Fix IMPLICIT_CONTINUE intra-zone policy

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5433 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-23 17:07:13 +00:00
parent bdd3554bce
commit fa1df2ecf8
4 changed files with 27 additions and 14 deletions

View File

@ -8,6 +8,8 @@ Changes in 3.4.0 Final
4) Fix exit status problem with 'restart'
5) Dump SPD and SAD in the dump command.
Changes in 3.4.0 RC 2
1) No longer include params file in compiled output.

View File

@ -486,6 +486,7 @@ validate_policy()
eval parents=\$${zone}_parents
if [ -n "$parents" ]; then
for zone1 in $ZONES $FW; do
if $zone != $zone1; then
chain=${zone}2${zone1}
eval ${chain}_is_policy=Yes
eval ${chain}_is_optional=Yes
@ -498,6 +499,7 @@ validate_policy()
eval ${chain}_policy=CONTINUE
eval ${chain}_policychain=$chain
ALL_POLICY_CHAINS="$ALL_POLICY_CHAINS $chain"
fi
done
fi
fi

View File

@ -658,6 +658,13 @@ dump_command() {
brctl show
fi
if qt mywhich setkey; then
heading "PFKEY SPD"
setkey -DP
heading "PFKEY SAD"
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
fi
heading "/proc"
show_proc /proc/version
show_proc /proc/sys/net/ipv4/ip_forward

View File

@ -46,7 +46,9 @@ Other Changes in 3.4.0 Final
for a provider. This combination of options can lead to packets being
dropped as 'martians'.
None.
2) If the 'setkey' program is installed, then the IPSEC SPD and SAD
are displayed in the output of "shorewall[-lite] dump. All key
information (E: and A: lines) is suppressed in the command output.
Migration Considerations: