mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Add conversion of notrack to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
8657682dfd
commit
0d635632e3
@ -3931,7 +3931,7 @@ usage() # $1 = exit status
|
|||||||
echo " status [ -i ]"
|
echo " status [ -i ]"
|
||||||
echo " stop"
|
echo " stop"
|
||||||
ecko " try <directory> [ <timeout> ]"
|
ecko " try <directory> [ <timeout> ]"
|
||||||
ecko " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [-t] [-A] [ <directory> ]"
|
ecko " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [-t] [-s] [-n] [-A] [ <directory> ]"
|
||||||
echo " version [ -a ]"
|
echo " version [ -a ]"
|
||||||
echo
|
echo
|
||||||
exit $1
|
exit $1
|
||||||
@ -3985,6 +3985,7 @@ shorewall_cli() {
|
|||||||
g_loopback=
|
g_loopback=
|
||||||
g_compiled=
|
g_compiled=
|
||||||
g_routestopped=
|
g_routestopped=
|
||||||
|
g_notrack=
|
||||||
|
|
||||||
VERBOSE=
|
VERBOSE=
|
||||||
VERBOSITY=1
|
VERBOSITY=1
|
||||||
|
@ -592,8 +592,8 @@ EOF
|
|||||||
#
|
#
|
||||||
sub compiler {
|
sub compiler {
|
||||||
|
|
||||||
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped ) =
|
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline, $tcrules, $routestopped , $notrack ) =
|
||||||
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 , 0 , 0 );
|
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 , 0 , 0 , 0 );
|
||||||
|
|
||||||
$export = 0;
|
$export = 0;
|
||||||
$test = 0;
|
$test = 0;
|
||||||
@ -845,7 +845,7 @@ sub compiler {
|
|||||||
#
|
#
|
||||||
# Process the conntrack file
|
# Process the conntrack file
|
||||||
#
|
#
|
||||||
setup_conntrack;
|
setup_conntrack( $notrack );
|
||||||
#
|
#
|
||||||
# Add Tunnel rules.
|
# Add Tunnel rules.
|
||||||
#
|
#
|
||||||
|
@ -36,7 +36,7 @@ use strict;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( setup_conntrack );
|
our @EXPORT = qw( setup_conntrack );
|
||||||
our @EXPORT_OK = qw( handle_helper_rule );
|
our @EXPORT_OK = qw( handle_helper_rule );
|
||||||
our $VERSION = 'MODULEVERSION';
|
our $VERSION = '4.6_10';
|
||||||
|
|
||||||
our %valid_ctevent = ( new => 1,
|
our %valid_ctevent = ( new => 1,
|
||||||
related => 1,
|
related => 1,
|
||||||
@ -56,7 +56,7 @@ sub initialize($) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Conntrack
|
# Notrack
|
||||||
#
|
#
|
||||||
sub process_conntrack_rule( $$$$$$$$$$ ) {
|
sub process_conntrack_rule( $$$$$$$$$$ ) {
|
||||||
|
|
||||||
@ -275,52 +275,131 @@ sub process_format( $ ) {
|
|||||||
$file_format = $format;
|
$file_format = $format;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setup_conntrack() {
|
sub setup_conntrack($) {
|
||||||
|
my $convert = shift;
|
||||||
|
my $fn;
|
||||||
|
my @files = $convert ? ( qw/notrack conntrack/ ) : ( 'conntrack' );
|
||||||
|
|
||||||
my $fn = open_file( 'conntrack', 3 , 1 );
|
for my $name ( qw/notrack conntrack/ ) {
|
||||||
|
|
||||||
if ( $fn ) {
|
$fn = open_file( $name, 3 , 1 );
|
||||||
|
|
||||||
my $action;
|
if ( $fn ) {
|
||||||
|
|
||||||
first_entry( "$doing $fn..." );
|
my $action;
|
||||||
|
|
||||||
while ( read_a_line( NORMAL_READ ) ) {
|
my $empty = 1;
|
||||||
my ( $source, $dest, $protos, $ports, $sports, $user, $switch );
|
|
||||||
|
|
||||||
( $action, $source, $dest, $protos, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 };
|
first_entry( "$doing $fn..." );
|
||||||
|
|
||||||
for my $proto ( split_list $protos, 'Protocol' ) {
|
while ( read_a_line( NORMAL_READ ) ) {
|
||||||
if ( $file_format < 3 ) {
|
my ( $source, $dest, $protos, $ports, $sports, $user, $switch );
|
||||||
if ( $source =~ /^all(-)?(:(.+))?$/ ) {
|
|
||||||
fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-';
|
if ( $file_format == 1 ) {
|
||||||
for my $zone ( $1 ? off_firewall_zones : all_zones ) {
|
( $source, $dest, $protos, $ports, $sports, $user, $switch ) =
|
||||||
process_conntrack_rule( undef ,
|
split_line1( 'Conntrack File',
|
||||||
undef,
|
{ source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5, switch => 6 } );
|
||||||
$action,
|
$action = 'NOTRACK';
|
||||||
$zone . ( $2 || ''),
|
|
||||||
$dest,
|
|
||||||
$proto,
|
|
||||||
$ports,
|
|
||||||
$sports,
|
|
||||||
$user ,
|
|
||||||
$switch );
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
|
||||||
}
|
|
||||||
} elsif ( $action =~ s/:O$// ) {
|
|
||||||
process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
|
||||||
} elsif ( $action =~ s/:OP$// || $action =~ s/:PO// ) {
|
|
||||||
process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
|
||||||
process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
|
||||||
} else {
|
} else {
|
||||||
$action =~ s/:P$//;
|
( $action, $source, $dest, $protos, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 };
|
||||||
process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
}
|
||||||
|
|
||||||
|
$empty = 0;
|
||||||
|
|
||||||
|
for my $proto ( split_list $protos, 'Protocol' ) {
|
||||||
|
if ( $file_format < 3 ) {
|
||||||
|
if ( $source =~ /^all(-)?(:(.+))?$/ ) {
|
||||||
|
fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-';
|
||||||
|
for my $zone ( $1 ? off_firewall_zones : all_zones ) {
|
||||||
|
process_conntrack_rule( undef ,
|
||||||
|
undef,
|
||||||
|
$action,
|
||||||
|
$zone . ( $2 || ''),
|
||||||
|
$dest,
|
||||||
|
$proto,
|
||||||
|
$ports,
|
||||||
|
$sports,
|
||||||
|
$user ,
|
||||||
|
$switch );
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
||||||
|
}
|
||||||
|
} elsif ( $action =~ s/:O$// ) {
|
||||||
|
process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
||||||
|
} elsif ( $action =~ s/:OP$// || $action =~ s/:PO// ) {
|
||||||
|
process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
||||||
|
process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
||||||
|
} else {
|
||||||
|
$action =~ s/:P$//;
|
||||||
|
process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $name eq 'notrack') {
|
||||||
|
if ( $empty ) {
|
||||||
|
if ( unlink( $fn ) ) {
|
||||||
|
warning_message "Empty notrack file ($fn) removed";
|
||||||
|
} else {
|
||||||
|
warning_message "Unable to remove empty notrack file ($fn): $!";
|
||||||
|
}
|
||||||
|
$convert = undef;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} elsif ( $name eq 'notrack' ) {
|
||||||
|
$convert = undef;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $convert ) {
|
||||||
|
my $conntrack;
|
||||||
|
my $empty = 1;
|
||||||
|
|
||||||
|
if ( $fn ) {
|
||||||
|
open $conntrack, '>>', $fn or fatal_error "Unable to open $fn for notrack conversion: $!";
|
||||||
|
} else {
|
||||||
|
open $conntrack, '>', $fn = find_file 'conntrack' or fatal_error "Unable to open $fn for notrack conversion: $!";
|
||||||
|
|
||||||
|
print $conntrack <<'EOF';
|
||||||
|
#
|
||||||
|
# Shorewall version 5 - conntrack File
|
||||||
|
#
|
||||||
|
# For information about entries in this file, type "man shorewall-conntrack"
|
||||||
|
#
|
||||||
|
##############################################################################################################
|
||||||
|
EOF
|
||||||
|
print $conntrack '?' . "FORMAT 3";
|
||||||
|
|
||||||
|
print $conntrack <<'EOF';
|
||||||
|
#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
|
||||||
|
# PORT(S) PORT(S) GROUP
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
$fn = open_file( 'notrack' , 3, 1 ) || fatal_error "Unable to open the notrack file for conversion: $!";
|
||||||
|
|
||||||
|
while ( read_a_line( PLAIN_READ ) ) {
|
||||||
|
#
|
||||||
|
# Don't copy the header comments from the old notrack file
|
||||||
|
#
|
||||||
|
next if $empty && ( $currentline =~ /^\s*#/ || $currentline =~ /^\s*$/ );
|
||||||
|
|
||||||
|
if ( $empty ) {
|
||||||
|
#
|
||||||
|
# First non-commentary line
|
||||||
|
#
|
||||||
|
$empty = undef;
|
||||||
|
|
||||||
|
print $conntrack '?' . "format 1\n" unless $currentline =~ /^\s*\??FORMAT/i;
|
||||||
|
}
|
||||||
|
|
||||||
|
print $conntrack "$currentline\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
rename $fn, "$fn.bak" or fatal_error "Unable to rename $fn to $fn.bak: $!";
|
||||||
|
progress_message2 "notrack file $fn saved in $fn.bak"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
@ -3140,7 +3140,7 @@ sub process_secmark_rule() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Process the tcrules file and setup traffic shaping
|
# Process the mangle file and setup traffic shaping
|
||||||
#
|
#
|
||||||
sub setup_tc( $ ) {
|
sub setup_tc( $ ) {
|
||||||
$tcrules = $_[0];
|
$tcrules = $_[0];
|
||||||
@ -3222,6 +3222,8 @@ sub setup_tc( $ ) {
|
|||||||
|
|
||||||
close $mangle, directive_callback( 0 );
|
close $mangle, directive_callback( 0 );
|
||||||
}
|
}
|
||||||
|
} elsif ( my $fn = find_file( 'tcrules' ) ) {
|
||||||
|
warning_message "The tcrules file is no longer supported -- use the '$product update -t' to convert $fn to an equivalent 'mangle' file";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( my $fn = open_file( 'mangle', 1, 1 ) ) {
|
if ( my $fn = open_file( 'mangle', 1, 1 ) ) {
|
||||||
|
@ -43,6 +43,7 @@
|
|||||||
# --inline # Update alternative column specifications
|
# --inline # Update alternative column specifications
|
||||||
# --tcrules # Create mangle from tcrules
|
# --tcrules # Create mangle from tcrules
|
||||||
# --routestopped # Create stoppedrules from routestopped
|
# --routestopped # Create stoppedrules from routestopped
|
||||||
|
# --notrack # Create conntrack from notrack
|
||||||
#
|
#
|
||||||
use strict;
|
use strict;
|
||||||
use FindBin;
|
use FindBin;
|
||||||
@ -79,6 +80,7 @@ usage: compiler.pl [ <option> ... ] [ <filename> ]
|
|||||||
[ --inline ]
|
[ --inline ]
|
||||||
[ --tcrules ]
|
[ --tcrules ]
|
||||||
[ --routestopped ]
|
[ --routestopped ]
|
||||||
|
[ --notrack ]
|
||||||
_EOF_
|
_EOF_
|
||||||
|
|
||||||
exit shift @_;
|
exit shift @_;
|
||||||
@ -110,6 +112,7 @@ my $shorewallrc1 = '';
|
|||||||
my $inline = 0;
|
my $inline = 0;
|
||||||
my $tcrules = 0;
|
my $tcrules = 0;
|
||||||
my $routestopped = 0;
|
my $routestopped = 0;
|
||||||
|
my $notrack = 0;
|
||||||
|
|
||||||
Getopt::Long::Configure ('bundling');
|
Getopt::Long::Configure ('bundling');
|
||||||
|
|
||||||
@ -145,6 +148,7 @@ my $result = GetOptions('h' => \$help,
|
|||||||
'inline' => \$inline,
|
'inline' => \$inline,
|
||||||
'tcrules' => \$tcrules,
|
'tcrules' => \$tcrules,
|
||||||
'routestopped' => \$routestopped,
|
'routestopped' => \$routestopped,
|
||||||
|
'notrack' => \$notrack,
|
||||||
'config_path=s' => \$config_path,
|
'config_path=s' => \$config_path,
|
||||||
'shorewallrc=s' => \$shorewallrc,
|
'shorewallrc=s' => \$shorewallrc,
|
||||||
'shorewallrc1=s' => \$shorewallrc1,
|
'shorewallrc1=s' => \$shorewallrc1,
|
||||||
@ -176,4 +180,5 @@ compiler( script => $ARGV[0] || '',
|
|||||||
inline => $inline,
|
inline => $inline,
|
||||||
tcrules => $tcrules,
|
tcrules => $tcrules,
|
||||||
routestopped => $routestopped,
|
routestopped => $routestopped,
|
||||||
|
notrack => $notrack
|
||||||
);
|
);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Actions File
|
# Shorewall version 5 - Actions File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/actions
|
# /etc/shorewall/actions
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Blacklist Rules File
|
# Shorewall version 5 - Blacklist Rules File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-blrules"
|
# For information about entries in this file, type "man shorewall-blrules"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - conntrack File
|
# Shorewall version 5 - conntrack File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-conntrack"
|
# For information about entries in this file, type "man shorewall-conntrack"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Findgw File
|
# Shorewall version 5 - Findgw File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/findgw
|
# /etc/shorewall/findgw
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Init File
|
# Shorewall version 5 - Init File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/init
|
# /etc/shorewall/init
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Interfaces File
|
# Shorewall version 5 - Interfaces File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-interfaces"
|
# For information about entries in this file, type "man shorewall-interfaces"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - lib.private File
|
# Shorewall version 5 - lib.private File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/lib.private
|
# /etc/shorewall/lib.private
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Mangle File
|
# Shorewall version 5 - Mangle File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-mangle"
|
# For information about entries in this file, type "man shorewall-mangle"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Nat File
|
# Shorewall version 5 - Nat File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-nat"
|
# For information about entries in this file, type "man shorewall-nat"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Params File
|
# Shorewall version 5 - Params File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/params
|
# /etc/shorewall/params
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Providers File
|
# Shorewall version 5 - Providers File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-providers"
|
# For information about entries in this file, type "man shorewall-providers"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - refresh File
|
# Shorewall version 5 - refresh File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/refresh
|
# /etc/shorewall/refresh
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Restored File
|
# Shorewall version 5 - Restored File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/restored
|
# /etc/shorewall/restored
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Routestopped File
|
# Shorewall version 5 - Routestopped File
|
||||||
#
|
#
|
||||||
# This file is deprecated in favor of the stoppedrules file
|
# This file is deprecated in favor of the stoppedrules file
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Rules File
|
# Shorewall version 5 - Rules File
|
||||||
#
|
#
|
||||||
# For information on the settings in this file, type "man shorewall-rules"
|
# For information on the settings in this file, type "man shorewall-rules"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Secmarks File
|
# Shorewall version 5 - Secmarks File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-secmarks"
|
# For information about entries in this file, type "man shorewall-secmarks"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Start File
|
# Shorewall version 5 - Start File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/start
|
# /etc/shorewall/start
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Stop File
|
# Shorewall version 5 - Stop File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/stop
|
# /etc/shorewall/stop
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - tcclear File
|
# Shorewall version 5 - tcclear File
|
||||||
#
|
#
|
||||||
# /etc/shorewall/tcclear
|
# /etc/shorewall/tcclear
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Tcfilters File
|
# Shorewall version 5 - Tcfilters File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-tcfilters"
|
# For information about entries in this file, type "man shorewall-tcfilters"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Tcpri File
|
# Shorewall version 5 - Tcpri File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-tcpri"
|
# For information about entries in this file, type "man shorewall-tcpri"
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# Shorewall version 4 - Tunnels File
|
# Shorewall version 5 - Tunnels File
|
||||||
#
|
#
|
||||||
# For information about entries in this file, type "man shorewall-tunnels"
|
# For information about entries in this file, type "man shorewall-tunnels"
|
||||||
#
|
#
|
||||||
|
@ -439,6 +439,7 @@ compiler() {
|
|||||||
[ -n "$g_tcrules" ] && options="$options --tcrules"
|
[ -n "$g_tcrules" ] && options="$options --tcrules"
|
||||||
[ -n "$g_inline" ] && options="$options --inline"
|
[ -n "$g_inline" ] && options="$options --inline"
|
||||||
[ -n "$g_routestopped" ] && options="$options --routestopped"
|
[ -n "$g_routestopped" ] && options="$options --routestopped"
|
||||||
|
[ -n "$g_notrack" ] && options="$options --notrack"
|
||||||
|
|
||||||
if [ -n "$PERL" ]; then
|
if [ -n "$PERL" ]; then
|
||||||
if [ ! -x "$PERL" ]; then
|
if [ ! -x "$PERL" ]; then
|
||||||
@ -849,12 +850,17 @@ update_command() {
|
|||||||
g_routestopped=Yes
|
g_routestopped=Yes
|
||||||
option=${option#s}
|
option=${option#s}
|
||||||
;;
|
;;
|
||||||
|
n*)
|
||||||
|
g_notrack=Yes
|
||||||
|
option=${option#n}
|
||||||
|
;;
|
||||||
A*)
|
A*)
|
||||||
g_inline=Yes
|
g_inline=Yes
|
||||||
g_convert=Yes
|
g_convert=Yes
|
||||||
g_directives=Yes
|
g_directives=Yes
|
||||||
g_tcrules=Yes
|
g_tcrules=Yes
|
||||||
g_routestopped=Yes
|
g_routestopped=Yes
|
||||||
|
g_notrack=Yes
|
||||||
option=${option#A}
|
option=${option#A}
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
Loading…
Reference in New Issue
Block a user