Rework ip_forward handling; update release file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-15 10:51:02 +01:00 · 2003-11-27 18:24:57 +00:00 · 2003-11-27 18:24:57 +00:00 · a3eaa7f9af
commit a3eaa7f9af
parent 64bd2c9035
3 changed files with 30 additions and 27 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -3,3 +3,7 @@ Changes since 1.4.8
 1) Replace "Static NAT" with "One-to-one NAT".

 2) Change SMB common rules to DROP.
+
+3) Change wording in release notes.
+
+4) Move ip_forward handling to a function.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1027,6 +1027,22 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo
    log_rule_limit $level $chain $disposition "$LOGLIMIT" $@
 }

+#
+# Set /proc/sys/net/ipv4/ip_forward based on $IP_FORWARDING
+#
+setup_forwarding() {
+    case "$IP_FORWARDING" in
+    [Oo][Nn])
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	echo "IP Forwarding Enabled"
+	;;
+    [Oo][Ff][Ff])
+	echo 0 > /proc/sys/net/ipv4/ip_forward
+	echo "IP Forwarding Disabled!"
+	;;
+    esac
+}
+
 #
 # Stop the Firewall
 #
@ -1118,14 +1134,7 @@ stop_firewall() {
 	    iptables -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT
    done

-    case "$IP_FORWARDING" in
-    [Oo][Nn])
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	;;
-    [Oo][Ff][Ff])
-	echo 0 > /proc/sys/net/ipv4/ip_forward
-	;;
-    esac
+    setup_forwarding

    run_user_exit stopped

@ -4235,19 +4244,8 @@ add_common_rules() {
 	[ -n "$ROUTE_FILTER" ] && echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
 	run_ip route flush cache
    fi
-    #
-    # IP Forwarding
-    #
-    case "$IP_FORWARDING" in
-    [Oo][Nn])
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	echo "IP Forwarding Enabled"
-	;;
-    [Oo][Ff][Ff])
-	echo 0 > /proc/sys/net/ipv4/ip_forward
-	echo "IP Forwarding Disabled!"
-	;;
-    esac
+
+    setup_forwarding
 }

 #
@ -4473,6 +4471,7 @@ activate_rules()
 	run_iptables -D $chain -m state --state ESTABLISHED,RELATED -j ACCEPT
 	run_iptables -D $chain -p udp --dport 53 -j ACCEPT
    done
+
 }

 #
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -2,10 +2,10 @@ This is a minor release of Shorewall.

 Problems Corrected since version 1.4.8:

-1) There has been a low level of confusion over the terms "Source NAT" (SNAT)
-   and "Static NAT". To avoid future confusion, all instances of "Static
-   NAT" have been replaced with "One-to-one NAT" in the documentation and
-   configuration files.
+1) There has been a low continuing level of confusion over the terms
+   "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
+   instances of "Static NAT" have been replaced with "One-to-one NAT"
+   in the documentation and configuration files.

 Migration Issues:

@ -14,9 +14,9 @@ None.
 New Features:

 1) To cut down on the number of "Why are these ports closed rather than
-   sealthed?" questions, the SMB-related rules in
+   stealthed?" questions, the SMB-related rules in
   /etc/shorewall/common.def have been changed from 'reject' to 'DROP'.
- 
+