mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-12 04:37:01 +02:00
Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
373fc87165
commit
f925b335ef
@ -1698,8 +1698,7 @@ sub process_host( ) {
|
|||||||
fatal_error qq(The "$option" option is not allowed with Vserver zones) if $type == VSERVER && ! ( $validhostoptions{$option} & IF_OPTION_VSERVER );
|
fatal_error qq(The "$option" option is not allowed with Vserver zones) if $type == VSERVER && ! ( $validhostoptions{$option} & IF_OPTION_VSERVER );
|
||||||
|
|
||||||
if ( $option eq 'blacklist' ) {
|
if ( $option eq 'blacklist' ) {
|
||||||
warning_message qq(The "blacklist" host option is deprecated and will be removed);
|
warning_message qq(The "blacklist" host option is no longer supported and will be ignored);
|
||||||
$interfaces{$interface}{options}{blacklist} |= BL_IN;
|
|
||||||
} else {
|
} else {
|
||||||
$options{$option} = 1;
|
$options{$option} = 1;
|
||||||
}
|
}
|
||||||
@ -1804,28 +1803,16 @@ sub find_hosts_by_option( $ ) {
|
|||||||
\@hosts;
|
\@hosts;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# This one returns a 4-tuple for each interface which the passed bit set in the passed option
|
||||||
|
#
|
||||||
|
|
||||||
sub find_hosts_by_option1( $$ ) {
|
sub find_hosts_by_option1( $$ ) {
|
||||||
my ($option, $bit ) = @_;
|
my ($option, $bit ) = @_;
|
||||||
my @hosts;
|
my @hosts;
|
||||||
|
|
||||||
for my $zone ( grep $zones{$_}{type} != FIREWALL , @zones ) {
|
|
||||||
while ( my ($type, $interfaceref) = each %{$zones{$zone}{hosts}} ) {
|
|
||||||
while ( my ( $interface, $arrayref) = ( each %{$interfaceref} ) ) {
|
|
||||||
for my $host ( @{$arrayref} ) {
|
|
||||||
if ( $host->{options}{$option} & $bit ) {
|
|
||||||
for my $net ( @{$host->{hosts}} ) {
|
|
||||||
push @hosts, [ $interface, $host->{ipsec} , $net , $host->{exclusions}];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $interface ( @interfaces ) {
|
for my $interface ( @interfaces ) {
|
||||||
if ( ! $interfaces{$interface}{zone} && $interfaces{$interface}{options}{$option} & $bit ) {
|
push @hosts, [ $interface, 'none', ALLIP , [] ] if $interfaces{$interface}{options}{$option} & $bit
|
||||||
push @hosts, [ $interface, 'none', ALLIP , [] ];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
\@hosts;
|
\@hosts;
|
||||||
|
|||||||
@ -445,12 +445,13 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
'provider' is the capitalized name of a provider.
|
'provider' is the capitalized name of a provider.
|
||||||
|
|
||||||
15) The 'blacklist' option in /etc/shorewall/hosts
|
15) The 'blacklist' option in /etc/shorewall/hosts
|
||||||
(/etc/shorewall6/hosts) is now deprecated. It was originally
|
(/etc/shorewall6/hosts) is now ignored with a warning:
|
||||||
implemented to handle post kernel-2.6.21 bridges which are now
|
|
||||||
handled completely in the interfaces file.
|
|
||||||
|
|
||||||
Setting 'blacklist' in the hosts file is now equivalent to setting
|
WARNING: The "blacklist" host option is no longer supported and
|
||||||
blacklist=1 in the associated entry in the interfaces file.
|
will be ignored
|
||||||
|
|
||||||
|
The option was originally implemented to handle post kernel-2.6.21
|
||||||
|
bridges which are now handled completely in the interfaces file.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||||
|
|||||||
@ -140,10 +140,14 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This option only makes sense for ports on a bridge. As
|
<para>This option only makes sense for ports on a bridge. As
|
||||||
of Shoreawall 4.4.13, its use is deprecated and the effect of
|
of Shoreawall 4.4.13, ithe option is no longer supported and
|
||||||
the option is the same as specifying
|
is ignored with a warning:</para>
|
||||||
<option>blacklist=1</option> on the associated entry in <ulink
|
|
||||||
url="shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
|
<blockquote>
|
||||||
|
<para><emphasis role="bold">WARNING: The "blacklist" host
|
||||||
|
option is no longer supported and will be
|
||||||
|
ignored.</emphasis></para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
<para>Check packets arriving on this port against the <ulink
|
<para>Check packets arriving on this port against the <ulink
|
||||||
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
|
url="shorewall-blacklist.html">shorewall-blacklist</ulink>(5)
|
||||||
|
|||||||
@ -128,11 +128,14 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This option only makes sense for ports on a bridge. As
|
<para>This option only makes sense for ports on a bridge. As
|
||||||
of Shorewall 4.4.13, its use is deprecated and is equivalent
|
of Shorewall 4.4.13, its is ignored with a warning
|
||||||
to specifying <option>blacklist=1</option> on the associated
|
message:</para>
|
||||||
entry in <ulink
|
|
||||||
url="shorewall6-interfaces.html">shorewall6-interfaces</ulink>(5).
|
<blockquote>
|
||||||
</para>
|
<para><emphasis role="bold">WARNING: The "blacklist" host
|
||||||
|
option is no longer supported and will be
|
||||||
|
ignored.</emphasis></para>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
<para>Check packets arriving on this port against the <ulink
|
<para>Check packets arriving on this port against the <ulink
|
||||||
url="shorewall-blacklist.html">shorewall6-blacklist</ulink>(5)
|
url="shorewall-blacklist.html">shorewall6-blacklist</ulink>(5)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user