mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 18:13:13 +01:00
Fix IMPLICIT_CONTINUE intra-zone policy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5433 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bdd3554bce
commit
fa1df2ecf8
@ -8,6 +8,8 @@ Changes in 3.4.0 Final
|
|||||||
|
|
||||||
4) Fix exit status problem with 'restart'
|
4) Fix exit status problem with 'restart'
|
||||||
|
|
||||||
|
5) Dump SPD and SAD in the dump command.
|
||||||
|
|
||||||
Changes in 3.4.0 RC 2
|
Changes in 3.4.0 RC 2
|
||||||
|
|
||||||
1) No longer include params file in compiled output.
|
1) No longer include params file in compiled output.
|
||||||
|
@ -486,18 +486,20 @@ validate_policy()
|
|||||||
eval parents=\$${zone}_parents
|
eval parents=\$${zone}_parents
|
||||||
if [ -n "$parents" ]; then
|
if [ -n "$parents" ]; then
|
||||||
for zone1 in $ZONES $FW; do
|
for zone1 in $ZONES $FW; do
|
||||||
chain=${zone}2${zone1}
|
if $zone != $zone1; then
|
||||||
eval ${chain}_is_policy=Yes
|
chain=${zone}2${zone1}
|
||||||
eval ${chain}_is_optional=Yes
|
eval ${chain}_is_policy=Yes
|
||||||
eval ${chain}_policy=CONTINUE
|
eval ${chain}_is_optional=Yes
|
||||||
eval ${chain}_policychain=$chain
|
eval ${chain}_policy=CONTINUE
|
||||||
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
|
eval ${chain}_policychain=$chain
|
||||||
chain=${zone1}2${zone}
|
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
|
||||||
eval ${chain}_is_policy=Yes
|
chain=${zone1}2${zone}
|
||||||
eval ${chain}_is_optional=Yes
|
eval ${chain}_is_policy=Yes
|
||||||
eval ${chain}_policy=CONTINUE
|
eval ${chain}_is_optional=Yes
|
||||||
eval ${chain}_policychain=$chain
|
eval ${chain}_policy=CONTINUE
|
||||||
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
|
eval ${chain}_policychain=$chain
|
||||||
|
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -658,6 +658,13 @@ dump_command() {
|
|||||||
brctl show
|
brctl show
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if qt mywhich setkey; then
|
||||||
|
heading "PFKEY SPD"
|
||||||
|
setkey -DP
|
||||||
|
heading "PFKEY SAD"
|
||||||
|
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
||||||
|
fi
|
||||||
|
|
||||||
heading "/proc"
|
heading "/proc"
|
||||||
show_proc /proc/version
|
show_proc /proc/version
|
||||||
show_proc /proc/sys/net/ipv4/ip_forward
|
show_proc /proc/sys/net/ipv4/ip_forward
|
||||||
|
@ -46,7 +46,9 @@ Other Changes in 3.4.0 Final
|
|||||||
for a provider. This combination of options can lead to packets being
|
for a provider. This combination of options can lead to packets being
|
||||||
dropped as 'martians'.
|
dropped as 'martians'.
|
||||||
|
|
||||||
None.
|
2) If the 'setkey' program is installed, then the IPSEC SPD and SAD
|
||||||
|
are displayed in the output of "shorewall[-lite] dump. All key
|
||||||
|
information (E: and A: lines) is suppressed in the command output.
|
||||||
|
|
||||||
Migration Considerations:
|
Migration Considerations:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user