forked from extern/shorewall_code
Update for Shorewall 2.1.11
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1684 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
366baf005b
commit
1d6c7fd8c7
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=2.1.10
|
VERSION=2.1.11
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -5479,12 +5479,14 @@ initialize_netfilter () {
|
|||||||
if [ -n "$CLAMPMSS" ]; then
|
if [ -n "$CLAMPMSS" ]; then
|
||||||
case $CLAMPMSS in
|
case $CLAMPMSS in
|
||||||
Yes)
|
Yes)
|
||||||
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
option="--clamp-mss-to-pmtu"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $CLAMPMSS
|
option="--set-mss $CLAMPMSS"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$NEWNOTSYN" ]; then
|
if [ -z "$NEWNOTSYN" ]; then
|
||||||
@ -5499,7 +5501,7 @@ initialize_netfilter () {
|
|||||||
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags ACK ACK -j ACCEPT
|
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags ACK ACK -j ACCEPT
|
||||||
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags RST RST -j ACCEPT
|
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags RST RST -j ACCEPT
|
||||||
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags FIN FIN -j ACCEPT
|
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -p tcp --tcp-flags FIN FIN -j ACCEPT
|
||||||
run_iptables -A newnotsyn -i $interface $(match_source_hosts ${host#*:}) $policy -j RETURN
|
run_iptables -A newnotsyn -i $interface $(match_source_hosts $network) $policy -j RETURN
|
||||||
done
|
done
|
||||||
|
|
||||||
run_user_exit newnotsyn
|
run_user_exit newnotsyn
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=2.1.10
|
VERSION=2.1.11
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 2.1.10
|
%define version 2.1.11
|
||||||
%define release 1
|
%define release 1
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
|
|
||||||
@ -137,6 +137,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Oct 14 2004 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 2.1.11-1
|
||||||
* Sun Oct 03 2004 Tom Eastep tom@shorewall.net
|
* Sun Oct 03 2004 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 2.1.10-1
|
- Updated to 2.1.10-1
|
||||||
* Thu Sep 15 2004 Tom Eastep tom@shorewall.net
|
* Thu Sep 15 2004 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Seattle Firewall
|
# shown below. Simply run this script to remove Seattle Firewall
|
||||||
|
|
||||||
VERSION=2.1.10
|
VERSION=2.1.11
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user