RE: [webmin-l] Shorewall module

[Jamie C. <jca...@we...>]

Thanks for the info .. I will update Webmin in the next release to
support this new format. Let me know if you notice if the format of any
of the other config files has changed..

  - Jamie

On Tue, 2005-12-06 at 11:18, Steve Pritchard wrote:
> HI Jamie,
> 
> The change I've noticed so far is in the 'Zones Setup'.
> 
> Shorewall 2: ZoneID	Display Name	Description
> 		   WAN	 WAN			Link ti I'net
> 
> Shorewall 3: Zone		Type		Options	In Options
> Out Options
> 		 WAN		ipv4
> 
> 
> Basically, the ZoneID is now also the Display Name, plus there's a list of
> other options. I've included the default 'zones' file from 3.0.2
> 
> Interfaces and hosts seems the same, haven't dug much deeper as I can't
> select a zone for rules or policies!
> 
> 
> Cheers,
> 
> Steve P.
> 
> 
> ############################################################################
> #############3
> # Shorewall version 3.0 - Zones File
> #
> # /etc/shorewall/zones
> #
> #	This file determines your network zones.
> #
> # Columns are:
> #
> #	ZONE	Short name of the zone (5 Characters or less in length).
> #		The names "all" and "none" are reserved and may not be
> #		used as zone names.
> #
> #		Where a zone is nested in one or more other zones,
> #		you may follow the (sub)zone name by ":" and a
> #		comma-separated list of the parent zones. The parent
> #		zones must have been defined in earlier records in this
> #		file.
> #
> #		Example:
> #
> #			#ZONE     TYPE     OPTIONS
> #			a	  ipv4
> #			b	  ipv4
> #			c:a,b     ipv4
> #
> #		Currently, Shorewall uses this information only to reorder
> the
> #		zone list so that parent zones appear after their subzones
> in
> #		the list. In the future, Shorewall may make more extensive
> use
> #		of that information.
> #
> #	TYPE	ipv4 -	This is the standard Shorewall zone type and is the
> #			default if you leave this column empty or if you
> enter
> #			"-" in the column. Communication with some zone
> hosts
> #			may be encrypted. Encrypted hosts are designated
> using
> #			the 'ipsec'option in /etc/shorewall/hosts.
> #		ipsec -	Communication with all zone hosts is encrypted
> #			Your kernel and iptables must include policy
> #			match support.
> #		firewall
> #		      - Designates the firewall itself. You must have
> #			exactly one 'firewall' zone. No options are
> #			permitted with a 'firewall' zone. The name that you
> #			enter in the ZONE column will be stored in the shell
> #			variable $FW which you may use in other
> configuration
> #			files to designate the firewall zone.
> #
> #	OPTIONS,	A comma-separated list of options as follows:
> #	IN OPTIONS,
> #	OUT OPTIONS	reqid=<number> where <number> is specified
> #			using setkey(8) using the 'unique:<number>
> #			option for the SPD level.
> #
> #			spi=<number> where <number> is the SPI of
> #			the SA used to encrypt/decrypt packets.
> #
> #			proto=ah|esp|ipcomp
> #
> #			mss=<number> (sets the MSS field in TCP packets)
> #
> #			mode=transport|tunnel
> #
> #			tunnel-src=<address>[/<mask>] (only
> #			available with mode=tunnel)
> #
> #			tunnel-dst=<address>[/<mask>] (only
> #			available with mode=tunnel)
> #
> #			strict	Means that packets must match all rules.
> #
> #			next	Separates rules; can only be used with
> #				strict..
> #
> #		Example:
> #			mode=transport,reqid=44
> #
> #	The options in the OPTIONS column are applied to both incoming
> #	and outgoing traffic. The IN OPTIONS are applied to incoming
> #	traffic (in addition to OPTIONS) and the OUT OPTIONS are
> #	applied to outgoing traffic.
> #
> #	If you wish to leave a column empty but need to make an entry
> #	in a following column, use "-".
> #---------------------------------------------------------------------------
> ---
> # Example zones:
> #
> #	You have a three interface firewall with internet, local and DMZ
> #	interfaces.
> #
> #	#ZONE	TYPE		OPTIONS		IN			OUT
> #	#					OPTIONS
> OPTIONS
> #	fw	firewall
> #	net
> #	loc
> #	dmz
> #
> #
> # For more information, see http://www.shorewall.net/Documentation.htm#Zones
> #
> ############################################################################
> ###
> #ZONE	TYPE		OPTIONS		IN			OUT
> #					OPTIONS			OPTIONS
> fw	firewall
> WAN	ipv4
> LAN	ipv4
> 
> 
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: web...@li...
> [mailto:web...@li...] On Behalf Of Jamie
> Cameron
> Sent: December 6, 2005 8:04 AM
> To: web...@li...
> Subject: Re: [webmin-l] Shorewall module
> 
> 
> Hi Steve,
> I am maintaining the Shorewall module (as it is one of the core modules),
> but I didn't know that version 3 was out.
> 
> Do know what changes were made in the config file formats between versions 2
> and 3 that Webmin doesn't yet support? If I had that information, adding
> version 3 support should be simple..
> 
>  - Jamie
> 
> -----Original Message-----
> 
> From:  "Steve Pritchard" <sys...@nw...>
> Subj:  [webmin-l] Shorewall module
> Date:  Tue 6 Dec 2005 5:11 am
> Size:  769 bytes
> To:  <web...@li...>
> 
> I've noticed that the Shorewall firewall module for WebMin does not match
> the changes in Shorewall 3.02. I'm curious whether there's any plans or
> timelines to update the mod? I'm not sure who the maintainer is, so thought
> I'd post here...
> 
> Regards,
> 
> Steve P.
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id865&opÌk
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list