extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 23:57:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

More port OPTIONS changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9622 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-07 20:22:20 +00:00
parent 3d92f7a016
commit ec52331dfc
5 changed files with 56 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -605,8 +605,10 @@ sub validate_interfaces_file( $ )
OBSOLETE_IF_OPTION => 5, OBSOLETE_IF_OPTION => 5,
IPLIST_IF_OPTION => 6, IPLIST_IF_OPTION => 6,
MASK_IF_OPTION => 7, MASK_IF_OPTION => 7,
IF_OPTION_ZONEONLY => 8, IF_OPTION_ZONEONLY => 8,
IF_OPTION_HOST => 16}; IF_OPTION_HOST => 16,
};
my %validoptions; my %validoptions;
@ -625,7 +627,7 @@ sub validate_interfaces_file( $ )
optional => SIMPLE_IF_OPTION, optional => SIMPLE_IF_OPTION,
proxyarp => BINARY_IF_OPTION, proxyarp => BINARY_IF_OPTION,
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST, routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST,
routefilter => BINARY_IF_OPTION + IF_OPTION_HOST, routefilter => BINARY_IF_OPTION ,
sourceroute => BINARY_IF_OPTION, sourceroute => BINARY_IF_OPTION,
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST, tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
upnp => SIMPLE_IF_OPTION, upnp => SIMPLE_IF_OPTION,
@ -636,6 +638,7 @@ sub validate_interfaces_file( $ )
bridge => SIMPLE_IF_OPTION, bridge => SIMPLE_IF_OPTION,
dhcp => SIMPLE_IF_OPTION, dhcp => SIMPLE_IF_OPTION,
maclist => SIMPLE_IF_OPTION + IF_OPTION_HOST, maclist => SIMPLE_IF_OPTION + IF_OPTION_HOST,
nets => IPLIST_IF_OPTION + IF_OPTION_ZONEONLY,
nosmurfs => SIMPLE_IF_OPTION, nosmurfs => SIMPLE_IF_OPTION,
optional => SIMPLE_IF_OPTION, optional => SIMPLE_IF_OPTION,
proxyndp => BINARY_IF_OPTION, proxyndp => BINARY_IF_OPTION,
@ -698,8 +701,6 @@ sub validate_interfaces_file( $ )
} }
} }
fatal_error "Bridge Ports may not have options" if $options && $options ne '-';
next if $port eq ''; next if $port eq '';
fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/; fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
@ -740,6 +741,8 @@ sub validate_interfaces_file( $ )
my %options; my %options;
$options{port} = 1 if $port;
my $hostoptionsref = {}; my $hostoptionsref = {};
if ( $options ) { if ( $options ) {
@ -757,6 +760,8 @@ sub validate_interfaces_file( $ )
my $hostopt = $type & IF_OPTION_HOST; my $hostopt = $type & IF_OPTION_HOST;
fatal_error "The \"$option\" option is not allowed on a bridge port" if $port && ! $hostopt;
$type &= MASK_IF_OPTION; $type &= MASK_IF_OPTION;
if ( $type == SIMPLE_IF_OPTION ) { if ( $type == SIMPLE_IF_OPTION ) {
@ -830,8 +835,6 @@ sub validate_interfaces_file( $ )
$hostoptionsref = \%hostoptions; $hostoptionsref = \%hostoptions;
} elsif ( $port ) {
$options{port} = 1;
} }
$interfaces{$interface} = { name => $interface , $interfaces{$interface} = { name => $interface ,

2
Shorewall/changelog.txt
View File

@ -8,6 +8,8 @@ Changes in Shorewall 4.3.7
4) Implement dynamic zones 4) Implement dynamic zones
5) Allow 'HOST' options on bridge ports.
Changes in Shorewall 4.3.6 Changes in Shorewall 4.3.6
1) Add SAME tcrules target. 1) Add SAME tcrules target.

11
Shorewall/releasenotes.txt
View File

@ -64,6 +64,17 @@ released late in 2009.
/usr/share/shorewall-perl/Shorewall/IPAddrs.pm line 150, /usr/share/shorewall-perl/Shorewall/IPAddrs.pm line 150,
<$currentfile> line 459. <$currentfile> line 459.
3) Previously, OPTIONS were not allowed with a bridge port in
/etc/shorewall/interfaces. That oversight has been corrected and
now the following OPTIONS are allowed:
blacklist
maclist
norfc1918
nosmurfs
routeback
tcpflags
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

26
manpages/shorewall-interfaces.xml
View File

@ -88,8 +88,30 @@ loc eth2 -</programlisting>
<para>(Shorewall-perl only) If a <replaceable>port</replaceable> is <para>(Shorewall-perl only) If a <replaceable>port</replaceable> is
given, then the <replaceable>interface</replaceable> must have been given, then the <replaceable>interface</replaceable> must have been
defined previously with the <option>bridge</option> option. The defined previously with the <option>bridge</option> option. The
OPTIONS column must be empty when a <replaceable>port</replaceable> OPTIONS column may not contain the following options when a
is given.</para> <replaceable>port</replaceable> is given.</para>
<simplelist>
<member>arp_filter</member>
<member>arp_ignore</member>
<member>bridge</member>
<member>log_martians</member>
<member>mss</member>
<member>optional</member>
<member>proxyarp</member>
<member>routefilter</member>
<member>sourceroute</member>
<member>upnp</member>
</simplelist>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
tools/build/buildshorewall
View File

@ -332,7 +332,7 @@ case $VERSION in
LITE6SVNBRANCH="/tags/${BASEVERSION}/Shorewall6-lite-${PATCHNUM}" LITE6SVNBRANCH="/tags/${BASEVERSION}/Shorewall6-lite-${PATCHNUM}"
PERLBRANCH="tags/${BASEVERSION}/Shorewall-perl-${PATCHNUM}" PERLBRANCH="tags/${BASEVERSION}/Shorewall-perl-${PATCHNUM}"
SHELLBRANCH="tags/${BASEVERSION}/Shorewall-shell-${PATCHNUM}" SHELLBRANCH="tags/${BASEVERSION}/Shorewall-shell-${PATCHNUM}"
DOCTAG="trunk/docs" DOCTAG="branches/4.2/docs"
XMLPROJ="docs-4.2" XMLPROJ="docs-4.2"
SAMPLESTAG="tags/${BASEVERSION}/Samples" SAMPLESTAG="tags/${BASEVERSION}/Samples"
SAMPLES6TAG="trunk/Samples6" SAMPLES6TAG="trunk/Samples6"