firewall:1.7 Mon Sep 19 17:25:28 2005
+++ firewall-init/firewall Tue Dec 29 21:52:23 2009
@@ -18,21 +18,24 @@
# Connetion tracking (defaults to yes as it's VERY usefull also on non-nat boxes)
CONNTRACK="yes"
-# Which IPv4 conntrack modules to load, can be "all" (old default), "none" or a list
+# Which conntrack modules to load, can be "all" (old default), "none" or a list
#CONNTRACK_MODULES="all"
#CONNTRACK_MODULES="ftp irc"
+# Which conntrack modules not to load (mms cannot be unloaded)
+#CONNTRACK_MODULES_BLACKLIST="mms"
# Which IPv4 nat modules to load, can be "all" (old default), "none" or a list
#NAT_MODULES="all"
#NAT_MODULES="ftp irc"
+# Which conntrack modules not to load
+#NAT_MODULES_BLACKLIST="mms"
# The ftp/irc options has been removed
-# set them via /etc/modprobe.conf
+# set them via /etc/modprobe.d/modprobe.conf
-# Size (number of entries) of hash tables for connection tracking and NAT
+# Size (number of entries) of hash table for connection tracking
# default is 1/16384 of memory
CONNTRACK_HASHSIZE=
-NAT_HASHSIZE=
# Policies for chains:
# IPv4:
@@ -44,17 +47,25 @@
ipv4_nat_PREROUTING="ACCEPT"
ipv4_nat_POSTROUTING="ACCEPT"
+ipv4_mangle_INPUT="ACCEPT"
ipv4_mangle_OUTPUT="ACCEPT"
+ipv4_mangle_FORWARD="ACCEPT"
ipv4_mangle_PREROUTING="ACCEPT"
ipv4_mangle_POSTROUTING="ACCEPT"
-ipv4_drop_DROPPING="DROP"
+ipv4_raw_OUTPUT="ACCEPT"
+ipv4_raw_PREROUTING="ACCEPT"
# IPv6:
ipv6_filter_INPUT="ACCEPT"
ipv6_filter_OUTPUT="ACCEPT"
ipv6_filter_FORWARD="DROP"
+ipv6_mangle_INPUT="ACCEPT"
ipv6_mangle_OUTPUT="ACCEPT"
+ipv6_mangle_FORWARD="ACCEPT"
ipv6_mangle_PREROUTING="ACCEPT"
ipv6_mangle_POSTROUTING="ACCEPT"
+
+ipv6_raw_OUTPUT="ACCEPT"
+ipv6_raw_PREROUTING="ACCEPT"
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/firewall-init/firewall?r1=1.7&r2=1.8&f=u
More information about the pld-cvs-commit
mailing list