extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 12:13:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Work around RH7.3 'service' anomaly

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-06-18 18:26:05 +00:00
parent ae42fcdbe6
commit 170c3df6c4
3 changed files with 7 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/changelog.txt
View File

@ -1,15 +1,3 @@
Changes since 1.4.4b Changes since 1.4.5
1) The command "shorewall debug try <directory>" now correctly traces
the attempt.
2) The ORIGINAL DEST column in a DNAT[-] or REDIRECT[-] rule may now
contain a list of addresses. If the list begins with "!' then the
rule will take effect only if the original destination address in
the connection request does not match any of the addresses listed.
3) Enhanced processing of the zones file to allow the INCLUDE
directive.
4) Fix processing of the routestopped file's second column.
1) Worked around RH7.3 "service" anomaly.

5
Shorewall/firewall
View File

@ -233,8 +233,7 @@ createchain() # $1 = chain name, $2 = If "yes", create default rules
run_iptables -N $1 run_iptables -N $1
if [ $2 = yes ]; then if [ $2 = yes ]; then
state="ESTABLISHED,RELATED" run_iptables -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
run_iptables -A $1 -m state --state $state -j ACCEPT
[ -z "$NEWNOTSYN" ] && \ [ -z "$NEWNOTSYN" ] && \
run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
fi fi
@ -3207,7 +3206,7 @@ load_kernel_modules() {
# Verify that the 'ip' program is installed # Verify that the 'ip' program is installed
verify_ip() { verify_ip() {
qt which ip ||\ qt ip link ls ||\
startup_error "Shorewall $version requires the iproute package ('ip' utility)" startup_error "Shorewall $version requires the iproute package ('ip' utility)"
} }

16
Shorewall/releasenotes.txt
View File

@ -2,19 +2,9 @@ This is a minor release of Shorewall.
Problems Corrected: Problems Corrected:
1) The command "shorewall debug try <directory>" now correctly traces 1) A problem seen on RH7.3 systems where Shorewall encountered start
the attempt. errors when started using the "service" mechanism has been worked
around.
2) The INCLUDE directive now works properly in the zones file;
previously, INCLUDE in that file was ignored.
3) /etc/shorewall/routestopped records with an empty second column are no
longer ignored.
New Features: New Features:
1) The ORIGINAL DEST column in a DNAT[-] or REDIRECT[-] rule may now
contain a list of addresses. If the list begins with "!' then the
rule will take effect only if the original destination address in
the connection request does not match any of the addresses listed.