extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix problem with exclusion lists

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2469 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-11 01:40:50 +00:00
parent 5de0a44eea
commit ed2076a0fc
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/firewall
View File

@ -2891,7 +2891,7 @@ build_exclusion_chain() # $1 = table, $2 = SOURCE exclusion list, $3 = DESTINATI
run_iptables -t $1 -A $chain $(source_ip_range $net) -j RETURN run_iptables -t $1 -A $chain $(source_ip_range $net) -j RETURN
done done
for net in $(separate_list 3); do for net in $(separate_list $3); do
run_iptables -t $1 -A $chain $(dest_ip_range $net) -j RETURN run_iptables -t $1 -A $chain $(dest_ip_range $net) -j RETURN
done done
@ -4683,6 +4683,8 @@ add_nat_rule() {
if [ -n "$excludedests" ]; then if [ -n "$excludedests" ]; then
chain=$(build_exclusion_chain nat "" $excludedests) chain=$(build_exclusion_chain nat "" $excludedests)
eval exists_nat_${chain}=Yes
for adr in $(separate_list $addr); do for adr in $(separate_list $addr); do
run_iptables2 -t nat -A OUTPUT $cli $proto $userandgroup $multiport $sports $dports $(dest_ip_range $adr) -j $chain run_iptables2 -t nat -A OUTPUT $cli $proto $userandgroup $multiport $sports $dports $(dest_ip_range $adr) -j $chain
done done
@ -4706,6 +4708,8 @@ add_nat_rule() {
if [ -n "${excludezones}${excludedests}" ]; then if [ -n "${excludezones}${excludedests}" ]; then
chain=$( build_exclusion_chain nat "" $excludedests ) chain=$( build_exclusion_chain nat "" $excludedests )
eval exists_nat_${chain}=Yes
for adr in $(separate_list $addr); do for adr in $(separate_list $addr); do
addnatrule $(dnat_chain $source) $cli $proto $multiport $sports $dports $(dest_ip_range $adr) -j $chain addnatrule $(dnat_chain $source) $cli $proto $multiport $sports $dports $(dest_ip_range $adr) -j $chain
done done
@ -6287,6 +6291,8 @@ setup_masq()
destnets=${destnets#!} destnets=${destnets#!}
newchain=$( build_exclusion_chain nat "$nomasq" "$destnets" ) newchain=$( build_exclusion_chain nat "$nomasq" "$destnets" )
eval exists_nat_${newchain}=Yes
if [ -n "$networks" ]; then if [ -n "$networks" ]; then
for s in $networks; do for s in $networks; do
addnatrule $chain $(source_ip_range $s) $proto $ports $policy -j $newchain addnatrule $chain $(source_ip_range $s) $proto $ports $policy -j $newchain
@ -6308,6 +6314,8 @@ setup_masq()
if [ -n "$nomasq" ]; then if [ -n "$nomasq" ]; then
newchain=$( build_exclusion_chain nat $nomasq ) newchain=$( build_exclusion_chain nat $nomasq )
eval exists_nat_${newchain}=Yes
if [ -n "$networks" ]; then if [ -n "$networks" ]; then
for s in $networks; do for s in $networks; do
for destnet in $(separate_list $destnets); do for destnet in $(separate_list $destnets); do