From 3ed1cdec948bd78e73abda61c93c2c62d19ed879 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 26 Jun 2020 14:44:00 -0700 Subject: [PATCH] Rename the snat PORT column to DPORT Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 4 +- Shorewall/Samples/three-interfaces/snat | 2 +- Shorewall/Samples/two-interfaces/snat | 2 +- Shorewall/configfiles/snat | 2 +- Shorewall/manpages/shorewall-snat.xml | 59 +++++++++++++------------ Shorewall6/configfiles/snat | 2 +- docs/configuration_file_basics.xml | 10 ++++- 7 files changed, 46 insertions(+), 35 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 7c9f68ea4..f1bdede00 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -5935,9 +5935,9 @@ sub process_snat( ) { my ($action, $source, $dest, $protos, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = split_line2( 'snat file', - { action => 0, source => 1, dest => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 }, + { action => 0, source => 1, dest => 2, proto => 3, port => 4, dport => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 }, {}, #Nopad - undef, #Columns + 11, #Columns 1 ); #Allow inline matches fatal_error 'ACTION must be specified' if $action eq '-'; diff --git a/Shorewall/Samples/three-interfaces/snat b/Shorewall/Samples/three-interfaces/snat index 25045a074..386aa6fc1 100644 --- a/Shorewall/Samples/three-interfaces/snat +++ b/Shorewall/Samples/three-interfaces/snat @@ -13,7 +13,7 @@ # # See https://shorewall.org/manpages/shorewall-snat.html for more information ########################################################################################################################################### -#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY +#ACTION SOURCE DEST PROTO DPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # # Rules generated from masq file /home/teastep/shorewall/trunk/Shorewall/Samples/three-interfaces/masq by Shorewall 5.0.13-RC1 - Sat Oct 15 11:43:47 PDT 2016 # diff --git a/Shorewall/Samples/two-interfaces/snat b/Shorewall/Samples/two-interfaces/snat index 916ef1ae6..48c659ea8 100644 --- a/Shorewall/Samples/two-interfaces/snat +++ b/Shorewall/Samples/two-interfaces/snat @@ -13,7 +13,7 @@ # # See https://shorewall.org/manpages/shorewall-snat.html for more information ########################################################################################################################################### -#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY +#ACTION SOURCE DEST PROTO DPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # # Rules generated from masq file /home/teastep/shorewall/trunk/Shorewall/Samples/two-interfaces/masq by Shorewall 5.0.13-RC1 - Sat Oct 15 11:41:40 PDT 2016 # diff --git a/Shorewall/configfiles/snat b/Shorewall/configfiles/snat index 336bbd73f..7ab873317 100644 --- a/Shorewall/configfiles/snat +++ b/Shorewall/configfiles/snat @@ -6,4 +6,4 @@ # See https://shorewall.org/manpages/shorewall-snat.html for more information # ########################################################################################################################################### -#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY +#ACTION SOURCE DEST PROTO DPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY diff --git a/Shorewall/manpages/shorewall-snat.xml b/Shorewall/manpages/shorewall-snat.xml index 67b3b9bf9..47fb78963 100644 --- a/Shorewall/manpages/shorewall-snat.xml +++ b/Shorewall/manpages/shorewall-snat.xml @@ -39,8 +39,8 @@ If you have more than one ISP link, adding entries to this file will not force connections to go out through a particular link. You must use entries in shorewall-rtrules(5) or - PREROUTING entries in shorewall-rtrules(5) or PREROUTING + entries in shorewall-mangle(5) to do that. @@ -68,10 +68,10 @@ where action is an action declared in shorewall-actions(5) - with the option. See https://shorewall.org/Actions.html for - further information. + url="shorewall-actions.html">shorewall-actions(5) with + the option. See https://shorewall.org/Actions.html + for further information. @@ -165,9 +165,9 @@ If you specify an address here, matching packets will have their source address set to that address. If ADD_SNAT_ALIASES is set to Yes or yes in shorewall.conf(5) - then Shorewall will automatically add this address to the - INTERFACE named in the first column (IPv4 only). + url="shorewall.conf.html">shorewall.conf(5) then + Shorewall will automatically add this address to the INTERFACE + named in the first column (IPv4 only). You may also specify a range of up to 256 IP addresses if you want the SNAT address to be assigned from that range in @@ -237,10 +237,10 @@ Normally Masq/SNAT rules are evaluated after those for one-to-one NAT (defined in shorewall-nat(5)). If you - want the rule to be applied before one-to-one NAT rules, follow the - action name with "+": This feature should only be required if you - need to insert rules in this file that preempt entries in shorewall-nat(5)). If you want the + rule to be applied before one-to-one NAT rules, follow the action + name with "+": This feature should only be required if you need to + insert rules in this file that preempt entries in shorewall-nat(5). @@ -279,23 +279,23 @@ networks. Multiple interfaces may be listed when the ACTION is MASQUERADE, but this is usually just your internet interface. If ADD_SNAT_ALIASES=Yes in shorewall.conf(5), you - may add ":" and a digit to indicate that you - want the alias added with that name (e.g., eth0:0). This will allow - the alias to be displayed with ifconfig. That - is the only use for the alias name; it may not appear in any other - place in your Shorewall configuration. + url="shorewall.conf.html">shorewall.conf(5), you may add ":" + and a digit to indicate that you want the alias + added with that name (e.g., eth0:0). This will allow the alias to be + displayed with ifconfig. That is the only use + for the alias name; it may not appear in any other place in your + Shorewall configuration. Beginning with Shorewall 5.1.12, SNAT may be performed in the nat table's INPUT chain by specifying $FW rather than one or more - interfaces. + interfaces. Each interface must match an entry in shorewall-interfaces(5). Shorewall allows loose matches to wildcard entries in shorewall-interfaces(5). - For example, ppp0 in this - file will match a shorewall-interfaces(5). For + example, ppp0 in this file + will match a shorewall-interfaces(5) entry that defines ppp+. @@ -315,8 +315,8 @@ addresses to indicate that you only want to change the source IP address for packets being sent to those particular destinations. Exclusion is allowed (see shorewall-exclusion(5)) - as are ipset names preceded by a plus sign '+'; + url="shorewall-exclusion.html">shorewall-exclusion(5)) as + are ipset names preceded by a plus sign '+'; If you wish to inhibit the action of ADD_SNAT_ALIASES for this entry then include the ":" but omit the digit: @@ -341,8 +341,7 @@ If you wish to restrict this entry to a particular protocol then enter the protocol name (from protocols(5)) or number here. See - shorewall-rules(5) for + shorewall-rules(5) for details. Beginning with Shorewall 4.5.12, this column can accept a @@ -356,10 +355,14 @@ - PORT (Optional) - + {PORT|DPORT} (Optional) - {-|[!]port-name-or-number[,port-name-or-number]...|+ipset} + The column was renamed to DPORT in Shorewall 5.2.5.2. + Beginning with that release, both PORT and DPORT are accepted in the + alternative input format, + If the PROTO column specifies TCP (6), UDP (17), DCCP (33), SCTP (132) or UDPLITE (136) then you may list one or more port numbers (or names from services(5)) or port ranges separated by diff --git a/Shorewall6/configfiles/snat b/Shorewall6/configfiles/snat index 46943dcd2..6185e9c18 100644 --- a/Shorewall6/configfiles/snat +++ b/Shorewall6/configfiles/snat @@ -6,4 +6,4 @@ # See https://shorewall.org/manpages/shorewall-snat.html for more information # ########################################################################################################################################### -#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY +#ACTION SOURCE DEST PROTO DPORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 7316b871a..28449f7ed 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -663,7 +663,7 @@ ACCEPT net:\ mangle - action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers + action,source,dest,proto,dport,sport,user,test,length,tos,connbytes,helper,headers,probability,dscp,switch @@ -738,6 +738,14 @@ ACCEPT net:\ secmark,chain,source,dest,proto,dport,sport,user,mark + + snat + + action,source,dest,proto,port,ipsec,mark,user,switch,origdest,probability + (Note: 'port' may be specified as 'dport' beginning with Shorewall + 5.2.5.2). + + tcclasses