extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Alloc 'ipsec' zones in the GATEWAY ZONES(S) column of the tunnels file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-03 20:53:43 +00:00
parent e919906ea2
commit 42e9e8bc45
4 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -16,6 +16,8 @@ Changes in 4.0.0 RC 1
8) Restore the 'refresh' command. 8) Restore the 'refresh' command.
9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file.
Changes in 4.0.0 Beta 6 Changes in 4.0.0 Beta 6
1) First step to adding compiler debugging facility. 1) First step to adding compiler debugging facility.

10
Shorewall-common/releasenotes.txt
View File

@ -37,6 +37,8 @@ Problems corrected in 4.0.0 Beta 7.
3) "shorewall start" and "shorewall restart" no longer fail on SELinux 3) "shorewall start" and "shorewall restart" no longer fail on SELinux
due to iptables-restore not being allowed to read from /var. due to iptables-restore not being allowed to read from /var.
4) ipsec zones are now allowed in the GATEWAY ZONE(S) column.
Other changes in Shorewall 4.0.0 RC 1. Other changes in Shorewall 4.0.0 RC 1.
1) The shorewall-perl RPM may no longer be installed under Shorewall 1) The shorewall-perl RPM may no longer be installed under Shorewall
@ -48,6 +50,14 @@ Other changes in Shorewall 4.0.0 RC 1.
3) ":noah" is now the default for all IPSEC tunnels. Tunnels that use 3) ":noah" is now the default for all IPSEC tunnels. Tunnels that use
AH (protocol 51) must specify "ipsec:ah" in the TYPE column. AH (protocol 51) must specify "ipsec:ah" in the TYPE column.
4) The 'refresh' command has been restored. It now behaves like
'restart' except:
- 'refresh' fails if Shorewall is not started.
- A directory name cannot be passed to 'refresh'.
- 'refresh' only rebuilds the static blacklist while 'restore'
rebuilds the entire Netfilter ruleset.
Migration Considerations: Migration Considerations:
1) Beginning with Shorewall 4.0.0, there is no single 'shorewall' 1) Beginning with Shorewall 4.0.0, there is no single 'shorewall'

5
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -98,7 +98,10 @@ sub generate_script_1() {
emit "}\n"; emit "}\n";
} }
emitj ( 'initialize()', emitj ( '#',
'# This function initializes the global variables used by the program',
'#',
'initialize()',
'{', '{',
' #', ' #',
' # These variables are required by the library functions called in this script', ' # These variables are required by the library functions called in this script',

2
Shorewall-perl/Shorewall/Tunnels.pm
View File

@ -81,7 +81,7 @@ sub setup_tunnels() {
unless ( $gatewayzones eq '-' ) { unless ( $gatewayzones eq '-' ) {
for my $zone ( split /,/, $gatewayzones ) { for my $zone ( split /,/, $gatewayzones ) {
fatal_error "Unknown zone ($zone)" unless $zones{$zone}; fatal_error "Unknown zone ($zone)" unless $zones{$zone};
fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4'; fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall';
$inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1; $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
$outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1; $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;