extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for IPP2P -- fix 'shorewall flush' and multi-ISP

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-05 16:45:50 +00:00
parent c6d76edc6d
commit a66d94d609
2 changed files with 23 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
Shorewall/firewall
View File

@ -1261,13 +1261,7 @@ setup_providers()
add_a_provider() { add_a_provider() {
local t n iface option local t n iface option
case $MARKING_CHAIN in [ -z "$TC_ENABLED" ] && fatal_error "Providers require TC_ENABLED=Yes in shorewall.conf"
tcfor)
;;
*)
fatal_error "MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
;;
esac
for t in $PROVIDERS; do for t in $PROVIDERS; do
if [ "$t" = "$table" ]; then if [ "$t" = "$table" ]; then
@ -3146,24 +3140,18 @@ process_tc_rule()
do_ipp2p() do_ipp2p()
{ {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
case $proto in case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP) *:*)
[ "x$port" = "x-" ] && port="ipp2p" proto=${proto#*:}
r="${r}-p tcp -m ipp2p --${port} "
;;
ipp2p:udp|IPP2P:UDP)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p udp -m ipp2p --${port} "
;;
ipp2p:all|IPP2P:ALL)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-m ipp2p --${port} "
;; ;;
*) *)
fatal_error "Invalid IPP2P Protocol ${proto#*:}. Rule: \"$rule\"" proto=tcp
;; ;;
esac esac
r="${r}-p $proto -m ipp2p --${port} "
} }
add_a_tc_rule() { add_a_tc_rule() {
@ -3552,22 +3540,15 @@ process_accounting_rule() {
do_ipp2p() { do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support" [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
case $proto in case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP) *:*)
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}" proto=${proto#*:}
port=
;;
ipp2p:udp|IPP2P:UDP)
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p:all|IPP2P:ALL)
rule="$rule -m ipp2p --${port:-ipp2p}"
port=
;; ;;
*) *)
fatal_error "Invalid IPP2P Protocol ${proto#*:}" proto=tcp
;; ;;
esac esac
rule="$rule -p $proto -m ipp2p --${port:-ipp2p}"
} }
case $source in case $source in
@ -3863,8 +3844,8 @@ refresh_tc() {
# #
# Flush the TC mangle chains # Flush the TC mangle chains
# #
run_iptables -t mangle -F $chain run_iptables -t mangle -F tcfor
[ -n "$MARK_IN_FORWARD_CHAIN" ] && run_iptables -t mangle -F tcpre run_iptables -t mangle -F tcpre
run_iptables -t mangle -F tcout run_iptables -t mangle -F tcout
run_iptables -t mangle -F tcpost run_iptables -t mangle -F tcpost
# #
@ -3959,29 +3940,22 @@ add_an_action()
do_ipp2p() { do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}" dports="-m ipp2p --${port:-ipp2p}"
port=
case $proto in
ipp2p|IPP2P)
proto=tcp proto=tcp
port=
do_ports do_ports
;; ;;
ipp2p:udpIPP2P:UDP) ipp2p:udpIPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp proto=udp
port=
do_ports do_ports
;; ;;
ipp2p:all|IPP2P:ALL) ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all proto=all
;; ;;
*)
fatal_error "Invalid IPP2P protocol ${proto#*:}. Rule: \"$rule\""
;;
esac esac
} }
@ -5300,23 +5274,20 @@ process_rule() # $1 = target
do_ipp2p() { do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
case $proto in case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP) ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}"
port= port=
proto=tcp proto=tcp
do_ports do_ports
;; ;;
ipp2p:udp|IPP2P:UDP) ipp2p:udp|IPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port= port=
proto=udp proto=udp
do_ports do_ports
;; ;;
ipp2p:all|IPP2P:ALL) ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port= port=
proto=all proto=all
;; ;;

4
Shorewall/shorewall.conf
View File

@ -400,7 +400,7 @@ RETAIN_ALIASES=No
# If you say "No" or "no" then traffic shaping is not enabled. # If you say "No" or "no" then traffic shaping is not enabled.
# #
TC_ENABLED=No TC_ENABLED=Yes
# #
# Clear Traffic Shapping/Control # Clear Traffic Shapping/Control
@ -417,7 +417,7 @@ TC_ENABLED=No
# If omitted, CLEAR_TC=Yes is assumed. # If omitted, CLEAR_TC=Yes is assumed.
# #
CLEAR_TC=Yes CLEAR_TC=No
# #
# Mark Packets in the forward chain # Mark Packets in the forward chain