Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations

This commit is contained in:
Tom Eastep 2010-08-02 08:04:55 -07:00
parent c0dcb0edbf
commit 2774ee1bd6
4 changed files with 15 additions and 4 deletions

View File

@ -2056,7 +2056,7 @@ sub do_proto( $$$;$ )
last PROTO; } last PROTO; }
if ( $proto == ICMP ) { if ( $proto == ICMP ) {
fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; #User specified proto 1 rather than 'icmp'
if ( $ports ne '' ) { if ( $ports ne '' ) {
$invert = $ports =~ s/^!// ? '! ' : ''; $invert = $ports =~ s/^!// ? '! ' : '';
fatal_error 'Multiple ICMP types are not permitted' if $ports =~ /,/; fatal_error 'Multiple ICMP types are not permitted' if $ports =~ /,/;

View File

@ -73,7 +73,7 @@ our @EXPORT = qw( ALLIPv4
validate_icmp6 validate_icmp6
); );
our @EXPORT_OK = qw( ); our @EXPORT_OK = qw( );
our $VERSION = '4.4_11'; our $VERSION = '4.4_12';
# #
# Some IPv4/6 useful stuff # Some IPv4/6 useful stuff
@ -87,6 +87,7 @@ our $validate_address;
our $validate_net; our $validate_net;
our $validate_range; our $validate_range;
our $validate_host; our $validate_host;
our $family;
use constant { ALLIPv4 => '0.0.0.0/0' , use constant { ALLIPv4 => '0.0.0.0/0' ,
ALLIPv6 => '::/0' , ALLIPv6 => '::/0' ,
@ -292,6 +293,11 @@ sub resolve_proto( $ ) {
$number = numeric_value ( $proto ); $number = numeric_value ( $proto );
defined $number && $number <= 65535 ? $number : undef; defined $number && $number <= 65535 ? $number : undef;
} else { } else {
#
# Allow 'icmp' as a synonym for 'ipv6-icmp' in IPv6 compilations
#
$proto= 'ipv6-icmp' if $proto eq 'icmp' && $family == F_IPV6;
defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto; defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto;
} }
} }
@ -682,7 +688,7 @@ sub validate_host ($$ ) {
# able to re-initialize its dependent modules' state. # able to re-initialize its dependent modules' state.
# #
sub initialize( $ ) { sub initialize( $ ) {
my $family = shift; $family = shift;
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
$allip = ALLIPv4; $allip = ALLIPv4;

View File

@ -16,6 +16,8 @@ Changes in Shorewall 4.4.12
8) Add COMPLETE option. 8) Add COMPLETE option.
9) Make ICMP a synonym for IPV6-ICMP in ipv6 configs.
Changes in Shorewall 4.4.11 Changes in Shorewall 4.4.11
1) Apply patch from Gabriel. 1) Apply patch from Gabriel.

View File

@ -296,7 +296,10 @@ None.
is '+' is '+'
o That interface is assigned to a zone. o That interface is assigned to a zone.
o You have no CONTINUE policies or rules. o You have no CONTINUE policies or rules.
4) 'icmp' is now accepted as a synonym for 'ipv6-icmp' in IPv6
compilations.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
I N P R I O R R E L E A S E S I N P R I O R R E L E A S E S