mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-19 17:28:35 +02:00
Allow address lists in /etc/shorewall/hosts entries
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@646 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ceed25dc1c
commit
c615aa868a
@ -494,10 +494,17 @@ first_chains() #$1 = interface
|
||||
#
|
||||
find_hosts() # $1 = host zone
|
||||
{
|
||||
local hosts
|
||||
local hosts interface address addresses
|
||||
|
||||
while read z hosts options; do
|
||||
[ "x`expand $z`" = "x$1" ] && expandv hosts && echo `separate_list $hosts`
|
||||
if [ "x`expand $z`" = "x$1" ]; then
|
||||
expandv hosts
|
||||
interface=${hosts%:*}
|
||||
addresses=${hosts#*:}
|
||||
for address in `separate_list $addresses`; do
|
||||
echo $interface:$address
|
||||
done
|
||||
fi
|
||||
done < $TMP_DIR/hosts
|
||||
}
|
||||
|
||||
@ -635,18 +642,20 @@ validate_hosts_file() {
|
||||
r="$z $hosts $options"
|
||||
validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\""
|
||||
|
||||
interface=${hosts%:*}
|
||||
|
||||
list_search $interface $all_interfaces || \
|
||||
startup_error "Unknown interface ($interface) in record \"$r\""
|
||||
|
||||
hosts=${hosts#*:}
|
||||
|
||||
for host in `separate_list $hosts`; do
|
||||
interface=${host%:*}
|
||||
|
||||
list_search $interface $all_interfaces || \
|
||||
startup_error "Unknown interface ($interface) in record \"$r\""
|
||||
|
||||
for option in `separate_list $options`; do
|
||||
case $option in
|
||||
maclist|-)
|
||||
;;
|
||||
routeback)
|
||||
eval ${z}_routeback=\"$host \$${z}_routeback\"
|
||||
eval ${z}_routeback=\"$interface:$host \$${z}_routeback\"
|
||||
;;
|
||||
*)
|
||||
error_message "Warning: Invalid option ($option) in record \"$r\""
|
||||
|
@ -20,7 +20,7 @@
|
||||
# ZONE - The name of a zone defined in /etc/shorewall/zones
|
||||
#
|
||||
# HOST(S) - The name of an interface followed by a colon (":") and
|
||||
# either:
|
||||
# a comma-separated list whose elements are either:
|
||||
#
|
||||
# a) The IP address of a host
|
||||
# b) A subnetwork in the form
|
||||
@ -33,6 +33,7 @@
|
||||
#
|
||||
# eth1:192.168.1.3
|
||||
# eth2:192.168.2.0/24
|
||||
# eth3:192.168.2.0/24,192.168.3.1
|
||||
#
|
||||
# OPTIONS - A comma-separated list of options. Currently-defined
|
||||
# options are:
|
||||
|
@ -14,6 +14,22 @@ Problems Corrected:
|
||||
3) Corrected a problem in Beta 1 where DNS names containing a "-" were
|
||||
mis-handled when they appeared in the DEST column of a rule.
|
||||
|
||||
Migration Issues:
|
||||
|
||||
1) In earlier versions, an undocumented feature allowed entries in
|
||||
the host file as follows:
|
||||
|
||||
z eth1:192.168.1.0/24,eth2:192.168.2.0/24
|
||||
|
||||
This capability was never documented and has been removed in 1.4.6
|
||||
to allow entries of the following format:
|
||||
|
||||
z eth1:192.168.1.0/24,192.168.2.0/24
|
||||
|
||||
2) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT options have been
|
||||
removed from /etc/shorewall/shorewall.conf. These capabilities are
|
||||
now automatically detected by Shorewall (see below).
|
||||
|
||||
New Features:
|
||||
|
||||
1) A 'newnotsyn' interface option has been added. This option may be
|
||||
@ -118,6 +134,9 @@ New Features:
|
||||
construct an efficient set of rules that accept connections from a
|
||||
range of network addresses.
|
||||
|
||||
Note: If your shell only supports 32-bit signed arithmetic (ash or
|
||||
dash) then the range may not span 128.0.0.0.
|
||||
|
||||
Example:
|
||||
|
||||
[root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
|
||||
@ -133,3 +152,10 @@ New Features:
|
||||
192.168.12.0/29
|
||||
192.168.12.8/31
|
||||
[root@gateway root]#
|
||||
|
||||
10) A list of host/net addresses is now allowed in an entry in
|
||||
/etc/shorewall/hosts.
|
||||
|
||||
Example:
|
||||
|
||||
foo eth1:192.168.1.0/24,192.168.2.0/24
|
||||
|
Loading…
x
Reference in New Issue
Block a user