mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Couple of tweaks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
a0b0c5bdac
commit
3e9a54d404
@ -476,7 +476,6 @@ sub setup_mss();
|
||||
sub add_common_rules() {
|
||||
my $interface;
|
||||
my $chainref;
|
||||
my $chainref1;
|
||||
my $target;
|
||||
my $target1;
|
||||
my $rule;
|
||||
@ -547,9 +546,9 @@ sub add_common_rules() {
|
||||
$chainref = $filter_table->{forward_chain $interface};
|
||||
|
||||
if ( @filters ) {
|
||||
add_jump( $chainref , $target1, 0, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
|
||||
add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
|
||||
} elsif ( $interfaceref->{bridge} eq $interface ) {
|
||||
add_jump( $chainref , $target1, 0, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter};
|
||||
add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter};
|
||||
}
|
||||
|
||||
add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};
|
||||
|
@ -1,4 +1,2 @@
|
||||
1) On systems running Upstart, shorewall-init cannot reliably secure
|
||||
the firewall before interfaces are brought up.
|
||||
|
||||
|
||||
|
@ -267,6 +267,10 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 0
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
6) The following incorrect warning message has been eliminated:
|
||||
|
||||
WARNING: sfilter is ineffective with FASTACCEPT=Yes
|
||||
|
||||
4.4.20.1
|
||||
|
||||
1) The address of the Free Software Foundation has been corrected in
|
||||
|
Loading…
Reference in New Issue
Block a user