diff options
-rw-r--r-- | files/shorewall.conf.Gentoo. | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/files/shorewall.conf.Gentoo. b/files/shorewall.conf.Gentoo. index e5c722d..88bfbcf 100644 --- a/files/shorewall.conf.Gentoo. +++ b/files/shorewall.conf.Gentoo. @@ -105,9 +105,9 @@ RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' # F I R E W A L L O P T I O N S ############################################################################### -IP_FORWARDING=Keep +IP_FORWARDING=On -ADD_IP_ALIASES=Yes +ADD_IP_ALIASES=No ADD_SNAT_ALIASES=No @@ -119,13 +119,13 @@ TC_EXPERT=No CLEAR_TC=Yes -MARK_IN_FORWARD_CHAIN=No +MARK_IN_FORWARD_CHAIN=Yes -CLAMPMSS=No +CLAMPMSS=Yes -ROUTE_FILTER=Yes +ROUTE_FILTER=No -DETECT_DNAT_IPADDRS=No +DETECT_DNAT_IPADDRS=Yes MUTEX_TIMEOUT=60 @@ -143,19 +143,19 @@ BRIDGING=No DYNAMIC_ZONES=No -PKTTYPE=Yes +PKTTYPE=No -RFC1918_STRICT=No +RFC1918_STRICT=Yes -MACLIST_TABLE=filter +MACLIST_TABLE=mangle -MACLIST_TTL= +MACLIST_TTL=60 SAVE_IPSETS=No MAPOLDACTIONS=No -FASTACCEPT=No +FASTACCEPT=Yes IMPLICIT_CONTINUE=Yes @@ -173,7 +173,7 @@ EXPORTPARAMS=Yes BLACKLIST_DISPOSITION=DROP -MACLIST_DISPOSITION=REJECT +MACLIST_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP |