mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 01:37:59 +02:00
Fix bug with tcrules; Move rfc1918 to /usr/share/shorewall; Update version to Beta 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1152 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
73667a8f85
commit
36fb7fa62b
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=2.0.0-Beta2
|
VERSION=2.0.0-Beta3
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
@ -114,6 +114,7 @@ restore_file /etc/shorewall/blacklist
|
|||||||
restore_file /etc/shorewall/whitelist
|
restore_file /etc/shorewall/whitelist
|
||||||
|
|
||||||
restore_file /etc/shorewall/rfc1918
|
restore_file /etc/shorewall/rfc1918
|
||||||
|
restore_file /usr/share/shorewall/rfc1918
|
||||||
|
|
||||||
restore_file /etc/shorewall/init
|
restore_file /etc/shorewall/init
|
||||||
|
|
||||||
|
|||||||
@ -533,6 +533,7 @@ validate_zone() # $1 = zone
|
|||||||
validate_interfaces_file() {
|
validate_interfaces_file() {
|
||||||
local wildcard
|
local wildcard
|
||||||
local found_obsolete_option=
|
local found_obsolete_option=
|
||||||
|
local z interface subnet options r iface option
|
||||||
|
|
||||||
while read z interface subnet options; do
|
while read z interface subnet options; do
|
||||||
expandv z interface subnet options
|
expandv z interface subnet options
|
||||||
@ -606,6 +607,8 @@ validate_interfaces_file() {
|
|||||||
# Validate the zone names and options in the hosts file
|
# Validate the zone names and options in the hosts file
|
||||||
#
|
#
|
||||||
validate_hosts_file() {
|
validate_hosts_file() {
|
||||||
|
local z hosts options r interface host option
|
||||||
|
|
||||||
while read z hosts options; do
|
while read z hosts options; do
|
||||||
expandv z hosts options
|
expandv z hosts options
|
||||||
r="$z $hosts $options"
|
r="$z $hosts $options"
|
||||||
@ -1698,7 +1701,7 @@ process_tc_rule()
|
|||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "x$user" != "x-" ]; then
|
if [ "x${user:--}" != "x-" ]; then
|
||||||
|
|
||||||
[ "$chain" != tcout ] && \
|
[ "$chain" != tcout ] && \
|
||||||
fatal_error "Invalid use of a user/group: rule \"$rule\""
|
fatal_error "Invalid use of a user/group: rule \"$rule\""
|
||||||
@ -2423,6 +2426,8 @@ process_actions1() {
|
|||||||
esac
|
esac
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
[ "$xaction" = "$(chain_base $xaction)" ] || fatal_error "Invalid Action Name: $xaction"
|
||||||
|
|
||||||
if ! list_search $xaction $ACTIONS; then
|
if ! list_search $xaction $ACTIONS; then
|
||||||
f=action.$xaction
|
f=action.$xaction
|
||||||
fn=$(find_file $f)
|
fn=$(find_file $f)
|
||||||
@ -4854,7 +4859,7 @@ activate_rules()
|
|||||||
#
|
#
|
||||||
# There is a fw->fw chain. Send loopback output through that chain
|
# There is a fw->fw chain. Send loopback output through that chain
|
||||||
#
|
#
|
||||||
run_ip link ls | fgrep LOOPBACK | while read ordinal interface rest ; do
|
run_ip link ls | grep LOOPBACK | while read ordinal interface rest ; do
|
||||||
run_iptables -A OUTPUT -o ${interface%:*} -j $chain
|
run_iptables -A OUTPUT -o ${interface%:*} -j $chain
|
||||||
done
|
done
|
||||||
#
|
#
|
||||||
@ -5026,7 +5031,9 @@ refresh_firewall()
|
|||||||
#
|
#
|
||||||
add_to_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
add_to_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
||||||
{
|
{
|
||||||
local base
|
local base interface host newhost zone z h z1 z2 chain terminator
|
||||||
|
local dhcp_interfaces blacklist_interfaces maclist_interfaces tcpflags_interfaces
|
||||||
|
local rulenum source_chain dest_hosts iface hosts
|
||||||
|
|
||||||
nat_chain_exists() # $1 = chain name
|
nat_chain_exists() # $1 = chain name
|
||||||
{
|
{
|
||||||
@ -5057,6 +5064,10 @@ add_to_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
|||||||
#
|
#
|
||||||
determine_zones
|
determine_zones
|
||||||
#
|
#
|
||||||
|
# Validate Interfaces File
|
||||||
|
#
|
||||||
|
validate_interfaces_file
|
||||||
|
#
|
||||||
# Validate Zone
|
# Validate Zone
|
||||||
#
|
#
|
||||||
zone=$2
|
zone=$2
|
||||||
|
|||||||
@ -54,7 +54,7 @@
|
|||||||
# /etc/rc.d/rc.local file is modified to start the firewall.
|
# /etc/rc.d/rc.local file is modified to start the firewall.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=2.0.0-Beta2
|
VERSION=2.0.0-Beta3
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
@ -432,13 +432,9 @@ fi
|
|||||||
#
|
#
|
||||||
# Install the rfc1918 file
|
# Install the rfc1918 file
|
||||||
#
|
#
|
||||||
if [ -f ${PREFIX}/etc/shorewall/rfc1918 ]; then
|
install_file_with_backup rfc1918 ${PREFIX}/usr/share/shorewall/rfc1918 0600
|
||||||
backup_file /etc/shorewall/rfc1918
|
echo
|
||||||
else
|
echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918"
|
||||||
run_install -o $OWNER -g $GROUP -m 0600 rfc1918 ${PREFIX}/etc/shorewall/rfc1918
|
|
||||||
echo
|
|
||||||
echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918"
|
|
||||||
fi
|
|
||||||
#
|
#
|
||||||
# Install the init file
|
# Install the init file
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 2.0.0
|
%define version 2.0.0
|
||||||
%define release 0Beta2
|
%define release 0Beta3
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -89,7 +89,6 @@ fi
|
|||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tunnels
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tunnels
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918
|
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
|
||||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
|
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
|
||||||
@ -133,10 +132,14 @@ fi
|
|||||||
%attr(0444,root,root) /usr/share/shorewall/functions
|
%attr(0444,root,root) /usr/share/shorewall/functions
|
||||||
%attr(0544,root,root) /usr/share/shorewall/firewall
|
%attr(0544,root,root) /usr/share/shorewall/firewall
|
||||||
%attr(0544,root,root) /usr/share/shorewall/help
|
%attr(0544,root,root) /usr/share/shorewall/help
|
||||||
|
%attr(0600,root,root) /usr/share/shorewall/rfc1918
|
||||||
|
|
||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 16 2004 Tom Eastep <tom@shorewall.net>
|
||||||
|
- Moved rfc1918 to /usr/share/shorewall
|
||||||
|
- Update for Beta 3
|
||||||
* Sat Feb 14 2004 Tom Eastep <tom@shorewall.net>
|
* Sat Feb 14 2004 Tom Eastep <tom@shorewall.net>
|
||||||
- Removed common.def
|
- Removed common.def
|
||||||
- Unconditionally replace actions.std
|
- Unconditionally replace actions.std
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user