From 42e9e8bc45788ef461f8f3acf2d9b430deea8913 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 3 Jul 2007 20:53:43 +0000 Subject: [PATCH] Alloc 'ipsec' zones in the GATEWAY ZONES(S) column of the tunnels file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-common/releasenotes.txt | 10 ++++++++++ Shorewall-perl/Shorewall/Compiler.pm | 5 ++++- Shorewall-perl/Shorewall/Tunnels.pm | 2 +- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index f4c026a5b..1aee8a56c 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -16,6 +16,8 @@ Changes in 4.0.0 RC 1 8) Restore the 'refresh' command. +9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file. + Changes in 4.0.0 Beta 6 1) First step to adding compiler debugging facility. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 031ea2fdf..116e24160 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -37,6 +37,8 @@ Problems corrected in 4.0.0 Beta 7. 3) "shorewall start" and "shorewall restart" no longer fail on SELinux due to iptables-restore not being allowed to read from /var. +4) ipsec zones are now allowed in the GATEWAY ZONE(S) column. + Other changes in Shorewall 4.0.0 RC 1. 1) The shorewall-perl RPM may no longer be installed under Shorewall @@ -48,6 +50,14 @@ Other changes in Shorewall 4.0.0 RC 1. 3) ":noah" is now the default for all IPSEC tunnels. Tunnels that use AH (protocol 51) must specify "ipsec:ah" in the TYPE column. +4) The 'refresh' command has been restored. It now behaves like + 'restart' except: + + - 'refresh' fails if Shorewall is not started. + - A directory name cannot be passed to 'refresh'. + - 'refresh' only rebuilds the static blacklist while 'restore' + rebuilds the entire Netfilter ruleset. + Migration Considerations: 1) Beginning with Shorewall 4.0.0, there is no single 'shorewall' diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 710289d19..e9d5cb2b0 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -98,7 +98,10 @@ sub generate_script_1() { emit "}\n"; } - emitj ( 'initialize()', + emitj ( '#', + '# This function initializes the global variables used by the program', + '#', + 'initialize()', '{', ' #', ' # These variables are required by the library functions called in this script', diff --git a/Shorewall-perl/Shorewall/Tunnels.pm b/Shorewall-perl/Shorewall/Tunnels.pm index db225046f..95a0de07e 100644 --- a/Shorewall-perl/Shorewall/Tunnels.pm +++ b/Shorewall-perl/Shorewall/Tunnels.pm @@ -81,7 +81,7 @@ sub setup_tunnels() { unless ( $gatewayzones eq '-' ) { for my $zone ( split /,/, $gatewayzones ) { fatal_error "Unknown zone ($zone)" unless $zones{$zone}; - fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4'; + fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall'; $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1; $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;