extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix 'Packet type match' availability reporting with PKTTYPE=No

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2491 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-14 19:26:17 +00:00
parent 999c74bf03
commit e075e8c3e2
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/firewall
View File

@ -4394,7 +4394,7 @@ process_actions3() {
case $xaction1 in case $xaction1 in
dropBcast) dropBcast)
if [ "$COMMAND" != check ]; then if [ "$COMMAND" != check ]; then
if [ -n "$PKTTYPE" ]; then if [ -n "$USEPKTTYPE" ]; then
case $xlevel in case $xlevel in
none'!') none'!')
;; ;;
@ -4426,7 +4426,7 @@ process_actions3() {
;; ;;
allowBcast) allowBcast)
if [ "$COMMAND" != check ]; then if [ "$COMMAND" != check ]; then
if [ -n "$PKTTYPE" ]; then if [ -n "$USEPKTTYPE" ]; then
case $xlevel in case $xlevel in
none'!') none'!')
;; ;;
@ -6814,9 +6814,7 @@ determine_capabilities() {
fi fi
fi fi
if [ -n "$PKTTYPE" ]; then qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT && USEPKTTYPE=Yes
qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
fi
qt $IPTABLES -F fooX1234 qt $IPTABLES -F fooX1234
qt $IPTABLES -X fooX1234 qt $IPTABLES -X fooX1234
@ -6838,7 +6836,8 @@ report_capabilities() {
report_capability "Multi-port Match" $MULTIPORT report_capability "Multi-port Match" $MULTIPORT
[ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
report_capability "Connection Tracking Match" $CONNTRACK_MATCH report_capability "Connection Tracking Match" $CONNTRACK_MATCH
report_capability "Packet Type Match" $PKTTYPE report_capability "Packet Type Match" $USEPKTTYPE
[ -n "$PKTTYPE" ] || USEPKTTYPE=
report_capability "Policy Match" $POLICY_MATCH report_capability "Policy Match" $POLICY_MATCH
report_capability "Physdev Match" $PHYSDEV_MATCH report_capability "Physdev Match" $PHYSDEV_MATCH
report_capability "IP range Match" $IPRANGE_MATCH report_capability "IP range Match" $IPRANGE_MATCH
@ -7100,7 +7099,7 @@ add_common_rules() {
# #
# Reject Rules -- Don't respond to broadcasts with an ICMP # Reject Rules -- Don't respond to broadcasts with an ICMP
# #
if [ -n "$PKTTYPE" ]; then if [ -n "$USEPKTTYPE" ]; then
qt $IPTABLES -A reject -m pkttype --pkt-type broadcast -j DROP qt $IPTABLES -A reject -m pkttype --pkt-type broadcast -j DROP
if ! qt $IPTABLES -A reject -m pkttype --pkt-type multicast -j DROP; then if ! qt $IPTABLES -A reject -m pkttype --pkt-type multicast -j DROP; then
# #
@ -8506,6 +8505,7 @@ do_initialize() {
BRIDGING= BRIDGING=
DYNAMIC_ZONES= DYNAMIC_ZONES=
PKTTYPE= PKTTYPE=
USEPKTYPE=
RETAIN_ALIASES= RETAIN_ALIASES=
DELAYBLACKLISTLOAD= DELAYBLACKLISTLOAD=
LOGTAGONLY= LOGTAGONLY=
@ -8589,7 +8589,7 @@ do_initialize() {
[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable" [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
fi fi
PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
determine_capabilities determine_capabilities