extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhanced support in the SOURCE column of the tcrules file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1963 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-02-18 16:53:39 +00:00
parent 6dc7f529d4
commit 8f82eb2f6a
4 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -3,6 +3,8 @@ Changes in 2.2.2
1) The 'check' command disclaimer is toned down further and only 1) The 'check' command disclaimer is toned down further and only
appears once in the 'check' output. appears once in the 'check' output.
2) Enhanced support in the SOURCE column of /etc/shorewall/tcrules.
Changes in 2.2.1 Changes in 2.2.1
1) Add examples to the zones and policy files. 1) Add examples to the zones and policy files.

7
Shorewall2/firewall
View File

@ -2333,16 +2333,19 @@ process_tc_rule()
if [ "x$source" != "x-" ]; then if [ "x$source" != "x-" ]; then
case $source in case $source in
*.*.*) *.*.*)
r="-s $source " r="$(source_ip_range $source) "
;; ;;
~*) ~*)
r="$(mac_match $source) " r="$(mac_match $source) "
;; ;;
$FW:*)
chain=tcout
r="$(source_ip_range ${source%:*}) "
;;
$FW) $FW)
chain=tcout chain=tcout
;; ;;
*) *)
verify_interface $source || fatal_error "Unknown interface $source in rule \"$rule\"" verify_interface $source || fatal_error "Unknown interface $source in rule \"$rule\""
r="$(match_source_dev) $source " r="$(match_source_dev) $source "
;; ;;

10
Shorewall2/releasenotes.txt
View File

@ -2,6 +2,16 @@ Shorewall 2.2.2
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.2.2 Problems corrected in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
ranges (assuming that your iptables and kernel support ranges).
-----------------------------------------------------------------------
New Features in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules now allows $FW to
be optionally followed by ":" and a host/network address or address
range.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.2.1 Problems corrected in version 2.2.1

3
Shorewall2/tcrules
View File

@ -80,7 +80,8 @@
# allowed. Use $FW if the packet originates on # allowed. Use $FW if the packet originates on
# the firewall in which case the MARK column may NOT # the firewall in which case the MARK column may NOT
# specify either ":P" or ":F" (marking always occurs # specify either ":P" or ":F" (marking always occurs
# in the OUTPUT chain). # in the OUTPUT chain). $FW may be optionally followed
# by ":" and a host/network address.
# #
# MAC addresses must be prefixed with "~" and use # MAC addresses must be prefixed with "~" and use
# "-" as a separator. # "-" as a separator.