holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Restore correct REJECT behavior

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1157 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-20 21:50:33 +00:00
parent f99779a27f
commit 09bcf7c1ab
2 changed files with 21 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Shorewall2/firewall
View File

@ -3002,9 +3002,14 @@ process_rule() # $1 = target
target="${target%:*}" target="${target%:*}"
expandv loglevel expandv loglevel
fi fi
#
logtarget="$target" # Save the original target in 'logtarget' for logging rules
dnat_only= #
logtarget=${target%-}
#
# Targets ending in "-" only apply to the nat table
#
[ $target = $logtarget ] && dnat_only= || dnat_only=Yes
# Tranform the rule: # Tranform the rule:
# #
@ -3054,32 +3059,16 @@ process_rule() # $1 = target
[ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP" [ -n "$ratelimit" ] && fatal_error "Rate Limiting not available with DROP"
;; ;;
REJECT) REJECT)
target=reject
;; ;;
CONTINUE) CONTINUE)
;; ;;
DNAT) DNAT*)
target=ACCEPT target=ACCEPT
address=${address:=detect} address=${address:=detect}
;; ;;
DNAT-) REDIRECT*)
target=ACCEPT target=ACCEPT
logtarget=DNAT
address=${address:=detect}
dnat_only=Yes
;;
REDIRECT)
target=ACCEPT
address=${address:=all}
if [ "x-" = "x$servers" ]; then
servers=$FW
else
servers="$FW::$servers"
fi
;;
REDIRECT-)
target=ACCEPT
logtarget=REDIRECT
dnat_only=Yes
address=${address:=all} address=${address:=all}
if [ "x-" = "x$servers" ]; then if [ "x-" = "x$servers" ]; then
servers=$FW servers=$FW

11
Shorewall2/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 2.0.0-Beta3 Shorewall 2.0.0-RC1
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since 1.4.10 Problems Corrected since 1.4.10
@ -14,6 +14,11 @@ Problems Corrected since 1.4.10
4) The 'detectnets' and 'routeback' options may now be used together 4) The 'detectnets' and 'routeback' options may now be used together
with the intended effect. with the intended effect.
Problems Corrected since Beta 3
1) The REJECT target now works correctly for TCP (sends an RST).
Previously, an ICMP reply was generated.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
@ -63,6 +68,10 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
policies but does not specify such an action in the default policies but does not specify such an action in the default
configuration. configuration.
If for some reason, you don't wish to have a common DROP or REJECT
action, just include :DROP or :REJECT respectively in your
/etc/shorewall/actions file.
The file /usr/share/shorewall/actions.std catalogs the standard The file /usr/share/shorewall/actions.std catalogs the standard
actions and is processed prior to /etc/shorewall/actions. This actions and is processed prior to /etc/shorewall/actions. This
causes a large number of actions to be defined. The files which causes a large number of actions to be defined. The files which