extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-14 19:54:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

'shared' providers -- Phase I

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7670 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-11-16 00:23:49 +00:00
parent e9d2f2f915
commit b58b15d018
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -24,6 +24,8 @@ Changes in 4.0.6
12) Add support for --random. 12) Add support for --random.
12) Add experimental support for multi-ISP through a single interface
Changes in 4.0.5 Changes in 4.0.5
1) Delete 'detectnets' from Shorewall-perl 1) Delete 'detectnets' from Shorewall-perl

8
Shorewall-common/lib.base
View File

@ -35,7 +35,7 @@
# #
SHOREWALL_LIBVERSION=40000 SHOREWALL_LIBVERSION=40000
SHOREWALL_CAPVERSION=40006 SHOREWALL_CAPVERSION=40007
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
@ -1007,6 +1007,7 @@ determine_capabilities() {
TCPMSS_MATCH= TCPMSS_MATCH=
HASHLIMIT_MATCH= HASHLIMIT_MATCH=
NFQUEUE_TARGET= NFQUEUE_TARGET=
REALM_MATCH=
qt $IPTABLES -N fooX1234 qt $IPTABLES -N fooX1234
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
@ -1086,7 +1087,8 @@ determine_capabilities() {
qt $IPTABLES -A fooX1234 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT && TCPMSS_MATCH=Yes qt $IPTABLES -A fooX1234 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT && TCPMSS_MATCH=Yes
qt $IPTABLES -A fooX1234 -m hashlimit --hashlimit 4 --hashlimit-burst 5 --hashlimit-name fooX1234 --hashlimit-mode dstip -j ACCEPT && HASHLIMIT_MATCH=Yes qt $IPTABLES -A fooX1234 -m hashlimit --hashlimit 4 --hashlimit-burst 5 --hashlimit-name fooX1234 --hashlimit-mode dstip -j ACCEPT && HASHLIMIT_MATCH=Yes
qt $IPTABLES -A fooX1234 -j NFQUEUE --queue-num 4 && NFQUEUE_TARGET=Yes qt $IPTABLES -A fooX1234 -j NFQUEUE --queue-num 4 && NFQUEUE_TARGET=Yes
qt $IPTABLES -A fooX1234 -m realm --realm 4 && REALM_MATCH=Yes
qt $IPTABLES -F fooX1234 qt $IPTABLES -F fooX1234
qt $IPTABLES -X fooX1234 qt $IPTABLES -X fooX1234
@ -1137,6 +1139,7 @@ report_capabilities() {
report_capability "TCPMSS Match" $TCPMSS_MATCH report_capability "TCPMSS Match" $TCPMSS_MATCH
report_capability "Hashlimit Match" $HASHLIMIT_MATCH report_capability "Hashlimit Match" $HASHLIMIT_MATCH
report_capability "NFQUEUE Target" $NFQUEUE_TARGET report_capability "NFQUEUE Target" $NFQUEUE_TARGET
report_capability "Realm Match" $REALM_MATCH
fi fi
[ -n "$PKTTYPE" ] || USEPKTTYPE= [ -n "$PKTTYPE" ] || USEPKTTYPE=
@ -1183,6 +1186,7 @@ report_capabilities1() {
report_capability1 TCPMSS_MATCH report_capability1 TCPMSS_MATCH
report_capability1 HASHLIMIT_MATCH report_capability1 HASHLIMIT_MATCH
report_capability1 NFQUEUE_TARGET report_capability1 NFQUEUE_TARGET
report_capability1 REALM_MATCH
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
} }