Couple of tweaks

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-09 15:54:32 -08:00
parent a0b0c5bdac
commit 3e9a54d404
3 changed files with 6 additions and 5 deletions

View File

@ -476,7 +476,6 @@ sub setup_mss();
sub add_common_rules() {
my $interface;
my $chainref;
my $chainref1;
my $target;
my $target1;
my $rule;
@ -547,9 +546,9 @@ sub add_common_rules() {
$chainref = $filter_table->{forward_chain $interface};
if ( @filters ) {
add_jump( $chainref , $target1, 0, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
add_jump( $chainref , $target1, ! $ipsec, match_source_net( $_ ) . $ipsec ), $chainref->{filtered}++ for @filters;
} elsif ( $interfaceref->{bridge} eq $interface ) {
add_jump( $chainref , $target1, 0, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter};
add_jump( $chainref , $target1, ! $ipsec, match_dest_dev( $interface ) . $ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter};
}
add_rule( $chainref, "$globals{STATEMATCH} ESTABLISHED,RELATED -j ACCEPT" ), $chainref->{filtered}++ if $config{FASTACCEPT};

View File

@ -1,4 +1,2 @@
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.

View File

@ -267,6 +267,10 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 0
----------------------------------------------------------------------------
6) The following incorrect warning message has been eliminated:
WARNING: sfilter is ineffective with FASTACCEPT=Yes
4.4.20.1
1) The address of the Free Software Foundation has been corrected in