extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 12:13:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Relax port list limitation in /etc/shorewall/routestopped

Browse Source
This commit is contained in:
Tom Eastep 2009-11-03 11:36:32 -08:00
parent 4f5c602d5f
commit 4548db58da
4 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -379,24 +379,24 @@ sub process_routestopped() {
my $desti = match_dest_dev $interface; my $desti = match_dest_dev $interface;
my $rule = shift @rule; my $rule = shift @rule;
add_rule $filter_table->{INPUT}, "$sourcei $source $rule -j ACCEPT"; add_rule $filter_table->{INPUT}, "$sourcei $source $rule -j ACCEPT", 1;
add_rule $filter_table->{OUTPUT}, "$desti $dest $rule -j ACCEPT" unless $config{ADMINISABSENTMINDED}; add_rule $filter_table->{OUTPUT}, "$desti $dest $rule -j ACCEPT", 1 unless $config{ADMINISABSENTMINDED};
my $matched = 0; my $matched = 0;
if ( $source{$host} ) { if ( $source{$host} ) {
add_rule $filter_table->{FORWARD}, "$sourcei $source $rule -j ACCEPT"; add_rule $filter_table->{FORWARD}, "$sourcei $source $rule -j ACCEPT", 1;
$matched = 1; $matched = 1;
} }
if ( $dest{$host} ) { if ( $dest{$host} ) {
add_rule $filter_table->{FORWARD}, "$desti $dest $rule -j ACCEPT"; add_rule $filter_table->{FORWARD}, "$desti $dest $rule -j ACCEPT", 1;
$matched = 1; $matched = 1;
} }
if ( $notrack{$host} ) { if ( $notrack{$host} ) {
add_rule $raw_table->{PREROUTING}, "$sourcei $source $rule -j NOTRACK"; add_rule $raw_table->{PREROUTING}, "$sourcei $source $rule -j NOTRACK", 1;
add_rule $raw_table->{OUTPUT}, "$desti $dest $rule -j NOTRACK"; add_rule $raw_table->{OUTPUT}, "$desti $dest $rule -j NOTRACK", 1;
} }
unless ( $matched ) { unless ( $matched ) {
@ -405,7 +405,7 @@ sub process_routestopped() {
my ( $interface1, $h1 , $seq1 ) = split /\|/, $host1; my ( $interface1, $h1 , $seq1 ) = split /\|/, $host1;
my $dest1 = match_dest_net $h1; my $dest1 = match_dest_net $h1;
my $desti1 = match_dest_dev $interface1; my $desti1 = match_dest_dev $interface1;
add_rule $filter_table->{FORWARD}, "$sourcei $desti1 $source $dest1 $rule -j ACCEPT"; add_rule $filter_table->{FORWARD}, "$sourcei $desti1 $source $dest1 $rule -j ACCEPT", 1;
clearrule; clearrule;
} }
} }

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in Shorewall 4.4.4
3) Add logrotate scripts. 3) Add logrotate scripts.
4) Allow long port lists in /etc/shorewall/routestopped.
Changes in Shorewall 4.4.3 Changes in Shorewall 4.4.3
1) Move Debian INITLOG initialization to /etc/default/shorewall 1) Move Debian INITLOG initialization to /etc/default/shorewall

3
Shorewall/releasenotes.txt
View File

@ -204,6 +204,9 @@ None.
while the RPMs do not depend on the logrotate package, RPM installation while the RPMs do not depend on the logrotate package, RPM installation
will produce an error message if that package is not installed. will produce an error message if that package is not installed.
2) The limit of 15 entries in a port list has been relaxed in
/etc/shorewall/routestopped.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0 N E W F E A T U R E S I N 4 . 4 . 0
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

2
docs/configuration_file_basics.xml
View File

@ -1060,7 +1060,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
<para>Also, unless otherwise documented, a port list can be preceded by <para>Also, unless otherwise documented, a port list can be preceded by
'!' to specify "All ports except these" (e.g., "!80,443").</para> '!' to specify "All ports except these" (e.g., "!80,443").</para>
<para>Port lists appearing in the <ulink <para>Prior to Shorewall 4.4.4, port lists appearing in the <ulink
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink> url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>
file may specify no more than 15 ports; port ranges appearing in a list file may specify no more than 15 ports; port ranges appearing in a list
count as two ports each.</para> count as two ports each.</para>