extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-14 05:36:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Shorewall 1.3.7c Changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@233 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-09-02 20:49:35 +00:00
parent 6ab2415f85
commit 4c9ce990a8
2 changed files with 30 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Lrp/etc/init.d/shorewall
View File

@ -200,6 +200,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
state="ESTABLISHED" state="ESTABLISHED"
[ -n "$ALLOWRELATED" ] && state="$state,RELATED" [ -n "$ALLOWRELATED" ] && state="$state,RELATED"
run_iptables -A $1 -m state --state $state -j ACCEPT run_iptables -A $1 -m state --state $state -j ACCEPT
[ -z "$NEWNOTSYN" ] && \
run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
fi fi
@ -1536,7 +1537,7 @@ add_nat_rule() {
# Generate nat table rules # Generate nat table rules
if [ "$source" = "$FW" ]; then if [ "$source" = "$FW" ]; then
run_iptables -t nat -A OUTPUT $proto $sports -d addr run_iptables -t nat -A OUTPUT $proto $sports -d $addr \
$multiport $dports -j $target1 $multiport $dports -j $target1
else else
chain=`dnat_chain $source` chain=`dnat_chain $source`
@ -2396,6 +2397,10 @@ setup_masq()
interface="${interface%:*}" interface="${interface%:*}"
fi fi
if ! list_search $interface $all_interfaces; then
fatal_error "Error: Unknown interface $interface"
fi
if [ "$subnet" = "${subnet%!*}" ]; then if [ "$subnet" = "${subnet%!*}" ]; then
nomasq= nomasq=
else else
@ -2726,12 +2731,14 @@ initialize_netfilter () {
--tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
if [ -z "$NEWNOTSYN" ]; then
createchain newnotsyn no createchain newnotsyn no
run_user_exit newnotsyn run_user_exit newnotsyn
[ -n "$LOGNEWNOTSYN" ] && \ [ -n "$LOGNEWNOTSYN" ] && \
run_iptables -A newnotsyn -j LOG \ run_iptables -A newnotsyn -j LOG \
--log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN --log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN
run_iptables -A newnotsyn -j DROP run_iptables -A newnotsyn -j DROP
fi
createchain icmpdef no createchain icmpdef no
createchain common no createchain common no
@ -2829,7 +2836,7 @@ add_common_rules() {
# PING # PING
# #
[ -n "$FORWARDPING" ] && \ [ -n "$FORWARDPING" ] && \
run_iptables -A common -p icmp --icmp-type echo-request -j ACCEPT run_iptables -A icmpdef -p icmp --icmp-type echo-request -j ACCEPT
############################################################################ ############################################################################
# Common ICMP rules # Common ICMP rules
# #
@ -2848,6 +2855,16 @@ add_common_rules() {
# BROADCASTS # BROADCASTS
# #
drop_broadcasts `find_broadcasts` drop_broadcasts `find_broadcasts`
###########################################################################
# DHCP
#
echo "Adding rules for DHCP"
for interface in `find_interfaces_by_option dhcp`; do
run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
run_iptables -A OUTPUT -o $interface -p udp --dport 67:68 -j ACCEPT
done
########################################################################### ###########################################################################
# RFC 1918 # RFC 1918
# #
@ -3176,13 +3193,6 @@ define_firewall() # $1 = Command (Start or Restart)
process_rules $rules process_rules $rules
echo "Adding rules for DHCP"
for interface in `find_interfaces_by_option dhcp`; do
run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
run_iptables -A OUTPUT -o $interface -p udp --dport 67:68 -j ACCEPT
done
echo "Setting up ICMP Echo handling..." echo "Setting up ICMP Echo handling..."
filterping_interfaces="`find_interfaces_by_option filterping`" filterping_interfaces="`find_interfaces_by_option filterping`"
@ -3408,6 +3418,7 @@ do_initialize() {
DETECT_DNAT_IPADDRS= DETECT_DNAT_IPADDRS=
MERGE_HOSTS= MERGE_HOSTS=
MUTEX_TIMEOUT= MUTEX_TIMEOUT=
NEWNOTSYN=
LOGNEWNOTSYN= LOGNEWNOTSYN=
FORWARDPING= FORWARDPING=
stopping= stopping=
@ -3487,6 +3498,7 @@ do_initialize() {
DETECT_DNAT_IPADDRS=`added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS` DETECT_DNAT_IPADDRS=`added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS`
MERGE_HOSTS=`added_param_value_no MERGE_HOSTS $MERGE_HOSTS` MERGE_HOSTS=`added_param_value_no MERGE_HOSTS $MERGE_HOSTS`
FORWARDPING=`added_param_value_no FORWARDPING $FORWARDPING` FORWARDPING=`added_param_value_no FORWARDPING $FORWARDPING`
NEWNOTSYN=`added_param_value_yes NEWNOTSYN $NEWNOTSYN`
} }
################################################################################ ################################################################################

2
Lrp/var/lib/shorewall/version
View File

@ -1 +1 @@
1.3.7 1.3.7c