extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 08:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add TEST column to /etc/shorewall/routes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2126 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-05-16 13:52:30 +00:00
parent 0e8d1e958f
commit 08a3c1d95d
4 changed files with 70 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -2,6 +2,8 @@ Changes in 2.3.2
1) Add support for -j ROUTE 1) Add support for -j ROUTE
2) Add TEST column to /etc/shorewall/routes
Changes in 2.3.1 Changes in 2.3.1
1) Change the behavior of SAVE_IPSETS and allow 'ipsets' files in 1) Change the behavior of SAVE_IPSETS and allow 'ipsets' files in

37
Shorewall2/firewall
View File

@ -5255,6 +5255,7 @@ add_a_route()
{ {
local r= local r=
local chain=routefwd local chain=routefwd
local marktest=
if [ "x$source" != "x-" ]; then if [ "x$source" != "x-" ]; then
case ${source} in case ${source} in
@ -5304,10 +5305,36 @@ add_a_route()
[ "x$proto" = "x-" ] && proto=all [ "x$proto" = "x-" ] && proto=all
[ "x$proto" = "x" ] && proto=all [ "x$proto" = "x" ] && proto=all
[ "$proto" = "all" ] || r="${r}-p $proto " [ "$proto" = "all" ] || r="${r}-p $proto "
[ "x$port" = "x-" ] || r="${r}--dport $port " [ "x$port" = "x-" ] || r="${r}-m multiport --dports $port "
fi fi
[ "x${sport:--}" = "x-" ] || r="${r}--sport $sport " if [ "x${sport:--}" != "x-" ]; then
[ "x$port" = "x-" ] && r="${r}-m multiport "
r="${r}--sports $sport "
fi
case $testval in
-)
;;
!*:C)
marktest="connmark ! "
testval=${testval%:*}
testval=${testval#!}
;;
*:C)
marktest="connmark "
testval=${testval%:*}
;;
!*)
marktest="mark ! "
testval=${testval#!}
;;
*)
[ -n "$testval" ] && marktest="mark "
;;
esac
[ -n "$marktest" ] && r="${r}-m ${marktest}--mark $testval "
r="${r}-j ROUTE " r="${r}-j ROUTE "
@ -5336,10 +5363,10 @@ setup_routes() # $1 = file name
run_iptables -t mangle -N routeout run_iptables -t mangle -N routeout
run_iptables -t mangle -A OUTPUT -j routeout run_iptables -t mangle -A OUTPUT -j routeout
while read source dest proto port sport interface gateway; do while read source dest proto port sport testval interface gateway; do
expandv source dest proto port sport interface gateway expandv source dest proto port sport testval interface gateway
rule="$source $dest $proto $port $sport $interface $gateway" rule="$source $dest $proto $port $sport testval $interface $gateway"
add_a_route add_a_route
done < $TMP_DIR/routes done < $TMP_DIR/routes
fi fi

19
Shorewall2/releasenotes.txt
View File

@ -64,6 +64,25 @@ New Features in version 2.3.2
comma-separated list of port names, port comma-separated list of port names, port
numbers or port ranges. numbers or port ranges.
TEST Defines a test on the existing packet or
connection mark.
The rule will match only if the test returns
true. Tests have the format
[!]<value>[/<mask>][:C]
Where:
! Inverts the test (not equal)
<value> Value of the packet or
connection mark.
<mask> A mask to be applied to the
mark before testing
:C Designates a connection
mark. If omitted, the packet
mark's value is tested.
INTERFACE The interface that the packet is to be routed INTERFACE The interface that the packet is to be routed
out of. If you do not specify this field then out of. If you do not specify this field then
you must place "-" in this column and enter an you must place "-" in this column and enter an

22
Shorewall2/routes
View File

@ -11,6 +11,8 @@
# In order to use entries in this file, your kernel and iptables must # In order to use entries in this file, your kernel and iptables must
# have ROUTE target support. # have ROUTE target support.
# #
# To omit any column, enter "-" in that column.
#
# Columns are: # Columns are:
# #
# #
@ -50,22 +52,30 @@
# for bit-torrent). If no PORT is given, "ipp2p" is # for bit-torrent). If no PORT is given, "ipp2p" is
# assumed. # assumed.
# #
# This column is ignored if PROTOCOL = all but must be
# entered if any of the following field is supplied.
# In that case, it is suggested that this field contain
# "-"
#
# SOURCE PORT(S) (Optional) Source port(s). If omitted, # SOURCE PORT(S) (Optional) Source port(s). If omitted,
# any source port is acceptable. Specified as a comma- # any source port is acceptable. Specified as a comma-
# separated list of port names, port numbers or port # separated list of port names, port numbers or port
# ranges. # ranges.
# #
# TEST Defines a test on the existing packet or connection mark.
# The rule will match only if the test returns true. Tests
# have the format [!]<value>[/<mask>][:C]
#
# Where:
#
# ! Inverts the test (not equal)
# <value> Value of the packet or connection mark.
# <mask> A mask to be applied to the mark before
# testing
# :C Designates a connection mark. If omitted,
# the packet mark's value is tested.
#
# INTERFACE The interface that the packet is to be routed out of. # INTERFACE The interface that the packet is to be routed out of.
# #
# GATEWAY The gateway that the packet is to be forewarded through. # GATEWAY The gateway that the packet is to be forewarded through.
# #
# See http://shorewall.net/Shorewall_and_Routing.html for additional information. # See http://shorewall.net/Shorewall_and_Routing.html for additional information.
####################################################################################### #######################################################################################
#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY #SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY
# PORT(S) # PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE