extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

'shorewall check' now checks the masq file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2592 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-30 15:54:29 +00:00
parent e783315471
commit 124af9a046
4 changed files with 44 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,6 +4,8 @@ Changes in 2.5.4
2) Fix some ghastly bugs in macros. 2) Fix some ghastly bugs in macros.
3) "shorewall check" now checks the masq file.
Changes in 2.5.3 Changes in 2.5.3
1) Allow exclusion lists in /etc/shorewall/tcrules. 1) Allow exclusion lists in /etc/shorewall/tcrules.

62
Shorewall/firewall
View File

@ -3681,6 +3681,9 @@ check_config() {
process_actions2 process_actions2
process_actions3 process_actions3
masq=$(find_file masq)
[ -f $masq ] && setup_masq $masq
rm -rf $TMP_DIR rm -rf $TMP_DIR
[ -n "$RESTOREBASE" ] && rm -f $RESTOREBASE [ -n "$RESTOREBASE" ] && rm -f $RESTOREBASE
@ -6672,15 +6675,20 @@ setup_masq()
case $destnets in case $destnets in
!*) !*)
destnets=${destnets#!} destnets=${destnets#!}
build_exclusion_chain newchain nat "$nomasq" "$destnets"
if [ -n "$networks" ]; then if [ $COMMAND != check ]; then
for s in $networks; do build_exclusion_chain newchain nat "$nomasq" "$destnets"
addnatrule $chain $(source_ip_range $s) $proto $ports $policy -j $newchain
done if [ -n "$networks" ]; then
networks= for s in $networks; do
addnatrule $chain $(source_ip_range $s) $proto $ports $policy -j $newchain
done
networks=
else
addnatrule $chain -j $newchain
fi
else else
addnatrule $chain -j $newchain networks=
fi fi
chain=$newchain chain=$newchain
@ -6693,18 +6701,20 @@ setup_masq()
;; ;;
*) *)
if [ -n "$nomasq" ]; then if [ -n "$nomasq" ]; then
build_exclusion_chain newchain nat $nomasq if [ $COMMAND != check ]; then
build_exclusion_chain newchain nat $nomasq
if [ -n "$networks" ]; then if [ -n "$networks" ]; then
for s in $networks; do for s in $networks; do
for destnet in $(separate_list $destnets); do for destnet in $(separate_list $destnets); do
addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports $policy -j $newchain addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports $policy -j $newchain
done
done done
done else
else for destnet in $(separate_list $destnets); do
for destnet in $(separate_list $destnets); do addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $newchain
addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $newchain done
done fi
fi fi
chain=$newchain chain=$newchain
@ -6755,9 +6765,11 @@ setup_masq()
if [ -n "$networks" ]; then if [ -n "$networks" ]; then
for network in $networks; do for network in $networks; do
for destnet in $(separate_list $destnets); do if [ $COMMAND != check ]; then
addnatrule $chain $(both_ip_ranges $network $destnet) $proto $ports $policy -j $target $addrlist for destnet in $(separate_list $destnets); do
done addnatrule $chain $(both_ip_ranges $network $destnet) $proto $ports $policy -j $target $addrlist
done
fi
if [ -n "$addresses" ]; then if [ -n "$addresses" ]; then
progress_message " To $destination $displayproto from $network through ${interface} using $addresses" progress_message " To $destination $displayproto from $network through ${interface} using $addresses"
@ -6766,9 +6778,11 @@ setup_masq()
fi fi
done done
else else
for destnet in $(separate_list $destnets); do if [ $COMMAND != check ]; then
addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist for destnet in $(separate_list $destnets); do
done addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist
done
fi
if [ -n "$addresses" ]; then if [ -n "$addresses" ]; then
progress_message " To $destination $displayproto from $source through ${interface} using $addresses" progress_message " To $destination $displayproto from $source through ${interface} using $addresses"
@ -6783,7 +6797,7 @@ setup_masq()
if [ -n "$NAT_ENABLED" ]; then if [ -n "$NAT_ENABLED" ]; then
echo "Masqueraded Networks and Hosts:" echo "Masqueraded Networks and Hosts:"
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring Masquerading/SNAT..." [ -n "$RETAIN_ALIASES" -o $COMMAND = check ] || save_progress_message "Restoring Masquerading/SNAT..."
fi fi
while read fullinterface networks addresses proto ports ipsec; do while read fullinterface networks addresses proto ports ipsec; do

2
Shorewall/help
View File

@ -74,7 +74,7 @@ allow)
check) check)
echo "check: check [ <configuration-directory> ] echo "check: check [ <configuration-directory> ]
Performs a cursory validation of the zones, interfaces, hosts, Performs a cursory validation of the zones, interfaces, hosts,
rules and policy files. Use this if you are unsure of any edits rules, policy and masq files. Use this if you are unsure of any edits
you have made to the shorewall configuration. See the try command you have made to the shorewall configuration. See the try command
examples for a recommended way to make changes." examples for a recommended way to make changes."
;; ;;

3
Shorewall/releasenotes.txt
View File

@ -29,6 +29,9 @@ New Features in Shorewall 2.5.4
Now, $1 = these, $2 = are and $3 = parameters Now, $1 = these, $2 = are and $3 = parameters
2) The "shorewall check" command now checks the /etc/shorewall/masq
file.
Problems Corrected in 2.5.3: Problems Corrected in 2.5.3:
1) The Netfilter 'raw' table is now cleared during "shorewall stop", 1) The Netfilter 'raw' table is now cleared during "shorewall stop",