extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 12:13:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Derive IP6TABLES from IPTABLES

Browse Source
This commit is contained in:
Tom Eastep 2009-07-09 10:29:56 -07:00
parent 047a5caffd
commit bdd124b504
3 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2040,14 +2040,36 @@ sub mysplit( $ ) {
# #
sub set_chain_variables() { sub set_chain_variables() {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
if ( $config{IPTABLES} ) { my $checkname = 0;
emit( qq(IPTABLES="$config{IPTABLES}"), my $iptables = $config{IPTABLES};
if ( $iptables ) {
emit( qq(IPTABLES="$iptables"),
'[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"', '[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"',
); );
$checkname = 1 unless $iptables =~ '/';
} else { } else {
emit( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables) # /sbin/shorewall exports IPTABLES', emit( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables) # /sbin/shorewall exports IPTABLES',
'[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"' '[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"'
); );
$checkname = 1;
}
if ( $checkname ) {
emit ( '',
'case $IPTABLES in',
' */*)',
' ;;',
' *)',
' IPTABLES=./$IPTABLES',
' ;;',
'esac',
'',
'IP6TABLES=${IPTABLES%/*}/ip6tables'
);
} else {
$iptables =~ s|/[^/]*$|/ip6tables|;
emit ( "IP6TABLES=$iptables" );
} }
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore', emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',

16
Shorewall/Perl/prog.header
View File

@ -861,14 +861,14 @@ disable_ipv6() {
foo="$($IP -f inet6 addr list 2> /dev/null)" foo="$($IP -f inet6 addr list 2> /dev/null)"
if [ -n "$foo" ]; then if [ -n "$foo" ]; then
if qt mywhich ip6tables; then if [ -x "$IP6TABLES" ]; then
ip6tables -P FORWARD DROP $IP6TABLES -P FORWARD DROP
ip6tables -P INPUT DROP $IP6TABLES -P INPUT DROP
ip6tables -P OUTPUT DROP $IP6TABLES -P OUTPUT DROP
ip6tables -F $IP6TABLES -F
ip6tables -X $IP6TABLES -X
ip6tables -A OUTPUT -o lo -j ACCEPT $IP6TABLES -A OUTPUT -o lo -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT $IP6TABLES -A INPUT -i lo -j ACCEPT
else else
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables" error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
fi fi

10
Shorewall/releasenotes.txt
View File

@ -154,6 +154,16 @@ None.
macro.RIPbi macro.RIPbi
macro.mDNS macro.mDNS
2) The default value of DISABLE_IPV6 has been changed from 'Yes' to
'No' in all sample shorewall.conf files. Shorewall6 should be
installed to restrict IPv6 traffic.
As part of this change, the ip6tables program in the directory
specified by the IPTABLES setting will be used to disable IPv6. If
the iptables utility is discovered using the PATH setting, then
ip6tables in the same directory as the discovered iptables will be
used.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 4 N E W F E A T U R E S IN 4 . 4
---------------------------------------------------------------------------- ----------------------------------------------------------------------------