extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename rfc1918 mangle chain

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@90 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-06-21 17:20:18 +00:00
parent 115e052f12
commit 2bcb33a34d
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/firewall
View File

@ -2574,6 +2574,10 @@ initialize_netfilter () {
# Construct zone-independent rules #
################################################################################
add_common_rules() {
logdisp() # $1 = Chain Name
{
echo "LOG --log-prefix "Shorewall:$1{1}:DROP:" --log-level info"
}
############################################################################
# Reject Rules
#
@ -2661,13 +2665,11 @@ add_common_rules() {
echo "Enabling RFC1918 Filtering"
strip_file rfc1918
disp="LOG --log-prefix "Shorewall:rfc1918:DROP:" --log-level info"
createchain rfc1918 no
createchain logdrop no
run_iptables -A logdrop -j $disp
run_iptables -A logdrop -j `logdisp rfc1818`
run_iptables -A logdrop -j DROP
if [ -n "$MANGLE_ENABLED" ]; then
@ -2678,9 +2680,9 @@ add_common_rules() {
#
# Also add a chain to log and drop any RFC1918 packets that we find
#
run_iptables -t mangle -N rfc1918
run_iptables -t mangle -N man1918
run_iptables -t mangle -N logdrop
run_iptables -t mangle -A logdrop -j $disp
run_iptables -t mangle -A logdrop -j `logdisp man1918`
run_iptables -t mangle -A logdrop -j DROP
fi
@ -2691,7 +2693,7 @@ add_common_rules() {
# RFC1918 destination
#
if [ -n "$MANGLE_ENABLED" ]; then
run_iptables -t mangle -A rfc1918 -d $subnet -j $target
run_iptables -t mangle -A man1918 -d $subnet -j $target
fi
done < $TMP_DIR/rfc1918
@ -2701,7 +2703,7 @@ add_common_rules() {
done
[ -n "$MANGLE_ENABLED" ] && \
run_iptables -t mangle -A PREROUTING -i $interface -j rfc1918
run_iptables -t mangle -A PREROUTING -i $interface -j man1918
done
fi

4
Shorewall/releasenotes.txt
View File

@ -5,6 +5,10 @@ In this release:
1. Entries in /etc/shorewall/interface that use the wildcard character
("+") now have the "multi" option assumed.
2. The 'rfc1918' chain in the mangle table has been renamed 'man1918'
to make log messages generated from that chain distinguishable from
those generated by the 'rfc1918' chain in the filter table.