extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 16:13:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix DYNAMIC_ZONES=Yes and the new bridge code

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6598 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-19 15:45:39 +00:00
parent ae3dadd94e
commit 17f9137693
5 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 4.0.0 Beta 6
3) Improve compiler selection. 3) Improve compiler selection.
4) DYNAMIC_ZONES=Yes and bridges.
Changes in 4.0.0 Beta 5 Changes in 4.0.0 Beta 5
1) Fix undefined function call when both an input interface and an 1) Fix undefined function call when both an input interface and an

18
Shorewall-common/firewall
View File

@ -1,16 +1,11 @@
#!/bin/sh #!/bin/sh
# #
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.4 # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.0
# #
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
# #
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net) # (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
# #
# tcstart from tc4shorewall Version 0.5
# (c) 2005 Arne Bernin <arne@ucbering.de>
# Modified by Tom Eastep for integration into the Shorewall distribution
# published under GPL Version 2#
#
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
@ -31,14 +26,13 @@
# #
# Commands are: # Commands are:
# #
# shorewall restart Restarts the firewall # firewall stop Stops the firewall
# shorewall stop Stops the firewall # firewall reset Resets iptables packet and
# shorewall reset Resets iptables packet and
# byte counts # byte counts
# shorewall clear Remove all Shorewall chains # firewall clear Remove all Shorewall chains
# and rules/policies. # and rules/policies.
# shorewall add <iface>[:<host>] zone Adds a host or subnet to a zone # firewall add <iface>[:<host>] zone Adds a host or subnet to a zone
# shorewall delete <iface>[:<host>] zone Deletes a host or subnet from a zone # firewall delete <iface>[:<host>] zone Deletes a host or subnet from a zone
# #
# Mutual exclusion -- These functions are jackets for the mutual exclusion # Mutual exclusion -- These functions are jackets for the mutual exclusion
# routines in $FUNCTIONS. They invoke # routines in $FUNCTIONS. They invoke

22
Shorewall-common/lib.config
View File

@ -291,6 +291,12 @@ determine_zones()
done done
FW=$zone FW=$zone
;; ;;
bport|bport4)
[ "$PROGRAM" = compiler ] && startup_error "Invalid Zone Type: $type"
list_search $zone $ZONES $FW && startup_error "Zone $zone is defined more than once"
merge_zone
IPV4_ZONES="$IPV4_ZONES $zone"
;;
*) *)
startup_error "Invalid Zone Type: $type" startup_error "Invalid Zone Type: $type"
;; ;;
@ -333,8 +339,20 @@ validate_interfaces_file() {
wildcard= wildcard=
case $interface in case $interface in
*:*|+) *:*)
startup_error "Invalid Interface Name: $interface" if [ "$PROGRAM" != compiler ]; then
#
# Assume that this is 4.0 syntax for a bridge
#
local bridge=${interface%:*}
list_search $bridge $ALL_INTERFACES || startup_error "Unknown Interface: $bridge"
interface=${interface#*:}
else
startup_error "Invalid Interface Name: $interface"
fi
;;
+)
startup_error "Invalid Interface Name: +"
;; ;;
*+) *+)
wildcard=Yes wildcard=Yes

6
Shorewall-common/releasenotes.txt
View File

@ -21,6 +21,12 @@ Problems corrected in 4.0.0 Beta 6.
/etc/shorewall/maclist entry would cause Perl error messages to be /etc/shorewall/maclist entry would cause Perl error messages to be
issued. issued.
2) Shorewall-perl now catches invalid interface names in the
/etc/shorewall/routestopped file.
3) The new bridge implementation introduced with Beta 5 now works with
DYNAMIC_ZONES=Yes.
Other changes in Shorewall 4.0.0 Beta 6 Other changes in Shorewall 4.0.0 Beta 6
1) When a Shorewall release includes detection of an additional 1) When a Shorewall release includes detection of an additional

1
Shorewall-perl/Shorewall/Interfaces.pm
View File

@ -245,7 +245,6 @@ sub validate_interfaces_file( $ )
fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge}; fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge};
fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/; fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4'; fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4';
fatal_error "Bridge Ports are not compatible with DYNAMIC_ZONES=Yes" if $config{DYNAMIC_ZONES};
if ( $zone ) { if ( $zone ) {
if ( $zoneref->{bridge} ) { if ( $zoneref->{bridge} ) {