extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-15 22:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Some tweaks to the MASQ proto/port change

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1302 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-01 17:26:02 +00:00
parent e40e0345f5
commit a0c7b4af79
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall2/firewall
View File

@ -1222,6 +1222,8 @@ stop_firewall() {
;; ;;
*) *)
set +x set +x
rm -f /var/lib/shorewall/restore-$$
if [ -f /var/lib/shorewall/restore ]; then if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall... echo Restoring Shorewall...
. /var/lib/shorewall/restore . /var/lib/shorewall/restore
@ -1349,6 +1351,8 @@ stop_firewall() {
# else. Remove the lock file and Kill the shell in case we're in a # else. Remove the lock file and Kill the shell in case we're in a
# subshell # subshell
# #
rm -f /var/lib/shorewall/restore-$$
my_mutex_off my_mutex_off
kill $$ kill $$
;; ;;
@ -1369,9 +1373,11 @@ clear_firewall() {
setpolicy FORWARD ACCEPT setpolicy FORWARD ACCEPT
setpolicy OUTPUT ACCEPT setpolicy OUTPUT ACCEPT
ip6tables -P INPUT ACCEPT 2> /dev/null if qt which ip6tables; then
ip6tables -P OUTPUT ACCEPT 2> /dev/null ip6tables -P INPUT ACCEPT 2> /dev/null
ip6tables -P FORWARD ACCEPT 2> /dev/null ip6tables -P OUTPUT ACCEPT 2> /dev/null
ip6tables -P FORWARD ACCEPT 2> /dev/null
fi
run_user_exit clear run_user_exit clear
@ -4151,13 +4157,16 @@ setup_masq()
if [ -n "$ports" ]; then if [ -n "$ports" ]; then
displayproto="($proto $ports)" displayproto="($proto $ports)"
if [ $(list_count $ports) -gt 1 ]; then listcount=$(list_count $ports)
if [ $listcount -gt 1 ]; then
case $ports in case $ports in
*:*) *:*)
fatal_error "Port Range not allowed in list ($ports)" fatal_error "Port Range not allowed in list ($ports)"
;; ;;
*) *)
if [ -n "$MULTIPORT" ]; then if [ -n "$MULTIPORT" ]; then
[ $listcount -gt 15 ] && fatal_error "Too many entries in port list ($ports)"
ports="-m multiport --dports $ports" ports="-m multiport --dports $ports"
else else
fatal_error "Port Ranges require multiport match support in your kernel ($ports)" fatal_error "Port Ranges require multiport match support in your kernel ($ports)"

3
Shorewall2/masq
View File

@ -72,7 +72,8 @@
# #
# Where a comma-separated list is given, your # Where a comma-separated list is given, your
# kernel and iptables must have multiport match # kernel and iptables must have multiport match
# support. # support and a maximum of 15 ports may be
# listed.
# #
# #
# Example 1: # Example 1:

2
Shorewall2/releasenotes.txt
View File

@ -171,7 +171,7 @@ New Features:
testing this change, I discovered a bug where a bogus warning testing this change, I discovered a bug where a bogus warning
message was being generated). message was being generated).
9) Shorewall now used 'modprobe' to load kernel modules if that utility 9) Shorewall now uses 'modprobe' to load kernel modules if that utility
is available in the PATH; otherwise, 'insmod' is used. is available in the PATH; otherwise, 'insmod' is used.
10) It is now possible to restrict entries in the /etc/shorewall/masq 10) It is now possible to restrict entries in the /etc/shorewall/masq