extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 17:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix 'newnotsyn' in hosts file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-28 14:20:43 +00:00
parent 9c00029270
commit 5017345256
4 changed files with 1566 additions and 1209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2755
Lrp/usr/share/shorewall/firewall
View File

File diff suppressed because it is too large Load Diff

2
STABLE2/changelog.txt
View File

@ -71,3 +71,5 @@ Changes since 2.0.1
34) Fix dynamic in chains in the nat table. 34) Fix dynamic in chains in the nat table.
35) Load modules before detecting capabilities. 35) Load modules before detecting capabilities.
36) Fix 'newnotsyn' in the hosts file.

12
STABLE2/firewall
View File

@ -4705,11 +4705,13 @@ initialize_netfilter () {
if [ -z "$NEWNOTSYN" ]; then if [ -z "$NEWNOTSYN" ]; then
createchain newnotsyn no createchain newnotsyn no
for interface in $(find_interfaces_by_option newnotsyn); do for host in $(find_hosts_by_option newnotsyn); do
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags ACK ACK -j ACCEPT interface=${host%%:*}
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags RST RST -j ACCEPT network=${host#*:}
run_iptables -A newnotsyn -i $interface -p tcp --tcp-flags FIN FIN -j ACCEPT run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags ACK ACK -j ACCEPT
run_iptables -A newnotsyn -i $interface -j RETURN run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags RST RST -j ACCEPT
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -p tcp --tcp-flags FIN FIN -j ACCEPT
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) -j RETURN
done done
run_user_exit newnotsyn run_user_exit newnotsyn

6
STABLE2/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 2.0.2c Shorewall 2.0.2d
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since 2.0.1 Problems Corrected since 2.0.1
@ -36,7 +36,9 @@ Problems Corrected since 2.0.2
6) Shorewall checks netfilter capabilities before loading kernel 6) Shorewall checks netfilter capabilities before loading kernel
modules. Hence if kernel module autoloading isn't enabled, the modules. Hence if kernel module autoloading isn't enabled, the
capabilities will be misdetected. capabilities will be misdetected.
7) The 'newnotsyn' option in /etc/shorewall/hosts has no effect.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: