Merge changes from STABLE2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1497 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2004-07-25 17:56:48 +00:00 · 2004-07-25 17:56:48 +00:00 · 02456616c3
commit 02456616c3
parent 0a25b97f5b
3 changed files with 34 additions and 10 deletions
--- a/Lrp2/sbin/shorewall
+++ b/Lrp2/sbin/shorewall
@ -881,6 +881,21 @@ case "$1" in
 	iptables -t mangle -L $IPT_OPTIONS
 	echo
 	cat /proc/net/ip_conntrack
+	echo
+	echo "IP Configuration"
+	echo
+	ip addr ls
+	echo
+	echo "Routing Rules"
+	echo
+	ip rule ls
+	ip rule ls | while read rule; do
+	    table=${rule##* }
+	    echo
+	    echo "Table $table:"
+	    echo
+	    ip route ls table $table
+	done
 	;;
    hits)
    	[ -n "$debugging" ] && set -x
--- a/Lrp2/usr/share/shorewall/firewall
+++ b/Lrp2/usr/share/shorewall/firewall
@ -4538,7 +4538,7 @@ process_blacklist_rec() {
 # Setup the Black List
 #
 setup_blacklist() {
-    local hosts=$(find_hosts_by_option blacklist)
+    local hosts="$(find_hosts_by_option blacklist)"
    local f=$(find_file blacklist)
    local disposition=$BLACKLIST_DISPOSITION

@ -4922,6 +4922,13 @@ initialize_netfilter () {
 add_common_rules() {
    local savelogparms="$LOGPARMS"
    local broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4"
+
+    drop_broadcasts() {
+	for address in $broadcasts ; do
+	    run_iptables -A reject -d $address -j DROP
+	done
+    }
+
    #
    # Populate the smurf chain
    #
@ -4932,14 +4939,16 @@ add_common_rules() {
    #
    # Reject Rules -- Don't respond to broadcasts with an ICMP
    #
-    qt iptables -A reject -m pkttype --pkt-type broadcast -j DROP
-    if ! qt iptables -A reject -m pkttype --pkt-type multicast -j DROP; then
-	#
-	# No pkttype support -- do it the hard way
-	#
-	for address in $broadcasts ; do
-	    run_iptables -A reject -d $address -j DROP
-	done
+    if [ -n "$PKTTYPE" ]; then
+	qt iptables -A reject -m pkttype --pkt-type broadcast -j DROP
+	if ! qt iptables -A reject -m pkttype --pkt-type multicast -j DROP; then
+            #
+	    # No pkttype support -- do it the hard way
+	    #
+	    drop_broadcasts
+	fi
+    else
+	drop_broadcasts
    fi
    #
    # Don't feed the smurfs
--- a/Lrp2/usr/share/shorewall/version
+++ b/Lrp2/usr/share/shorewall/version
@ -1 +1 @@
-2.0.6
+2.0.7
 @ -1 +1 @@
 .0.6
 .0.7