extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-30 06:28:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Stage handles Shorewall6; fix IPv6 ENHANCED_REJECT handling in -perl

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8979 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-10 22:50:29 +00:00
parent 41fcf84109
commit 2bbb417330
4 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Config.pm
View File

@ -1752,7 +1752,7 @@ sub determine_capabilities( $ ) {
$capabilities{IPP2P_MATCH} = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --edk -j ACCEPT" ); $capabilities{IPP2P_MATCH} = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --edk -j ACCEPT" );
$capabilities{LENGTH_MATCH} = qt1( "$iptables -A $sillyname -m length --length 10:20 -j ACCEPT" ); $capabilities{LENGTH_MATCH} = qt1( "$iptables -A $sillyname -m length --length 10:20 -j ACCEPT" );
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp-host-prohibited" ); $capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp6-admt-prohibited" );
$capabilities{COMMENTS} = qt1( qq($iptables -A $sillyname -j ACCEPT -m comment --comment "This is a comment" ) ); $capabilities{COMMENTS} = qt1( qq($iptables -A $sillyname -j ACCEPT -m comment --comment "This is a comment" ) );
if ( $capabilities{MANGLE_ENABLED} ) { if ( $capabilities{MANGLE_ENABLED} ) {

10
Shorewall-perl/Shorewall/Rules.pm
View File

@ -581,8 +581,14 @@ sub add_common_rules() {
if ( $capabilities{ENHANCED_REJECT} ) { if ( $capabilities{ENHANCED_REJECT} ) {
add_rule $rejectref , '-p 17 -j REJECT'; add_rule $rejectref , '-p 17 -j REJECT';
add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited'; if ( $family == F_IPV4 ) {
add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
} else {
add_rule $rejectref, '-p 58 -j REJECT --reject-with icmp6-addr-unreachable';
add_rule $rejectref, '-j REJECT --reject-with icmp6-adm-prohibited';
}
} else { } else {
add_rule $rejectref , '-j REJECT'; add_rule $rejectref , '-j REJECT';
} }

2
Shorewall6/lib.base
View File

@ -805,7 +805,7 @@ determine_capabilities() {
qt $IP6TABLES -A $chain -p tcp -m ipp2p --edk -j ACCEPT && IPP2P_MATCH=Yes qt $IP6TABLES -A $chain -p tcp -m ipp2p --edk -j ACCEPT && IPP2P_MATCH=Yes
qt $IP6TABLES -A $chain -m length --length 10:20 -j ACCEPT && LENGTH_MATCH=Yes qt $IP6TABLES -A $chain -m length --length 10:20 -j ACCEPT && LENGTH_MATCH=Yes
qt $IP6TABLES -A $chain -j REJECT --reject-with icmp-host-prohibited && ENHANCED_REJECT=Yes qt $IP6TABLES -A $chain -j REJECT --reject-with icmp6-adm-prohibited && ENHANCED_REJECT=Yes
qt $IP6TABLES -A $chain -j ACCEPT -m comment --comment "This is a comment" && COMMENTS=Yes qt $IP6TABLES -A $chain -j ACCEPT -m comment --comment "This is a comment" && COMMENTS=Yes

25
tools/build/stage
View File

@ -30,7 +30,9 @@ usage() {
} }
rpm= rpm=
rpm6=
literpm= literpm=
lite6rpm=
perlrpm= perlrpm=
shellrpm= shellrpm=
@ -45,6 +47,8 @@ UPLOADSHELL=
UPLOADLITE= UPLOADLITE=
UPLOADXML= UPLOADXML=
UPLOADHTML= UPLOADHTML=
UPLOAD6=
UPLOAD6LITE=
PARTIAL=Yes PARTIAL=Yes
BASE= BASE=
@ -101,6 +105,14 @@ while [ -z "$done" ]; do
UPLOADHTML=Yes UPLOADHTML=Yes
option=${option#h} option=${option#h}
;; ;;
6*)
UPLOAD6=Yes
option=${option#6}
;;
L*)
UPLOAD6LITE=Yes
option=${option#L}
;;
*) *)
usage usage
;; ;;
@ -153,6 +165,17 @@ case $1 in
shellrpm=shorewall-shell-${1}-0base.noarch.rpm shellrpm=shorewall-shell-${1}-0base.noarch.rpm
BASE=Yes BASE=Yes
;; ;;
4.3.*)
DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
SHOREWALL=shorewall-common
rpm=shorewall-common-${1}-0base.noarch.rpm
literpm=shorewall-lite-${1}-0base.noarch.rpm
perlrpm=shorewall-perl-${1}-0base.noarch.rpm
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
rpm6=shorewall6-${1}-0base.noarch.rpm
lite6rpm=shorewall6-lite-${1}-0base.noarch.rpm
BASE=Yes
;;
3.*[13579].*) 3.*[13579].*)
DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1" DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
rpm=shorewall-${1}-1.noarch.rpm rpm=shorewall-${1}-1.noarch.rpm
@ -215,10 +238,12 @@ fi
files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*" files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
base= base=
[ -n "$UPLOAD6" ] && base="shorewall6-${1}.tar.*" && files="$files shorewall6-${1}.* $rpm6"
[ -n "$UPLOADPERL" ] && base="shorewall-perl-${1}.tar.*" && files="$files shorewall-perl-${1}.* $perlrpm" [ -n "$UPLOADPERL" ] && base="shorewall-perl-${1}.tar.*" && files="$files shorewall-perl-${1}.* $perlrpm"
[ -n "$UPLOADCOMMON" ] && base="$base shorewall-common-${1}.tar.*" && files="$files shorewall-common-${1}.* $rpm" [ -n "$UPLOADCOMMON" ] && base="$base shorewall-common-${1}.tar.*" && files="$files shorewall-common-${1}.* $rpm"
[ -n "$UPLOADSHELL" ] && base="$base shorewall-shell-${1}.tar.*" && files="$files shorewall-shell-${1}.* $shellrpm" [ -n "$UPLOADSHELL" ] && base="$base shorewall-shell-${1}.tar.*" && files="$files shorewall-shell-${1}.* $shellrpm"
[ -n "$UPLOADLITE" ] && base="$base shorewall-lite-${1}.tar.*" && files="$files shorewall-lite-${1}.* $literpm" [ -n "$UPLOADLITE" ] && base="$base shorewall-lite-${1}.tar.*" && files="$files shorewall-lite-${1}.* $literpm"
[ -n "$UPLOAD6LITE" ] && base="$base shorewall6-lite-${1}.tar.*" && files="$files shorewall6-lite-${1}.* $lite6rpm"
[ -n "$UPLOADXML" ] && base="$base shorewall-docs-xml-${1}.tar.*" && files="$files shorewall-docs-xml-${1}.* $literpm" [ -n "$UPLOADXML" ] && base="$base shorewall-docs-xml-${1}.tar.*" && files="$files shorewall-docs-xml-${1}.* $literpm"
[ -n "$UPLOADHTML" ] && base="$base shorewall-docs-html-${1}.tar.*" && files="$files shorewall-docs-html-${1}.* $literpm" [ -n "$UPLOADHTML" ] && base="$base shorewall-docs-html-${1}.tar.*" && files="$files shorewall-docs-html-${1}.* $literpm"