mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-03 00:15:54 +02:00
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
This commit is contained in:
Tuomo Soini
commit
a27a39af0b
@ -623,9 +623,12 @@ our %ipset_exists;
|
|||||||
# Omitted, if target is ''.
|
# Omitted, if target is ''.
|
||||||
# target => Rule target, if jump is 'j' or 'g'.
|
# target => Rule target, if jump is 'j' or 'g'.
|
||||||
# targetopts => Target options. Only included if non-empty
|
# targetopts => Target options. Only included if non-empty
|
||||||
|
# matches => List of matches in the rule
|
||||||
# <option> => iptables/ip6tables -A options (e.g., i => eth0)
|
# <option> => iptables/ip6tables -A options (e.g., i => eth0)
|
||||||
# <match> => iptables match. Value may be a scalar or array.
|
# <match> => iptables match. Value may be a scalar or array.
|
||||||
# if an array, multiple "-m <match>"s will be generated
|
# if an array, multiple "-m <match>"s will be generated
|
||||||
|
# <origin> => configuration file and line number that generated the rule
|
||||||
|
# May be empty.
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
# The following constants and hash are used to classify keys in a rule hash
|
# The following constants and hash are used to classify keys in a rule hash
|
||||||
@ -1251,6 +1254,8 @@ sub set_irule_comment( $$ ) {
|
|||||||
|
|
||||||
our $rule_comments;
|
our $rule_comments;
|
||||||
|
|
||||||
|
$ruleref->{origin} ||= $chainref->{origin};
|
||||||
|
|
||||||
if ( $rule_comments ) {
|
if ( $rule_comments ) {
|
||||||
$ruleref->{comment} = $ruleref->{origin} || $comment;
|
$ruleref->{comment} = $ruleref->{origin} || $comment;
|
||||||
} else {
|
} else {
|
||||||
@ -6347,7 +6352,7 @@ sub log_rule_limit( $$$$$$$$;$ ) {
|
|||||||
$ruleref = insert_rule1 ( $chainref , 0 , $matches . $prefix );
|
$ruleref = insert_rule1 ( $chainref , 0 , $matches . $prefix );
|
||||||
}
|
}
|
||||||
|
|
||||||
$ruleref->{origin} = $origin if $origin;
|
$ruleref->{origin} = $origin if reftype( $ruleref ) && $origin;
|
||||||
|
|
||||||
$ruleref;
|
$ruleref;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1028,7 +1028,7 @@ sub finish_chain_section ($$$) {
|
|||||||
|
|
||||||
for ( qw( ESTABLISHED RELATED INVALID UNTRACKED ) ) {
|
for ( qw( ESTABLISHED RELATED INVALID UNTRACKED ) ) {
|
||||||
if ( $state{$_} ) {
|
if ( $state{$_} ) {
|
||||||
my ( $char, $level, $tag, $target ) = @{$statetable{$_}};
|
my ( $char, $level, $tag, $target , $origin, $level_origin ) = @{$statetable{$_}};
|
||||||
my $twochains = substr( $chainref->{name}, 0, 1 ) eq $char;
|
my $twochains = substr( $chainref->{name}, 0, 1 ) eq $char;
|
||||||
|
|
||||||
if ( $twochains || $level || $target ne 'ACCEPT' ) {
|
if ( $twochains || $level || $target ne 'ACCEPT' ) {
|
||||||
@ -1048,17 +1048,18 @@ sub finish_chain_section ($$$) {
|
|||||||
$globals{LOGLIMIT},
|
$globals{LOGLIMIT},
|
||||||
$tag ,
|
$tag ,
|
||||||
'add' ,
|
'add' ,
|
||||||
'');
|
'',
|
||||||
|
$level_origin );
|
||||||
|
|
||||||
$target = ensure_audit_chain( $target ) if ( $targets{$target} || 0 ) & AUDIT;
|
$target = ensure_audit_chain( $target ) if ( $targets{$target} || 0 ) & AUDIT;
|
||||||
|
|
||||||
add_ijump( $chain2ref, g => $target ) if $target;
|
add_ijump_extended( $chain2ref, g => $target , $origin ) if $target;
|
||||||
|
|
||||||
$target = $chain2ref->{name} unless $twochains;
|
$target = $chain2ref->{name} unless $twochains;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $twochains ) {
|
if ( $twochains ) {
|
||||||
add_ijump $chainref, g => $target if $target;
|
add_ijump_extended $chainref, g => $target , $origin if $target;
|
||||||
delete $state{$_};
|
delete $state{$_};
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
@ -1073,7 +1074,7 @@ sub finish_chain_section ($$$) {
|
|||||||
delete $state{ESTABLISHED};
|
delete $state{ESTABLISHED};
|
||||||
}
|
}
|
||||||
|
|
||||||
add_ijump( $chainref, j => $target, state_imatch $_ );
|
add_ijump_extended( $chainref, j => $target, $origin, state_imatch $_ );
|
||||||
}
|
}
|
||||||
|
|
||||||
delete $state{$_};
|
delete $state{$_};
|
||||||
@ -3454,9 +3455,9 @@ sub process_rules() {
|
|||||||
# Populate the state table
|
# Populate the state table
|
||||||
#
|
#
|
||||||
%statetable = ( ESTABLISHED => [ '^', '', '', 'ACCEPT' ] ,
|
%statetable = ( ESTABLISHED => [ '^', '', '', 'ACCEPT' ] ,
|
||||||
RELATED => [ '+', $config{RELATED_LOG_LEVEL}, $globals{RELATED_LOG_TAG}, $globals{RELATED_TARGET} ] ,
|
RELATED => [ '+', $config{RELATED_LOG_LEVEL}, $globals{RELATED_LOG_TAG}, $globals{RELATED_TARGET} , $origin{RELATED_DISPOSITION} , $origin{RELATED_LOG_LEVEL} ] ,
|
||||||
INVALID => [ '_', $config{INVALID_LOG_LEVEL}, $globals{INVALID_LOG_TAG}, $globals{INVALID_TARGET} ] ,
|
INVALID => [ '_', $config{INVALID_LOG_LEVEL}, $globals{INVALID_LOG_TAG}, $globals{INVALID_TARGET} , $origin{INVALID_DISPOSITION} , $origin{INVALID_LOG_LEVEL} ] ,
|
||||||
UNTRACKED => [ '&', $config{UNTRACKED_LOG_LEVEL}, $globals{UNTRACKED_LOG_TAG}, $globals{UNTRACKED_TARGET} ] ,
|
UNTRACKED => [ '&', $config{UNTRACKED_LOG_LEVEL}, $globals{UNTRACKED_LOG_TAG}, $globals{UNTRACKED_TARGET} , $origin{UNTRACKED_DISPOSITION} , $origin{UNTRACKED_LOG_LEVEL} ] ,
|
||||||
);
|
);
|
||||||
%section_states = ( BLACKLIST_SECTION , $globals{BLACKLIST_STATES},
|
%section_states = ( BLACKLIST_SECTION , $globals{BLACKLIST_STATES},
|
||||||
ESTABLISHED_SECTION, 'ESTABLISHED',
|
ESTABLISHED_SECTION, 'ESTABLISHED',
|
||||||
|
|||||||
10
docs/FAQ.xml
10
docs/FAQ.xml
@ -20,7 +20,7 @@
|
|||||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2014</year>
|
<year>2001-2016</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
</copyright>
|
</copyright>
|
||||||
@ -62,7 +62,9 @@
|
|||||||
Shorewall 4.4.0 or later, you must install the <emphasis
|
Shorewall 4.4.0 or later, you must install the <emphasis
|
||||||
role="bold">shorewall</emphasis> package. If you want to configure an
|
role="bold">shorewall</emphasis> package. If you want to configure an
|
||||||
IPv6 firewall, you must also install <emphasis
|
IPv6 firewall, you must also install <emphasis
|
||||||
role="bold">shorewall6</emphasis>.</para>
|
role="bold">shorewall6</emphasis>. Beginning with Shorewall 4.5, you
|
||||||
|
must first install the <emphasis role="bold">shorewall-core</emphasis>
|
||||||
|
package.</para>
|
||||||
|
|
||||||
<section id="faq92a">
|
<section id="faq92a">
|
||||||
<title>(FAQ 92a) Someone once told me to install shorewall-perl;
|
<title>(FAQ 92a) Someone once told me to install shorewall-perl;
|
||||||
@ -123,7 +125,9 @@
|
|||||||
<firstterm>shorewall-shell</firstterm> package was discontinued. The
|
<firstterm>shorewall-shell</firstterm> package was discontinued. The
|
||||||
<firstterm>shorewall-common</firstterm> and
|
<firstterm>shorewall-common</firstterm> and
|
||||||
<firstterm>shorewall-perl</firstterm> packages were combined to form a
|
<firstterm>shorewall-perl</firstterm> packages were combined to form a
|
||||||
single <firstterm>shorewall</firstterm> package.</para>
|
single <firstterm>shorewall</firstterm> package. In Shorewall 4.5, the
|
||||||
|
<firstterm>shorewall-core</firstterm> package was added and all of the
|
||||||
|
other packages depend on shorewall-core.</para>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|||||||
@ -35,6 +35,8 @@
|
|||||||
|
|
||||||
<year>2013</year>
|
<year>2013</year>
|
||||||
|
|
||||||
|
<year>2015</year>
|
||||||
|
|
||||||
<holder>Thomas M. Eastep</holder>
|
<holder>Thomas M. Eastep</holder>
|
||||||
|
|
||||||
<holder/>
|
<holder/>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user