summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--files/shorewall.conf.Gentoo.24
1 files changed, 12 insertions, 12 deletions
diff --git a/files/shorewall.conf.Gentoo. b/files/shorewall.conf.Gentoo.
index e5c722d..88bfbcf 100644
--- a/files/shorewall.conf.Gentoo.
+++ b/files/shorewall.conf.Gentoo.
@@ -105,9 +105,9 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
# F I R E W A L L O P T I O N S
###############################################################################
-IP_FORWARDING=Keep
+IP_FORWARDING=On
-ADD_IP_ALIASES=Yes
+ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
@@ -119,13 +119,13 @@ TC_EXPERT=No
CLEAR_TC=Yes
-MARK_IN_FORWARD_CHAIN=No
+MARK_IN_FORWARD_CHAIN=Yes
-CLAMPMSS=No
+CLAMPMSS=Yes
-ROUTE_FILTER=Yes
+ROUTE_FILTER=No
-DETECT_DNAT_IPADDRS=No
+DETECT_DNAT_IPADDRS=Yes
MUTEX_TIMEOUT=60
@@ -143,19 +143,19 @@ BRIDGING=No
DYNAMIC_ZONES=No
-PKTTYPE=Yes
+PKTTYPE=No
-RFC1918_STRICT=No
+RFC1918_STRICT=Yes
-MACLIST_TABLE=filter
+MACLIST_TABLE=mangle
-MACLIST_TTL=
+MACLIST_TTL=60
SAVE_IPSETS=No
MAPOLDACTIONS=No
-FASTACCEPT=No
+FASTACCEPT=Yes
IMPLICIT_CONTINUE=Yes
@@ -173,7 +173,7 @@ EXPORTPARAMS=Yes
BLACKLIST_DISPOSITION=DROP
-MACLIST_DISPOSITION=REJECT
+MACLIST_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP