extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix 'newnotsyn' in hosts file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-28 14:20:43 +00:00
parent 9c00029270
commit 5017345256
4 changed files with 1566 additions and 1209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2755
Lrp/usr/share/shorewall/firewall
View File

File diff suppressed because it is too large Load Diff

2
STABLE2/changelog.txt
View File

@ -71,3 +71,5 @@ Changes since 2.0.1
34) Fix dynamic in chains in the nat table.
35) Load modules before detecting capabilities.
36) Fix 'newnotsyn' in the hosts file.

12
STABLE2/firewall
View File

@ -4705,11 +4705,13 @@ initialize_netfilter () {
if [ -z "$NEWNOTSYN" ]; then
createchain newnotsyn no
for interface in $(find_interfaces_by_option newnotsyn); do
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags ACK ACK -j ACCEPT
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags RST RST -j ACCEPT
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags FIN FIN -j ACCEPT
run_iptables -A newnotsyn -i $interface -j RETURN
for host in $(find_hosts_by_option newnotsyn); do
interface=${host%%:*}
network=${host#*:}
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags ACK ACK -j ACCEPT
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags RST RST -j ACCEPT
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags FIN FIN -j ACCEPT
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -j RETURN
done
run_user_exit newnotsyn

6
STABLE2/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 2.0.2c
Shorewall 2.0.2d
----------------------------------------------------------------------
Problems Corrected since 2.0.1
@ -36,7 +36,9 @@ Problems Corrected since 2.0.2
6) Shorewall checks netfilter capabilities before loading kernel
modules. Hence if kernel module autoloading isn't enabled, the
capabilities will be misdetected.
capabilities will be misdetected.
7) The 'newnotsyn' option in /etc/shorewall/hosts has no effect.
-----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: