extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-23 19:21:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clean up MSS stuff

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1697 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-10-15 21:03:30 +00:00
parent 4db4428d71
commit 32abe114e7
1 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Shorewall2/firewall
View File

@ -1744,8 +1744,13 @@ setup_tunnels() # $1 = name of tunnels file
done < $TMP_DIR/tunnels done < $TMP_DIR/tunnels
} }
#
# Process the ipsec file
#
setup_ipsec() { setup_ipsec() {
#
# Add a --set-mss rule to the passed chain
#
set_mss1() # $1 = chain, $2 = MSS set_mss1() # $1 = chain, $2 = MSS
{ {
eval local policy=\$${1}_policy eval local policy=\$${1}_policy
@ -1754,7 +1759,9 @@ setup_ipsec() {
run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $2 run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $2
fi fi
} }
#
# Set up rules to set MSS to and/or from zone "$zone"
#
set_mss() # $1 = MSS value, $2 = _in, _out or "" set_mss() # $1 = MSS value, $2 = _in, _out or ""
{ {
if [ $COMMAND != check ]; then if [ $COMMAND != check ]; then
@ -1777,29 +1784,31 @@ setup_ipsec() {
do_options() # $1 = _in, _out or "" - $2 = option list do_options() # $1 = _in, _out or "" - $2 = option list
{ {
local option opts newoptions= local option opts newoptions= val
[ x${2} = x- ] && return [ x${2} = x- ] && return
opts=$(separate_list $2) opts=$(separate_list $2)
for option in $opts; do for option in $opts; do
val=${option#*=}
case $option in case $option in
mss=[0-9]*) set_mss $val $1 ;;
strict) newoptions="$newoptions --strict" ;; strict) newoptions="$newoptions --strict" ;;
next) newoptions="$newoptions --next" ;; next) newoptions="$newoptions --next" ;;
reqid=*) newoptions="$newoptions --reqid ${option#*=}" ;; reqid=*) newoptions="$newoptions --reqid $val" ;;
spi=*) newoptions="$newoptions --spi ${option#*=}" ;; spi=*) newoptions="$newoptions --spi $val" ;;
proto=*) newoptions="$newoptions --proto ${option#*=}" ;; proto=*) newoptions="$newoptions --proto $val" ;;
mode=*) newoptions="$newoptions --mode ${option#*=}" ;; mode=*) newoptions="$newoptions --mode $val" ;;
tunnel-src=*) newoptions="$newoptions --tunnel-src ${option#*=}" ;; tunnel-src=*) newoptions="$newoptions --tunnel-src $val" ;;
tunnel-dst=*) newoptions="$newoptions --tunnel-dst ${option#*=}" ;; tunnel-dst=*) newoptions="$newoptions --tunnel-dst $val" ;;
reqid!=*) newoptions="$newoptions ! --reqid ${option#*=}" ;; reqid!=*) newoptions="$newoptions ! --reqid $val" ;;
spi!=*) newoptions="$newoptions ! --spi ${option#*=}" ;; spi!=*) newoptions="$newoptions ! --spi $val" ;;
proto!=*) newoptions="$newoptions ! --proto ${option#*=}" ;; proto!=*) newoptions="$newoptions ! --proto $val" ;;
mode!=*) newoptions="$newoptions ! --mode ${option#*=}" ;; mode!=*) newoptions="$newoptions ! --mode $val" ;;
tunnel-src!=*) newoptions="$newoptions ! --tunnel-src ${option#*=}" ;; tunnel-src!=*) newoptions="$newoptions ! --tunnel-src $val" ;;
tunnel-dst!=*) newoptions="$newoptions ! --tunnel-dst ${option#*=}" ;; tunnel-dst!=*) newoptions="$newoptions ! --tunnel-dst $val" ;;
mss=[0-9]*) set_mss ${option#*=} $1 ;;
*) fatal_error "Invalid option \"$option\" for zone $zone" ;; *) fatal_error "Invalid option \"$option\" for zone $zone" ;;
esac esac
done done