mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-23 19:21:21 +02:00
Add QUEUE policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2016 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ff3b3bdb97
commit
8933f61524
@ -8,6 +8,8 @@ Changes in 2.2.3
|
|||||||
|
|
||||||
4) Fix ! in hosts file
|
4) Fix ! in hosts file
|
||||||
|
|
||||||
|
5) Add QUEUE policy.
|
||||||
|
|
||||||
Changes in 2.2.2
|
Changes in 2.2.2
|
||||||
|
|
||||||
1) The 'check' command disclaimer is toned down further and only
|
1) The 'check' command disclaimer is toned down further and only
|
||||||
|
@ -1100,7 +1100,7 @@ validate_policy()
|
|||||||
esac
|
esac
|
||||||
|
|
||||||
case $policy in
|
case $policy in
|
||||||
ACCEPT|REJECT|DROP|CONTINUE)
|
ACCEPT|REJECT|DROP|CONTINUE|QUEUE)
|
||||||
;;
|
;;
|
||||||
NONE)
|
NONE)
|
||||||
[ "$client" = "$FW" -o "$server" = "$FW" ] && \
|
[ "$client" = "$FW" -o "$server" = "$FW" ] && \
|
||||||
@ -3490,14 +3490,14 @@ process_actions1() {
|
|||||||
[ ${#temp} -le 30 ] || fatal_error "Action Name Longer than 30 Characters: $temp"
|
[ ${#temp} -le 30 ] || fatal_error "Action Name Longer than 30 Characters: $temp"
|
||||||
xaction=${xaction%:*}
|
xaction=${xaction%:*}
|
||||||
case $temp in
|
case $temp in
|
||||||
ACCEPT|REJECT|DROP)
|
ACCEPT|REJECT|DROP|QUEUE)
|
||||||
eval ${temp}_common=$xaction
|
eval ${temp}_common=$xaction
|
||||||
if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then
|
if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then
|
||||||
USEDACTIONS="$USEDACTIONS $xaction"
|
USEDACTIONS="$USEDACTIONS $xaction"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
startup_error "Common Actions are only allowed for ACCEPT, DROP and REJECT"
|
startup_error "Common Actions are only allowed for ACCEPT, DROP, REJECT and QUEUE"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
esac
|
esac
|
||||||
@ -4806,6 +4806,9 @@ policy_rules() # $1 = chain to add rules to
|
|||||||
[ -n "$REJECT_common" ] && run_iptables -A $1 -j $REJECT_common
|
[ -n "$REJECT_common" ] && run_iptables -A $1 -j $REJECT_common
|
||||||
target=reject
|
target=reject
|
||||||
;;
|
;;
|
||||||
|
QUEUE)
|
||||||
|
[ -n "$QUEUE_common" ] && run_iptables -A $1 -j $QUEUE_common
|
||||||
|
;;
|
||||||
CONTINUE)
|
CONTINUE)
|
||||||
target=
|
target=
|
||||||
;;
|
;;
|
||||||
@ -4871,7 +4874,7 @@ default_policy() # $1 = client $2 = server
|
|||||||
# depends on the policy
|
# depends on the policy
|
||||||
#
|
#
|
||||||
case $policy in
|
case $policy in
|
||||||
ACCEPT)
|
ACCEPT|QUEUE)
|
||||||
if [ -n "$synparams" ]; then
|
if [ -n "$synparams" ]; then
|
||||||
#
|
#
|
||||||
# To avoid double-counting SYN packets, enforce the policy
|
# To avoid double-counting SYN packets, enforce the policy
|
||||||
|
@ -25,6 +25,8 @@
|
|||||||
# DROP - Ignore the connection request
|
# DROP - Ignore the connection request
|
||||||
# REJECT - For TCP, send RST. For all other, send
|
# REJECT - For TCP, send RST. For all other, send
|
||||||
# "port unreachable" ICMP.
|
# "port unreachable" ICMP.
|
||||||
|
# QUEUE - Send the request to a user-space
|
||||||
|
# application using the QUEUE target.
|
||||||
# CONTINUE - Pass the connection request past
|
# CONTINUE - Pass the connection request past
|
||||||
# any other rules that it might also
|
# any other rules that it might also
|
||||||
# match (where the source or destination
|
# match (where the source or destination
|
||||||
|
@ -61,6 +61,11 @@ New Features in version 2.2.3
|
|||||||
If MACLIST_TTL is not specified or is specified as empty (e.g,
|
If MACLIST_TTL is not specified or is specified as empty (e.g,
|
||||||
MACLIST_TTL="" or is specified as zero then 'maclist' lookups
|
MACLIST_TTL="" or is specified as zero then 'maclist' lookups
|
||||||
will not be cached.
|
will not be cached.
|
||||||
|
|
||||||
|
4) You can now specify QUEUE as a policy and you can designate a
|
||||||
|
common action for QUEUE policies in /etc/shorewall/actions. This is
|
||||||
|
useful for sending packets to something like Snort Inline.
|
||||||
|
|
||||||
-----------------------------------------------------------------------
|
-----------------------------------------------------------------------
|
||||||
Problems corrected in version 2.2.2
|
Problems corrected in version 2.2.2
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user