extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-19 19:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Several small fixes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1224 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-03-23 23:24:07 +00:00
parent 6f5fc129de
commit 9ddf679cf6
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall2/firewall
View File

@ -1742,7 +1742,7 @@ setup_nat() {
qt ip addr del $external dev $iface
fi
if [ -z "$allints" -o "$allints" = "Yes" -o "$allints" = "yes" ]; then
if [ "$allints" = "Yes" -o "$allints" = "yes" ]; then
addnatrule nat_in -d $external -j DNAT --to-destination $internal
addnatrule nat_out -s $internal -j SNAT --to-source $external
@ -1750,7 +1750,7 @@ setup_nat() {
run_iptables2 -t nat -A OUTPUT -d $external \
-j DNAT --to-destination $internal
fi
elif [ -z "$allints" -o "$allints" = "No" -o "$allints" = "no" ]; then
elif [ -z "$allints" -o "$allints" = "No" -o "$allints" = "no" ]; then
addnatrule $(input_chain $iface) \
-d $external -j DNAT --to-destination $internal
addnatrule $(output_chain $iface) \
@ -4301,12 +4301,12 @@ add_ip_aliases()
# the anxiety level, we have the following code which sets
# the VLSM and BRD from an existing address in the same networks
#
# Get all of the lines that contain inet addresses
# Get all of the lines that contain inet addresses with broadcast
#
ip -f inet addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do
ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | while read inet cidr rest ; do
case $cidr in
*/*)
if in_networks $external $cidr; then
if in_network $external $cidr; then
echo "/${cidr#*/} brd $(broadcastaddress $cidr)"
break
fi
@ -5100,7 +5100,7 @@ activate_rules()
run_iptables -A INPUT -i $interface -j $(input_chain $interface)
addnatjump POSTROUTING $(masq_chain $interface) -o $interface
#
# Bridges have the wierd property that REJECTS have the physdev-in and physdev-out set to the input physdev.
# Bridges under the 2.4 kernel have the wierd property that REJECTS have the physdev-in and physdev-out set to the input physdev.
# To accomodate this feature/bug, we effectively set 'routeback' on bridge ports.
#
eval ports=\$$(chain_base $interface)_ports