extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Verify physdev match if BRIDGING=Yes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1602 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-05 23:43:08 +00:00
parent 2fca478477
commit 0649e6ad70
3 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -60,3 +60,5 @@ Changes since 2.0.3
28) Apply Richard Musil's patch.
29) Correct parsing of PROTO column in setup_tc1().
30) Verify Physdev match if BRIDGING=Yes

11
Shorewall2/firewall
View File

@ -2503,6 +2503,10 @@ check_config() {
verify_os_version
if [ -n "$BRIDGING" ]; then
[ -n "$PHYSDEV_MATCH" || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
fi
echo "Determining Zones..."
determine_zones
@ -5187,11 +5191,13 @@ determine_capabilities() {
CONNTRACK_MATCH=
MULTIPORT=
POLICY_MATCH=
PHYSDEV_MATCH=
if qt iptables -N fooX1234 ; then
qt iptables -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
qt iptables -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
qt iptables -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT && POLICY_MATCH=Yes
qt iptables -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes
qt iptables -F fooX1234
@ -5225,6 +5231,7 @@ report_capabilities() {
report_capability $CONNTRACK_MATCH "Connection Tracking Match"
report_capability $PKTTYPE "Packet Type Match"
report_capability $POLICY_MATCH "Policy Match"
report_capability $PHYSDEV_MATCH "Physdev Match"
}
#
@ -5239,6 +5246,10 @@ initialize_netfilter () {
report_capabilities
if [ -n "$BRIDGING" ]; then
[ -n "$PHYSDEV_MATCH" || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
fi
echo "Determining Zones..."
determine_zones

3
Shorewall2/releasenotes.txt
View File

@ -420,6 +420,7 @@ New Features:
See the comments at the top of /etc/shorewall/accounting for
details.
13) Shorewall now verifies that your kernel and iptables have physdev
match support if BRIDGING=Yes in shorewall.conf.