From 20250c9ce90c1236d7b8e24f52be6de87225fbad Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 20 Sep 2009 09:10:23 -0400 Subject: [PATCH] Hack to make new LIMIT stuff work on ancient iptables releases --- Shorewall/Perl/Shorewall/Chains.pm | 2 +- Shorewall/shorewall | 95 +----------------------------- Shorewall6/shorewall6 | 94 +---------------------------- 3 files changed, 5 insertions(+), 186 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 40d6330f7..d88f50701 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1532,7 +1532,7 @@ sub do_ratelimit( $$ ) { my $limit = "-m hashlimit "; if ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) { - $limit .= "--hashlimit-upto $3 --hashlimit-burst $6 --hashlimit-name "; + $limit .= "--hashlimit $3 --hashlimit-burst $6 --hashlimit-name "; $limit .= $2 ? $2 : 'shorewall'; $limit .= ' --hashlimit-mode '; } elsif ( $rate =~ /^[sd]:((\w*):)?(\d+(\/(sec|min|hour|day))?)$/ ) { diff --git a/Shorewall/shorewall b/Shorewall/shorewall index acbf2aa63..7e4ae7bbb 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -23,99 +23,9 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# If an error occurs while starting or restarting the firewall, the -# firewall is automatically stopped. +# For a list of supported commands, type 'shorewall help' # -# The firewall uses configuration files in /etc/shorewall/ - skeleton -# files are included with the firewall. -# -# Commands are: -# -# shorewall add [:] zone Adds a host or subnet to a zone -# shorewall delete [:] zone Deletes a host or subnet from a zone -# shorewall dump Dumps all Shorewall-related information -# for problem analysis -# shorewall start Starts the firewall -# shorewall restart Restarts the firewall -# shorewall stop Stops the firewall -# shorewall status Displays firewall status -# shorewall reset Resets iptables packet and -# byte counts -# shorewall clear Open the floodgates by -# removing all iptables rules -# and setting the three permanent -# chain policies to ACCEPT -# shorewall refresh Rebuild the common chain to -# compensate for a change of -# broadcast address on any "detect" -# interface. -# shorewall [re]load [ ] -# Compile a script and install it on a -# remote Shorewall Lite system. -# shorewall show [ ... ] Display the rules in each listed -# shorewall show actions Displays the available actions -# shorewall show log Print the last 20 log messages -# shorewall show connections Show the kernel's connection -# tracking table -# shorewall show nat Display the rules in the nat table -# shorewall show {mangle|tos} Display the rules in the mangle table -# shorewall show tc Display traffic control info -# shorewall show classifiers Display classifiers -# shorewall show capabilities Display iptables/kernel capabilities -# shorewall show vardir Display the VARDIR setting. -# shorewall version Display the installed version id -# shorewall check [ -e ] [ ] Dry-run compilation. -# shorewall try [ ] Try a new configuration and if -# it doesn't work, revert to the -# standard one. If a timeout is supplied -# the command reverts back to the -# standard configuration after that many -# seconds have elapsed after successfully -# starting the new configuration. -# shorewall logwatch [ refresh-interval ] Monitor the local log for Shorewall -# messages. -# shorewall drop
... Temporarily drop all packets from the -# listed address(es) -# shorewall reject
... Temporarily reject all packets from the -# listed address(es) -# shorewall allow
... Reenable address(es) previously -# disabled with "drop" or "reject" -# shorewall save [ ] Save the list of "rejected" and -# "dropped" addresses so that it will -# be automatically reinstated the -# next time that Shorewall starts. -# Save the current state so that 'shorewall -# restore' can be used. -# -# shorewall forget [ ] Discard the data saved by 'shorewall save' -# -# shorewall restore [ ] Restore the state of the firewall from -# previously saved information. -# -# shorewall ipaddr {
/ |
} -# -# Displays information about the network -# defined by the argument[s] -# -# shorewall iprange
-
Decomposes a range of IP addresses into -# a list of network/host addresses. -# -# shorewall ipdecimal {
| } -# -# Displays the decimal equivalent of an IP -# address and vice versa. -# -# shorewall safe-start [ ] Starts the firewall and promtp for a c -# confirmation to accept or reject the new -# configuration -# -# shorewall safe-restart [ ] Restarts the firewall and prompt for a -# confirmation to accept or reject the new -# configuration -# -# shorewall compile [ -e ] [ ] -# Compile a firewall program file. - +##################################################################################################### # # Set the configuration variables from shorewall.conf # @@ -123,7 +33,6 @@ # $2 = Yes: check for STARTUP_ENABLED # $3 = Yes: Check for LOGFILE # -# get_config() { local prog diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index e709f0d6d..3c30228dd 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -23,99 +23,9 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# If an error occurs while starting or restarting the firewall, the -# firewall is automatically stopped. +# For a list of supported commands, type 'shorewall6 help' # -# The firewall uses configuration files in /etc/shorewall/ - skeleton -# files are included with the firewall. -# -# Commands are: -# -# shorewall6 add [:] zone Adds a host or subnet to a zone -# shorewall6 delete [:] zone Deletes a host or subnet from a zone -# shorewall6 dump Dumps all Shorewall6-related information -# for problem analysis -# shorewall6 start Starts the firewall -# shorewall6 restart Restarts the firewall -# shorewall6 stop Stops the firewall -# shorewall6 status Displays firewall status -# shorewall6 reset Resets ip6tables packet and -# byte counts -# shorewall6 clear Open the floodgates by -# removing all ip6tables rules -# and setting the three permanent -# chain policies to ACCEPT -# shorewall6 refresh Rebuild the common chain to -# compensate for a change of -# broadcast address on any "detect" -# interface. -# shorewall6 [re]load [ ] -# Compile a script and install it on a -# remote Shorewall6 Lite system. -# shorewall6 show [ ... ] Display the rules in each listed -# shorewall6 show actions Displays the available actions -# shorewall6 show log Print the last 20 log messages -# shorewall6 show connections Show the kernel's connection -# tracking table -# shorewall6 show nat Display the rules in the nat table -# shorewall6 show {mangle|tos} Display the rules in the mangle table -# shorewall6 show tc Display traffic control info -# shorewall6 show classifiers Display classifiers -# shorewall6 show capabilities Display ip6tables/kernel capabilities -# shorewall6 show vardir Display the VARDIR setting. -# shorewall6 version Display the installed version id -# shorewall6 check [ -e ] [ ] Dry-run compilation. -# shorewall6 try [ ] Try a new configuration and if -# it doesn't work, revert to the -# standard one. If a timeout is supplied -# the command reverts back to the -# standard configuration after that many -# seconds have elapsed after successfully -# starting the new configuration. -# shorewall6 logwatch [ refresh-interval ] Monitor the local log for Shorewall6 -# messages. -# shorewall6 drop
... Temporarily drop all packets from the -# listed address(es) -# shorewall6 reject
... Temporarily reject all packets from the -# listed address(es) -# shorewall6 allow
... Reenable address(es) previously -# disabled with "drop" or "reject" -# shorewall6 save [ ] Save the list of "rejected" and -# "dropped" addresses so that it will -# be automatically reinstated the -# next time that Shorewall6 starts. -# Save the current state so that 'shorewall6 -# restore' can be used. -# -# shorewall6 forget [ ] Discard the data saved by 'shorewall6 save' -# -# shorewall6 restore [ ] Restore the state of the firewall from -# previously saved information. -# -# shorewall6 ipaddr {
/ |
} -# -# Displays information about the network -# defined by the argument[s] -# -# shorewall6 iprange
-
Decomposes a range of IP addresses into -# a list of network/host addresses. -# -# shorewall6 ipdecimal {
| } -# -# Displays the decimal equivalent of an IP -# address and vice versa. -# -# shorewall6 safe-start [ ] Starts the firewall and promtp for a c -# confirmation to accept or reject the new -# configuration -# -# shorewall6 safe-restart [ ] Restarts the firewall and prompt for a -# confirmation to accept or reject the new -# configuration -# -# shorewall6 compile [ -e ] [ ] -# Compile a firewall program file. - +################################################################################################ # # Set the configuration variables from shorewall6.conf #