extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 11:41:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restore 'ipp2p' support to the rules file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2564 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-26 20:11:27 +00:00
parent 07c152ab35
commit 0ae1bdfbc1
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/firewall
View File

@ -5165,6 +5165,12 @@ process_rule() # $1 = target
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\"" fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
proto= proto=
;; ;;
ipp2p)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
*) *)
[ -n "$port" ] && \ [ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\"" fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""

4
Shorewall/releasenotes.txt
View File

@ -72,6 +72,10 @@ New Features in Shorewall 2.5.3
Macros may be used in these sections provided that they expand to Macros may be used in these sections provided that they expand to
only these ACTIONs. only these ACTIONs.
6) The value 'ipp2p' is once again allowed in the PROTO column of
the rules file. It is recommended that rules specifying 'ipp2p'
only be included in the ESTABLISHED section of the file.
Problems Corrected in 2.5.2: Problems Corrected in 2.5.2:
1) You may now include port lists in in the /etc/shorewall/accounting 1) You may now include port lists in in the /etc/shorewall/accounting

14
Shorewall/rules
View File

@ -253,14 +253,20 @@
# contain the port number on the firewall that the # contain the port number on the firewall that the
# request should be redirected to. # request should be redirected to.
# #
# PROTO Protocol - Must be "tcp", "udp", "icmp", a number, or # PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
# "all". # a number, or "all". "ipp2p" requires ipp2p match
# support in your kernel and iptables.
# #
# DEST PORT(S) Destination Ports. A comma-separated list of Port # DEST PORT(S) Destination Ports. A comma-separated list of Port
# names (from /etc/services), port numbers or port # names (from /etc/services), port numbers or port
# ranges; if the protocol is "icmp", this column is # ranges; if the protocol is "icmp", this column is
# interpreted as the destination icmp-type(s). # interpreted as the destination icmp-type(s).
# #
# If the protocol is ipp2p, this column is interpreted
# as an ipp2p option without the leading "--" (example
# "bit" for bit-torrent). If no port is given, "ipp2p" is
# assumed.
#
# A port range is expressed as <low port>:<high port>. # A port range is expressed as <low port>:<high port>.
# #
# This column is ignored if PROTOCOL = all but must be # This column is ignored if PROTOCOL = all but must be
@ -404,7 +410,7 @@
############################################################################################################# #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
SECTION ESTABLISHED #SECTION ESTABLISHED
SECTION RELATED #SECTION RELATED
SECTION NEW SECTION NEW
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE