extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 19:51:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Verify DEST interface in /etc/shorewall/tcrules

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1997 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-03-11 16:37:29 +00:00
parent 573ff6ae57
commit 9b8295527d
10 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Lrp2/usr/share/shorewall/firewall
View File

@ -2379,6 +2379,7 @@ process_tc_rule()
r="${r}$(dest_ip_range $dest) " r="${r}$(dest_ip_range $dest) "
;; ;;
*) *)
verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
r="${r}$(match_dest_dev $dest) " r="${r}$(match_dest_dev $dest) "
;; ;;
esac esac

18
Lrp2/usr/share/shorewall/rfc1918
View File

@ -21,7 +21,23 @@
# DROP - silently drop the packet # DROP - silently drop the packet
# logdrop - log then drop # logdrop - log then drop
# #
############################################################################### # By default, the RETURN target causes 'norfc1918' processing to cease for a
# packet if the packet's source IP address matches the rule. Thus, if you have:
#
# SUBNETS TARGET
# 192.168.1.0/24 RETURN
#
# then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though you
# also have:
#
# SUBNETS TARGET
# 10.0.0.0/8 logdrop
#
# Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be
# logged and dropped since while the packet's source matches the RETURN rule,
# the packet's destination matches the 'logdrop' rule.
#
################################################################################
#SUBNETS TARGET #SUBNETS TARGET
172.16.0.0/12 logdrop # RFC 1918 172.16.0.0/12 logdrop # RFC 1918
192.168.0.0/16 logdrop # RFC 1918 192.168.0.0/16 logdrop # RFC 1918

2
STABLE2/changelog.txt
View File

@ -23,6 +23,8 @@ Changes in 2.2.2
10) Implement RFC1918_STRICT 10) Implement RFC1918_STRICT
11) Verify interface names in the DEST column of tcrules.
Changes in 2.2.1 Changes in 2.2.1
1) Add examples to the zones and policy files. 1) Add examples to the zones and policy files.

1
STABLE2/firewall
View File

@ -2379,6 +2379,7 @@ process_tc_rule()
r="${r}$(dest_ip_range $dest) " r="${r}$(dest_ip_range $dest) "
;; ;;
*) *)
verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
r="${r}$(match_dest_dev $dest) " r="${r}$(match_dest_dev $dest) "
;; ;;
esac esac

4
STABLE2/releasenotes.txt
View File

@ -20,6 +20,10 @@ Problems corrected in version 2.2.2
5) Previously, the 'install.sh' script did not update the 5) Previously, the 'install.sh' script did not update the
/usr/share/shorewall/action.* files. /usr/share/shorewall/action.* files.
6) Previously, when an interface name appeared in the DEST column of
/etc/shorewall/tcrules, the name was not validated against the set
of defined interfaces and bridge ports.
----------------------------------------------------------------------- -----------------------------------------------------------------------
New Features in version 2.2.2 New Features in version 2.2.2

5
STABLE2/rfc1918
View File

@ -21,9 +21,8 @@
# DROP - silently drop the packet # DROP - silently drop the packet
# logdrop - log then drop # logdrop - log then drop
# #
# By default, the RETURN target in the 'rfc1918' causes 'norfc1918' # By default, the RETURN target causes 'norfc1918' processing to cease for a
# processing to cease for a packet if the packet's source IP address matches # packet if the packet's source IP address matches the rule. Thus, if you have:
# the rule. Thus, if you have:
# #
# SUBNETS TARGET # SUBNETS TARGET
# 192.168.1.0/24 RETURN # 192.168.1.0/24 RETURN

2
Shorewall2/changelog.txt
View File

@ -23,6 +23,8 @@ Changes in 2.2.2
10) Implement RFC1918_STRICT 10) Implement RFC1918_STRICT
11) Verify interface names in the DEST column of tcrules.
Changes in 2.2.1 Changes in 2.2.1
1) Add examples to the zones and policy files. 1) Add examples to the zones and policy files.

1
Shorewall2/firewall
View File

@ -2379,6 +2379,7 @@ process_tc_rule()
r="${r}$(dest_ip_range $dest) " r="${r}$(dest_ip_range $dest) "
;; ;;
*) *)
verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
r="${r}$(match_dest_dev $dest) " r="${r}$(match_dest_dev $dest) "
;; ;;
esac esac

4
Shorewall2/releasenotes.txt
View File

@ -20,6 +20,10 @@ Problems corrected in version 2.2.2
5) Previously, the 'install.sh' script did not update the 5) Previously, the 'install.sh' script did not update the
/usr/share/shorewall/action.* files. /usr/share/shorewall/action.* files.
6) Previously, when an interface name appeared in the DEST column of
/etc/shorewall/tcrules, the name was not validated against the set
of defined interfaces and bridge ports.
----------------------------------------------------------------------- -----------------------------------------------------------------------
New Features in version 2.2.2 New Features in version 2.2.2

5
Shorewall2/rfc1918
View File

@ -21,9 +21,8 @@
# DROP - silently drop the packet # DROP - silently drop the packet
# logdrop - log then drop # logdrop - log then drop
# #
# By default, the RETURN target in the 'rfc1918' causes 'norfc1918' # By default, the RETURN target causes 'norfc1918' processing to cease for a
# processing to cease for a packet if the packet's source IP address matches # packet if the packet's source IP address matches the rule. Thus, if you have:
# the rule. Thus, if you have:
# #
# SUBNETS TARGET # SUBNETS TARGET
# 192.168.1.0/24 RETURN # 192.168.1.0/24 RETURN