From de84a5a43ed5169e8a6efc1d2c0b5e716ec8e31c Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 26 Sep 2002 20:35:25 +0000 Subject: [PATCH] Don't insist on NEW state for odd protocols -- part 2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@257 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index a039e24e2..d860dab68 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1145,10 +1145,10 @@ setup_tunnels() # $1 = name of tunnels file setup_one_ipsec() # $1 = gateway $2 = gateway zone { options="-m state --state NEW -j ACCEPT" - addrule $inchain -p 50 -s $1 $options - addrule $outchain -p 50 -d $1 $options - run_iptables -A $inchain -p 51 -s $1 $options - run_iptables -A $outchain -p 51 -d $1 $options + addrule $inchain -p 50 -s $1 + addrule $outchain -p 50 -d $1 + run_iptables -A $inchain -p 51 -s $1 + run_iptables -A $outchain -p 51 -d $1 run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options @@ -1166,9 +1166,8 @@ setup_tunnels() # $1 = name of tunnels file setup_one_other() # $1 = TYPE, $2 = gateway, $3 = protocol { - options="-m state --state NEW -j ACCEPT" - addrule $inchain -p $3 -s $2 $options - addrule $outchain -p $3 -d $2 $options + addrule $inchain -p $3 -s $2 + addrule $outchain -p $3 -d $2 echo " $1 tunnel to $gateway defined." } @@ -1705,6 +1704,7 @@ add_a_rule() state="-m state --state RELATED" ;; *) + state= [ -n "$port" ] && [ "x${port}" != "x-" ] && \ fatal_error "Port number not allowed with protocol " \ "\"$proto\"; rule: \"$rule\""