forked from extern/shorewall_code
Stage handles Shorewall6; fix IPv6 ENHANCED_REJECT handling in -perl
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8979 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
41fcf84109
commit
2bbb417330
@ -1752,7 +1752,7 @@ sub determine_capabilities( $ ) {
|
||||
|
||||
$capabilities{IPP2P_MATCH} = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --edk -j ACCEPT" );
|
||||
$capabilities{LENGTH_MATCH} = qt1( "$iptables -A $sillyname -m length --length 10:20 -j ACCEPT" );
|
||||
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp-host-prohibited" );
|
||||
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp6-admt-prohibited" );
|
||||
$capabilities{COMMENTS} = qt1( qq($iptables -A $sillyname -j ACCEPT -m comment --comment "This is a comment" ) );
|
||||
|
||||
if ( $capabilities{MANGLE_ENABLED} ) {
|
||||
|
@ -581,8 +581,14 @@ sub add_common_rules() {
|
||||
|
||||
if ( $capabilities{ENHANCED_REJECT} ) {
|
||||
add_rule $rejectref , '-p 17 -j REJECT';
|
||||
add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
|
||||
add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
|
||||
add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
|
||||
} else {
|
||||
add_rule $rejectref, '-p 58 -j REJECT --reject-with icmp6-addr-unreachable';
|
||||
add_rule $rejectref, '-j REJECT --reject-with icmp6-adm-prohibited';
|
||||
}
|
||||
} else {
|
||||
add_rule $rejectref , '-j REJECT';
|
||||
}
|
||||
|
@ -805,7 +805,7 @@ determine_capabilities() {
|
||||
|
||||
qt $IP6TABLES -A $chain -p tcp -m ipp2p --edk -j ACCEPT && IPP2P_MATCH=Yes
|
||||
qt $IP6TABLES -A $chain -m length --length 10:20 -j ACCEPT && LENGTH_MATCH=Yes
|
||||
qt $IP6TABLES -A $chain -j REJECT --reject-with icmp-host-prohibited && ENHANCED_REJECT=Yes
|
||||
qt $IP6TABLES -A $chain -j REJECT --reject-with icmp6-adm-prohibited && ENHANCED_REJECT=Yes
|
||||
|
||||
qt $IP6TABLES -A $chain -j ACCEPT -m comment --comment "This is a comment" && COMMENTS=Yes
|
||||
|
||||
|
@ -30,7 +30,9 @@ usage() {
|
||||
}
|
||||
|
||||
rpm=
|
||||
rpm6=
|
||||
literpm=
|
||||
lite6rpm=
|
||||
perlrpm=
|
||||
shellrpm=
|
||||
|
||||
@ -45,6 +47,8 @@ UPLOADSHELL=
|
||||
UPLOADLITE=
|
||||
UPLOADXML=
|
||||
UPLOADHTML=
|
||||
UPLOAD6=
|
||||
UPLOAD6LITE=
|
||||
PARTIAL=Yes
|
||||
BASE=
|
||||
|
||||
@ -101,6 +105,14 @@ while [ -z "$done" ]; do
|
||||
UPLOADHTML=Yes
|
||||
option=${option#h}
|
||||
;;
|
||||
6*)
|
||||
UPLOAD6=Yes
|
||||
option=${option#6}
|
||||
;;
|
||||
L*)
|
||||
UPLOAD6LITE=Yes
|
||||
option=${option#L}
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
@ -153,6 +165,17 @@ case $1 in
|
||||
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
|
||||
BASE=Yes
|
||||
;;
|
||||
4.3.*)
|
||||
DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
|
||||
SHOREWALL=shorewall-common
|
||||
rpm=shorewall-common-${1}-0base.noarch.rpm
|
||||
literpm=shorewall-lite-${1}-0base.noarch.rpm
|
||||
perlrpm=shorewall-perl-${1}-0base.noarch.rpm
|
||||
shellrpm=shorewall-shell-${1}-0base.noarch.rpm
|
||||
rpm6=shorewall6-${1}-0base.noarch.rpm
|
||||
lite6rpm=shorewall6-lite-${1}-0base.noarch.rpm
|
||||
BASE=Yes
|
||||
;;
|
||||
3.*[13579].*)
|
||||
DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
|
||||
rpm=shorewall-${1}-1.noarch.rpm
|
||||
@ -215,10 +238,12 @@ fi
|
||||
files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
|
||||
base=
|
||||
|
||||
[ -n "$UPLOAD6" ] && base="shorewall6-${1}.tar.*" && files="$files shorewall6-${1}.* $rpm6"
|
||||
[ -n "$UPLOADPERL" ] && base="shorewall-perl-${1}.tar.*" && files="$files shorewall-perl-${1}.* $perlrpm"
|
||||
[ -n "$UPLOADCOMMON" ] && base="$base shorewall-common-${1}.tar.*" && files="$files shorewall-common-${1}.* $rpm"
|
||||
[ -n "$UPLOADSHELL" ] && base="$base shorewall-shell-${1}.tar.*" && files="$files shorewall-shell-${1}.* $shellrpm"
|
||||
[ -n "$UPLOADLITE" ] && base="$base shorewall-lite-${1}.tar.*" && files="$files shorewall-lite-${1}.* $literpm"
|
||||
[ -n "$UPLOAD6LITE" ] && base="$base shorewall6-lite-${1}.tar.*" && files="$files shorewall6-lite-${1}.* $lite6rpm"
|
||||
[ -n "$UPLOADXML" ] && base="$base shorewall-docs-xml-${1}.tar.*" && files="$files shorewall-docs-xml-${1}.* $literpm"
|
||||
[ -n "$UPLOADHTML" ] && base="$base shorewall-docs-html-${1}.tar.*" && files="$files shorewall-docs-html-${1}.* $literpm"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user