From 4a173940b2a7171d8a4b76b3e4a96923f8ee69c2 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 8 Mar 2003 15:48:07 +0000 Subject: [PATCH] Add log limiting to 'logdrop' chain and optimize code that deletes temporary rules git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@486 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/fallback.sh | 2 +- Shorewall/firewall | 15 ++++++--------- Shorewall/install.sh | 2 +- Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index 6c009fac0..9558bb7bc 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=1.4.0-RC1 +VERSION=1.4.0-RC2 usage() # $1 = exit status { diff --git a/Shorewall/firewall b/Shorewall/firewall index a1f57ddee..12da6f6da 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -3265,9 +3265,9 @@ add_common_rules() { logdisp() # $1 = Chain Name { if [ "$RFC1918_LOG_LEVEL" = ULOG ]; then - echo "ULOG --ulog-prefix Shorewall:${1}:DROP:" + echo "ULOG $LOGPARMS --ulog-prefix Shorewall:${1}:DROP:" else - echo "LOG --log-prefix Shorewall:${1}:DROP: --log-level $RFC1918_LOG_LEVEL" + echo "LOG $LOGPARMS --log-prefix Shorewall:${1}:DROP: --log-level $RFC1918_LOG_LEVEL" fi } # @@ -3715,13 +3715,10 @@ activate_rules() complete_standard_chain OUTPUT $FW all complete_standard_chain FORWARD all all - run_iptables -D INPUT -m state --state ESTABLISHED -j ACCEPT - run_iptables -D OUTPUT -m state --state ESTABLISHED -j ACCEPT - run_iptables -D FORWARD -m state --state ESTABLISHED -j ACCEPT - - run_iptables -D INPUT -p udp --dport 53 -j ACCEPT - run_iptables -D OUTPUT -p udp --dport 53 -j ACCEPT - run_iptables -D FORWARD -p udp --dport 53 -j ACCEPT + for chain in INPUT OUTPUT FORWARD; do + run_iptables -D $chain -m state --state ESTABLISHED -j ACCEPT + run_iptables -D $chain -p udp --dport 53 -j ACCEPT + done } # diff --git a/Shorewall/install.sh b/Shorewall/install.sh index cfb84b099..65ddb9003 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=1.4.0-RC1 +VERSION=1.4.0-RC2 usage() # $1 = exit status { diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index a6493ad9b..7095e33a0 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 1.4.0 -%define release 0RC1 +%define release 0RC2 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -105,6 +105,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Fri Mar 07 2003 Tom Eastep +- Changed version to 1.4.0-0RC2 * Wed Mar 05 2003 Tom Eastep - Changed version to 1.4.0-0RC1 * Mon Feb 24 2003 Tom Eastep diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index ab3fa455c..4b3569c23 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=1.4.0-RC1 +VERSION=1.4.0-RC2 usage() # $1 = exit status {