extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-15 10:51:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove 'complex zone' optimization

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-10-15 18:17:23 +00:00
parent 52b8c25530
commit ff2b9ce193
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -13,3 +13,5 @@ Changes since 1.4.7
5) Fix handling of LOGUNCLEAN 5) Fix handling of LOGUNCLEAN
6) Added BLACKLISTNEWONLY support. 6) Added BLACKLISTNEWONLY support.
7) Remove failed optimization for 'complex' zones.

22
Shorewall/firewall
View File

@ -572,9 +572,6 @@ determine_hosts() {
interfaces="$interfaces $interface" interfaces="$interfaces $interface"
fi fi
fi fi
[ "${host#*:}" = "0.0.0.0/0" ] || \
eval ${zone}_is_complex=Yes
done done
eval ${zone}_interfaces="\$interfaces" eval ${zone}_interfaces="\$interfaces"
@ -4371,13 +4368,6 @@ activate_rules()
chain1=`rules_chain $FW $zone` chain1=`rules_chain $FW $zone`
chain2=`rules_chain $zone $FW` chain2=`rules_chain $zone $FW`
eval complex=\$${zone}_is_complex
if [ -n "$complex" ]; then
frwd_chain=${zone}_frwd
createchain $frwd_chain No
fi
echo "$FW $zone $chain1" >> ${STATEDIR}/chains echo "$FW $zone $chain1" >> ${STATEDIR}/chains
echo "$zone $FW $chain2" >> ${STATEDIR}/chains echo "$zone $FW $chain2" >> ${STATEDIR}/chains
@ -4394,9 +4384,6 @@ activate_rules()
addrulejump POSTROUTING `snat_chain $zone` -o $interface -d $subnet addrulejump POSTROUTING `snat_chain $zone` -o $interface -d $subnet
run_iptables -A `input_chain $interface` -s $subnet -j $chain2 run_iptables -A `input_chain $interface` -s $subnet -j $chain2
[ -n "$complex" ] && \
run_iptables -A `forward_chain $interface` -s $subnet -j $frwd_chain
done done
for zone1 in $zones; do for zone1 in $zones; do
@ -4419,19 +4406,16 @@ activate_rules()
for host in $source_hosts; do for host in $source_hosts; do
interface=${host%:*} interface=${host%:*}
subnet=${host#*:}
if [ -n "$complex" ]; then chain1=`forward_chain $interface`
chain1=$frwd_chain
else
chain1=`forward_chain $interface`
fi
for host1 in $dest_hosts; do for host1 in $dest_hosts; do
interface1=${host1%:*} interface1=${host1%:*}
subnet1=${host1#*:} subnet1=${host1#*:}
if [ "$host" != "$host1" ] || list_search $host $routeback; then if [ "$host" != "$host1" ] || list_search $host $routeback; then
run_iptables -A $chain1 -o $interface1 -d $subnet1 -j $chain run_iptables -A $chain1 -s $subnet -o $interface1 -d $subnet1 -j $chain
fi fi
done done
done done

7
Shorewall/releasenotes.txt
View File

@ -26,6 +26,13 @@ Problems Corrected since version 1.4.6:
4) Handling of the LOGUNCLEAN option in shorewall.conf has been 4) Handling of the LOGUNCLEAN option in shorewall.conf has been
corrected. corrected.
5) In Shorewall 1.4.2, an optimization was added. This optimization
involved creating a chain named "<zone>_frwd" for most zones
defined using the /etc/shorewall/hosts file. It has since been
discovered that these new chains contain redundant rules in many
cases so that the "optimization" is less than optimal. As a result,
the optimization has been removed.
Migration Issues: Migration Issues:
None. None.