mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-02 10:59:27 +01:00
Avoid iptables errors when allow/drop/reject run when Shorewall not started
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3442 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
c4271f4578
commit
3482a47db0
@ -46,3 +46,7 @@ Changes in 3.1.x.
|
||||
22) Remove sub-zone exclusion from DNAT/REDIRECT.
|
||||
|
||||
23) Add compiled-program/library versioning scheme.
|
||||
|
||||
24) Apply Steven Springl's help patch.
|
||||
|
||||
25) Fix 'allow/drop/reject' while Shorewall not running.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
Shorewall 3.1.5
|
||||
Shorewall 3.1.6
|
||||
|
||||
Note to users upgrading from Shorewall 2.x or 3.0
|
||||
|
||||
@ -27,34 +27,17 @@ Note to users upgrading from Shorewall 2.x or 3.0
|
||||
Please see the "Migration Considerations" below for additional upgrade
|
||||
information.
|
||||
|
||||
Problems Corrected in 3.1.5
|
||||
Problems Corrected in 3.1.6
|
||||
|
||||
1) Compilation has been speeded up by 10-15%.
|
||||
1) Syntax errors reported in response to "shorewall help <command>" have
|
||||
been eliminated.
|
||||
|
||||
2) Specifying a GATEWAY IP address in /etc/shorewall/providers no longer
|
||||
causes "shorewall [re]start to fail".
|
||||
2) The 'allow', 'drop' and 'reject' commands no longer produce iptables
|
||||
errors when executed while Shorewall is not started.
|
||||
|
||||
Other changes in 3.1.5
|
||||
Other changes in 3.1.6
|
||||
|
||||
1) Synonyms have been removed from the /sbin/shorewall command set. The
|
||||
'generate' and 'reload' command have been removed. The 'reload' command
|
||||
has also been removed from the program generated by 'compile'.
|
||||
|
||||
2) Scripts compiled without the -e option are now more forgiving when run
|
||||
on systems with a different Shorewall version installed. If the
|
||||
installed version meets minimum version requirements, the script will
|
||||
run -- it no longer requires an exact match.
|
||||
|
||||
That having been said, the minimum version required for scripts
|
||||
compiled with 3.1.5 is 3.1.5. I plan to add new features to the library
|
||||
(/usr/share/shorewall/functions) in advance of using them in compiled
|
||||
scripts so that scripts compiled on one version of Shorewall should be
|
||||
able to run on the next several newer minor releases.
|
||||
|
||||
3) Preliminary Support is included for distribution-specific compilation.
|
||||
See below for details.
|
||||
|
||||
4) Compilation has been speeded up by 10-15%.
|
||||
None.
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
|
||||
@ -1763,42 +1763,57 @@ case "$COMMAND" in
|
||||
drop)
|
||||
[ -n "$debugging" ] && set -x
|
||||
[ $# -eq 1 ] && usage 1
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
qt $IPTABLES -D dynamic -s $1 -j reject
|
||||
qt $IPTABLES -D dynamic -s $1 -j DROP
|
||||
$IPTABLES -A dynamic -s $1 -j DROP || break 1
|
||||
echo "$1 Dropped"
|
||||
done
|
||||
mutex_off
|
||||
if shorewall_is_started ; then
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
qt $IPTABLES -D dynamic -s $1 -j reject
|
||||
qt $IPTABLES -D dynamic -s $1 -j DROP
|
||||
$IPTABLES -A dynamic -s $1 -j DROP || break 1
|
||||
echo "$1 Dropped"
|
||||
done
|
||||
mutex_off
|
||||
else
|
||||
error_message "ERROR: Shorewall is not started"
|
||||
exit 2
|
||||
fi
|
||||
;;
|
||||
reject)
|
||||
[ -n "$debugging" ] && set -x
|
||||
[ $# -eq 1 ] && usage 1
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
qt $IPTABLES -D dynamic -s $1 -j reject
|
||||
qt $IPTABLES -D dynamic -s $1 -j DROP
|
||||
$IPTABLES -A dynamic -s $1 -j reject || break 1
|
||||
echo "$1 Rejected"
|
||||
done
|
||||
mutex_off
|
||||
if shorewall_is_started ; then
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
qt $IPTABLES -D dynamic -s $1 -j reject
|
||||
qt $IPTABLES -D dynamic -s $1 -j DROP
|
||||
$IPTABLES -A dynamic -s $1 -j reject || break 1
|
||||
echo "$1 Rejected"
|
||||
done
|
||||
mutex_off
|
||||
else
|
||||
error_message "ERROR: Shorewall is not started"
|
||||
exit 2
|
||||
fi
|
||||
;;
|
||||
allow)
|
||||
[ -n "$debugging" ] && set -x
|
||||
[ $# -eq 1 ] && usage 1
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
if qt $IPTABLES -D dynamic -s $1 -j reject || qt $IPTABLES -D dynamic -s $1 -j DROP; then
|
||||
echo "$1 Allowed"
|
||||
else
|
||||
echo "$1 Not Dropped or Rejected"
|
||||
fi
|
||||
done
|
||||
mutex_off
|
||||
if shorewall_is_started ; then
|
||||
mutex_on
|
||||
while [ $# -gt 1 ]; do
|
||||
shift
|
||||
if qt $IPTABLES -D dynamic -s $1 -j reject || qt $IPTABLES -D dynamic -s $1 -j DROP; then
|
||||
echo "$1 Allowed"
|
||||
else
|
||||
echo "$1 Not Dropped or Rejected"
|
||||
fi
|
||||
done
|
||||
mutex_off
|
||||
else
|
||||
error_message "ERROR: Shorewall is not started"
|
||||
exit 2
|
||||
fi
|
||||
;;
|
||||
save)
|
||||
[ -n "$debugging" ] && set -x
|
||||
|
||||
Loading…
Reference in New Issue
Block a user