diff --git a/Shorewall/bogons b/Shorewall/bogons index afb49a555..0531fbbd7 100644 --- a/Shorewall/bogons +++ b/Shorewall/bogons @@ -45,24 +45,19 @@ 36.0.0.0/7 logdrop # Reserved 39.0.0.0/8 logdrop # Reserved 42.0.0.0/8 logdrop # Reserved -49.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98 -50.0.0.0/8 logdrop # JTC - Returned to IANA Mar 98 -74.0.0.0/7 logdrop # Reserved -76.0.0.0/6 logdrop # Reserved -89.0.0.0/8 logdrop # Reserved -90.0.0.0/7 logdrop # Reserved +77.0.0.0/8 logdrop # Reserved +78.0.0.0/7 logdrop # Reserved 92.0.0.0/6 logdrop # Reserved -96.0.0.0/3 logdrop # Reserved -127.0.0.0/8 logdrop # Loopback +96.0.0.0/4 logdrop # Reserved +112.0.0.0/5 logdrop # Reserved +120.0.0.0/6 logdrop # Reserved +127.0.0.0/8 logdrop # Reserved 173.0.0.0/8 logdrop # Reserved 174.0.0.0/7 logdrop # Reserved 176.0.0.0/5 logdrop # Reserved 184.0.0.0/6 logdrop # Reserved -189.0.0.0/8 logdrop # Reserved -190.0.0.0/8 logdrop # Reserved 197.0.0.0/8 logdrop # Reserved -198.18.0.0/15 logdrop # Reserved -223.0.0.0/8 logdrop # Reserved - Returned by APNIC in 2003 +223.0.0.0/8 logdrop # Reserved 240.0.0.0/4 logdrop # Reserved # # End of generated entries diff --git a/Shorewall/firewall b/Shorewall/firewall index 25633f900..f79117bcd 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -974,7 +974,7 @@ validate_interfaces_file() { local found_obsolete_option= local z interface networks options r iface option - while read z interface networks options gateway; do + while read z interface networks options; do expandv z interface networks options r="$z $interface $networks $options" @@ -1024,14 +1024,6 @@ validate_interfaces_file() { ;; esac done - - if [ -n "$gateway" ]; then - if ! list_search default $options; then - error_message "Warning: GATEWAY ignored when the 'default' option is not given: \"$r\"" - fi - - eval ${iface}_gateway=$gateway - fi done < $TMP_DIR/interfaces [ -z "$ALL_INTERFACES" ] && startup_error "No Interfaces Defined" @@ -4660,11 +4652,13 @@ process_rule() # $1 = target expandv logtag fi - if [ "$loglevel" = none ]; then - [ "$target" = LOG ] && return - loglevel= - logtag= - fi + case $loglevel in + none*) + loglevel= + logtag= + [ $target = LOG ] && return + ;; + esac loglevel=${loglevel%\!} fi @@ -7090,9 +7084,13 @@ apply_policy_rules() { ;; esac - [ -n "$synparams" ] && \ - [ $policy = ACCEPT -o $policy = CONTINUE ] && \ - run_iptables -I $chain 2 -p tcp --syn -j @$chain + if [ -n "$synparams" ]; then + case $policy in + ACCEPT|CONTINUE|QUEUE) + run_iptables -I $chain 2 -p tcp --syn -j @$chain + ;; + esac + fi fi done diff --git a/Shorewall/functions b/Shorewall/functions index 74391002c..738dae7c2 100755 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -268,6 +268,7 @@ reload_kernel_modules() { find_zones() # $1 = name of the zone file { while read zone display comments; do + expandv zone display [ -n "$zone" ] && case "$zone" in [0-9*]) echo " Warning: Illegal zone name \"$zone\" in zones file ignored" 2>&2 diff --git a/Shorewall/init.sh b/Shorewall/init.sh index f340edd80..126fbef84 100644 --- a/Shorewall/init.sh +++ b/Shorewall/init.sh @@ -34,7 +34,11 @@ RCDLINKS="2,S41 3,S41 6,K41" # shorewall stop Stops the firewall # shorewall status Displays firewall status # -#### BEGIN INIT INFO + +# chkconfig: 2345 25 90 +# description: Packet filtering firewall + +### BEGIN INIT INFO # Provides: shorewall # Required-Start: $network # Required-Stop: @@ -43,10 +47,6 @@ RCDLINKS="2,S41 3,S41 6,K41" # Description: starts and stops the shorewall firewall ### END INIT INFO -# chkconfig: 2345 25 90 -# description: Packet filtering firewall -# - ################################################################################ # Give Usage Information # ################################################################################