diff --git a/Shorewall/ecn b/Shorewall/ecn index 1e96339b4..27c6e3005 100644 --- a/Shorewall/ecn +++ b/Shorewall/ecn @@ -4,7 +4,7 @@ # Use this file to list the destinations for which you want to # disable ECN. # -# This feature requires kernel 2.4.20 or later. If you run 2.4.20, +# This feature requires kernel 2.4.20 or later. If you run 2.4.20, # you also need the patch found at http://www.shorewall.net/ecn/patch. # That patch is included in kernels 2.4.21 and later. # diff --git a/Shorewall/firewall b/Shorewall/firewall index afd42be35..20ccda717 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1456,7 +1456,7 @@ setup_ecn() # $1 = file name while read interface host; do expandv interface host list_search $interface $all_interfaces || \ - startup_error "Unknown interface $interface" + startup_error "Unknown interface $interface" list_search $interface $interfaces || \ interfaces="$interfaces $interface" [ "x$host" = "x-" ] && host= @@ -1467,7 +1467,7 @@ setup_ecn() # $1 = file name if [ -n "$interfaces" ]; then echo "Setting up ECN control on${interfaces}..." - + for interface in $interfaces; do chain=`ecn_chain $interface` if mangle_chain_exists $chain; then @@ -1478,7 +1478,7 @@ setup_ecn() # $1 = file name run_iptables -t mangle -A OUTPUT -p tcp -o $interface -j $chain fi done - + for host in $hosts; do interface=${host%:*} h=${host#*:} @@ -1640,44 +1640,44 @@ check_config() { } disclaimer - + echo "Verifying Configuration..." verify_os_version - + load_kernel_modules - + echo "Determining Zones..." - + determine_zones - + [ -z "$zones" ] && startup_error "ERROR: No Zones Defined" - + display_list "Zones:" $zones - + echo "Validating interfaces file..." - + validate_interfaces_file - + echo "Validating hosts file..." - + validate_hosts_file - + echo "Determining Hosts in Zones..." determine_interfaces determine_hosts echo "Validating policy file..." - - validate_policy + + validate_policy echo "Validating rules file..." rules=`find_file rules` strip_file rules $rules process_rules - + rm -rf $TMP_DIR echo "Configuration Validated" @@ -2000,10 +2000,10 @@ add_a_rule() elif [ -n "$servport" -a "$servport" != "$port" ]; then add_nat_rule fi - + if [ -z "$dnat_only" -a $chain != ${FW}2${FW} ]; then serv="${serv:+-d $serv}" - + if [ -n "$loglevel" ]; then if [ "$loglevel" = ULOG ]; then run_iptables2 -A $chain $proto $multiport \ @@ -2016,7 +2016,7 @@ add_a_rule() --log-level $loglevel fi fi - + run_iptables2 -A $chain $proto $multiport $state $cli $sports \ $serv $dports -j $target @@ -3196,7 +3196,7 @@ initialize_netfilter () { run_iptables -A $chain -p udp --dport 53 -j ACCEPT run_iptables -A $chain -m state --state INVALID -j DROP done - + [ -n "$CLAMPMSS" ] && \ run_iptables -A FORWARD -p tcp \ --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu @@ -3670,7 +3670,7 @@ activate_rules() frwd_chain=${zone}_frwd createchain $frwd_chain No fi - + echo "$FW $zone $chain1" >> ${STATEDIR}/chains echo "$zone $FW $chain2" >> ${STATEDIR}/chains @@ -3697,7 +3697,7 @@ activate_rules() eval policy=\$${zone}2${zone1}_policy [ "$policy" = NONE ] && continue - + eval dest_hosts=\$${zone1}_hosts chain="`rules_chain $zone $zone1`" @@ -3811,7 +3811,7 @@ define_firewall() # $1 = Command (Start or Restart) ecn=`find_file ecn` - [ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn + [ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn [ -n "$TC_ENABLED" ] && setup_tc @@ -3866,7 +3866,7 @@ refresh_firewall() ecn=`find_file ecn` - [ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn + [ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn # # Refresh Traffic Control # @@ -4563,7 +4563,7 @@ case "$command" in do_initialize check_config ;; - + add) [ $# -ne 3 ] && usage do_initialize diff --git a/Shorewall/policy b/Shorewall/policy index e33ebfe7c..3f82de9c7 100644 --- a/Shorewall/policy +++ b/Shorewall/policy @@ -39,8 +39,8 @@ # any infrastructure to handle such # packets and you may not have any rules # with this SOURCE and DEST in the -# /etc/shorewall/rules file. If such a -# packet _is_ received, the result is +# /etc/shorewall/rules file. If such a +# packet _is_ received, the result is # undefined. # # LOG LEVEL If supplied, each connection handled under the default diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 36bdf5c30..523dd7323 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -6,6 +6,6 @@ a) Where an entry in the/etc/shorewall/hosts file specifies a particular host or network, Shorewall now creates an intermediate chain for handling input from the related zone. This can substantially reduce the number of rules traversed by connections - requests from such zones. + requests from such zones.