mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Changes for Shorewall-2.0.8
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
af75d87c4b
commit
f21b46aae5
@ -605,6 +605,23 @@ BRIDGING=No
|
||||
# set DYNAMIC_ZONES=Yes. Otherwise, set DYNAMIC_ZONES=No.
|
||||
|
||||
DYNAMIC_ZONES=No
|
||||
|
||||
#
|
||||
# USE PKTTYPE MATCH
|
||||
#
|
||||
# Some users have reported problems with the PKTTYPE match extension not being
|
||||
# able to match certain broadcast packets.
|
||||
#
|
||||
# Other users have complained of the following message when
|
||||
# starting Shorewall:
|
||||
#
|
||||
# modprobe: cant locate module ipt_pkttype
|
||||
#
|
||||
# If you set PKTTYPE=No then Shorewallwill use IP addresses to detect
|
||||
# broadcasts rather than pkttype. If not given or if given as empty
|
||||
# (PKTTYPE="") then PKTTYPE=Yes is assumed.
|
||||
|
||||
PKTTYPE=Yes
|
||||
################################################################################
|
||||
# P A C K E T D I S P O S I T I O N
|
||||
################################################################################
|
||||
|
||||
@ -1537,7 +1537,7 @@ setup_tunnels() # $1 = name of tunnels file
|
||||
|
||||
setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone
|
||||
{
|
||||
local procotol
|
||||
local protocol
|
||||
local p=
|
||||
|
||||
case $2 in
|
||||
@ -2863,47 +2863,6 @@ process_actions1() {
|
||||
# process the associated action files.
|
||||
#
|
||||
process_actions2() {
|
||||
#
|
||||
# Process a rule where the source or destination is "all"
|
||||
#
|
||||
process_wildcard_rule() {
|
||||
local yclients yservers ysourcezone ydestzone ypolicy
|
||||
|
||||
for yclients in $xclients; do
|
||||
for yservers in $xservers; do
|
||||
ysourcezone=${yclients%%:*}
|
||||
ydestzone=${yservers%%:*}
|
||||
if [ "${ysourcezone}" != "${ydestzone}" ] ; then
|
||||
eval ypolicy=\$${ysourcezone}2${ydestzone}_policy
|
||||
if [ "$ypolicy" != NONE ] ; then
|
||||
process_action $xaction $xtarget $yclients $yservers $xprotocol $xports $xcports $xratelimit $xuserspec
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
do_it() {
|
||||
expandv xclients xservers xprotocol xports xcports xratelimit xuserspec
|
||||
|
||||
if [ "x$xclients" = xall ]; then
|
||||
xclients="$zones $FW"
|
||||
if [ "x$xservers" = xall ]; then
|
||||
xservers="$zones $FW"
|
||||
fi
|
||||
process_wildcard_rule
|
||||
continue
|
||||
fi
|
||||
|
||||
if [ "x$xservers" = xall ]; then
|
||||
xservers="$zones $FW"
|
||||
process_wildcard_rule
|
||||
continue
|
||||
fi
|
||||
|
||||
process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec
|
||||
|
||||
}
|
||||
|
||||
log_action() {
|
||||
[ "$COMMAND" != check ] && log_rule ${LOGNEWNOTSYN:-info} $1 $2 "" "" -p tcp ! --syn
|
||||
@ -2981,8 +2940,9 @@ process_actions2() {
|
||||
fn=$(find_file $f)
|
||||
|
||||
echo "Processing $fn..."
|
||||
while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do
|
||||
do_it
|
||||
while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec ; do
|
||||
expandv xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec
|
||||
process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec
|
||||
done < $TMP_DIR/$f
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -1 +1 @@
|
||||
2.0.7
|
||||
2.0.8
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2004-08-19</pubdate>
|
||||
<pubdate>2004-08-21</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2004</year>
|
||||
@ -336,8 +336,8 @@ vpn eth0:0.0.0.0/0 <emphasis role="bold"> ipsec</emphasis>
|
||||
|
||||
remote anonymous
|
||||
{
|
||||
exchange_mode aggressive ;
|
||||
my_identifier user_fqdn "teastep@shorewall.net" ;
|
||||
exchange_mode main ;
|
||||
my_identifier address ;
|
||||
lifetime time 24 hour ;
|
||||
proposal {
|
||||
encryption_algorithm 3des;
|
||||
@ -374,7 +374,9 @@ spdadd 192.168.20.40/32 192.168.20.10/32 any -P in ipsec esp/transport/192.168.
|
||||
|
||||
<para>/etc/racoon/psk.txt:</para>
|
||||
|
||||
<programlisting>teastep@shorewall.net <key></programlisting>
|
||||
<programlisting>192.168.20.20 <key for 192.168.20.10<->192.168.20.20>
|
||||
192.168.20.30 <key for 192.168.20.10<->192.168.20.30>
|
||||
192.168.20.40 <key for 192.168.20.10<->192.168.20.40></programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>Shorewall configuration goes as follows:</para>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user