From d94d4004110c53a5685358b59948c26692ee504c Mon Sep 17 00:00:00 2001 From: bbruns Date: Tue, 16 Nov 2010 06:07:31 +0000 Subject: [PATCH] Move config files to conf/ directory to clean up clutter, still leave options in main dir. --- ChangeLog | 5 +++++ .../ipv4-blocked.default | 0 ipv4-marks.default => conf/ipv4-marks.default | 0 .../ipv4-routing.default | 0 .../ipv6-blocked.default | 0 ipv6-marks.default => conf/ipv6-marks.default | 0 .../port-forwards.default | 0 postrun.default => conf/postrun.default | 0 prerun.default => conf/prerun.default | 0 include/static | 7 ++++--- options.default | 18 +++++++++++------- 11 files changed, 20 insertions(+), 10 deletions(-) rename ipv4-blocked.default => conf/ipv4-blocked.default (100%) rename ipv4-marks.default => conf/ipv4-marks.default (100%) rename ipv4-routing.default => conf/ipv4-routing.default (100%) rename ipv6-blocked.default => conf/ipv6-blocked.default (100%) rename ipv6-marks.default => conf/ipv6-marks.default (100%) rename port-forwards.default => conf/port-forwards.default (100%) rename postrun.default => conf/postrun.default (100%) rename prerun.default => conf/prerun.default (100%) diff --git a/ChangeLog b/ChangeLog index f48739a..152dcfb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +0.9.11 - Brielle Bruns + - Move some of the config clutter to conf/ - you can + put your config files anywhere, but by default, they're + now going to be in conf/ + 0.9.10 - Brielle Bruns - Move clamp mss up earlier in the rules to possibly fix an issue I noticed during testing diff --git a/ipv4-blocked.default b/conf/ipv4-blocked.default similarity index 100% rename from ipv4-blocked.default rename to conf/ipv4-blocked.default diff --git a/ipv4-marks.default b/conf/ipv4-marks.default similarity index 100% rename from ipv4-marks.default rename to conf/ipv4-marks.default diff --git a/ipv4-routing.default b/conf/ipv4-routing.default similarity index 100% rename from ipv4-routing.default rename to conf/ipv4-routing.default diff --git a/ipv6-blocked.default b/conf/ipv6-blocked.default similarity index 100% rename from ipv6-blocked.default rename to conf/ipv6-blocked.default diff --git a/ipv6-marks.default b/conf/ipv6-marks.default similarity index 100% rename from ipv6-marks.default rename to conf/ipv6-marks.default diff --git a/port-forwards.default b/conf/port-forwards.default similarity index 100% rename from port-forwards.default rename to conf/port-forwards.default diff --git a/postrun.default b/conf/postrun.default similarity index 100% rename from postrun.default rename to conf/postrun.default diff --git a/prerun.default b/conf/prerun.default similarity index 100% rename from prerun.default rename to conf/prerun.default diff --git a/include/static b/include/static index 12a128c..6cb4946 100755 --- a/include/static +++ b/include/static @@ -25,12 +25,13 @@ # These defines are here to help pre-1.0 users easily upgrade, defines critical defaults # that would otherwise require remaking their options file. I leave this on by default, # but if you want to make sure you have a current options file, define this to 0. + if [[ "$COMPAT_CONFIG" == "1" ]]; then MODPROBE=`which modprobe` + PRERUN="$BASEDIR/prerun" + POSTRUN="$BASEDIR/postrun" fi -PRERUN="$BASEDIR/prerun" -POSTRUN="$BASEDIR/postrun" # ANSI color sequences BLUE="\E[34m" @@ -54,4 +55,4 @@ NF_MULTIPORT="xt_multiport" NF_MULTIPORT_MAX_PORTS="7" # RFC 1918 Space -RFC1918_SPACE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" \ No newline at end of file +RFC1918_SPACE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" diff --git a/options.default b/options.default index e779d53..781b8eb 100755 --- a/options.default +++ b/options.default @@ -21,6 +21,10 @@ MODPROBE=/sbin/modprobe # Extra modules to load such as ftp connection tracking #MODULES_LOAD="nf_conntrack_ftp nf_conntrack_h323 nf_conntrack_irc nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_proto_sctp nf_conntrack_proto_udplite nf_conntrack_sip nf_conntrack_tftp nf_conntrack_sane" +# Run commands before/after rules +PRERUN="$BASEDIR/conf/prerun" +POSTRUN="$BASEDIR/conf/postrun" + # Do we want NAT/Conntrack/Forward features? #NAT=1 #CONNTRACK=1 @@ -41,7 +45,7 @@ MODPROBE=/sbin/modprobe #INTINF=ppp+ # Port forwardings, requires NAT -#PORTFW=$BASEDIR/port-forwards +#PORTFW=$BASEDIR/conf/port-forwards # Multiport support? # yes/no/auto (auto will try to detect if we support multiport or not, @@ -72,10 +76,10 @@ TRUSTEDIP="127.0.0.1" DONTTRACK="127.0.0.1" # IP range(s) to forward -#ROUTING=$BASEDIR/ipv4-routing +#ROUTING=$BASEDIR/conf/ipv4-routing # Mark ipv4 packets for advanced purposes -#IPv4_MARK=$BASEDIR/ipv4-marks +#IPv4_MARK=$BASEDIR/conf/ipv4-marks # IP NAT Rules # SNAT:::: @@ -103,7 +107,7 @@ HACK_IPV4="NS-IN-DDOS" # IP Ranges to block all traffic incoming/outgoing # New functionality in 0.9.8 obsoletes BLOCKTCPPORTS and BLOCKUDPPORTS -BLOCKEDIP=$BASEDIR/ipv4-blocked +BLOCKEDIP=$BASEDIR/conf/ipv4-blocked # Strip ECN off of packets - helps with blackholes # Either individual IPs or 0.0.0.0/0 @@ -145,13 +149,13 @@ BLOCKEDIP=$BASEDIR/ipv4-blocked #IPV6_ROUTEDCLIENTBLOCK=1 # IP range(s) to forward -#IPV6_ROUTING=$BASEDIR/ipv6-routing +#IPV6_ROUTING=$BASEDIR/conf/ipv6-routing # Mark ipv6 packets for advanced purposes -#IPV6_MARK=$BASEDIR/ipv6-marks +#IPV6_MARK=$BASEDIR/conf/ipv6-marks # IPv6 Ranges to block all traffic incoming/outgoing -#IPV6_BLOCKEDIP=$BASEDIR/ipv6-blocked +#IPV6_BLOCKEDIP=$BASEDIR/conf/ipv6-blocked # Clamp MSS, useful on DSL/VPN links # Space separated list of interfaces to apply this on