mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 15:48:56 +01:00
Add 'continue' extension script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2004 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
723d0823be
commit
f08532e194
@ -1,3 +1,7 @@
|
||||
Changes in 2.2.3
|
||||
|
||||
1) Added the 'continue' extension script.
|
||||
|
||||
Changes in 2.2.2
|
||||
|
||||
1) The 'check' command disclaimer is toned down further and only
|
||||
|
6
Shorewall2/continue
Normal file
6
Shorewall2/continue
Normal file
@ -0,0 +1,6 @@
|
||||
############################################################################
|
||||
# Shorewall 2.2 -- /etc/shorewall/continue
|
||||
#
|
||||
# Add commands below that you want to be executed after shorewall has
|
||||
# cleared any existing Netfilter rules and has enabled existing connections.
|
||||
#
|
@ -5678,7 +5678,7 @@ initialize_netfilter () {
|
||||
run_user_exit init
|
||||
|
||||
#
|
||||
# The some files might be large so strip them while the firewall is still running
|
||||
# Some files might be large so strip them while the firewall is still running
|
||||
# (restart command). This reduces the length of time that the firewall isn't
|
||||
# accepting new connections.
|
||||
#
|
||||
@ -5721,6 +5721,8 @@ initialize_netfilter () {
|
||||
setcontinue INPUT
|
||||
setcontinue OUTPUT
|
||||
|
||||
run_user_exit continue
|
||||
|
||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6
|
||||
|
||||
#
|
||||
@ -5729,10 +5731,6 @@ initialize_netfilter () {
|
||||
run_iptables -A INPUT -i lo -j ACCEPT
|
||||
run_iptables -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
accounting_file=$(find_file accounting)
|
||||
|
||||
[ -f $accounting_file ] && setup_accounting $accounting_file
|
||||
|
||||
#
|
||||
# Allow DNS lookups during startup for FQDNs
|
||||
#
|
||||
@ -5756,6 +5754,10 @@ initialize_netfilter () {
|
||||
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
|
||||
fi
|
||||
|
||||
accounting_file=$(find_file accounting)
|
||||
|
||||
[ -f $accounting_file ] && setup_accounting $accounting_file
|
||||
|
||||
if [ -z "$NEWNOTSYN" ]; then
|
||||
createchain newnotsyn no
|
||||
|
||||
|
@ -1,5 +1,18 @@
|
||||
Shorewall 2.2.2
|
||||
Shorewall 2.2.3
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Problems corrected in version 2.2.3
|
||||
-----------------------------------------------------------------------
|
||||
New Features in version 2.2.3
|
||||
|
||||
1) A new extension script "continue" has been added. This script is
|
||||
invoked after Shorewall has set the built-in filter chains'
|
||||
policy to DROP, deleted any existing Netfilter rules and user
|
||||
chains and has enabled existing connections.
|
||||
|
||||
It is useful for enabling certain communication while Shorewall is
|
||||
being [re]started. Be sure to delete any rules that you add here in
|
||||
your /etc/shorewall/start file.
|
||||
-----------------------------------------------------------------------
|
||||
Problems corrected in version 2.2.2
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user