mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
More Fixes for update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
88f9a3e255
commit
fb2d261cdb
@ -224,10 +224,12 @@ sub remove_blacklist( $ ) {
|
||||
$changed = 1;
|
||||
|
||||
if ( $comment ) {
|
||||
$comment =~ s/^/ / while $rule =~ s/blacklist,//;
|
||||
$comment =~ s/^/ / while $rule =~ s/blacklist,// || $rule =~ s/,blacklist//;
|
||||
$rule =~ s/blacklist/ /g;
|
||||
$currentline = join( '#', $rule, $comment );
|
||||
} else {
|
||||
$currentline =~ s/blacklist,//g;
|
||||
$currentline =~ s/,blacklist//g;
|
||||
$currentline =~ s/blacklist/ /g;
|
||||
}
|
||||
}
|
||||
@ -540,7 +542,7 @@ EOF
|
||||
|
||||
if ( $notrack{$host} ) {
|
||||
print $stoppedrules "NOTRACK\t$interface:$h\t-\t$rule\n";
|
||||
print $stoppedrules "NOTRACK\t\$FW\$interface:$h\t\$rule\n";
|
||||
print $stoppedrules "NOTRACK\t\$FW\t$interface:$h\t$rule\n";
|
||||
}
|
||||
|
||||
unless ( $matched ) {
|
||||
@ -824,6 +826,8 @@ sub add_common_rules ( $$$ ) {
|
||||
|
||||
if ( $upgrade_blacklist ) {
|
||||
exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped;
|
||||
} elsif ( my $fn = find_file 'blacklist' ) {
|
||||
warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
|
||||
}
|
||||
|
||||
$list = find_hosts_by_option 'nosmurfs';
|
||||
@ -2462,7 +2466,12 @@ EOF
|
||||
}
|
||||
}
|
||||
|
||||
convert_routestopped if $routestopped;
|
||||
if ( $routestopped ) {
|
||||
convert_routestopped;
|
||||
} elsif ( my $fn = find_file 'routestopped' ) {
|
||||
warning_message "The routestopped file is no longer supported - use '$product update -s' to convert $fn to an equivalent 'stoppedrules' file";
|
||||
}
|
||||
|
||||
process_stoppedrules;
|
||||
|
||||
if ( have_capability 'IFACE_MATCH' ) {
|
||||
|
||||
@ -1226,6 +1226,11 @@ sub process_interface( $$ ) {
|
||||
fatal_error "Option $option does not take a value" if defined $value;
|
||||
if ( $option eq 'blacklist' ) {
|
||||
warning_message "The 'blacklist' interface option is no longer supported";
|
||||
if ( $zone ) {
|
||||
$zoneref->{options}{in}{blacklist} = 1;
|
||||
} else {
|
||||
warning_message "The 'blacklist' option is ignored on multi-zone interfaces";
|
||||
}
|
||||
} else {
|
||||
$options{$option} = 1;
|
||||
$hostoptions{$option} = 1 if $hostopt;
|
||||
@ -2068,6 +2073,7 @@ sub process_host( ) {
|
||||
warning_message "The 'norfc1918' host option is no longer supported"
|
||||
} elsif ( $option eq 'blacklist' ) {
|
||||
warning_message "The 'blacklist' option is no longer supported";
|
||||
$zoneref->{options}{in}{blacklist} = 1;
|
||||
} elsif ( $option =~ /^mss=(\d+)$/ ) {
|
||||
fatal_error "Invalid mss ($1)" unless $1 >= 500;
|
||||
require_capability 'TCPMSS_TARGET', $option, 's';
|
||||
|
||||
@ -34,8 +34,8 @@
|
||||
role="bold">raw</emphasis> table. In 4.5.7, the file's name was changed to
|
||||
<emphasis role="bold">conntrack</emphasis>.</para>
|
||||
|
||||
<para>The file supports two different column layouts: FORMAT 1, FORMAT 2,
|
||||
and FORMAT 3, FORMAT 1 being the default. The three differ as
|
||||
<para>The file supports three different column layouts: FORMAT 1, FORMAT
|
||||
2, and FORMAT 3, FORMAT 1 being the default. The three differ as
|
||||
follows:</para>
|
||||
|
||||
<itemizedlist>
|
||||
@ -366,7 +366,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term>SOURCE (formats 1 and 2) ‒
|
||||
{<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]|COMMENT}</term>
|
||||
{<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]}</term>
|
||||
|
||||
<listitem>
|
||||
<para>where <replaceable>zone</replaceable> is the name of a zone,
|
||||
@ -397,10 +397,6 @@
|
||||
<ulink
|
||||
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
|
||||
(5)).</para>
|
||||
|
||||
<para>COMMENT is only allowed in format 1; the remainder of the line
|
||||
is treated as a comment that will be associated with the generated
|
||||
rule(s).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -556,7 +552,7 @@ DROP:PO - 1.2.3.4
|
||||
<refsect1>
|
||||
<title>FILES</title>
|
||||
|
||||
<para>/etc/shorewall/notrack</para>
|
||||
<para>/etc/shorewall/conntrack</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user