default von http://www.shorewall.net/3.0/XenMyWay.html

author am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>

Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)

committer am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>

Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)
author am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>
Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)
committer am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>
Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)
diff --git a/files/shorewall.conf.Gentoo. b/files/shorewall.conf.Gentoo.

index e5c722d14dba6ff99b32a5103147d0825c3a8dc1..88bfbcfee5c7b3c519fd3c652f83729d8178ba7e 100644 (file)
--- a/files/shorewall.conf.Gentoo.
+++ b/files/shorewall.conf.Gentoo.
@@ -105,9 +105,9 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
  #                      F I R E W A L L   O P T I O N S
  ###############################################################################
  
-IP_FORWARDING=Keep
+IP_FORWARDING=On
  
-ADD_IP_ALIASES=Yes
+ADD_IP_ALIASES=No
  
  ADD_SNAT_ALIASES=No
  
@@ -119,13 +119,13 @@ TC_EXPERT=No
  
  CLEAR_TC=Yes
  
-MARK_IN_FORWARD_CHAIN=No
+MARK_IN_FORWARD_CHAIN=Yes
  
-CLAMPMSS=No
+CLAMPMSS=Yes
  
-ROUTE_FILTER=Yes
+ROUTE_FILTER=No
  
-DETECT_DNAT_IPADDRS=No
+DETECT_DNAT_IPADDRS=Yes
  
  MUTEX_TIMEOUT=60
  
@@ -143,19 +143,19 @@ BRIDGING=No
  
  DYNAMIC_ZONES=No
  
-PKTTYPE=Yes
+PKTTYPE=No
  
-RFC1918_STRICT=No
+RFC1918_STRICT=Yes
  
-MACLIST_TABLE=filter
+MACLIST_TABLE=mangle
  
-MACLIST_TTL=
+MACLIST_TTL=60
  
  SAVE_IPSETS=No
  
  MAPOLDACTIONS=No
  
-FASTACCEPT=No
+FASTACCEPT=Yes
  
  IMPLICIT_CONTINUE=Yes
  
@@ -173,7 +173,7 @@ EXPORTPARAMS=Yes
  
  BLACKLIST_DISPOSITION=DROP
  
-MACLIST_DISPOSITION=REJECT
+MACLIST_DISPOSITION=DROP
  
  TCP_FLAGS_DISPOSITION=DROP
author	am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>
	Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)
committer	am <am@d66ca3ae-40d7-4aa7-90d4-87d79ca94279>
	Fri, 16 Nov 2007 18:15:15 +0000 (18:15 +0000)