mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-23 14:08:45 +01:00
Retain UPnP and dynamic blacklist over 'restart'
This commit is contained in:
parent
f412f96153
commit
25c0e3c7b3
@ -868,7 +868,8 @@ sub allowInvalid ( $$$ ) {
|
||||
}
|
||||
|
||||
sub forwardUPnP ( $$$ ) {
|
||||
dont_optimize 'forwardUPnP';
|
||||
my $chainref = dont_optimize 'forwardUPnP';
|
||||
add_commands( $chainref , '[ -f ${VARDIR}/forwardUPnP ] && cat ${VARDIR}/forwardUPnP >&3' );
|
||||
}
|
||||
|
||||
sub allowinUPnP ( $$$ ) {
|
||||
|
@ -427,6 +427,48 @@ sub generate_script_3($) {
|
||||
' run_init_exit',
|
||||
'fi',
|
||||
'' );
|
||||
|
||||
emit ( 'if [ "$COMMAND" = restart -o "$COMMAND" = restore ]; then' );
|
||||
push_indent;
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
emit( 'local iptables_save' ,
|
||||
'iptables_save=${IPTABLES}-save' );
|
||||
} else {
|
||||
emit( 'local iptables_save' ,
|
||||
'iptables_save=${IP6TABLES}-save' );
|
||||
}
|
||||
|
||||
emit ( q(if chain_exists "UPnP -t nat"; then) ,
|
||||
q( $iptables_save -t nat | grep '^-A UPnP ' > ${VARDIR}/UPnP) ,
|
||||
q(else) ,
|
||||
q( rm -f ${VARDIR}/UPnP) ,
|
||||
q(fi) ,
|
||||
'' ,
|
||||
q(if chain_exists forwardUPnP; then) ,
|
||||
q( $iptables_save -t filter | grep '^-A forwardUPnP ' > ${VARDIR}/forwardUPnP) ,
|
||||
q(else) ,
|
||||
q( rm -f ${VARDIR}/forwardUPnP) ,
|
||||
q(fi) ,
|
||||
'' ,
|
||||
q(if chain_exists dynamic; then) ,
|
||||
q( $iptables_save -t filter | grep '^-A dynamic ' > ${VARDIR}/dynamic) ,
|
||||
q(else) ,
|
||||
q( rm -f ${VARDIR}/dynamic) ,
|
||||
q(fi)
|
||||
);
|
||||
|
||||
pop_indent;
|
||||
emit ( 'else' );
|
||||
push_indent;
|
||||
|
||||
emit ( 'rm -f ${VARDIR}/UPnP' );
|
||||
emit ( 'rm -f ${VARDIR}/forwardUPnP' );
|
||||
|
||||
pop_indent;
|
||||
|
||||
emit ( 'fi' ,
|
||||
'' );
|
||||
|
||||
mark_firewall_not_started;
|
||||
|
||||
|
@ -443,6 +443,7 @@ sub add_common_rules() {
|
||||
add_rule_pair dont_delete( new_standard_chain( 'logreject' ) ), ' ' , 'reject' , $level ;
|
||||
$chainref = dont_optimize( new_standard_chain( 'dynamic' ) );
|
||||
add_jump $filter_table->{$_}, $chainref, 0, $state for qw( INPUT FORWARD );
|
||||
add_commands( $chainref, '[ -f ${VARDIR}/dynamic ] && cat ${VARDIR}/dynamic >&3' );
|
||||
}
|
||||
|
||||
setup_mss;
|
||||
@ -647,7 +648,9 @@ sub add_common_rules() {
|
||||
if ( @$list ) {
|
||||
progress_message2 "$doing UPnP";
|
||||
|
||||
dont_optimize new_nat_chain( 'UPnP' );
|
||||
$chainref = dont_optimize new_nat_chain( 'UPnP' );
|
||||
|
||||
add_commands( $chainref, '[ -s /${VARDIR}/UPnP ] && cat ${VARDIR}/UPnP >&3' );
|
||||
|
||||
$announced = 1;
|
||||
|
||||
|
@ -1186,6 +1186,7 @@ sub find_interfaces_by_option1( $ ) {
|
||||
for my $interface ( keys %interfaces ) {
|
||||
my $interfaceref = $interfaces{$interface};
|
||||
|
||||
next unless defined $interfaceref->{physical};
|
||||
next if $interfaceref->{physical} =~ /\+/;
|
||||
|
||||
my $optionsref = $interfaceref->{options};
|
||||
|
Loading…
Reference in New Issue
Block a user