extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-18 07:00:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply Juergen Kreileder's patch; handle 'all' in rules more rationally

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1971 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-03-01 18:19:49 +00:00
parent 95b3ab0ee4
commit 365a582729
3 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -8,6 +8,8 @@ Changes in 2.2.2
3) All calls to 'clear' are now conditional on the output device being 3) All calls to 'clear' are now conditional on the output device being
a terminal. a terminal.
4) Apply Juergen Kreileder's log/action patch.
Changes in 2.2.1 Changes in 2.2.1
1) Add examples to the zones and policy files. 1) Add examples to the zones and policy files.

8
Shorewall2/firewall
View File

@ -3246,7 +3246,11 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
if [ $COMMAND != check ]; then if [ $COMMAND != check ]; then
createchain $CHAIN No createchain $CHAIN No
LEVEL=${level%:*} LEVEL=${level%:*}
if [ "$LEVEL" != "$level" ]; then
TAG=${level#*:} TAG=${level#*:}
else
TAG=
fi
run_user_exit $1 run_user_exit $1
fi fi
@ -4427,6 +4431,7 @@ process_rules()
if [ "${ysourcezone}" != "${ydestzone}" ] ; then if [ "${ysourcezone}" != "${ydestzone}" ] ; then
eval ypolicy=\$${ysourcezone}2${ydestzone}_policy eval ypolicy=\$${ysourcezone}2${ydestzone}_policy
if [ "$ypolicy" != NONE ] ; then if [ "$ypolicy" != NONE ] ; then
rule="$(echo $xtarget $yclients $yservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
process_rule $xtarget $yclients $yservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec process_rule $xtarget $yclients $yservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec
fi fi
fi fi
@ -4452,11 +4457,11 @@ process_rules()
continue continue
fi fi
rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
process_rule $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec process_rule $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec
} }
while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do
rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
expandv xtarget expandv xtarget
case "${xtarget%%:*}" in case "${xtarget%%:*}" in
@ -4473,6 +4478,7 @@ process_rules()
xtarget=$(find_logactionchain $xtarget) xtarget=$(find_logactionchain $xtarget)
do_it do_it
else else
rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
fatal_error "Invalid Action in rule \"$rule\"" fatal_error "Invalid Action in rule \"$rule\""
fi fi
;; ;;

5
Shorewall2/releasenotes.txt
View File

@ -6,6 +6,11 @@ Problems corrected in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP 1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
ranges (assuming that your iptables and kernel support ranges). ranges (assuming that your iptables and kernel support ranges).
2) If A is a user-defined action and you have file /etc/shorewall/A
then when that file is invoked, the $TAG value may be incorrect.
This is corrected in the 'firewall' script found in the errata and
the errata/LRP sub-directories.
----------------------------------------------------------------------- -----------------------------------------------------------------------
New Features in version 2.2.2 New Features in version 2.2.2