mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-09 06:20:05 +01:00
Update for Shorewall 2.0.10
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1720 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
515484137e
commit
c4f88160da
@ -11,6 +11,11 @@
|
|||||||
# FOR ENTRIES IN THIS FILE TO HAVE ANY EFFECT, YOU MUST SET
|
# FOR ENTRIES IN THIS FILE TO HAVE ANY EFFECT, YOU MUST SET
|
||||||
# TC_ENABLED=Yes in /etc/shorewall/shorewall.conf
|
# TC_ENABLED=Yes in /etc/shorewall/shorewall.conf
|
||||||
#
|
#
|
||||||
|
# Unlike rules in the /etc/shorewall/rules file, evaluation
|
||||||
|
# of rules in this file will continue after a match. So the
|
||||||
|
# final mark for each packet will be the one assigned by the
|
||||||
|
# LAST tcrule that matches.
|
||||||
|
#
|
||||||
# Columns are:
|
# Columns are:
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|||||||
@ -293,7 +293,7 @@ ensurechain1() # $1 = chain name
|
|||||||
addrule() # $1 = chain name, remainder of arguments specify the rule
|
addrule() # $1 = chain name, remainder of arguments specify the rule
|
||||||
{
|
{
|
||||||
ensurechain $1
|
ensurechain $1
|
||||||
run_iptables -A $@
|
run_iptables2 -A $@
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1146,18 +1146,19 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
|
|||||||
local limit="${4:-$LOGLIMIT}"
|
local limit="${4:-$LOGLIMIT}"
|
||||||
local tag=${5:+$5 }
|
local tag=${5:+$5 }
|
||||||
local prefix
|
local prefix
|
||||||
|
local base=$(chain_base $displayChain)
|
||||||
|
|
||||||
shift;shift;shift;shift;shift
|
shift;shift;shift;shift;shift
|
||||||
|
|
||||||
if [ -n "$LOGRULENUMBERS" ]; then
|
if [ -n "$LOGRULENUMBERS" ]; then
|
||||||
eval rulenum=\$${chain}_logrules
|
eval rulenum=\$${base}_logrules
|
||||||
|
|
||||||
[ -z "$rulenum" ] && rulenum=1
|
rulenum=${rulenum:-1}
|
||||||
|
|
||||||
prefix="$(printf "$LOGFORMAT" $chain $rulenum $disposition)${tag}"
|
prefix="$(printf "$LOGFORMAT" $chain $rulenum $disposition)${tag}"
|
||||||
|
|
||||||
rulenum=$(($rulenum + 1))
|
rulenum=$(($rulenum + 1))
|
||||||
eval ${chain}_logrules=$rulenum
|
eval ${base}_logrules=$rulenum
|
||||||
else
|
else
|
||||||
prefix="$(printf "$LOGFORMAT" $chain $disposition)${tag}"
|
prefix="$(printf "$LOGFORMAT" $chain $disposition)${tag}"
|
||||||
fi
|
fi
|
||||||
@ -1509,11 +1510,11 @@ setup_tunnels() # $1 = name of tunnels file
|
|||||||
progress_message " PPTP tunnel to $1 defined."
|
progress_message " PPTP tunnel to $1 defined."
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_pptp_server()
|
setup_pptp_server() # $1 = gateway
|
||||||
{
|
{
|
||||||
addrule $inchain -p 47 -j ACCEPT
|
addrule $inchain -p 47 -s $1 -j ACCEPT
|
||||||
addrule $outchain -p 47 -j ACCEPT
|
addrule $outchain -p 47 -d $1 -j ACCEPT
|
||||||
addrule $inchain -p tcp --dport 1723 -j ACCEPT
|
addrule $inchain -p tcp --dport 1723 -s $1 -j ACCEPT
|
||||||
|
|
||||||
progress_message " PPTP server defined."
|
progress_message " PPTP server defined."
|
||||||
}
|
}
|
||||||
@ -1581,6 +1582,7 @@ setup_tunnels() # $1 = name of tunnels file
|
|||||||
if validate_zone $z; then
|
if validate_zone $z; then
|
||||||
inchain=${z}2${FW}
|
inchain=${z}2${FW}
|
||||||
outchain=${FW}2${z}
|
outchain=${FW}2${z}
|
||||||
|
gateway=${gateway:-0.0.0.0/0}
|
||||||
case $kind in
|
case $kind in
|
||||||
ipsec|IPSEC|ipsec:*|IPSEC:*)
|
ipsec|IPSEC|ipsec:*|IPSEC:*)
|
||||||
setup_one_ipsec $gateway $kind $z1
|
setup_one_ipsec $gateway $kind $z1
|
||||||
@ -1601,7 +1603,7 @@ setup_tunnels() # $1 = name of tunnels file
|
|||||||
setup_pptp_client $gateway
|
setup_pptp_client $gateway
|
||||||
;;
|
;;
|
||||||
pptpserver|PPTPSERVER)
|
pptpserver|PPTPSERVER)
|
||||||
setup_pptp_server
|
setup_pptp_server $gateway
|
||||||
;;
|
;;
|
||||||
openvpn|OPENVPN|openvpn:*|OPENVPN:*)
|
openvpn|OPENVPN|openvpn:*|OPENVPN:*)
|
||||||
setup_one_openvpn $gateway $kind
|
setup_one_openvpn $gateway $kind
|
||||||
@ -4223,7 +4225,7 @@ setup_masq()
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
networks=$(get_routed_networks $networks)
|
networks=$(get_routed_networks $networks)
|
||||||
[ -z "$networks" ] && fatal_error "Unable to determine the routes through interface $networks"
|
[ -z "$networks" ] && fatal_error "Unable to determine the routes through interface \"$source\""
|
||||||
networks="$networks"
|
networks="$networks"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
2.0.9
|
2.0.10
|
||||||
|
|||||||
@ -1045,7 +1045,7 @@ case "$1" in
|
|||||||
else
|
else
|
||||||
case $RESTOREFILE in
|
case $RESTOREFILE in
|
||||||
save|restore-base)
|
save|restore-base)
|
||||||
echo " ERROR: Reserved file name: save"
|
echo " ERROR: Reserved file name: $RESTOREFILE"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
if iptables -L dynamic -n > /var/lib/shorewall/save; then
|
if iptables -L dynamic -n > /var/lib/shorewall/save; then
|
||||||
@ -1096,7 +1096,7 @@ case "$1" in
|
|||||||
rm -f $RESTOREPATH
|
rm -f $RESTOREPATH
|
||||||
echo " $RESTOREPATH removed"
|
echo " $RESTOREPATH removed"
|
||||||
elif [ -f $RESTOREPATH ]; then
|
elif [ -f $RESTOREPATH ]; then
|
||||||
echo " ERROR: $RESTOREPATH is not a restore script"
|
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
ipcalc)
|
ipcalc)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user