extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 19:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

More rule processing fixes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@656 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-07-14 19:43:32 +00:00
parent 94ceb711b7
commit 31f6e580e4
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Shorewall/firewall
View File

@ -1887,7 +1887,10 @@ add_nat_rule() {
chain=nonat${nonat_seq} chain=nonat${nonat_seq}
nonat_seq=$(($nonat_seq + 1)) nonat_seq=$(($nonat_seq + 1))
createnatchain $chain createnatchain $chain
run_iptables -t nat -A OUTPUT $cli $proto $multiport $sports $dports -j $chain
for adr in `separate_list $addr`; do
run_iptables -t nat -A OUTPUT $cli $proto $multiport $sports $dports -d `fix_bang $adr` -j $chain
done
for adr in $excludedests; do for adr in $excludedests; do
addnatrule $chain -d $adr -j RETURN addnatrule $chain -d $adr -j RETURN
@ -1900,7 +1903,7 @@ add_nat_rule() {
addnatrule $chain $proto -j $target1 addnatrule $chain $proto -j $target1
else else
for adr in `separate_list $addr`; do for adr in `separate_list $addr`; do
run_iptables2 -t nat -A OUTPUT $proto $sports -d $adr \ run_iptables2 -t nat -A OUTPUT $proto $sports -d `fix_bang $adr` \
$multiport $dports -j $target1 $multiport $dports -j $target1
done done
fi fi
@ -1911,13 +1914,15 @@ add_nat_rule() {
chain=nonat${nonat_seq} chain=nonat${nonat_seq}
nonat_seq=$(($nonat_seq + 1)) nonat_seq=$(($nonat_seq + 1))
createnatchain $chain createnatchain $chain
addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -j $chain
for adr in `separate_list $addr`; do
addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -d `fix_bang $adr` -j $chain
done
for z in $excludezones; do for z in $excludezones; do
eval hosts=\$${z}_hosts eval hosts=\$${z}_hosts
for host in $hosts; do for host in $hosts; do
for adr in `separate_list $addr`; do addnatrule $chain -s ${host#*:} -j RETURN
addnatrule $chain -s ${host#*:} -d $adr -j RETURN
done
done done
done done
@ -1925,13 +1930,11 @@ add_nat_rule() {
addnatrule $chain -d $adr -j RETURN addnatrule $chain -d $adr -j RETURN
done done
for adr in `separate_list $addr`; do if [ -n "$loglevel" ]; then
if [ -n "$loglevel" ]; then log_rule $loglevel $chain $logtarget -t nat
log_rule $loglevel $chain $logtarget -t nat -d `fix_bang $adr` fi
fi
addnatrule $chain $proto -d `fix_bang $adr` -j $target1 addnatrule $chain $proto -j $target1
done
else else
for adr in `separate_list $addr`; do for adr in `separate_list $addr`; do
if [ -n "$loglevel" ]; then if [ -n "$loglevel" ]; then
@ -2137,7 +2140,7 @@ add_a_rule()
for serv1 in `separate_list $serv`; do for serv1 in `separate_list $serv`; do
for srv in `ip_range $serv1`; do for srv in `ip_range $serv1`; do
if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then
for adr in $addr; do for adr in `separate_list $addr`; do
if [ -n "$loglevel" -a -z "$natrule" ]; then if [ -n "$loglevel" -a -z "$natrule" ]; then
log_rule $loglevel $chain $logtarget -m conntrack --ctorigdst $adr \ log_rule $loglevel $chain $logtarget -m conntrack --ctorigdst $adr \
`fix_bang $proto $sports $multiport $state $cli -d $srv $dports` `fix_bang $proto $sports $multiport $state $cli -d $srv $dports`