extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-08 14:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix tcp openvpn support

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2901 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-18 15:20:12 +00:00
parent 8db869aab4
commit b20a7b3067
4 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 3.0.0 RC 2.
1) Fix support for OpenVPN and tcp.
Changes in 3.0.0 RC 1. Changes in 3.0.0 RC 1.
1) Correct spelling of MACLIST_TABLE in shorewall.conf. 1) Correct spelling of MACLIST_TABLE in shorewall.conf.

15
Shorewall/firewall
View File

@ -2362,9 +2362,12 @@ setup_tunnels() # $1 = name of tunnels file
protocol=${protocol#*:} protocol=${protocol#*:}
p=${2##*:} p=${2##*:}
;; ;;
*:*) *:[0:9]*)
p=${2#*:} p=${2#*:}
;; ;;
*:*)
protocol=${2#*:}
;;
esac esac
addrule2 $inchain -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT addrule2 $inchain -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
@ -2384,9 +2387,12 @@ setup_tunnels() # $1 = name of tunnels file
protocol=${protocol#*:} protocol=${protocol#*:}
p=${2##*:} p=${2##*:}
;; ;;
*:*) *:[0:9]*)
p=${2#*:} p=${2#*:}
;; ;;
*:*)
protocol=${2#*:}
;;
esac esac
addrule2 $inchain -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT addrule2 $inchain -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
@ -2406,9 +2412,12 @@ setup_tunnels() # $1 = name of tunnels file
protocol=${protocol#*:} protocol=${protocol#*:}
p=${2##*:} p=${2##*:}
;; ;;
*:*) *:[0:9]*)
p=${2#*:} p=${2#*:}
;; ;;
*:*)
protocol=${2#*:}
;;
esac esac
addrule2 $inchain -p $protocol $(source_ip_range $1) --sport $p -j ACCEPT addrule2 $inchain -p $protocol $(source_ip_range $1) --sport $p -j ACCEPT

9
Shorewall/releasenotes.txt
View File

@ -1,9 +1,10 @@
Shorewall 3.0.0 RC 1. Shorewall 3.0.0 RC 2.
Problems Corrected in 3.0.0 RC 1: Problems Corrected in 3.0.0 RC 2:
1) The MACLIST_TABLE option was incorrectly included in shorewall.conf 1) Support for OpenVPN tunnels was released in Shorewall 2.2.0 but the
as MAC_TABLE. implementation was incomplete. It has now been completed and is
documented in the /etc/shorewall/tunnels file.
Migration Considerations: Migration Considerations:

9
Shorewall/tunnels
View File

@ -21,10 +21,17 @@
# Header protocol (51) is not used by the tunnel. # Header protocol (51) is not used by the tunnel.
# #
# If type is "openvpn", "openvpnclient" or # If type is "openvpn", "openvpnclient" or
# "openvpnserver" it may optionally be followed by ":"
# and "tcp" or "udp" to specify the protocol to be
# used. If not specified, "udp" is assumed.
#
# If type is "openvpn", "openvpnclient" or
# "openvpnserver" it may optionally be followed # "openvpnserver" it may optionally be followed
# by ":" and the port number used by the tunnel. if no # by ":" and the port number used by the tunnel. if no
# ":" and port number are included, then the default port # ":" and port number are included, then the default port
# of 1194 will be used # of 1194 will be used. . Where both the protocol and port
# are specified, the protocol must be given first (e.g.,
# openvpn:tcp:4444).
# #
# If type is "generic", it must be followed by ":" and # If type is "generic", it must be followed by ":" and
# a protocol name (from /etc/protocols) or a protocol # a protocol name (from /etc/protocols) or a protocol