From f847ec5263162117f87792089b115690b4db23ee Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 24 Sep 2004 17:18:04 +0000 Subject: [PATCH] Fix GATEWAY handling for pptpserverz git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1644 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE2/changelog.txt | 4 ++++ STABLE2/firewall | 11 ++++++----- STABLE2/releasenotes.txt | 8 +++++++- Shorewall2/firewall | 11 ++++++----- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index 3d955b30b..5f1533fe2 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -58,3 +58,7 @@ Changes in 2.0.9 2) Added warning about ADD_SNAT_ALIASES in the masq file. 3) Added "brctl show" to the status command. + +Changes in 2.0.10 + +1) Corrected GATEWAY handling for 'pptpserver's diff --git a/STABLE2/firewall b/STABLE2/firewall index 8de9d460b..bc5396bc7 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -1509,11 +1509,11 @@ setup_tunnels() # $1 = name of tunnels file progress_message " PPTP tunnel to $1 defined." } - setup_pptp_server() + setup_pptp_server() # $1 = gateway { - addrule $inchain -p 47 -j ACCEPT - addrule $outchain -p 47 -j ACCEPT - addrule $inchain -p tcp --dport 1723 -j ACCEPT + addrule $inchain -p 47 -s $1 -j ACCEPT + addrule $outchain -p 47 -d $1 -j ACCEPT + addrule $inchain -p tcp --dport 1723 -s $1 -j ACCEPT progress_message " PPTP server defined." } @@ -1581,6 +1581,7 @@ setup_tunnels() # $1 = name of tunnels file if validate_zone $z; then inchain=${z}2${FW} outchain=${FW}2${z} + gateway=${gateway:-0.0.0.0/0} case $kind in ipsec|IPSEC|ipsec:*|IPSEC:*) setup_one_ipsec $gateway $kind $z1 @@ -1600,7 +1601,7 @@ setup_tunnels() # $1 = name of tunnels file pptpclient|PPTPCLIENT) setup_pptp_client $gateway ;; - pptpserver|PPTPSERVER) + pptpserver|PPTPSERVER) $gateway setup_pptp_server ;; openvpn|OPENVPN|openvpn:*|OPENVPN:*) diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index 4d7d6b354..95ffb1f69 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.0.9 +Shorewall 2.0.10 ---------------------------------------------------------------------- Problems Corrected in version 2.0.4 @@ -129,6 +129,12 @@ New Fewatures in version 2.0.9 1) The "shorewall status" command now includes the output of "brctl show" if the bridge tools are installed. +----------------------------------------------------------------------- +Problems corrected in version 2.0.10 + +1) The GATEWAY column was previously ignored in 'pptpserver' entries in + /etc/shorewall/tunnels. + diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 84dd5de3a..f34208c11 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1602,11 +1602,11 @@ setup_tunnels() # $1 = name of tunnels file progress_message " PPTP tunnel to $1 defined." } - setup_pptp_server() + setup_pptp_server() # $1 = gateway { - addrule $inchain -p 47 -j ACCEPT - addrule $outchain -p 47 -j ACCEPT - addrule $inchain -p tcp --dport 1723 -j ACCEPT + addrule $inchain -p 47 -s $1 -j ACCEPT + addrule $outchain -p 47 -d $1 -j ACCEPT + addrule $inchain -p tcp --dport 1723 -s $1 -j ACCEPT progress_message " PPTP server defined." } @@ -1674,6 +1674,7 @@ setup_tunnels() # $1 = name of tunnels file if validate_zone $z; then inchain=${z}2${FW} outchain=${FW}2${z} + gateway=${gateway:-0.0.0.0/0} case $kind in ipsec|IPSEC|ipsec:*|IPSEC:*) setup_one_ipsec $gateway $kind $z1 @@ -1693,7 +1694,7 @@ setup_tunnels() # $1 = name of tunnels file pptpclient|PPTPCLIENT) setup_pptp_client $gateway ;; - pptpserver|PPTPSERVER) + pptpserver|PPTPSERVER) $gateway setup_pptp_server ;; openvpn|OPENVPN|openvpn:*|OPENVPN:*)