extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-26 23:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add negative policy tests

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1570 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-08-21 21:47:16 +00:00
parent af7becb147
commit 420c4803bd
2 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall2/firewall
View File

@ -1654,6 +1654,12 @@ setup_ipsec() {
mode=*) newoptions="$newoptions --mode ${option#*=}" ;; mode=*) newoptions="$newoptions --mode ${option#*=}" ;;
tunnel-src=*) newoptions="$newoptions --tunnel-src ${option#*=}" ;; tunnel-src=*) newoptions="$newoptions --tunnel-src ${option#*=}" ;;
tunnel-dst=*) newoptions="$newoptions --tunnel-dst ${option#*=}" ;; tunnel-dst=*) newoptions="$newoptions --tunnel-dst ${option#*=}" ;;
reqid!=*) newoptions="$newoptions ! --reqid ${option#*=}" ;;
spi!=*) newoptions="$newoptions ! --spi ${option#*=}" ;;
proto!=*) newoptions="$newoptions ! --proto ${option#*=}" ;;
mode!=*) newoptions="$newoptions ! --mode ${option#*=}" ;;
tunnel-src!=*) newoptions="$newoptions ! --tunnel-src ${option#*=}" ;;
tunnel-dst!=*) newoptions="$newoptions ! --tunnel-dst ${option#*=}" ;;
*) fatal_error "Invalid option \"$option\" for zone $zone" ;; *) fatal_error "Invalid option \"$option\" for zone $zone" ;;
esac esac
done done
@ -4577,6 +4583,12 @@ setup_masq()
mode=*) policy="$policy --mode ${option#*=}" ;; mode=*) policy="$policy --mode ${option#*=}" ;;
tunnel-src=*) policy="$policy --tunnel-src ${option#*=}" ;; tunnel-src=*) policy="$policy --tunnel-src ${option#*=}" ;;
tunnel-dst=*) policy="$policy --tunnel-dst ${option#*=}" ;; tunnel-dst=*) policy="$policy --tunnel-dst ${option#*=}" ;;
reqid!=*) policy="$policy ! --reqid ${option#*=}" ;;
spi!=*) policy="$policy ! --spi ${option#*=}" ;;
proto!=*) policy="$policy ! --proto ${option#*=}" ;;
mode!=*) policy="$policy ! --mode ${option#*=}" ;;
tunnel-src!=*) policy="$policy ! --tunnel-src ${option#*=}" ;;
tunnel-dst!=*) policy="$policy ! --tunnel-dst ${option#*=}" ;;
*) fatal_error "Invalid IPSEC option \"$option\"" ;; *) fatal_error "Invalid IPSEC option \"$option\"" ;;
esac esac
done done

23
Shorewall2/releasenotes.txt
View File

@ -327,18 +327,29 @@ New Features:
The available options are: The available options are:
reqid=<number> where <number> is specified using setkey(8) using reqid[!]=<number> where <number> is specified using setkey(8) using
the 'unique:<number>' option for the SPD level. the 'unique:<number>' option for the SPD level.
spi=<number> where <number> is the SPI of the SA. spi[!]=<number> where <number> is the SPI of the SA. Since
different SAs are used to encrypt and decrypt traffic, this
option should only be listed in the IN OPTIONS and OUT OPTIONS
columns.
proto=ah|esp|ipcomp proto[!]=ah|esp|ipcomp
mode=transport|tunnel mode[!]=transport|tunnel
tunnel-src=<address>[/<mask>] (only available with mode=tunnel) tunnel-src[!]=<address>[/<mask>] (only available with mode=tunnel)
tunnel-dst=<address>[/<mask>] (only available with mode=tunnel) tunnel-dst[!]=<address>[/<mask>] (only available with
mode=tunnel). Because tunnel source and destination are
dependent on the direction of the traffic, these options
should only appear in the IN OPTIONS and OUT OPTIONS columns.
strict (if specified, packets must match all policies;
polcies are delimited by 'next').
next (only available with strict)
Examples: Examples: