extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 07:36:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rework ip_forward handling; update release file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-11-27 18:24:57 +00:00
parent 64bd2c9035
commit a3eaa7f9af
3 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -3,3 +3,7 @@ Changes since 1.4.8
1) Replace "Static NAT" with "One-to-one NAT". 1) Replace "Static NAT" with "One-to-one NAT".
2) Change SMB common rules to DROP. 2) Change SMB common rules to DROP.
3) Change wording in release notes.
4) Move ip_forward handling to a function.

41
Shorewall/firewall
View File

@ -1027,6 +1027,22 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo
log_rule_limit $level $chain $disposition "$LOGLIMIT" $@ log_rule_limit $level $chain $disposition "$LOGLIMIT" $@
} }
#
# Set /proc/sys/net/ipv4/ip_forward based on $IP_FORWARDING
#
setup_forwarding() {
case "$IP_FORWARDING" in
[Oo][Nn])
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "IP Forwarding Enabled"
;;
[Oo][Ff][Ff])
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "IP Forwarding Disabled!"
;;
esac
}
# #
# Stop the Firewall # Stop the Firewall
# #
@ -1118,14 +1134,7 @@ stop_firewall() {
iptables -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT iptables -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT
done done
case "$IP_FORWARDING" in setup_forwarding
[Oo][Nn])
echo 1 > /proc/sys/net/ipv4/ip_forward
;;
[Oo][Ff][Ff])
echo 0 > /proc/sys/net/ipv4/ip_forward
;;
esac
run_user_exit stopped run_user_exit stopped
@ -4235,19 +4244,8 @@ add_common_rules() {
[ -n "$ROUTE_FILTER" ] && echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter [ -n "$ROUTE_FILTER" ] && echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
run_ip route flush cache run_ip route flush cache
fi fi
#
# IP Forwarding setup_forwarding
#
case "$IP_FORWARDING" in
[Oo][Nn])
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "IP Forwarding Enabled"
;;
[Oo][Ff][Ff])
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "IP Forwarding Disabled!"
;;
esac
} }
# #
@ -4473,6 +4471,7 @@ activate_rules()
run_iptables -D $chain -m state --state ESTABLISHED,RELATED -j ACCEPT run_iptables -D $chain -m state --state ESTABLISHED,RELATED -j ACCEPT
run_iptables -D $chain -p udp --dport 53 -j ACCEPT run_iptables -D $chain -p udp --dport 53 -j ACCEPT
done done
} }
# #

12
Shorewall/releasenotes.txt
View File

@ -2,10 +2,10 @@ This is a minor release of Shorewall.
Problems Corrected since version 1.4.8: Problems Corrected since version 1.4.8:
1) There has been a low level of confusion over the terms "Source NAT" (SNAT) 1) There has been a low continuing level of confusion over the terms
and "Static NAT". To avoid future confusion, all instances of "Static "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
NAT" have been replaced with "One-to-one NAT" in the documentation and instances of "Static NAT" have been replaced with "One-to-one NAT"
configuration files. in the documentation and configuration files.
Migration Issues: Migration Issues:
@ -14,9 +14,9 @@ None.
New Features: New Features:
1) To cut down on the number of "Why are these ports closed rather than 1) To cut down on the number of "Why are these ports closed rather than
sealthed?" questions, the SMB-related rules in stealthed?" questions, the SMB-related rules in
/etc/shorewall/common.def have been changed from 'reject' to 'DROP'. /etc/shorewall/common.def have been changed from 'reject' to 'DROP'.