extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-16 17:51:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename rfc1918 mangle chain

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@90 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-06-21 17:20:18 +00:00
parent 115e052f12
commit 2bcb33a34d
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/firewall
View File

@ -2574,6 +2574,10 @@ initialize_netfilter () {
# Construct zone-independent rules # # Construct zone-independent rules #
################################################################################ ################################################################################
add_common_rules() { add_common_rules() {
logdisp() # $1 = Chain Name
{
echo "LOG --log-prefix "Shorewall:$1{1}:DROP:" --log-level info"
}
############################################################################ ############################################################################
# Reject Rules # Reject Rules
# #
@ -2662,12 +2666,10 @@ add_common_rules() {
strip_file rfc1918 strip_file rfc1918
disp="LOG --log-prefix "Shorewall:rfc1918:DROP:" --log-level info"
createchain rfc1918 no createchain rfc1918 no
createchain logdrop no createchain logdrop no
run_iptables -A logdrop -j $disp run_iptables -A logdrop -j `logdisp rfc1818`
run_iptables -A logdrop -j DROP run_iptables -A logdrop -j DROP
if [ -n "$MANGLE_ENABLED" ]; then if [ -n "$MANGLE_ENABLED" ]; then
@ -2678,9 +2680,9 @@ add_common_rules() {
# #
# Also add a chain to log and drop any RFC1918 packets that we find # Also add a chain to log and drop any RFC1918 packets that we find
# #
run_iptables -t mangle -N rfc1918 run_iptables -t mangle -N man1918
run_iptables -t mangle -N logdrop run_iptables -t mangle -N logdrop
run_iptables -t mangle -A logdrop -j $disp run_iptables -t mangle -A logdrop -j `logdisp man1918`
run_iptables -t mangle -A logdrop -j DROP run_iptables -t mangle -A logdrop -j DROP
fi fi
@ -2691,7 +2693,7 @@ add_common_rules() {
# RFC1918 destination # RFC1918 destination
# #
if [ -n "$MANGLE_ENABLED" ]; then if [ -n "$MANGLE_ENABLED" ]; then
run_iptables -t mangle -A rfc1918 -d $subnet -j $target run_iptables -t mangle -A man1918 -d $subnet -j $target
fi fi
done < $TMP_DIR/rfc1918 done < $TMP_DIR/rfc1918
@ -2701,7 +2703,7 @@ add_common_rules() {
done done
[ -n "$MANGLE_ENABLED" ] && \ [ -n "$MANGLE_ENABLED" ] && \
run_iptables -t mangle -A PREROUTING -i $interface -j rfc1918 run_iptables -t mangle -A PREROUTING -i $interface -j man1918
done done
fi fi

4
Shorewall/releasenotes.txt
View File

@ -5,6 +5,10 @@ In this release:
1. Entries in /etc/shorewall/interface that use the wildcard character 1. Entries in /etc/shorewall/interface that use the wildcard character
("+") now have the "multi" option assumed. ("+") now have the "multi" option assumed.
2. The 'rfc1918' chain in the mangle table has been renamed 'man1918'
to make log messages generated from that chain distinguishable from
those generated by the 'rfc1918' chain in the filter table.