Report Owner Match Capability

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2043 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-26 09:33:14 +01:00 · 2005-04-11 18:15:09 +00:00 · 2005-04-11 18:15:09 +00:00 · 41fcd3cb71
commit 41fcd3cb71
parent 82ccc620ae
4 changed files with 11 additions and 0 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -6,6 +6,8 @@ Changes in 2.2.4

 3) Make an error message more self-explanatory

+4) Report Owner Match capability
+
 Changes in 2.2.3

 1) Added the 'continue' extension script.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -5651,6 +5651,7 @@ determine_capabilities() {
    PHYSDEV_MATCH=
    IPRANGE_MATCH=
    RECENT_MATCH=
+    OWNER_MATCH=

    qt $IPTABLES -N fooX1234
    qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT             && CONNTRACK_MATCH=Yes
@ -5660,6 +5661,7 @@ determine_capabilities() {
    qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT                     && PHYSDEV_MATCH=Yes
    qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes
    qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT                               && RECENT_MATCH=Yes
+    qt $IPTABLES -A fooX1234 -m owner --cmd-owner foo -j ACCEPT                         && OWNER_MATCH=Yes

    if [ -n "$PKTTYPE" ]; then
 	qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
@ -5690,6 +5692,7 @@ report_capabilities() {
    report_capability "Physdev Match" $PHYSDEV_MATCH
    report_capability "IP range Match" $IPRANGE_MATCH
    report_capability "Recent Match" $RECENT_MATCH
+    report_capability "Owner Match" $OWNER_MATCH
 }

 #
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -61,6 +61,10 @@ New Features in version 2.2.4

 	     allowoutUPnP	fw	loc

+	     Note: To use 'allowoutUPnP', your iptables and kernel must
+	     support the 'owner match' feature (see the output of
+	     "shorewall check").
+
 	     If your loc->fw policy is not ACCEPT then you need this
 	     rule:

--- a/Shorewall2/shorewall.spec
+++ b/Shorewall2/shorewall.spec
@ -139,6 +139,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn

 %changelog
+* Fri Apr 08 2005 Tom Eastep tom@shorewall.net
+- Added /etc/shorewall/started
 * Tue Apr 05 2005 Tom Eastep tom@shorewall.net
 - Updated to 2.2.3-1
 * Mon Mar 07 2005 Tom Eastep tom@shorewall.net