mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 01:53:27 +01:00
Corrections to Dynamic Zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@276 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
129cedbe8f
commit
1a0534f5c0
@ -3517,7 +3517,7 @@ add_to_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
[ -z "$hosts" ] && hosts=$newhost || hosts="$hosts $newhost"
|
[ -z "$hosts" ] && hosts=$newhost || hosts="$hosts $newhost"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
eval ${z}_hosts=$hosts
|
eval ${z}_hosts=\"$hosts\"
|
||||||
|
|
||||||
echo "$z $hosts" >> ${STATEDIR}/zones_$$
|
echo "$z $hosts" >> ${STATEDIR}/zones_$$
|
||||||
done < ${STATEDIR}/zones
|
done < ${STATEDIR}/zones
|
||||||
@ -3536,23 +3536,28 @@ add_to_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
do_iptables -A `input_chain $interface` -i $interface -s $host -j $chain
|
do_iptables -A `input_chain $interface` -i $interface -s $host -j $chain
|
||||||
else
|
else
|
||||||
source_chain=`forward_chain $interface`
|
source_chain=`forward_chain $interface`
|
||||||
eval dest_hosts=\$${z2}_hosts
|
eval dest_hosts=\"\$${z2}_hosts\"
|
||||||
|
|
||||||
for h in $dest_hosts; do
|
for h in $dest_hosts; do
|
||||||
do_iptables -A $source_chain -s $host -o ${h%:*} -d ${h#*:} -j $chain
|
iface=${h%:*}
|
||||||
|
hosts=${h#*:}
|
||||||
|
|
||||||
|
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
|
||||||
|
do_iptables -A $source_chain -s $host -o $iface -d $hosts -j $chain
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
elif [ "$z2" = "$zone" ]; then
|
elif [ "$z2" = "$zone" ]; then
|
||||||
if [ "$z1" = "$FW" ]; then
|
if [ "$z1" = "$FW" ]; then
|
||||||
do_iptables -I OUTPUT `output_rule_num` $num -o $interface -d $host -j $chain
|
do_iptables -I OUTPUT `output_rule_num` $num -o $interface -d $host -j $chain
|
||||||
else
|
else
|
||||||
eval source_hosts=\$${z1}_hosts
|
eval source_hosts=\"\$${z1}_hosts\"
|
||||||
|
|
||||||
for h in $source_hosts; do
|
for h in $source_hosts; do
|
||||||
iface=${h%:*}
|
iface=${h%:*}
|
||||||
hosts=${h#*:}
|
hosts=${h#*:}
|
||||||
|
|
||||||
if [ "$iface" != "$interface" ]; then
|
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
|
||||||
do_iptables -A `forward_chain $iface` -s $hosts -o $interface -d $host -j $chain
|
do_iptables -A `forward_chain $iface` -s $hosts -o $interface -d $host -j $chain
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -3583,7 +3588,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
hosts=
|
hosts=
|
||||||
|
|
||||||
for h in $temp; do
|
for h in $temp; do
|
||||||
if [ "$h" = "$temp" ]; then
|
if [ "$h" = "$newhost" ]; then
|
||||||
echo Yes
|
echo Yes
|
||||||
else
|
else
|
||||||
hosts="$hosts $h"
|
hosts="$hosts $h"
|
||||||
@ -3622,7 +3627,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
[ -z "`delete_from_zones_file`" ] && startup_error "Error: $1 not in zone $2"
|
[ -z "`delete_from_zones_file`" ] && startup_error "Error: $1 not in zone $2"
|
||||||
|
|
||||||
while read z hosts; do
|
while read z hosts; do
|
||||||
eval ${z}_hosts=$hosts
|
eval ${z}_hosts=\"$hosts\"
|
||||||
done < ${STATEDIR}/zones
|
done < ${STATEDIR}/zones
|
||||||
|
|
||||||
qt iptables -t nat -D PREROUTING -i $interface -s $host -j ${zone}_dnat
|
qt iptables -t nat -D PREROUTING -i $interface -s $host -j ${zone}_dnat
|
||||||
@ -3633,23 +3638,28 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
qt iptables -D `input_chain $interface` -i $interface -s $host -j $chain
|
qt iptables -D `input_chain $interface` -i $interface -s $host -j $chain
|
||||||
else
|
else
|
||||||
source_chain=`forward_chain $interface`
|
source_chain=`forward_chain $interface`
|
||||||
eval dest_hosts=\$${z2}_hosts
|
eval dest_hosts=\"\$${z2}_hosts\"
|
||||||
|
|
||||||
for h in $dest_hosts; do
|
for h in $dest_hosts $newhost; do
|
||||||
qt iptables -D $source_chain -s $host -o ${h%:*} -d ${h#*:} -j $chain
|
iface=${h%:*}
|
||||||
|
hosts=${h#*:}
|
||||||
|
|
||||||
|
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
|
||||||
|
qt iptables -D $source_chain -s $host -o $iface -d $hosts -j $chain
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
elif [ "$z2" = "$zone" ]; then
|
elif [ "$z2" = "$zone" ]; then
|
||||||
if [ "$z1" = "$FW" ]; then
|
if [ "$z1" = "$FW" ]; then
|
||||||
qt iptables -D OUTPUT -o $interface -d $host -j $chain
|
qt iptables -D OUTPUT -o $interface -d $host -j $chain
|
||||||
else
|
else
|
||||||
eval source_hosts=\$${z1}_hosts
|
eval source_hosts=\"\$${z1}_hosts\"
|
||||||
|
|
||||||
for h in $source_hosts; do
|
for h in $source_hosts; do
|
||||||
iface=${h%:*}
|
iface=${h%:*}
|
||||||
hosts=${h#*:}
|
hosts=${h#*:}
|
||||||
|
|
||||||
if [ "$iface" != "$interface" ]; then
|
if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
|
||||||
qt iptables -D `forward_chain $iface` -s $hosts -o $interface -d $host -j $chain
|
qt iptables -D `forward_chain $iface` -s $hosts -o $interface -d $host -j $chain
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user