extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-23 19:21:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make comments persistent

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4657 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-10 15:46:21 +00:00
parent ff1761c868
commit 2b4e9fc8c9
6 changed files with 25 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/compiler
View File

@ -892,10 +892,6 @@ setup_tc1() {
else else
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos") rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
process_tc_rule process_tc_rule
if [ -n "$comment" ]; then
comment=
save_command COMMENT=
fi
fi fi
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
fi fi
@ -1035,10 +1031,6 @@ __EOF__
expandv mark sources dests proto ports sports user testval tos expandv mark sources dests proto ports sports user testval tos
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $tos") rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $tos")
process_tc_rule process_tc_rule
if [ -n "$comment" ]; then
comment=
save_command COMMENT=
fi
fi fi
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
fi fi
@ -2831,11 +2823,6 @@ process_rules()
esac esac
if [ -n "$comment" ]; then
comment=
save_command COMMENT=
fi
done < $TMP_DIR/rules done < $TMP_DIR/rules
# #
# Just in case the file ended with a comment # Just in case the file ended with a comment

8
Shorewall/lib.nat
View File

@ -442,10 +442,6 @@ __EOF__
fi fi
else else
setup_one setup_one
if [ -n "$comment" ]; then
comment=
save_command COMMENT=
fi
fi fi
else else
error_message "WARNING: NAT disabled; masq rule ignored" error_message "WARNING: NAT disabled; masq rule ignored"
@ -540,10 +536,6 @@ setup_nat() {
fi fi
else else
do_one_nat do_one_nat
if [ -n "$comment" ]; then
comment=
save_command COMMENT=
fi
fi fi
progress_message_and_save " Host $internal NAT $external on $interface" progress_message_and_save " Host $internal NAT $external on $interface"
done < $TMP_DIR/nat done < $TMP_DIR/nat

7
Shorewall/nat
View File

@ -18,10 +18,13 @@
# #
# If you put COMMENT in this column, the rest of the # If you put COMMENT in this column, the rest of the
# line will be attached as a comment to the Netfilter # line will be attached as a comment to the Netfilter
# rule(s) generated by the next entry in the file. # rule(s) generated by the following entries in the
# The comment will appear delimited by "/* ... */" # file. The comment will appear delimited by "/* ... */"
# in the output of "shorewall show nat" # in the output of "shorewall show nat"
# #
# To stop the comment from being attached to further
# rules, simply include COMMENT on a line by itself.
#
# INTERFACE Interface that has the EXTERNAL address. # INTERFACE Interface that has the EXTERNAL address.
# If ADD_IP_ALIASES=Yes in shorewall.conf, Shorewall # If ADD_IP_ALIASES=Yes in shorewall.conf, Shorewall
# will automatically add the EXTERNAL address to this # will automatically add the EXTERNAL address to this

14
Shorewall/releasenotes.txt
View File

@ -77,7 +77,11 @@ Other changes in 3.3.3
/etc/shorewall/rules, /etc/shorewall/tcrules, /etc/shorewall/nat /etc/shorewall/rules, /etc/shorewall/tcrules, /etc/shorewall/nat
and /etc/shorewall/masq files. The remainder of the line is treated and /etc/shorewall/masq files. The remainder of the line is treated
as a comment and it will be attached as a Netfilter comment to the as a comment and it will be attached as a Netfilter comment to the
rule(s) generated by the next entry in the file. rule(s) generated by the following entries in the file.
To stop the comment from being attached to further rules, simply
include COMMENT on a line by itself.
If you do not have Comment support in your iptables/kernel (see the If you do not have Comment support in your iptables/kernel (see the
output of "shorewall[-lite] show capabilities") then COMMENTS are output of "shorewall[-lite] show capabilities") then COMMENTS are
@ -89,17 +93,19 @@ Other changes in 3.3.3
#SOURCE SOURCE DEST PROTO DEST PORT(S) #SOURCE SOURCE DEST PROTO DEST PORT(S)
COMMENT Stop Microsoft Crap COMMENT Stop Microsoft Crud
REJECT loc net tcp 137,445 REJECT loc net tcp 137,445
REJECT loc net udp 137:139 REJECT loc net udp 137:139
COMMENT
The output of "shorewall show loc2net" includes (folded): The output of "shorewall show loc2net" includes (folded):
0 0 reject tcp -- * * 0.0.0.0/0 0 0 reject tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 137,445 /* Stop Microsoft crap */ 0.0.0.0/0 multiport dports 137,445 /* Stop Microsoft crud */
0 0 reject udp -- * * 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:137:139 0.0.0.0/0 udp dpts:137:139 /* Stop Microsoft crud */
Migration Considerations: Migration Considerations:

9
Shorewall/rules
View File

@ -115,10 +115,13 @@
# (http://p2pwall.sf.net). # (http://p2pwall.sf.net).
# COMMENT -- the rest of the line will be attached # COMMENT -- the rest of the line will be attached
# as a comment to the Netfilter rule(s) # as a comment to the Netfilter rule(s)
# generated by the following entry. The # generated by the following entres.
# comment will appear delimited by # The comment will appear delimited by
# "/* ... */" in the output of # "/* ... */" in the output of
# "shorewall show <chain>" # "shorewall show <chain>". To stop
# the comment from being attached to
# further rules, simply include
# COMMENT on a line by itself.
# <action> -- The name of an action defined in # <action> -- The name of an action defined in
# /etc/shorewall/actions or in # /etc/shorewall/actions or in
# /usr/share/shorewall/actions.std. # /usr/share/shorewall/actions.std.

5
Shorewall/tcrules
View File

@ -105,10 +105,13 @@
# #
# e) COMMENT -- the rest of the line will be attached as # e) COMMENT -- the rest of the line will be attached as
# a comment to the Netfilter rule(s) generated by the # a comment to the Netfilter rule(s) generated by the
# following entry. The comment will appear delimited # following entries. The comment will appear delimited
# by "/* ... */" in the output of "shorewall show # by "/* ... */" in the output of "shorewall show
# mangle" # mangle"
# #
# To stop the comment from being attached to further
# rules, simply include COMMENT on a line by itself.
#
# SOURCE Source of the packet. A comma-separated list of # SOURCE Source of the packet. A comma-separated list of
# interface names, IP addresses, MAC addresses and/or # interface names, IP addresses, MAC addresses and/or
# subnets for packets being routed through a common path. # subnets for packets being routed through a common path.