extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct REJECT actions in common.def

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@527 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-03-26 16:11:31 +00:00
parent b49e944321
commit e7d83205db
4 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
STABLE/common.def
View File

@ -16,10 +16,10 @@ run_iptables -A common -p icmp -j icmpdef
############################################################################ ############################################################################
# NETBIOS chatter # NETBIOS chatter
# #
run_iptables -A common -p udp --dport 137:139 -j REJECT run_iptables -A common -p udp --dport 137:139 -j reject
run_iptables -A common -p udp --dport 445 -j REJECT run_iptables -A common -p udp --dport 445 -j reject
run_iptables -A common -p tcp --dport 139 -j REJECT run_iptables -A common -p tcp --dport 139 -j reject
run_iptables -A common -p tcp --dport 445 -j REJECT run_iptables -A common -p tcp --dport 445 -j reject
run_iptables -A common -p tcp --dport 135 -j reject run_iptables -A common -p tcp --dport 135 -j reject
############################################################################ ############################################################################
# UPnP # UPnP

2
Shorewall/changelog.txt
View File

@ -5,3 +5,5 @@ Changes since 1.4.1
2. Create an intermediate chain for input from zones defined in terms 2. Create an intermediate chain for input from zones defined in terms
of specific hosts or networks. of specific hosts or networks.
3. Fixed common.def to use 'reject' rather than 'REJECT'.

8
Shorewall/common.def
View File

@ -16,10 +16,10 @@ run_iptables -A common -p icmp -j icmpdef
############################################################################ ############################################################################
# NETBIOS chatter # NETBIOS chatter
# #
run_iptables -A common -p udp --dport 137:139 -j REJECT run_iptables -A common -p udp --dport 137:139 -j reject
run_iptables -A common -p udp --dport 445 -j REJECT run_iptables -A common -p udp --dport 445 -j reject
run_iptables -A common -p tcp --dport 139 -j REJECT run_iptables -A common -p tcp --dport 139 -j reject
run_iptables -A common -p tcp --dport 445 -j REJECT run_iptables -A common -p tcp --dport 445 -j reject
run_iptables -A common -p tcp --dport 135 -j reject run_iptables -A common -p tcp --dport 135 -j reject
############################################################################ ############################################################################
# UPnP # UPnP

10
Shorewall/releasenotes.txt
View File

@ -1,8 +1,14 @@
This is a minor release of Shorewall. This is a minor release of Shorewall.
Changes are: Problems Corrected:
a) Where an entry in the/etc/shorewall/hosts file specifies a 1) TCP connection requests rejected out of the common chain are now
properly rejected with TCP RST; previously, some of these requests
were rejeced with an ICMP port-unreachable response.
New Features:
1) Where an entry in the/etc/shorewall/hosts file specifies a
particular host or network, Shorewall now creates an intermediate particular host or network, Shorewall now creates an intermediate
chain for handling input from the related zone. This can chain for handling input from the related zone. This can
substantially reduce the number of rules traversed by connections substantially reduce the number of rules traversed by connections