Add ACCEPT_DEFAULT and QUEUE_DEFAULT options

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4496 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2006-08-31 06:14:47 +00:00 · 2006-08-31 06:14:47 +00:00 · 63bfea114a
commit 63bfea114a
parent 0c32938bdc
4 changed files with 40 additions and 9 deletions
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -438,7 +438,7 @@ validate_policy()
 	progress_message "   Policy for $1 to $2 is $policy using chain $chain"
    }

-    for var in DROP_DEFAULT REJECT_DEFAULT; do
+    for var in DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT; do
 	eval default=\$$var

 	case $default in
@ -545,6 +545,12 @@ validate_policy()
 	    REJECT)
 		[ -n "${default:=$REJECT_DEFAULT}" ]
 		;;
+	    ACCEPT)
+		[ -n "${default:=$ACCEPTT_DEFAULT}" ]
+		;;
+	    QUEUE)
+		[ -n "${default:=$QUEUE_DEFAULT}" ]
+		;;
 	    NONE)
 		[ "$client" = "$FW" -o "$server" = "$FW" ] && \
 		    fatal_error " $client $server $policy $loglevel $synparams: NONE policy not allowed to/from the $FW zone"
--- a/Shorewall/functions
+++ b/Shorewall/functions
@ -2918,6 +2918,8 @@ do_initialize() {
    USE_ACTIONS=
    DROP_DEFAULT=
    REJECT_DEFAULT=
+    ACCEPT_DEFAULT=
+    QUEUE_DEFAULT=

    LOGLIMIT=
    LOGPARMS=
@ -3190,6 +3192,18 @@ do_initialize() {
 	    ;;
    esac

+    case "${QUEUE_DEFAULT:=none}" in
+	None)
+	    QUEUE_DEFAULT=none
+	    ;;
+    esac
+
+    case "${ACCEPT_DEFAULT:=none}" in
+	None)
+	    ACCEPT_DEFAULT=none
+	    ;;
+    esac
+
    #
    # Strip the files that we use often
    #
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -161,16 +161,18 @@ New Features:

    The solution is two-fold:

-    - Two new options have been added to the
+    - Four new options have been added to the
      /etc/shorewall/shorewall.conf file that allow specifying the
-       default action for DROP and REJECT.
+       default action for DROP, REJECT, ACCEPT and QUEUE.

-       The options are DROP_DEFAULT and REJECT_DEFAULT.
+       The options are DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT and
+       QUEUE_DEFAULT.

       DROP_DEFAULT describes the rules to be applied before a
       connection request is dropped by a DROP policy; REJECT_DEFAULT
       describes the rules to be applied if a connection request is
-       rejected by a REJECT policy.
+       rejected by a REJECT policy. The other two are similar for
+       ACCEPT and QUEUE policies.

       The value assigned to these may be:

@ -182,6 +184,8 @@ New Features:

 	DROP_DEFAULT="Drop"
 	REJECT_DEFAULT="Reject"
+	ACCEPT_DEFAULT=none
+	QUEUE_DEFAULT=none

       If USE_ACTIONS=Yes, then these values refer to action.Drop and
       action.Reject respectively. If USE_ACTIONS=No, then these values
@ -193,8 +197,9 @@ New Features:

    - The POLICY column in /etc/shorewall/policy has been extended.

-       In /etc/shorewall/policy, when the POLICY is DROP or REJECT then
-       the policy may be followed by ":" and one of the following:
+       In /etc/shorewall/policy, when the POLICY is DROP, REJECT,
+       ACCEPT or QUEUE then the policy may be followed by ":" and one
+       of the following:
 			
 	a) The word "None" or "none". This causes any default
 	   action define in /etc/shorewall/actions.std or
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@ -385,11 +385,13 @@ IPSECFILE=zones
 # policies was specified in the file /usr/share/shorewall/actions.std.
 #
 # To allow for default rules to be applied when USE_ACTIONS=No, the
-# DROP_DEFAULT and REJECT_DEFAULT options have been added.
+# DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT and QUEUE_DEFAULT options have
+# been added.
 #
 # DROP_DEFAULT describes the rules to be applied before a connection request
 # is dropped by a DROP policy; REJECT_DEFAULT describes the rules to be applied
-# if a connection request is rejected by a REJECT policy.
+# if a connection request is rejected by a REJECT policy. The other two are
+# similar for ACCEPT and QUEUE policies.
 #
 # The value applied to these may be:
 #
@ -401,6 +403,8 @@ IPSECFILE=zones
 #
 #	DROP_DEFAULT="Drop"
 #	REJECT_DEFAULT="Reject"
+#	ACCEPT_DEFAULT="none"
+#	QUEUE_DEFAULT="none"
 #
 # If USE_ACTIONS=Yes, then these values refer to action.Drop and action.Reject
 # respectively. If USE_ACTIONS=No, then these values refer to macro.Drop and
@ -412,6 +416,8 @@ IPSECFILE=zones

 DROP_DEFAULT="Drop"
 REJECT_DEFAULT="Reject"
+ACCEPT_DEFAULT="none"
+QUEUE_DEFAULT="none"

 ###############################################################################
 #			F I R E W A L L	  O P T I O N S