holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More detect stuff

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5632 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-22 20:24:21 +00:00
parent 7146dc4942
commit 2f40bcd8e1
4 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
New/Shorewall/Chains.pm
View File

@ -236,7 +236,7 @@ sub add_command($$)
{
my ($chainref, $command) = @_;
$command =~ s/^/~/mg;
$command =~ s/^/~/;
push @{$chainref->{rules}}, $command;
@ -1299,7 +1299,8 @@ sub create_netfilter_load() {
emit_unindented '__EOF__' unless $state == CMD_STATE;
emit '';
emit ' exec 3>&-';
emit '';
emit 'iptables-restore < $TEMPFILE' if $slowstart;
emit 'if [ $? != 0 ]; then';
emit ' fatal_error "iptables-restore Failed"';

6
New/Shorewall/Interfaces.pm
View File

@ -46,7 +46,6 @@ our @VERSION = 1.00;
# @interfaces lists the interface names in the order that they appear in the interfaces file.
#
# %interfaces { <interface1> => { root => <name without trailing '+'>
# broadcast => [ <bcast1>, ... ]
# options => { <option1> = <val1> ,
# ...
# }
@ -162,10 +161,9 @@ sub validate_interfaces_file()
( $interfaces{$interface}{root} = $interface ) =~ s/\+$// ;
if ( $networks && $networks ne '-' )
if ( $networks && $networks ne '-' && $networks ne 'detect' )
{
my @broadcast = split ',', $networks;
$interfaces{$interface}{broadcast} = \@broadcast;
warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks;
}
my $optionsref = {};

19
New/Shorewall/Rules.pm
View File

@ -669,7 +669,24 @@ sub setup_mac_lists( $ ) {
for my $interface ( @maclist_interfaces ) {
my $chainref = $chain_table{$table}{( $config{MACLIST_TTL} ? macrecent_target $interface : mac_chain $interface )};
my $chain = mac_chain $interface;
my $chain = $chainref->{name};
if ( $config{MACLIST_LOG_LEVEL} || $config{MACLIST_DISPOSITION} != 'ACCEPT' ) {
add_command $chainref, "if interface_is_usable $interface; then";
add_command $chainref, " ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do";
add_command $chainref, ' address=${address%/*}';
add_command $chainref, ' if [ -n "$broadcast" ]; then';
add_command $chainref, ' echo "-A $chain -s $address -d $broadcast -j RETURN" >&3';
add_command $chainref, ' fi';
add_command $chainref, '';
add_command $chainref, ' echo "-A $chain -s $address -d 255.255.255.255 -j RETURN" >&3';
add_command $chainref, ' echo "-A $chain -s $address -d 224.0.0.0/4 -j RETURN" >&3';
add_command $chainref, ' done';
add_command $chainref, 'else';
add_command $chainref, " fatal_error \"Interface $interface must be up before Shorewall can start\"";
add_command $chainref, "fi\n";
}
log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', '';
add_rule $chainref, "-j $target";
}

1
New/compiler.pl
View File

@ -543,7 +543,6 @@ if [ $COMMAND = restore ]; then
iptables-restore < $iptables_save_file
else
fatal_error "$iptables_save_file does not exist"
exit 2
fi
set_state "Started"
else