extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 19:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix output handling of dynamic zones

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-12-01 21:12:01 +00:00
parent ebe6db6af3
commit 950b92d9d9
6 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
STABLE2/changelog.txt
View File

@ -93,3 +93,5 @@ Changes in 2.0.12
3) Implement variable expansion in INCLUDE directives 3) Implement variable expansion in INCLUDE directives
4) Split restore-base into two files. 4) Split restore-base into two files.
5) Correct dynamic zone OUTPUT handling.

2
STABLE2/firewall
View File

@ -5228,7 +5228,7 @@ add_common_rules() {
run_iptables -A $(input_chain $interface) -j $chain run_iptables -A $(input_chain $interface) -j $chain
run_iptables -A $(forward_chain $interface) -j $(dynamic_fwd $interface) run_iptables -A $(forward_chain $interface) -j $(dynamic_fwd $interface)
run_iptables -A OUTPUT -j $(dynamic_out $interface) run_iptables -A OUTPUT -o $interface -j $(dynamic_out $interface)
done done
fi fi

6
STABLE2/releasenotes.txt
View File

@ -220,6 +220,12 @@ Problems corrected in 2.0.12
/var/lib/shorewall/restore-tail -- commands to be executed after the /var/lib/shorewall/restore-tail -- commands to be executed after the
Netfilter configuration is restored. Netfilter configuration is restored.
4) Previously, traffic from the firewall to a dynamic zone member host
did not need to match the interface specified when the host was
added to the zone. For example, if eth0:1.2.3.4 is added to dynamic
zone Z then traffic out of any firewall interface to 1.2.3.4 will
obey the fw->Z policies and rules. This has been corrected.
----------------------------------------------------------------------- -----------------------------------------------------------------------
New Features in 2.0.12 New Features in 2.0.12

2
Shorewall2/changelog.txt
View File

@ -164,3 +164,5 @@ Changes since 2.0.3
79) More fixes for "shorewall delete" with bridging. 79) More fixes for "shorewall delete" with bridging.
80) Split restore-base into two files. 80) Split restore-base into two files.
81) Correct OUTPUT handling of dynamic zones.

2
Shorewall2/firewall
View File

@ -6122,7 +6122,7 @@ add_common_rules() {
run_iptables -A $(input_chain $interface) -j $chain run_iptables -A $(input_chain $interface) -j $chain
run_iptables -A $(forward_chain $interface) -j $(dynamic_fwd $interface) run_iptables -A $(forward_chain $interface) -j $(dynamic_fwd $interface)
run_iptables -A OUTPUT -j $(dynamic_out $interface) run_iptables -A OUTPUT -o $interface -j $(dynamic_out $interface)
done done
fi fi

6
Shorewall2/releasenotes.txt
View File

@ -169,6 +169,12 @@ Problems corrected since 2.2.0 Beta 6:
/var/lib/shorewall/restore-tail -- commands to be executed after the /var/lib/shorewall/restore-tail -- commands to be executed after the
Netfilter configuration is restored. Netfilter configuration is restored.
3) Previously, traffic from the firewall to a dynamic zone member host
did not need to match the interface specified when the host was
added to the zone. For example, if eth0:1.2.3.4 is added to dynamic
zone Z then traffic out of any firewall interface to 1.2.3.4 will
obey the fw->Z policies and rules. This has been corrected.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0 to Shorewall 2.1: Issues when migrating from Shorewall 2.0 to Shorewall 2.1: