From 315d8a92b49eb09dc9651f5d64e0eab7cb5c1830 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 29 Jan 2006 18:02:42 +0000 Subject: [PATCH] Fix QUEUE in the ESTABLISHED section git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3399 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 4 ++++ Shorewall/compiler | 4 ++-- Shorewall/releasenotes.txt | 9 ++++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index d3c6b4735..d1e880ae5 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -33,3 +33,7 @@ Changes in 3.1.x. 16) Apply Tuomo's patches for IPSEC and Noecho. +17) Fix bridging + +18) Fix QUEUE when used in the ESTABLISHED section. + diff --git a/Shorewall/compiler b/Shorewall/compiler index 41606e14d..a456a7cf8 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -5149,13 +5149,13 @@ process_rule() # $1 = target case $proto in tcp|TCP|6) do_ports - [ "$target" = QUEUE ] && proto="$proto --syn" + [ "$target" = QUEUE -a $SECTION != ESTABLISHED ] && proto="$proto --syn" ;; udp|UDP|17) do_ports ;; icmp|ICMP|1) - [ -n "$port" ] && dports="--icmp-type $port" + [ -n "$port" ] && dports="--icmp-type $port" ;; all|ALL) [ -n "$port" ] && \ diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 4ce15658b..1749cd14b 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -29,9 +29,16 @@ Note to users upgrading from Shorewall 2.x or 3.0 Problems Corrected in 3.1.4 -1) "shorewall check" generates an error if there are entries in +1) "shorewall check" generated an error if there were entries in /etc/shorewall/massq. +2) Bridging now works. + +3) The handling of the QUEUE target in the ESTABLISHED section has been + corrected. Previously, the "--syn" option was being added unconditionally + to rules with the QUEUE target with the result that no TCP packets in the + ESTABLISHED state would be sent to QUEUE. + New Features added in 3.1.4 1) The /etc/shorewall/maclist file has a new column layout. The first column