extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.6.1'

Browse Source
This commit is contained in:
Tom Eastep 2014-06-25 07:31:36 -07:00
commit 80c09c4747
14 changed files with 225 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Macros/macro.Amanda
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __AMANDA_HELPER )
PARAM - - udp 10080 ; helper=amanda PARAM - - udp 10080 { helper=amanda }
?else ?else
PARAM - - udp 10080 PARAM - - udp 10080
?endif ?endif

2
Shorewall/Macros/macro.FTP
View File

@ -11,7 +11,7 @@
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGIN RATE USER/
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
PARAM - - tcp 21 ; helper=ftp PARAM - - tcp 21 { helper=ftp }
?else ?else
PARAM - - tcp 21 PARAM - - tcp 21
?endif ?endif

2
Shorewall/Macros/macro.IRC
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __IRC_HELPER )
PARAM - - tcp 6667 ; helper=irc PARAM - - tcp 6667 { helper=irc }
?else ?else
PARAM - - tcp 6667 PARAM - - tcp 6667
?endif ?endif

2
Shorewall/Macros/macro.PPtP
View File

@ -14,7 +14,7 @@ PARAM - - 47
PARAM DEST SOURCE 47 PARAM DEST SOURCE 47
?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __PPTP_HELPER )
PARAM - - tcp 1723 ; helper=pptp PARAM - - tcp 1723 { helper=pptp }
?else ?else
PARAM - - tcp 1723 PARAM - - tcp 1723
?endif ?endif

2
Shorewall/Macros/macro.SANE
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __SANE_HELPER )
PARAM - - tcp 6566 ; helper=sane PARAM - - tcp 6566 { helper=sane }
?else ?else
PARAM - - tcp 6566 PARAM - - tcp 6566
?endif ?endif

2
Shorewall/Macros/macro.SIP
View File

@ -12,7 +12,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER )
PARAM - - udp 5060 ; helper=sip PARAM - - udp 5060 { helper=sip }
?else ?else
PARAM - - udp 5060 PARAM - - udp 5060
?endif ?endif

2
Shorewall/Macros/macro.SMB
View File

@ -17,7 +17,7 @@
PARAM - - udp 135,445 PARAM - - udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM - - udp 137 ; helper=netbios-ns PARAM - - udp 137 { helper=netbios-ns }
PARAM - - udp 138:139 PARAM - - udp 138:139
?else ?else
PARAM - - udp 137:139 PARAM - - udp 137:139

4
Shorewall/Macros/macro.SMBBI
View File

@ -17,7 +17,7 @@
PARAM - - udp 135,445 PARAM - - udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM - - udp 137 ; helper=netbios-ns PARAM - - udp 137 { helper=netbios-ns }
PARAM - - udp 138:139 PARAM - - udp 138:139
?else ?else
PARAM - - udp 137:139 PARAM - - udp 137:139
@ -28,7 +28,7 @@ PARAM - - tcp 135,139,445
PARAM DEST SOURCE udp 135,445 PARAM DEST SOURCE udp 135,445
?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __NETBIOS_NS_HELPER )
PARAM DEST SOURCE udp 137 ; helper=netbios-ns PARAM DEST SOURCE udp 137 { helper=netbios-ns }
PARAM DEST SOURCE udp 138:139 PARAM DEST SOURCE udp 138:139
?else ?else
PARAM DEST SOURCE udp 137:139 PARAM DEST SOURCE udp 137:139

2
Shorewall/Macros/macro.SNMP
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __SNMP_HELPER )
PARAM - - udp 161 ; helper=snmp PARAM - - udp 161 { helper=snmp }
?else ?else
PARAM - - udp 161 PARAM - - udp 161
?endif ?endif

2
Shorewall/Macros/macro.TFTP
View File

@ -14,7 +14,7 @@
# PORT(S) PORT(S) DEST LIMIT GROUP # PORT(S) PORT(S) DEST LIMIT GROUP
?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER ) ?if ( __CT_TARGET && ! $AUTOHELPERS && __TFTP_HELPER )
PARAM - - udp 69 ; helper=tftp PARAM - - udp 69 { helper=tftp }
?else ?else
PARAM - - udp 69 PARAM - - udp 69
?endif ?endif

4
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2950,7 +2950,7 @@ sub perl_action_helper($$;$) {
$matches .= ' ' unless $matches =~ /^(?:.+\s)?$/; $matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
set_inline_matches $matches if $target =~ /^INLINE(?::.*)?$/; set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );
if ( $isstatematch ) { if ( $isstatematch ) {
if ( $statematch ) { if ( $statematch ) {
@ -3023,6 +3023,8 @@ sub perl_action_tcp_helper($$) {
$proto .= ' ' unless $proto =~ /^(?:.+\s)?$/; $proto .= ' ' unless $proto =~ /^(?:.+\s)?$/;
set_inline_matches( '' ) if $config{INLINE_MATCHES};
if ( $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6' ) { if ( $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6' ) {
# #
# For other protos, a 'no rule generated' warning will be issued # For other protos, a 'no rule generated' warning will be issued

23
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -174,8 +174,8 @@ sub initialize( $ ) {
# #
# Process a rule from the tcrules or mangle file # Process a rule from the tcrules or mangle file
# #
sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_;
use constant { use constant {
PREROUTING => 1, #Actually tcpre PREROUTING => 1, #Actually tcpre
@ -798,6 +798,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
do_probability( $probability ) . do_probability( $probability ) .
do_dscp( $dscp ) . do_dscp( $dscp ) .
state_match( $state ) . state_match( $state ) .
do_time( $time ) .
$raw_matches , $raw_matches ,
$source , $source ,
$dest , $dest ,
@ -986,7 +987,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
$headers, $headers,
$probability, $probability,
$dscp, $dscp,
$state ); $state,
'-',
);
} }
} }
@ -1046,9 +1049,9 @@ sub process_tc_rule( ) {
} }
sub process_mangle_rule( ) { sub process_mangle_rule( ) {
my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) =
split_line2( 'tcrules file', split_line2( 'tcrules file',
{ mark => 0, { mark => 0,
action => 0, action => 0,
@ -1065,7 +1068,9 @@ sub process_mangle_rule( ) {
helper => 11, helper => 11,
probability => 12 , probability => 12 ,
scp => 13, scp => 13,
state => 14 }, state => 14,
time => 15,
},
{}, {},
15, 15,
1 ); 1 );
@ -1089,14 +1094,16 @@ sub process_mangle_rule( ) {
headers => 12, headers => 12,
probability => 13, probability => 13,
dscp => 14, dscp => 14,
state => 15 }, state => 15,
time => 16,
},
{}, {},
16, 16,
1 ); 1 );
} }
for my $proto (split_list( $protos, 'Protocol' ) ) { for my $proto (split_list( $protos, 'Protocol' ) ) {
process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time );
} }
} }

98
Shorewall/manpages/shorewall-mangle.xml
View File

@ -1109,6 +1109,104 @@ Normal-Service =&gt; 0x00</programlisting>
of the listed states.</para> of the listed states.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>Added in Shorewall 4.6.2.</para>
<para>May be used to limit the rule to a particular time period each
day, to particular days of the week or month, or to a range defined
by dates and times. Requires time match support in your kernel and
ip6tables.</para>
<para><replaceable>timeelement</replaceable> may be:</para>
<variablelist>
<varlistentry>
<term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the starting time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the ending time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>utc</term>
<listitem>
<para>Times are expressed in Greenwich Mean Time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>localtz</term>
<listitem>
<para>Deprecated by the Netfilter team in favor of <emphasis
role="bold">kerneltz</emphasis>. Times are expressed in Local
Civil Time (default).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>kerneltz</term>
<listitem>
<para>Added in Shorewall 4.5.2. Times are expressed in Local
Kernel Time (requires iptables 1.4.12 or later).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>weekdays=ddd[,ddd]...</term>
<listitem>
<para>where <replaceable>ddd</replaceable> is one of
<option>Mon</option>, <option>Tue</option>,
<option>Wed</option>, <option>Thu</option>,
<option>Fri</option>, <option>Sat</option> or
<option>Sun</option></para>
</listitem>
</varlistentry>
<varlistentry>
<term>monthdays=dd[,dd],...</term>
<listitem>
<para>where <replaceable>dd</replaceable> is an ordinal day of
the month</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the starting date and time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the ending date and time.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>

98
Shorewall6/manpages/shorewall6-mangle.xml
View File

@ -1194,6 +1194,104 @@ Normal-Service =&gt; 0x00</programlisting>
of the listed states.</para> of the listed states.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">TIME</emphasis> -
<emphasis>timeelement</emphasis>[&amp;<emphasis>timeelement</emphasis>...]</term>
<listitem>
<para>Added in Shorewall 4.6.2.</para>
<para>May be used to limit the rule to a particular time period each
day, to particular days of the week or month, or to a range defined
by dates and times. Requires time match support in your kernel and
ip6tables.</para>
<para><replaceable>timeelement</replaceable> may be:</para>
<variablelist>
<varlistentry>
<term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the starting time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
<listitem>
<para>Defines the ending time of day.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>utc</term>
<listitem>
<para>Times are expressed in Greenwich Mean Time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>localtz</term>
<listitem>
<para>Deprecated by the Netfilter team in favor of <emphasis
role="bold">kerneltz</emphasis>. Times are expressed in Local
Civil Time (default).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>kerneltz</term>
<listitem>
<para>Added in Shorewall 4.5.2. Times are expressed in Local
Kernel Time (requires iptables 1.4.12 or later).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>weekdays=ddd[,ddd]...</term>
<listitem>
<para>where <replaceable>ddd</replaceable> is one of
<option>Mon</option>, <option>Tue</option>,
<option>Wed</option>, <option>Thu</option>,
<option>Fri</option>, <option>Sat</option> or
<option>Sun</option></para>
</listitem>
</varlistentry>
<varlistentry>
<term>monthdays=dd[,dd],...</term>
<listitem>
<para>where <replaceable>dd</replaceable> is an ordinal day of
the month</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the starting date and time.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
<listitem>
<para>Defines the ending date and time.</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>