extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-15 14:16:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

More Fixes for update

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-08 12:42:32 -07:00
parent 88f9a3e255
commit fb2d261cdb
3 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -224,10 +224,12 @@ sub remove_blacklist( $ ) {
$changed = 1; $changed = 1;
if ( $comment ) { if ( $comment ) {
$comment =~ s/^/ / while $rule =~ s/blacklist,//; $comment =~ s/^/ / while $rule =~ s/blacklist,// || $rule =~ s/,blacklist//;
$rule =~ s/blacklist/ /g; $rule =~ s/blacklist/ /g;
$currentline = join( '#', $rule, $comment ); $currentline = join( '#', $rule, $comment );
} else { } else {
$currentline =~ s/blacklist,//g;
$currentline =~ s/,blacklist//g;
$currentline =~ s/blacklist/ /g; $currentline =~ s/blacklist/ /g;
} }
} }
@ -540,7 +542,7 @@ EOF
if ( $notrack{$host} ) { if ( $notrack{$host} ) {
print $stoppedrules "NOTRACK\t$interface:$h\t-\t$rule\n"; print $stoppedrules "NOTRACK\t$interface:$h\t-\t$rule\n";
print $stoppedrules "NOTRACK\t\$FW\$interface:$h\t\$rule\n"; print $stoppedrules "NOTRACK\t\$FW\t$interface:$h\t$rule\n";
} }
unless ( $matched ) { unless ( $matched ) {
@ -824,6 +826,8 @@ sub add_common_rules ( $$$ ) {
if ( $upgrade_blacklist ) { if ( $upgrade_blacklist ) {
exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped; exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped;
} elsif ( my $fn = find_file 'blacklist' ) {
warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
} }
$list = find_hosts_by_option 'nosmurfs'; $list = find_hosts_by_option 'nosmurfs';
@ -2462,7 +2466,12 @@ EOF
} }
} }
convert_routestopped if $routestopped; if ( $routestopped ) {
convert_routestopped;
} elsif ( my $fn = find_file 'routestopped' ) {
warning_message "The routestopped file is no longer supported - use '$product update -s' to convert $fn to an equivalent 'stoppedrules' file";
}
process_stoppedrules; process_stoppedrules;
if ( have_capability 'IFACE_MATCH' ) { if ( have_capability 'IFACE_MATCH' ) {

6
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -1226,6 +1226,11 @@ sub process_interface( $$ ) {
fatal_error "Option $option does not take a value" if defined $value; fatal_error "Option $option does not take a value" if defined $value;
if ( $option eq 'blacklist' ) { if ( $option eq 'blacklist' ) {
warning_message "The 'blacklist' interface option is no longer supported"; warning_message "The 'blacklist' interface option is no longer supported";
if ( $zone ) {
$zoneref->{options}{in}{blacklist} = 1;
} else {
warning_message "The 'blacklist' option is ignored on multi-zone interfaces";
}
} else { } else {
$options{$option} = 1; $options{$option} = 1;
$hostoptions{$option} = 1 if $hostopt; $hostoptions{$option} = 1 if $hostopt;
@ -2068,6 +2073,7 @@ sub process_host( ) {
warning_message "The 'norfc1918' host option is no longer supported" warning_message "The 'norfc1918' host option is no longer supported"
} elsif ( $option eq 'blacklist' ) { } elsif ( $option eq 'blacklist' ) {
warning_message "The 'blacklist' option is no longer supported"; warning_message "The 'blacklist' option is no longer supported";
$zoneref->{options}{in}{blacklist} = 1;
} elsif ( $option =~ /^mss=(\d+)$/ ) { } elsif ( $option =~ /^mss=(\d+)$/ ) {
fatal_error "Invalid mss ($1)" unless $1 >= 500; fatal_error "Invalid mss ($1)" unless $1 >= 500;
require_capability 'TCPMSS_TARGET', $option, 's'; require_capability 'TCPMSS_TARGET', $option, 's';

12
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -34,8 +34,8 @@
role="bold">raw</emphasis> table. In 4.5.7, the file's name was changed to role="bold">raw</emphasis> table. In 4.5.7, the file's name was changed to
<emphasis role="bold">conntrack</emphasis>.</para> <emphasis role="bold">conntrack</emphasis>.</para>
<para>The file supports two different column layouts: FORMAT 1, FORMAT 2, <para>The file supports three different column layouts: FORMAT 1, FORMAT
and FORMAT 3, FORMAT 1 being the default. The three differ as 2, and FORMAT 3, FORMAT 1 being the default. The three differ as
follows:</para> follows:</para>
<itemizedlist> <itemizedlist>
@ -366,7 +366,7 @@
<varlistentry> <varlistentry>
<term>SOURCE (formats 1 and 2) <term>SOURCE (formats 1 and 2)
{<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]|COMMENT}</term> {<emphasis>zone</emphasis>[:<emphasis>interface</emphasis>][:<emphasis>address-list</emphasis>]}</term>
<listitem> <listitem>
<para>where <replaceable>zone</replaceable> is the name of a zone, <para>where <replaceable>zone</replaceable> is the name of a zone,
@ -397,10 +397,6 @@
<ulink <ulink
url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink> url="/manpages/shorewall-exclusion.html">shorewall-exclusion</ulink>
(5)).</para> (5)).</para>
<para>COMMENT is only allowed in format 1; the remainder of the line
is treated as a comment that will be associated with the generated
rule(s).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -556,7 +552,7 @@ DROP:PO - 1.2.3.4
<refsect1> <refsect1>
<title>FILES</title> <title>FILES</title>
<para>/etc/shorewall/notrack</para> <para>/etc/shorewall/conntrack</para>
</refsect1> </refsect1>
<refsect1> <refsect1>