Commit 8552753d authored by Matt Taggart's avatar Matt Taggart

remove deprecated blacklist

the blacklist file was deprecated by upstream in 4.5.7, remove all
references to them. Debian wheezy shipped with 4.5.5.3-3 (but could
use a backport) and jessie has 4.6.4.3-2 currently.
parent 054ccc9e
......@@ -187,7 +187,7 @@ Example from node.pp:
shorewall::interface { 'eth0':
zone => 'net',
rfc1918 => true,
options => 'tcpflags,blacklist,nosmurfs';
options => 'tcpflags,nosmurfs';
}
shorewall::policy {
......
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#
# Shorewall version 3.4 - Blacklist File
#
# For information about entries in this file, type "man shorewall-blacklist"
#
# Please see http://shorewall.net/blacklisting_support.htm for additional
# information.
#
###############################################################################
#ADDRESS/SUBNET PROTOCOL PORT
#
# Shorewall version 4 - Started File
# Shorewall -- /etc/shorewall/started
#
# /etc/shorewall/started
# Add commands below that you want to be executed after shorewall has
# been completely started, reloaded or restarted. The difference between
# this extension script and /etc/shorewall/start is that this one is
# invoked after the 'shorewall' chain has been created (thus
# signaling that the firewall is completely up).
#
# Add commands below that you want to be executed after shorewall has
# been completely started or restarted. The difference between this
# extension script and /etc/shorewall/start is that this one is invoked
# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
# after the 'shorewall' chain has been created (thus signaling that the
# firewall is completely up).
#
# This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall with the 'nolock'
# option.
# This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall with the 'nolock'
# option.
#
# See http://shorewall.net/shorewall_extension_scripts.htm for additional
# information.
#
###############################################################################
define shorewall::blacklist(
$proto = '-',
$port = '-',
$order='100'
){
shorewall::entry{"blacklist-${order}-${name}":
line => "${name} ${proto} ${port}",
}
}
......@@ -5,11 +5,11 @@
# shorewall::interface { 'br0':
# zone => 'net',
# rfc1918 => true,
# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge';
# options => 'tcpflags,nosmurfs,routeback,bridge';
# }
#
# class { 'shorewall::blrules':
# options => 'tcpflags,blacklist,nosmurfs,routeback,bridge',
# options => 'tcpflags,nosmurfs,routeback,bridge',
# whitelists => [
# "net:10.0.0.1,192.168.0.1 all",
# ],
......
define shorewall::host(
$zone,
$options = 'tcpflags,blacklist,norfc1918',
$options = 'tcpflags,norfc1918',
$order='100'
){
shorewall::entry{"hosts-${order}-${name}":
......
......@@ -27,8 +27,6 @@ class shorewall(
$proxyarp_defaults = {},
$nat = {},
$nat_defaults = {},
$blacklist = {},
$blacklist_defaults = {},
$rfc1918 = {},
$rfc1918_defaults = {},
$routestopped = {},
......@@ -76,8 +74,6 @@ class shorewall(
'proxyarp',
# See http://www.shorewall.net/3.0/Documentation.htm#NAT
'nat',
# See http://www.shorewall.net/3.0/Documentation.htm#Blacklist
'blacklist',
# See http://www.shorewall.net/3.0/Documentation.htm#rfc1918
'rfc1918',
# See http://www.shorewall.net/3.0/Documentation.htm#Routestopped
......@@ -110,7 +106,6 @@ class shorewall(
create_resources('shorewall::masq',$masq,$masq_defaults)
create_resources('shorewall::proxyarp',$proxyarp,$proxyarp_defaults)
create_resources('shorewall::nat',$nat,$nat_defaults)
create_resources('shorewall::blacklist',$blacklist,$blacklist_defaults)
create_resources('shorewall::rfc1918',$rfc1918,$rfc1918_defaults)
create_resources('shorewall::routestopped',$routestopped,
$routestopped_defaults)
......
define shorewall::interface(
$zone,
$broadcast = 'detect',
$options = 'tcpflags,blacklist,routefilter,nosmurfs,logmartians',
$options = 'tcpflags,routefilter,nosmurfs,logmartians',
$add_options = '',
$rfc1918 = false,
$dhcp = false,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment