extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Generate an error when 'norfc1918' is specified for an interface with an RFC 1918 IP address

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-14 16:45:48 +00:00
parent ea1bf1a7c8
commit 999c74bf03
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -14,6 +14,9 @@ Changes in 2.5.1
7) Add FASTACCEPT option in shorewall.conf. 7) Add FASTACCEPT option in shorewall.conf.
8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP
address.
Changes in 2.5.1ex/2.5.0 Changes in 2.5.1ex/2.5.0
1) Clean up handling of zones 1) Clean up handling of zones

15
Shorewall/firewall
View File

@ -1041,7 +1041,18 @@ validate_interfaces_file() {
case $option in case $option in
-) -)
;; ;;
dhcp|norfc1918|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-) dhcp|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-)
;;
norfc1918)
addr=$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
if [ -n "$addr" ]; then
addr=$(echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do
if in_network $addr $network; then
startup_error "The 'norfc1918' option may not be specified on an interface with an RFC 1918 address. Interface:$interface"
fi
done
fi
;; ;;
arp_ignore=*) arp_ignore=*)
eval ${iface}_arp_ignore=${option#*=} eval ${iface}_arp_ignore=${option#*=}
@ -2881,7 +2892,7 @@ setup_ecn() # $1 = file name
# #
# Set up an exclusion chain # Set up an exclusion chain
# #
build_exclusion_chain() # $1 = variableto store chain name in $2 = table, $3 = SOURCE exclusion list, $4 = DESTINATION exclusion list build_exclusion_chain() # $1 = variable to store chain name into $2 = table, $3 = SOURCE exclusion list, $4 = DESTINATION exclusion list
{ {
local c=excl_${EXCLUSION_SEQ} net local c=excl_${EXCLUSION_SEQ} net

5
Shorewall/releasenotes.txt
View File

@ -164,7 +164,7 @@ Migration Considerations:
8) The "shorewall forget" command now removes the dynamic blacklist 8) The "shorewall forget" command now removes the dynamic blacklist
save file (/var/lib/shorewall/save). save file (/var/lib/shorewall/save).
New Features in Shorewall 2.5.0 New Features in Shorewall 2.5.*
1) Error and warning messages are made easier to spot by using 1) Error and warning messages are made easier to spot by using
capitalization (e.g., ERROR: and WARNING:). capitalization (e.g., ERROR: and WARNING:).
@ -328,3 +328,6 @@ New Features in Shorewall 2.5.0
accepted early in the INPUT, FORWARD and OUTPUT chains. If you set accepted early in the INPUT, FORWARD and OUTPUT chains. If you set
FASTACCEPT=Yes then you may not specify ESTABLISHED policies in FASTACCEPT=Yes then you may not specify ESTABLISHED policies in
/etc/shorewall/policy (see above). /etc/shorewall/policy (see above).
9) Shorewall not generates an error if the 'norfc1918' option is
specified for an interface with an RFC 1918 address.