mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 07:38:57 +01:00
Add QUEUE policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2016 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ff3b3bdb97
commit
8933f61524
@ -8,6 +8,8 @@ Changes in 2.2.3
|
||||
|
||||
4) Fix ! in hosts file
|
||||
|
||||
5) Add QUEUE policy.
|
||||
|
||||
Changes in 2.2.2
|
||||
|
||||
1) The 'check' command disclaimer is toned down further and only
|
||||
|
@ -1100,7 +1100,7 @@ validate_policy()
|
||||
esac
|
||||
|
||||
case $policy in
|
||||
ACCEPT|REJECT|DROP|CONTINUE)
|
||||
ACCEPT|REJECT|DROP|CONTINUE|QUEUE)
|
||||
;;
|
||||
NONE)
|
||||
[ "$client" = "$FW" -o "$server" = "$FW" ] && \
|
||||
@ -3490,14 +3490,14 @@ process_actions1() {
|
||||
[ ${#temp} -le 30 ] || fatal_error "Action Name Longer than 30 Characters: $temp"
|
||||
xaction=${xaction%:*}
|
||||
case $temp in
|
||||
ACCEPT|REJECT|DROP)
|
||||
ACCEPT|REJECT|DROP|QUEUE)
|
||||
eval ${temp}_common=$xaction
|
||||
if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then
|
||||
USEDACTIONS="$USEDACTIONS $xaction"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
startup_error "Common Actions are only allowed for ACCEPT, DROP and REJECT"
|
||||
startup_error "Common Actions are only allowed for ACCEPT, DROP, REJECT and QUEUE"
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
@ -4806,6 +4806,9 @@ policy_rules() # $1 = chain to add rules to
|
||||
[ -n "$REJECT_common" ] && run_iptables -A $1 -j $REJECT_common
|
||||
target=reject
|
||||
;;
|
||||
QUEUE)
|
||||
[ -n "$QUEUE_common" ] && run_iptables -A $1 -j $QUEUE_common
|
||||
;;
|
||||
CONTINUE)
|
||||
target=
|
||||
;;
|
||||
@ -4871,7 +4874,7 @@ default_policy() # $1 = client $2 = server
|
||||
# depends on the policy
|
||||
#
|
||||
case $policy in
|
||||
ACCEPT)
|
||||
ACCEPT|QUEUE)
|
||||
if [ -n "$synparams" ]; then
|
||||
#
|
||||
# To avoid double-counting SYN packets, enforce the policy
|
||||
|
@ -25,6 +25,8 @@
|
||||
# DROP - Ignore the connection request
|
||||
# REJECT - For TCP, send RST. For all other, send
|
||||
# "port unreachable" ICMP.
|
||||
# QUEUE - Send the request to a user-space
|
||||
# application using the QUEUE target.
|
||||
# CONTINUE - Pass the connection request past
|
||||
# any other rules that it might also
|
||||
# match (where the source or destination
|
||||
|
@ -61,6 +61,11 @@ New Features in version 2.2.3
|
||||
If MACLIST_TTL is not specified or is specified as empty (e.g,
|
||||
MACLIST_TTL="" or is specified as zero then 'maclist' lookups
|
||||
will not be cached.
|
||||
|
||||
4) You can now specify QUEUE as a policy and you can designate a
|
||||
common action for QUEUE policies in /etc/shorewall/actions. This is
|
||||
useful for sending packets to something like Snort Inline.
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Problems corrected in version 2.2.2
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user