mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-30 11:33:28 +01:00
Fix IMPLICIT_CONTINUE intra-zone policy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5433 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
bdd3554bce
commit
fa1df2ecf8
@ -8,6 +8,8 @@ Changes in 3.4.0 Final
|
||||
|
||||
4) Fix exit status problem with 'restart'
|
||||
|
||||
5) Dump SPD and SAD in the dump command.
|
||||
|
||||
Changes in 3.4.0 RC 2
|
||||
|
||||
1) No longer include params file in compiled output.
|
||||
|
@ -486,6 +486,7 @@ validate_policy()
|
||||
eval parents=\$${zone}_parents
|
||||
if [ -n "$parents" ]; then
|
||||
for zone1 in $ZONES $FW; do
|
||||
if $zone != $zone1; then
|
||||
chain=${zone}2${zone1}
|
||||
eval ${chain}_is_policy=Yes
|
||||
eval ${chain}_is_optional=Yes
|
||||
@ -498,6 +499,7 @@ validate_policy()
|
||||
eval ${chain}_policy=CONTINUE
|
||||
eval ${chain}_policychain=$chain
|
||||
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
@ -658,6 +658,13 @@ dump_command() {
|
||||
brctl show
|
||||
fi
|
||||
|
||||
if qt mywhich setkey; then
|
||||
heading "PFKEY SPD"
|
||||
setkey -DP
|
||||
heading "PFKEY SAD"
|
||||
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
||||
fi
|
||||
|
||||
heading "/proc"
|
||||
show_proc /proc/version
|
||||
show_proc /proc/sys/net/ipv4/ip_forward
|
||||
|
@ -46,7 +46,9 @@ Other Changes in 3.4.0 Final
|
||||
for a provider. This combination of options can lead to packets being
|
||||
dropped as 'martians'.
|
||||
|
||||
None.
|
||||
2) If the 'setkey' program is installed, then the IPSEC SPD and SAD
|
||||
are displayed in the output of "shorewall[-lite] dump. All key
|
||||
information (E: and A: lines) is suppressed in the command output.
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user