mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 02:08:48 +02:00
Verify interface names; pretty up restore file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e12cb03fca
commit
c1fdc0fc88
@ -11,3 +11,5 @@ Changes since 2.0.2
|
|||||||
|
|
||||||
5) Backport bug fixes from stable (/var/lib/shorewall existence and
|
5) Backport bug fixes from stable (/var/lib/shorewall existence and
|
||||||
null common action).
|
null common action).
|
||||||
|
|
||||||
|
6) Add lots of overhead to [re]start in order to catch typing errors.
|
||||||
|
@ -103,6 +103,17 @@ save_command()
|
|||||||
echo "$@" >> /var/lib/shorewall/restore-$$
|
echo "$@" >> /var/lib/shorewall/restore-$$
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Write a progress_message command to /var/lib/shorewall/restore-$$
|
||||||
|
#
|
||||||
|
save_progress_message()
|
||||||
|
{
|
||||||
|
|
||||||
|
echo >> /var/lib/shorewall/restore-$$
|
||||||
|
echo "progress_message \"$@\"" >> /var/lib/shorewall/restore-$$
|
||||||
|
echo >> /var/lib/shorewall/restore-$$
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Save the passed command in the restore script then run it -- returns the status of the command
|
# Save the passed command in the restore script then run it -- returns the status of the command
|
||||||
# If the command involves file redirection then it must be enclosed in quotes as in:
|
# If the command involves file redirection then it must be enclosed in quotes as in:
|
||||||
@ -128,9 +139,10 @@ ensure_and_save_command()
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Append a file to /var/lib/shorewall/restore-$$
|
# Append a file in $STATEDIR to /var/lib/shorewall/restore-$$
|
||||||
#
|
#
|
||||||
append_file() {
|
append_file() # $1 = File Name
|
||||||
|
{
|
||||||
save_command "cat > $STATEDIR/$1 << __EOF__"
|
save_command "cat > $STATEDIR/$1 << __EOF__"
|
||||||
cat $STATEDIR/$1 >> /var/lib/shorewall/restore-$$
|
cat $STATEDIR/$1 >> /var/lib/shorewall/restore-$$
|
||||||
save_command __EOF__
|
save_command __EOF__
|
||||||
@ -571,7 +583,7 @@ known_interface() # $1 = interface name
|
|||||||
match_source_dev()
|
match_source_dev()
|
||||||
{
|
{
|
||||||
if [ -n "$BRIDGING" ]; then
|
if [ -n "$BRIDGING" ]; then
|
||||||
known_interface $1 && echo -i $1 || physdev_echo "--physdev-in $1"
|
list_search $1 $all_ports && physdev_echo "--physdev-in $1" || echo -i $1
|
||||||
else
|
else
|
||||||
echo -i $1
|
echo -i $1
|
||||||
fi
|
fi
|
||||||
@ -580,12 +592,17 @@ match_source_dev()
|
|||||||
match_dest_dev()
|
match_dest_dev()
|
||||||
{
|
{
|
||||||
if [ -n "$BRIDGING" ]; then
|
if [ -n "$BRIDGING" ]; then
|
||||||
known_interface $1 && echo -o $1 || physdev_echo "--physdev-out $1"
|
list_search $1 $all_ports && physdev_echo "--physdev-out $1" || echo -o $1
|
||||||
else
|
else
|
||||||
echo -o $1
|
echo -o $1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
verify_interface()
|
||||||
|
{
|
||||||
|
known_interface $1 || { [ -n $BRIDGING ] && list_search $1 $all_ports ; }
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Find hosts in a given zone
|
# Find hosts in a given zone
|
||||||
@ -793,6 +810,13 @@ validate_interfaces_file() {
|
|||||||
validate_hosts_file() {
|
validate_hosts_file() {
|
||||||
local z hosts options r interface host option port ports
|
local z hosts options r interface host option port ports
|
||||||
|
|
||||||
|
check_bridge_port()
|
||||||
|
{
|
||||||
|
list_search $1 $ports || ports="$ports $1"
|
||||||
|
list_search ${interface}:${1} $zports || zports="$zports ${interface}:${1}"
|
||||||
|
list_search $1 $all_ports || all_ports="$all_ports $1"
|
||||||
|
}
|
||||||
|
|
||||||
while read z hosts options; do
|
while read z hosts options; do
|
||||||
expandv z hosts options
|
expandv z hosts options
|
||||||
r="$z $hosts $options"
|
r="$z $hosts $options"
|
||||||
@ -815,17 +839,14 @@ validate_hosts_file() {
|
|||||||
*:*)
|
*:*)
|
||||||
known_interface ${host%:*} && \
|
known_interface ${host%:*} && \
|
||||||
startup_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
|
startup_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
|
||||||
port=${host%%:*}
|
check_bridge_port ${host%%:*}
|
||||||
list_search $port $ports || ports="$ports $port"
|
|
||||||
list_search ${interface}:${port} $zports || zports="$zports ${interface}:${port}"
|
|
||||||
;;
|
;;
|
||||||
*.*.*.*)
|
*.*.*.*)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
known_interface $host && \
|
known_interface $host && \
|
||||||
startup_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
|
startup_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
|
||||||
list_search $host $ports || ports="$ports $host"
|
check_bridge_port $host
|
||||||
list_search ${interface}:${host} $zports || zports="$zports ${interface}:${host}"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -850,6 +871,8 @@ validate_hosts_file() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
done < $TMP_DIR/hosts
|
done < $TMP_DIR/hosts
|
||||||
|
|
||||||
|
[ -n "$all_ports" ] && echo " Bridge ports are: $all_ports"
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1174,7 +1197,7 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo
|
|||||||
#
|
#
|
||||||
setup_forwarding() {
|
setup_forwarding() {
|
||||||
|
|
||||||
save_command "progress_message Restoring IP Forwarding..."
|
save_progress_message "Restoring IP Forwarding..."
|
||||||
|
|
||||||
case "$IP_FORWARDING" in
|
case "$IP_FORWARDING" in
|
||||||
[Oo][Nn])
|
[Oo][Nn])
|
||||||
@ -1196,7 +1219,7 @@ disable_ipv6() {
|
|||||||
|
|
||||||
if [ -n "$foo" ]; then
|
if [ -n "$foo" ]; then
|
||||||
if qt which ip6tables; then
|
if qt which ip6tables; then
|
||||||
save_command "progress_message Disabling IPV6..."
|
save_progress_message "Disabling IPV6..."
|
||||||
ip6tables -P FORWARD DROP && save_command ip6tables -P FORWARD DROP
|
ip6tables -P FORWARD DROP && save_command ip6tables -P FORWARD DROP
|
||||||
ip6tables -P INPUT DROP && save_command ip6tables -P INPUT DROP
|
ip6tables -P INPUT DROP && save_command ip6tables -P INPUT DROP
|
||||||
ip6tables -P OUTPUT DROP && save_command ip6tables -P OUTPUT DROP
|
ip6tables -P OUTPUT DROP && save_command ip6tables -P OUTPUT DROP
|
||||||
@ -1639,7 +1662,7 @@ setup_proxy_arp() {
|
|||||||
|
|
||||||
> ${STATEDIR}/proxyarp
|
> ${STATEDIR}/proxyarp
|
||||||
|
|
||||||
save_command "progress_message Restoring Proxy ARP..."
|
save_progress_message "Restoring Proxy ARP..."
|
||||||
|
|
||||||
while read address interface external haveroute persistent; do
|
while read address interface external haveroute persistent; do
|
||||||
expandv address interface external haveroute persistent
|
expandv address interface external haveroute persistent
|
||||||
@ -1841,7 +1864,7 @@ setup_nat() {
|
|||||||
#
|
#
|
||||||
> ${STATEDIR}/nat
|
> ${STATEDIR}/nat
|
||||||
|
|
||||||
save_command "progress_message Restoring one-to-one NAT..."
|
save_progress_message "Restoring one-to-one NAT..."
|
||||||
|
|
||||||
while read external interface internal allints localnat; do
|
while read external interface internal allints localnat; do
|
||||||
expandv external interface internal allints localnat
|
expandv external interface internal allints localnat
|
||||||
@ -1998,10 +2021,8 @@ process_tc_rule()
|
|||||||
chain=tcout
|
chain=tcout
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
if [ -z "$BRIDGING" ] && ! list_search $source $all_interfaces; then
|
|
||||||
fatal_error "Unknown interface $source in rule \"$rule\""
|
verify_interface $source || fatal_error "Unknown interface $source in rule \"$rule\""
|
||||||
fi
|
|
||||||
|
|
||||||
r="$(match_source_dev) $source "
|
r="$(match_source_dev) $source "
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -2026,7 +2047,11 @@ process_tc_rule()
|
|||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ "x$dest" = "x-" ] || r="${r}-d $dest "
|
if [ "x$dest" != "x-" ]; then
|
||||||
|
verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\""
|
||||||
|
r="${r}$(match_dest_dev $dest) "
|
||||||
|
fi
|
||||||
|
|
||||||
[ "$proto" = "all" ] || r="${r}-p $proto "
|
[ "$proto" = "all" ] || r="${r}-p $proto "
|
||||||
[ "x$port" = "x-" ] || r="${r}--dport $port "
|
[ "x$port" = "x-" ] || r="${r}--dport $port "
|
||||||
[ "x$sport" = "x-" ] || r="${r}--sport $sport "
|
[ "x$sport" = "x-" ] || r="${r}--sport $sport "
|
||||||
@ -2099,7 +2124,7 @@ setup_tc1() {
|
|||||||
|
|
||||||
run_user_exit tcstart
|
run_user_exit tcstart
|
||||||
|
|
||||||
save_command "progress_message Restoring Traffic Control..."
|
save_progress_message "Restoring Traffic Control..."
|
||||||
save_command . $(find_file tcstart)
|
save_command . $(find_file tcstart)
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -2123,6 +2148,8 @@ delete_tc()
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
save_progress_message "Clearing Traffic Control/QOS"
|
||||||
|
|
||||||
run_user_exit tcclear
|
run_user_exit tcclear
|
||||||
|
|
||||||
run_ip link list | \
|
run_ip link list | \
|
||||||
@ -2149,6 +2176,14 @@ process_accounting_rule() {
|
|||||||
error_message "Warning: Invalid Accounting rule" $action $chain $source $dest $proto $port $sport
|
error_message "Warning: Invalid Accounting rule" $action $chain $source $dest $proto $port $sport
|
||||||
}
|
}
|
||||||
|
|
||||||
|
accounting_interface_error() {
|
||||||
|
error_message "Warning: Unknown interface $1 in " $action $chain $source $dest $proto $port $sport
|
||||||
|
}
|
||||||
|
|
||||||
|
accounting_interface_verify() {
|
||||||
|
verify_interface $1 || accounting_interface_error $1
|
||||||
|
}
|
||||||
|
|
||||||
jump_to_chain() {
|
jump_to_chain() {
|
||||||
if ! havechain $jumpchain; then
|
if ! havechain $jumpchain; then
|
||||||
if ! createchain2 $jumpchain No; then
|
if ! createchain2 $jumpchain No; then
|
||||||
@ -2162,6 +2197,7 @@ process_accounting_rule() {
|
|||||||
|
|
||||||
case $source in
|
case $source in
|
||||||
*:*)
|
*:*)
|
||||||
|
accounting_interface_verify ${source%:*}
|
||||||
rule="-s ${source#*:} $(match_source_dev ${source%:*})"
|
rule="-s ${source#*:} $(match_source_dev ${source%:*})"
|
||||||
;;
|
;;
|
||||||
*.*.*.*)
|
*.*.*.*)
|
||||||
@ -2170,12 +2206,16 @@ process_accounting_rule() {
|
|||||||
-|all|any)
|
-|all|any)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$source" ] && rule="$(match_source_dev $source)"
|
if [ -n "$source" ]; then
|
||||||
|
accounting_interface_verify $source
|
||||||
|
rule="$(match_source_dev $source)"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
[ -n "$dest" ] && case $dest in
|
[ -n "$dest" ] && case $dest in
|
||||||
*:*)
|
*:*)
|
||||||
|
accounting_interface_verify ${dest%:*}
|
||||||
rule="$rule -d ${dest#*:} $(match_dest_dev ${dest%:*})"
|
rule="$rule -d ${dest#*:} $(match_dest_dev ${dest%:*})"
|
||||||
;;
|
;;
|
||||||
*.*.*.*)
|
*.*.*.*)
|
||||||
@ -2184,6 +2224,7 @@ process_accounting_rule() {
|
|||||||
-|all|any)
|
-|all|any)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
accounting_interface_verify $dest
|
||||||
rule="$rule $(match_dest_dev $dest)"
|
rule="$rule $(match_dest_dev $dest)"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -2416,6 +2457,16 @@ add_an_action()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface_error()
|
||||||
|
{
|
||||||
|
fatal_error "Unknown interface $1 in rule: \"$rule\""
|
||||||
|
}
|
||||||
|
|
||||||
|
action_interface_verify()
|
||||||
|
{
|
||||||
|
verify_interface $1 || interface_error $1
|
||||||
|
}
|
||||||
|
|
||||||
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
||||||
|
|
||||||
cli=
|
cli=
|
||||||
@ -2424,6 +2475,7 @@ add_an_action()
|
|||||||
-)
|
-)
|
||||||
;;
|
;;
|
||||||
*:*)
|
*:*)
|
||||||
|
action_interface_verify ${client%:*}
|
||||||
cli="$(match_source_dev ${client%:*}) -s ${client#*:}"
|
cli="$(match_source_dev ${client%:*}) -s ${client#*:}"
|
||||||
;;
|
;;
|
||||||
*.*.*)
|
*.*.*)
|
||||||
@ -2433,7 +2485,10 @@ add_an_action()
|
|||||||
cli=$(mac_match $client)
|
cli=$(mac_match $client)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$client" ] && cli="$(match_source_dev $client)"
|
if [ -n "$client" ]; then
|
||||||
|
action_interface_verify $client
|
||||||
|
cli="$(match_source_dev $client)"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -2452,7 +2507,10 @@ add_an_action()
|
|||||||
fatal_error "Rule \"$rule\" - Destination may not be specified by MAC Address"
|
fatal_error "Rule \"$rule\" - Destination may not be specified by MAC Address"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$server" ] && dest_interface="$(match_dest_dev $server)"
|
if [ -n "$server" ]; then
|
||||||
|
action_interface_verify $server
|
||||||
|
dest_interface="$(match_dest_dev $server)"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -3096,6 +3154,16 @@ add_a_rule()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface_error()
|
||||||
|
{
|
||||||
|
fatal_error "Unknown interface $1 in rule: \"$rule\""
|
||||||
|
}
|
||||||
|
|
||||||
|
rule_interface_verify()
|
||||||
|
{
|
||||||
|
verify_interface $1 || interface_error $1
|
||||||
|
}
|
||||||
|
|
||||||
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
||||||
|
|
||||||
cli=
|
cli=
|
||||||
@ -3104,6 +3172,7 @@ add_a_rule()
|
|||||||
-)
|
-)
|
||||||
;;
|
;;
|
||||||
*:*)
|
*:*)
|
||||||
|
rule_interface_verify ${client%:*}
|
||||||
cli="$(match_source_dev ${client%:*}) -s ${client#*:}"
|
cli="$(match_source_dev ${client%:*}) -s ${client#*:}"
|
||||||
;;
|
;;
|
||||||
*.*.*)
|
*.*.*)
|
||||||
@ -3113,7 +3182,10 @@ add_a_rule()
|
|||||||
cli=$(mac_match $client)
|
cli=$(mac_match $client)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$client" ] && cli="$(match_source_dev $client)"
|
if [ -n "$client" ]; then
|
||||||
|
rule_interface_verify $client
|
||||||
|
cli="$(match_source_dev $client)"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -3133,7 +3205,8 @@ add_a_rule()
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
if [ -n "$server" ]; then
|
if [ -n "$server" ]; then
|
||||||
[ -n "$nonat" ] && fatal_error "Destination interface not allowe with $logtarget"
|
[ -n "$nonat" ] && fatal_error "Destination interface not allowed with $logtarget"
|
||||||
|
rule_interface_verify $server
|
||||||
dest_interface="$(match_dest_dev $server)"
|
dest_interface="$(match_dest_dev $server)"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
@ -3713,6 +3786,11 @@ process_tos_rule() {
|
|||||||
#
|
#
|
||||||
# Assume that this is a device name
|
# Assume that this is a device name
|
||||||
#
|
#
|
||||||
|
if ! verify_interface $src ; then
|
||||||
|
error_message "Warning: Unknown Interface in rule \"$rule\" ignored"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
src="$(match_source_dev $src)"
|
src="$(match_source_dev $src)"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -4290,7 +4368,7 @@ setup_masq()
|
|||||||
|
|
||||||
strip_file masq $1
|
strip_file masq $1
|
||||||
|
|
||||||
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Networks and Hosts:" && save_command "progress_message Restoring Masquerading/SNAT..."
|
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Networks and Hosts:" && save_progress_message "Restoring Masquerading/SNAT..."
|
||||||
|
|
||||||
while read fullinterface networks addresses proto ports; do
|
while read fullinterface networks addresses proto ports; do
|
||||||
expandv fullinterface networks addresses proto ports
|
expandv fullinterface networks addresses proto ports
|
||||||
@ -4512,7 +4590,7 @@ add_ip_aliases()
|
|||||||
|
|
||||||
set -- $aliases_to_add
|
set -- $aliases_to_add
|
||||||
|
|
||||||
save_command "progress_message Restoring IP Addresses..."
|
save_progress_message "Restoring IP Addresses..."
|
||||||
|
|
||||||
while [ $# -gt 0 ]; do
|
while [ $# -gt 0 ]; do
|
||||||
external=$1
|
external=$1
|
||||||
@ -4547,7 +4625,7 @@ load_kernel_modules() {
|
|||||||
|
|
||||||
if [ "$command" != check ]; then
|
if [ "$command" != check ]; then
|
||||||
|
|
||||||
save_command "progress_message Loading kernel modules..."
|
save_progress_message "Loading kernel modules..."
|
||||||
save_command "reload_kernel_modules <<__EOF__"
|
save_command "reload_kernel_modules <<__EOF__"
|
||||||
|
|
||||||
while read command; do
|
while read command; do
|
||||||
@ -5023,7 +5101,7 @@ add_common_rules() {
|
|||||||
#
|
#
|
||||||
# ARP Filtering
|
# ARP Filtering
|
||||||
#
|
#
|
||||||
save_command "progress_message Restoring ARP filtering..."
|
save_progress_message "Restoring ARP filtering..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*/arp_filter; do
|
for f in /proc/sys/net/ipv4/conf/*/arp_filter; do
|
||||||
run_and_save_command "echo 0 > $f"
|
run_and_save_command "echo 0 > $f"
|
||||||
@ -5052,7 +5130,7 @@ add_common_rules() {
|
|||||||
if [ -n "$interfaces" -o -n "$ROUTE_FILTER" ]; then
|
if [ -n "$interfaces" -o -n "$ROUTE_FILTER" ]; then
|
||||||
echo "Setting up Kernel Route Filtering..."
|
echo "Setting up Kernel Route Filtering..."
|
||||||
|
|
||||||
save_command "progress_message Restoring Route Filtering..."
|
save_progress_message "Restoring Route Filtering..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
|
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
|
||||||
run_and_save_command "echo 0 > $f"
|
run_and_save_command "echo 0 > $f"
|
||||||
@ -5207,7 +5285,7 @@ activate_rules()
|
|||||||
# Add jumps for dynamic nat chains
|
# Add jumps for dynamic nat chains
|
||||||
#
|
#
|
||||||
[ -n "$DYNAMIC_ZONES" ] && for interface in $all_interfaces ; do
|
[ -n "$DYNAMIC_ZONES" ] && for interface in $all_interfaces ; do
|
||||||
addrulejump PREROUTING $(dynamic_in $interface)
|
addrulejump PREROUTING $(dynamic_in $interface) -i $interface
|
||||||
done
|
done
|
||||||
#
|
#
|
||||||
# Add jumps from the builtin chains to the nat chains
|
# Add jumps from the builtin chains to the nat chains
|
||||||
@ -5476,7 +5554,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
|
|
||||||
save_command "date > $STATEDIR/restarted"
|
save_command "date > $STATEDIR/restarted"
|
||||||
|
|
||||||
save_command "progress_message Restoring Netfilter Configuration..."
|
save_progress_message "Restoring Netfilter Configuration..."
|
||||||
|
|
||||||
save_command 'iptables-restore << __EOF__'
|
save_command 'iptables-restore << __EOF__'
|
||||||
|
|
||||||
|
@ -18,3 +18,11 @@ None.
|
|||||||
New Features:
|
New Features:
|
||||||
|
|
||||||
1) "!" is now allowed in accounting rules.
|
1) "!" is now allowed in accounting rules.
|
||||||
|
|
||||||
|
2) Interface names appearing within the configuration are now
|
||||||
|
verified. Interface names must match the name of an entry in
|
||||||
|
/etc/shorewall/interfaces (or if bridging is enabled, they must
|
||||||
|
match the name of an entry in /etc/shorewall/interfaces or the name
|
||||||
|
of a bridge port appearing in /etc/shorewall/hosts).
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user