extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-08 22:58:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Applied Fr�d�ric LESPEZ's patch for packet marking by user/group id

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1088 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-01-22 20:24:56 +00:00
parent 58ac5fd852
commit 22df211052
4 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/changelog.txt
View File

@ -2,3 +2,4 @@ Changes since 1.4.9
1) Implement destination list in masq file. 1) Implement destination list in masq file.
2) Appled Frédéric LESPEZ's patch for packet marking by user/group id.

25
Shorewall/firewall
View File

@ -1709,6 +1709,25 @@ process_tc_rule()
esac esac
fi fi
if [ "x$user" != "x-" ]; then
[ "$chain" != tcout ] && \
fatal_error "Invalid use of a user/group: rule \"$rule\""
case "$user" in
*:*)
r="$r-m owner"
temp="${user%:*}"
[ -n "$temp" ] && r="$r --uid-owner $temp "
temp="${user#*:}"
[ -n "$temp" ] && r="$r --gid-owner $temp "
;;
*)
r="$r-m owner --uid-owner $user "
;;
esac
fi
[ "x$dest" = "x-" ] || r="${r}-d $dest " [ "x$dest" = "x-" ] || r="${r}-d $dest "
[ "$proto" = "all" ] || r="${r}-p $proto " [ "$proto" = "all" ] || r="${r}-p $proto "
[ "x$port" = "x-" ] || r="${r}--dport $port " [ "x$port" = "x-" ] || r="${r}--dport $port "
@ -1767,9 +1786,9 @@ setup_tc1() {
# #
strip_file tcrules strip_file tcrules
while read mark sources dests proto ports sports; do while read mark sources dests proto ports sports user; do
expandv mark sources dests proto ports sports expandv mark sources dests proto ports sports user
rule=`echo "$mark $sources $dests $proto $ports $sports"` rule=`echo "$mark $sources $dests $proto $ports $sports $user"`
process_tc_rule process_tc_rule
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
# #

15
Shorewall/releasenotes.txt
View File

@ -20,3 +20,18 @@ New Features:
If the list begins with "!" then SNAT will occur only if the If the list begins with "!" then SNAT will occur only if the
destination IP address is NOT included in the list. destination IP address is NOT included in the list.
2) Output traffic control rules (those with the firewall as the source)
may now be qualified by the effective userid and/or effective group
id of the program generating the output. This feature is courtesy of
Frédéric LESPEZ.
A new USER column has been added to /etc/shorewall/tcrules.
It may contain :
[<user name or number>]:[<group name or number>]
The colon is optionnal when specifying only a user.
Examples : john: / john / :users / john:users

17
Shorewall/tcrules
View File

@ -57,7 +57,22 @@
# any source port is acceptable. Specified as a comma- # any source port is acceptable. Specified as a comma-
# separated list of port names, port numbers or port # separated list of port names, port numbers or port
# ranges. # ranges.
#
# USER This column may only be non-empty if the SOURCE is
# the firewall itself.
#
# When this column is non-empty, the rule applies only
# if the program generating the output is running under
# the effective user and/or group.
#
# It may contain :
#
# [<user name or number>]:[<group name or number>]
#
# The colon is optionnal when specifying only a user.
# Examples : john: / john / :users / john:users
#
############################################################################## ##############################################################################
#MARK SOURCE DEST PROTO PORT(S) CLIENT #MARK SOURCE DEST PROTO PORT(S) CLIENT USER
# PORT(S) # PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE