extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-09 01:04:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Generate an error when 'norfc1918' is specified for an interface with an RFC 1918 IP address

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-14 16:45:48 +00:00
parent ea1bf1a7c8
commit 999c74bf03
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -14,6 +14,9 @@ Changes in 2.5.1
7) Add FASTACCEPT option in shorewall.conf.
8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP
address.
Changes in 2.5.1ex/2.5.0
1) Clean up handling of zones

15
Shorewall/firewall
View File

@ -1041,7 +1041,18 @@ validate_interfaces_file() {
case $option in
-)
;;
dhcp|norfc1918|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-)
dhcp|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-)
;;
norfc1918)
addr=$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
if [ -n "$addr" ]; then
addr=$(echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do
if in_network $addr $network; then
startup_error "The 'norfc1918' option may not be specified on an interface with an RFC 1918 address. Interface:$interface"
fi
done
fi
;;
arp_ignore=*)
eval ${iface}_arp_ignore=${option#*=}
@ -2881,7 +2892,7 @@ setup_ecn() # $1 = file name
#
# Set up an exclusion chain
#
build_exclusion_chain() # $1 = variableto store chain name in $2 = table, $3 = SOURCE exclusion list, $4 = DESTINATION exclusion list
build_exclusion_chain() # $1 = variable to store chain name into $2 = table, $3 = SOURCE exclusion list, $4 = DESTINATION exclusion list
{
local c=excl_${EXCLUSION_SEQ} net

5
Shorewall/releasenotes.txt
View File

@ -164,7 +164,7 @@ Migration Considerations:
8) The "shorewall forget" command now removes the dynamic blacklist
save file (/var/lib/shorewall/save).
New Features in Shorewall 2.5.0
New Features in Shorewall 2.5.*
1) Error and warning messages are made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).
@ -328,3 +328,6 @@ New Features in Shorewall 2.5.0
accepted early in the INPUT, FORWARD and OUTPUT chains. If you set
FASTACCEPT=Yes then you may not specify ESTABLISHED policies in
/etc/shorewall/policy (see above).
9) Shorewall not generates an error if the 'norfc1918' option is
specified for an interface with an RFC 1918 address.