Hello community, here is the log from the commit of package SuSEfirewall2 checked in at Mon Apr 21 03:01:06 CEST 2008. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2008-04-04 10:06:49.000000000 +0200 +++ SuSEfirewall2/SuSEfirewall2.changes 2008-04-17 14:55:37.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Apr 17 14:55:17 CEST 2008 - lnussel@suse.de + +- sysconfig file documentation improvements + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6_SVNr193.tar.bz2 New: ---- SuSEfirewall2-3.6_SVNr194.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.wq8151/_old 2008-04-21 02:59:54.000000000 +0200 +++ /var/tmp/diff_new_pack.wq8151/_new 2008-04-21 02:59:54.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6_SVNr193) +# spec file for package SuSEfirewall2 (Version 3.6_SVNr194) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,7 +13,7 @@ Name: SuSEfirewall2 -Version: 3.6_SVNr193 +Version: 3.6_SVNr194 Release: 1 License: GPL v2 or later Group: Productivity/Networking/Security @@ -188,6 +188,8 @@ rm -rf %{buildroot} %changelog +* Thu Apr 17 2008 lnussel@suse.de +- sysconfig file documentation improvements * Fri Apr 04 2008 lnussel@suse.de - remove X-UnitedLinux tags from init scripts - update links in docu ++++++ SuSEfirewall2-3.6_SVNr193.tar.bz2 -> SuSEfirewall2-3.6_SVNr194.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr193/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6_SVNr194/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6_SVNr193/SuSEfirewall2.sysconfig 2008-04-04 10:05:24.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr194/SuSEfirewall2.sysconfig 2008-04-17 14:54:51.000000000 +0200 @@ -1,9 +1,9 @@ # Copyright (c) 2000-2002 SuSE GmbH Nuernberg, Germany. All rights reserved. # Copyright (c) 2003,2004 SuSE Linux AG Nuernberg, Germany. All rights reserved. -# Copyright (c) 2005-2007 SUSE LINUX Products GmbH Nuernberg, Germany. All rights reserved. +# Copyright (c) 2005-2008 SUSE LINUX Products GmbH Nuernberg, Germany. All rights reserved. # # Author: Marc Heuse, 2002 -# Ludwig Nussel, 2004-2007 +# Ludwig Nussel, 2004-2008 # # /etc/sysconfig/SuSEfirewall2 # @@ -266,21 +266,13 @@ # Which TCP services _on the firewall_ should be accessible from # untrusted networks? # -# Enter all ports or known portnames below, seperated by a space. -# TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and -# UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP. -# e.g. if a webserver on the firewall should be accessible from the internet: -# FW_SERVICES_EXT_TCP="www" -# e.g. if the firewall should receive syslog messages from the dmz: -# FW_SERVICES_DMZ_UDP="syslog" -# For IP protocols (like GRE for PPTP, or OSPF for routing) you need to set -# FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols) -# # Format: space separated list of ports, port ranges or well known # service names (see /etc/services) # # Examples: "ssh", "123 514", "3200:3299", "ftp 22 telnet 512:514" # +# Note: this setting has precedence over FW_SERVICES_ACCEPT_* +# FW_SERVICES_EXT_TCP="" ## Type: string @@ -288,9 +280,12 @@ # Which UDP services _on the firewall_ should be accessible from # untrusted networks? # -# see comments for FW_SERVICES_EXT_TCP +# Format: space separated list of ports, port ranges or well known +# service names (see /etc/services) # -# Example: "53" +# Example: "53", "syslog" +# +# Note: this setting has precedence over FW_SERVICES_ACCEPT_* # FW_SERVICES_EXT_UDP="" @@ -299,10 +294,16 @@ # Which IP services _on the firewall_ should be accessible from # untrusted networks? # -# Usually for VPN/Routing that END at the firewall +# Usually for VPN/Routing services that END at the firewall like +# IPsec, GRE, PPTP or OSPF +# +# Format: space separated list of ports, port ranges or well known +# protocol names (see /etc/protocols) # # Example: "esp" # +# Note: this setting has precedence over FW_SERVICES_ACCEPT_* +# FW_SERVICES_EXT_IP="" ## Type: string @@ -320,6 +321,9 @@ # to have SuSEfirewall2 open arbitrary ports # # Example: "mountd nfs" +# +# Note: this setting has precedence over FW_SERVICES_ACCEPT_* +# FW_SERVICES_EXT_RPC="" ## Type: string @@ -332,6 +336,10 @@ # services that require multiple ports or protocols. Enter the space # separated list of configuration files you want to load. # +# The content of those files is merged into +# FW_SERVICES_$zone_$protocol, ie has precedence over +# FW_SERVICES_ACCEPT_* +# # Example: "samba-server nfs-server" FW_CONFIGURATIONS_EXT="" @@ -399,6 +407,16 @@ FW_SERVICES_DROP_EXT="" ## Type: string +# +# see FW_SERVICES_DROP_EXT +FW_SERVICES_DROP_DMZ="" + +## Type: string +# +# see FW_SERVICES_DROP_EXT +FW_SERVICES_DROP_INT="" + +## Type: string ## Default: # # Packets to silently reject without log message. Common usage is @@ -415,6 +433,16 @@ FW_SERVICES_REJECT_EXT="" ## Type: string +# +# see FW_SERVICES_REJECT_EXT +FW_SERVICES_REJECT_DMZ="" + +## Type: string +# +# see FW_SERVICES_REJECT_EXT +FW_SERVICES_REJECT_INT="" + +## Type: string ## Default: # # Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP} @@ -438,17 +466,30 @@ FW_SERVICES_ACCEPT_EXT="" ## Type: string +# +# see FW_SERVICES_ACCEPT_EXT +FW_SERVICES_ACCEPT_DMZ="" + +## Type: string +# +# see FW_SERVICES_ACCEPT_EXT +FW_SERVICES_ACCEPT_INT="" + +## Type: string ## Default: # # Services to allow that are considered RELATED by the connection tracking # engine. # # Format: space separated list of net,protocol[,sport[,dport]] +# # Example: # Allow samba broadcast replies marked as related by # nf_conntrack_netbios_ns from a certain network: # "192.168.1.0/24,udp,137" # +# See also FW_LOAD_MODULES +# FW_SERVICES_ACCEPT_RELATED_EXT="" ## Type: string @@ -1079,7 +1120,9 @@ # Which additional kernel modules to load at startup # # Example: -# FW_LOAD_MODULES="ip_conntrack_ftp ip_nat_ftp" +# FW_LOAD_MODULES="nf_conntrack_netbios_ns" +# +# See also FW_SERVICES_ACCEPT_RELATED_EXT # FW_LOAD_MODULES= ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org