extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-30 14:38:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add 'continue' extension script

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2004 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-03-15 16:55:13 +00:00
parent 723d0823be
commit f08532e194
4 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall2/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 2.2.3
1) Added the 'continue' extension script.
Changes in 2.2.2 Changes in 2.2.2
1) The 'check' command disclaimer is toned down further and only 1) The 'check' command disclaimer is toned down further and only

6
Shorewall2/continue Normal file
View File

@ -0,0 +1,6 @@
############################################################################
# Shorewall 2.2 -- /etc/shorewall/continue
#
# Add commands below that you want to be executed after shorewall has
# cleared any existing Netfilter rules and has enabled existing connections.
#

12
Shorewall2/firewall
View File

@ -5678,7 +5678,7 @@ initialize_netfilter () {
run_user_exit init run_user_exit init
# #
# The some files might be large so strip them while the firewall is still running # Some files might be large so strip them while the firewall is still running
# (restart command). This reduces the length of time that the firewall isn't # (restart command). This reduces the length of time that the firewall isn't
# accepting new connections. # accepting new connections.
# #
@ -5721,6 +5721,8 @@ initialize_netfilter () {
setcontinue INPUT setcontinue INPUT
setcontinue OUTPUT setcontinue OUTPUT
run_user_exit continue
[ -n "$DISABLE_IPV6" ] && disable_ipv6 [ -n "$DISABLE_IPV6" ] && disable_ipv6
# #
@ -5729,10 +5731,6 @@ initialize_netfilter () {
run_iptables -A INPUT -i lo -j ACCEPT run_iptables -A INPUT -i lo -j ACCEPT
run_iptables -A OUTPUT -o lo -j ACCEPT run_iptables -A OUTPUT -o lo -j ACCEPT
accounting_file=$(find_file accounting)
[ -f $accounting_file ] && setup_accounting $accounting_file
# #
# Allow DNS lookups during startup for FQDNs # Allow DNS lookups during startup for FQDNs
# #
@ -5756,6 +5754,10 @@ initialize_netfilter () {
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
fi fi
accounting_file=$(find_file accounting)
[ -f $accounting_file ] && setup_accounting $accounting_file
if [ -z "$NEWNOTSYN" ]; then if [ -z "$NEWNOTSYN" ]; then
createchain newnotsyn no createchain newnotsyn no

15
Shorewall2/releasenotes.txt
View File

@ -1,5 +1,18 @@
Shorewall 2.2.2 Shorewall 2.2.3
-----------------------------------------------------------------------
Problems corrected in version 2.2.3
-----------------------------------------------------------------------
New Features in version 2.2.3
1) A new extension script "continue" has been added. This script is
invoked after Shorewall has set the built-in filter chains'
policy to DROP, deleted any existing Netfilter rules and user
chains and has enabled existing connections.
It is useful for enabling certain communication while Shorewall is
being [re]started. Be sure to delete any rules that you add here in
your /etc/shorewall/start file.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.2.2 Problems corrected in version 2.2.2