extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.6.1'

Browse Source
This commit is contained in:
Tom Eastep 2014-06-25 07:31:36 -07:00
commit 80c09c4747
14 changed files with 225 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Macros/macro.Amanda
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
PARAM - - udp 10080 ; helper=amanda
PARAM - - udp 10080 { helper=amanda }
?else
PARAM - - udp 10080
?endif

2
Shorewall/Macros/macro.FTP
View File

@ -11,7 +11,7 @@
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
PARAM - - tcp 21 ; helper=ftp
PARAM - - tcp 21 { helper=ftp }
?else
PARAM - - tcp 21
?endif

2
Shorewall/Macros/macro.IRC
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER )
PARAM - - tcp 6667 ; helper=irc
PARAM - - tcp 6667 { helper=irc }
?else
PARAM - - tcp 6667
?endif

2
Shorewall/Macros/macro.PPtP
View File

@ -14,7 +14,7 @@ PARAM - - 47
PARAM DEST SOURCE 47
?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
PARAM - - tcp 1723 ; helper=pptp
PARAM - - tcp 1723 { helper=pptp }
?else
PARAM - - tcp 1723
?endif

2
Shorewall/Macros/macro.SANE
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
PARAM - - tcp 6566 ; helper=sane
PARAM - - tcp 6566 { helper=sane }
?else
PARAM - - tcp 6566
?endif

2
Shorewall/Macros/macro.SIP
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER )
PARAM - - udp 5060 ; helper=sip
PARAM - - udp 5060 { helper=sip }
?else
PARAM - - udp 5060
?endif

2
Shorewall/Macros/macro.SMB
View File

@ -17,7 +17,7 @@
PARAM - - udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM - - udp 137 ; helper=netbios-ns
PARAM - - udp 137 { helper=netbios-ns }
PARAM - - udp 138:139
?else
PARAM - - udp 137:139

4
Shorewall/Macros/macro.SMBBI
View File

@ -17,7 +17,7 @@
PARAM - - udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM - - udp 137 ; helper=netbios-ns
PARAM - - udp 137 { helper=netbios-ns }
PARAM - - udp 138:139
?else
PARAM - - udp 137:139
@ -28,7 +28,7 @@ PARAM - - tcp 135,139,445
PARAM DEST SOURCE udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM DEST SOURCE udp 137 ; helper=netbios-ns
PARAM DEST SOURCE udp 137 { helper=netbios-ns }
PARAM DEST SOURCE udp 138:139
?else
PARAM DEST SOURCE udp 137:139

2
Shorewall/Macros/macro.SNMP
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER )
PARAM - - udp 161 ; helper=snmp
PARAM - - udp 161 { helper=snmp }
?else
PARAM - - udp 161
?endif

2
Shorewall/Macros/macro.TFTP
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER )
PARAM - - udp 69 ; helper=tftp
PARAM - - udp 69 { helper=tftp }
?else
PARAM - - udp 69
?endif

4
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2950,7 +2950,7 @@ sub perl_action_helper($$;$) {
$matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
set_inline_matches $matches if $target =~ /^INLINE(?::.*)?$/;
set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );
if ( $isstatematch ) {
if ( $statematch ) {
@ -3023,6 +3023,8 @@ sub perl_action_tcp_helper($$) {
$proto .= ' ' unless $proto =~ /^(?:.+\s)?$/;
set_inline_matches( '' ) if $config{INLINE_MATCHES};
if ( $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6' ) {
#
# For other protos, a 'no rule generated' warning will be issued

23
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -174,8 +174,8 @@ sub initialize( $ ) {
#
# Process a rule from the tcrules or mangle file
#
sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_;
sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_;
use constant {
PREROUTING => 1, #Actually tcpre
@ -798,6 +798,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
do_probability( $probability ) .
do_dscp( $dscp ) .
state_match( $state ) .
do_time( $time ) .
$raw_matches ,
$source ,
$dest ,
@ -986,7 +987,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
$headers,
$probability,
$dscp,
$state );
$state,
'-',
);
}
}
@ -1046,9 +1049,9 @@ sub process_tc_rule( ) {
}
sub process_mangle_rule( ) {
my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state );
my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
if ( $family == F_IPV4 ) {
( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) =
( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) =
split_line2( 'tcrules file',
{ mark => 0,
action => 0,
@ -1065,7 +1068,9 @@ sub process_mangle_rule( ) {
helper => 11,
probability => 12 ,
scp => 13,
state => 14 },
state => 14,
time => 15,
},
{},
15,
1 );
@ -1089,14 +1094,16 @@ sub process_mangle_rule( ) {
headers => 12,
probability => 13,
dscp => 14,
state => 15 },
state => 15,
time => 16,
},
{},
16,
1 );
}
for my $proto (split_list( $protos, 'Protocol' ) ) {
process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state );
process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
}
}

98
Shorewall/manpages/shorewall-mangle.xml
View File

@ -1109,6 +1109,104 @@ Normal-Service =&gt; 0x00</programlisting>
of the listed states.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>Added in Shorewall 4.6.2.</para>
<para>May be used to limit the rule to a particular time period each
day, to particular days of the week or month, or to a range defined
by dates and times. Requires time match support in your kernel and
ip6tables.</para>
<para><replaceable>timeelement</replaceable> may be:</para>
<variablelist>
<varlistentry>
<term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the starting time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the ending time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>utc</term>
<listitem>
<para>Times are expressed in Greenwich Mean Time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>localtz</term>
<listitem>
<para>Deprecated by the Netfilter team in favor of <emphasis
role="bold">kerneltz</emphasis>. Times are expressed in Local
Civil Time (default).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>kerneltz</term>
<listitem>
<para>Added in Shorewall 4.5.2. Times are expressed in Local
Kernel Time (requires iptables 1.4.12 or later).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>weekdays=ddd[,ddd]...</term>
<listitem>
<para>where <replaceable>ddd</replaceable> is one of
<option>Mon</option>, <option>Tue</option>,
<option>Wed</option>, <option>Thu</option>,
<option>Fri</option>, <option>Sat</option> or
<option>Sun</option></para>
</listitem>
</varlistentry>
<varlistentry>
<term>monthdays=dd[,dd],...</term>
<listitem>
<para>where <replaceable>dd</replaceable> is an ordinal day of
the month</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the starting date and time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the ending date and time.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>

98
Shorewall6/manpages/shorewall6-mangle.xml
View File

@ -1194,6 +1194,104 @@ Normal-Service =&gt; 0x00</programlisting>
of the listed states.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>Added in Shorewall 4.6.2.</para>
<para>May be used to limit the rule to a particular time period each
day, to particular days of the week or month, or to a range defined
by dates and times. Requires time match support in your kernel and
ip6tables.</para>
<para><replaceable>timeelement</replaceable> may be:</para>
<variablelist>
<varlistentry>
<term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the starting time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the ending time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>utc</term>
<listitem>
<para>Times are expressed in Greenwich Mean Time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>localtz</term>
<listitem>
<para>Deprecated by the Netfilter team in favor of <emphasis
role="bold">kerneltz</emphasis>. Times are expressed in Local
Civil Time (default).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>kerneltz</term>
<listitem>
<para>Added in Shorewall 4.5.2. Times are expressed in Local
Kernel Time (requires iptables 1.4.12 or later).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>weekdays=ddd[,ddd]...</term>
<listitem>
<para>where <replaceable>ddd</replaceable> is one of
<option>Mon</option>, <option>Tue</option>,
<option>Wed</option>, <option>Thu</option>,
<option>Fri</option>, <option>Sat</option> or
<option>Sun</option></para>
</listitem>
</varlistentry>
<varlistentry>
<term>monthdays=dd[,dd],...</term>
<listitem>
<para>where <replaceable>dd</replaceable> is an ordinal day of
the month</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the starting date and time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the ending date and time.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>