Allow address lists in /etc/shorewall/hosts entries

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@646 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-07-06 15:31:26 +00:00
parent ceed25dc1c
commit c615aa868a
3 changed files with 45 additions and 9 deletions

View File

@ -494,10 +494,17 @@ first_chains() #$1 = interface
#
find_hosts() # $1 = host zone
{
local hosts
local hosts interface address addresses
while read z hosts options; do
[ "x`expand $z`" = "x$1" ] && expandv hosts && echo `separate_list $hosts`
if [ "x`expand $z`" = "x$1" ]; then
expandv hosts
interface=${hosts%:*}
addresses=${hosts#*:}
for address in `separate_list $addresses`; do
echo $interface:$address
done
fi
done < $TMP_DIR/hosts
}
@ -635,18 +642,20 @@ validate_hosts_file() {
r="$z $hosts $options"
validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\""
interface=${hosts%:*}
list_search $interface $all_interfaces || \
startup_error "Unknown interface ($interface) in record \"$r\""
hosts=${hosts#*:}
for host in `separate_list $hosts`; do
interface=${host%:*}
list_search $interface $all_interfaces || \
startup_error "Unknown interface ($interface) in record \"$r\""
for option in `separate_list $options`; do
case $option in
maclist|-)
;;
routeback)
eval ${z}_routeback=\"$host \$${z}_routeback\"
eval ${z}_routeback=\"$interface:$host \$${z}_routeback\"
;;
*)
error_message "Warning: Invalid option ($option) in record \"$r\""

View File

@ -20,7 +20,7 @@
# ZONE - The name of a zone defined in /etc/shorewall/zones
#
# HOST(S) - The name of an interface followed by a colon (":") and
# either:
# a comma-separated list whose elements are either:
#
# a) The IP address of a host
# b) A subnetwork in the form
@ -33,6 +33,7 @@
#
# eth1:192.168.1.3
# eth2:192.168.2.0/24
# eth3:192.168.2.0/24,192.168.3.1
#
# OPTIONS - A comma-separated list of options. Currently-defined
# options are:

View File

@ -14,6 +14,22 @@ Problems Corrected:
3) Corrected a problem in Beta 1 where DNS names containing a "-" were
mis-handled when they appeared in the DEST column of a rule.
Migration Issues:
1) In earlier versions, an undocumented feature allowed entries in
the host file as follows:
z eth1:192.168.1.0/24,eth2:192.168.2.0/24
This capability was never documented and has been removed in 1.4.6
to allow entries of the following format:
z eth1:192.168.1.0/24,192.168.2.0/24
2) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT options have been
removed from /etc/shorewall/shorewall.conf. These capabilities are
now automatically detected by Shorewall (see below).
New Features:
1) A 'newnotsyn' interface option has been added. This option may be
@ -118,6 +134,9 @@ New Features:
construct an efficient set of rules that accept connections from a
range of network addresses.
Note: If your shell only supports 32-bit signed arithmetic (ash or
dash) then the range may not span 128.0.0.0.
Example:
[root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
@ -133,3 +152,10 @@ New Features:
192.168.12.0/29
192.168.12.8/31
[root@gateway root]#
10) A list of host/net addresses is now allowed in an entry in
/etc/shorewall/hosts.
Example:
foo eth1:192.168.1.0/24,192.168.2.0/24