extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-25 18:37:23 -08:00
parent e45fe53705
commit e7dee420ee
3 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
fatal_error "Unknown Interface ($diface)" unless known_interface $diface; fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
if ( $restriction & PREROUTE_RESTRICT ) { if ( $restriction & ( PREROUTE_RESTRICT | OUTPUT_RESTRICT ) ) {
# #
# Dest interface -- must use routing table # Dest interface -- must use routing table
# #

4
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -55,7 +55,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
my $restriction = PREROUTE_RESTRICT; my $restriction = PREROUTE_RESTRICT;
if ( $chainref ) { if ( $chainref ) {
$restriction = DESTIFACE_DISALLOW if $chainref->{name} eq 'OUTPUT'; $restriction = OUTPUT_RESTRICT if $chainref->{name} eq 'OUTPUT';
} else { } else {
# #
# Entry in the conntrack file # Entry in the conntrack file
@ -68,7 +68,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
} }
$chainref = ensure_raw_chain( notrack_chain $zone ); $chainref = ensure_raw_chain( notrack_chain $zone );
$restriction = OUTPUT_RESTRICT if $zoneref->{type} == FIREWALL || $zoneref->{type} == VSERVER; $restriction = OUTPUT_RESTRICT if $zoneref->{type} & (FIREWALL | VSERVER );
fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-' && $restriction != OUTPUT_RESTRICT; fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-' && $restriction != OUTPUT_RESTRICT;
} }

8
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -272,9 +272,7 @@
<term>O</term> <term>O</term>
<listitem> <listitem>
<para>The rule is added to the raw table OUTPUT chain. When <para>The rule is added to the raw table OUTPUT chain.</para>
this <replaceable>chain-designator</replaceable> is used, an
interface may not be specified in the DEST column.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -283,9 +281,7 @@
<listitem> <listitem>
<para>The rule is added to the raw table PREROUTING and OUTPUT <para>The rule is added to the raw table PREROUTING and OUTPUT
chains. When this <replaceable>chain-designator</replaceable> chains.</para>
is used, an interface may not be specified in the DEST
column.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>