extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow address lists in /etc/shorewall/hosts entries

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@646 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-07-06 15:31:26 +00:00
parent ceed25dc1c
commit c615aa868a
3 changed files with 45 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Shorewall/firewall
View File

@ -494,10 +494,17 @@ first_chains() #$1 = interface
# #
find_hosts() # $1 = host zone find_hosts() # $1 = host zone
{ {
local hosts local hosts interface address addresses
while read z hosts options; do while read z hosts options; do
[ "x`expand $z`" = "x$1" ] && expandv hosts && echo `separate_list $hosts` if [ "x`expand $z`" = "x$1" ]; then
expandv hosts
interface=${hosts%:*}
addresses=${hosts#*:}
for address in `separate_list $addresses`; do
echo $interface:$address
done
fi
done < $TMP_DIR/hosts done < $TMP_DIR/hosts
} }
@ -635,18 +642,20 @@ validate_hosts_file() {
r="$z $hosts $options" r="$z $hosts $options"
validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\"" validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\""
for host in `separate_list $hosts`; do interface=${hosts%:*}
interface=${host%:*}
list_search $interface $all_interfaces || \ list_search $interface $all_interfaces || \
startup_error "Unknown interface ($interface) in record \"$r\"" startup_error "Unknown interface ($interface) in record \"$r\""
hosts=${hosts#*:}
for host in `separate_list $hosts`; do
for option in `separate_list $options`; do for option in `separate_list $options`; do
case $option in case $option in
maclist|-) maclist|-)
;; ;;
routeback) routeback)
eval ${z}_routeback=\"$host \$${z}_routeback\" eval ${z}_routeback=\"$interface:$host \$${z}_routeback\"
;; ;;
*) *)
error_message "Warning: Invalid option ($option) in record \"$r\"" error_message "Warning: Invalid option ($option) in record \"$r\""

3
Shorewall/hosts
View File

@ -20,7 +20,7 @@
# ZONE - The name of a zone defined in /etc/shorewall/zones # ZONE - The name of a zone defined in /etc/shorewall/zones
# #
# HOST(S) - The name of an interface followed by a colon (":") and # HOST(S) - The name of an interface followed by a colon (":") and
# either: # a comma-separated list whose elements are either:
# #
# a) The IP address of a host # a) The IP address of a host
# b) A subnetwork in the form # b) A subnetwork in the form
@ -33,6 +33,7 @@
# #
# eth1:192.168.1.3 # eth1:192.168.1.3
# eth2:192.168.2.0/24 # eth2:192.168.2.0/24
# eth3:192.168.2.0/24,192.168.3.1
# #
# OPTIONS - A comma-separated list of options. Currently-defined # OPTIONS - A comma-separated list of options. Currently-defined
# options are: # options are:

26
Shorewall/releasenotes.txt
View File

@ -14,6 +14,22 @@ Problems Corrected:
3) Corrected a problem in Beta 1 where DNS names containing a "-" were 3) Corrected a problem in Beta 1 where DNS names containing a "-" were
mis-handled when they appeared in the DEST column of a rule. mis-handled when they appeared in the DEST column of a rule.
Migration Issues:
1) In earlier versions, an undocumented feature allowed entries in
the host file as follows:
z eth1:192.168.1.0/24,eth2:192.168.2.0/24
This capability was never documented and has been removed in 1.4.6
to allow entries of the following format:
z eth1:192.168.1.0/24,192.168.2.0/24
2) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT options have been
removed from /etc/shorewall/shorewall.conf. These capabilities are
now automatically detected by Shorewall (see below).
New Features: New Features:
1) A 'newnotsyn' interface option has been added. This option may be 1) A 'newnotsyn' interface option has been added. This option may be
@ -118,6 +134,9 @@ New Features:
construct an efficient set of rules that accept connections from a construct an efficient set of rules that accept connections from a
range of network addresses. range of network addresses.
Note: If your shell only supports 32-bit signed arithmetic (ash or
dash) then the range may not span 128.0.0.0.
Example: Example:
[root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9 [root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
@ -133,3 +152,10 @@ New Features:
192.168.12.0/29 192.168.12.0/29
192.168.12.8/31 192.168.12.8/31
[root@gateway root]# [root@gateway root]#
10) A list of host/net addresses is now allowed in an entry in
/etc/shorewall/hosts.
Example:
foo eth1:192.168.1.0/24,192.168.2.0/24