holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make detectnets and routeback play nice together

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1155 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-19 23:05:17 +00:00
parent 080bdfa9e2
commit 321488cc24
3 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -48,3 +48,5 @@ Changes since 1.4.10
23) Allow rate limiting on CONTINUE and REJECT. 23) Allow rate limiting on CONTINUE and REJECT.
24) Move rfc1918 to /usr/share/shorewall 24) Move rfc1918 to /usr/share/shorewall
25) Make detectnets and routeback play nice together.

16
Shorewall2/firewall
View File

@ -475,7 +475,6 @@ determine_hosts() {
for interface in $interfaces; do for interface in $interfaces; do
eval options=\$$(chain_base $interface)_options eval options=\$$(chain_base $interface)_options
if list_search detectnets $options; then if list_search detectnets $options; then
subnets=$(get_routed_subnets $interface) subnets=$(get_routed_subnets $interface)
else else
@ -488,6 +487,10 @@ determine_hosts() {
else else
hosts="$hosts $interface:$subnet" hosts="$hosts $interface:$subnet"
fi fi
if list_search routeback $options; then
eval ${zone}_routeback=\"$interface:$subnet \$${zone}_routeback\"
fi
done done
done done
@ -495,16 +498,15 @@ determine_hosts() {
for host in $hosts; do for host in $hosts; do
interface=${host%:*} interface=${host%:*}
if ! list_search $interface $interfaces; then if list_search $interface $interfaces; then
eval ${zone}_is_complex=Yes
else
if [ -z "$interfaces" ]; then if [ -z "$interfaces" ]; then
interfaces=$interface interfaces=$interface
else else
interfaces="$interfaces $interface" interfaces="$interfaces $interface"
fi fi
fi fi
[ "${host#*:}" = "0.0.0.0/0" ] || \
eval ${zone}_is_complex=Yes
done done
eval ${zone}_interfaces="\$interfaces" eval ${zone}_interfaces="\$interfaces"
@ -590,7 +592,6 @@ validate_interfaces_file() {
;; ;;
routeback) routeback)
[ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface" [ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface"
eval ${z}_routeback=\"$interface:0.0.0.0/0 \$${z}_routeback\"
;; ;;
*) *)
error_message "Warning: Invalid option ($option) in record \"$r\"" error_message "Warning: Invalid option ($option) in record \"$r\""
@ -4835,6 +4836,7 @@ activate_rules()
else else
for host in $source_hosts; do for host in $source_hosts; do
interface=${host%:*} interface=${host%:*}
subnet=${host#*:}
chain1=$(forward_chain $interface) chain1=$(forward_chain $interface)
@ -4843,7 +4845,7 @@ activate_rules()
subnet1=${host1#*:} subnet1=${host1#*:}
if [ "$host" != "$host1" ] || list_search $host $routeback; then if [ "$host" != "$host1" ] || list_search $host $routeback; then
run_iptables -A $chain1 -o $interface1 -d $subnet1 -j $chain run_iptables -A $chain1 -s $subnet -o $interface1 -d $subnet1 -j $chain
fi fi
done done
done done

5
Shorewall2/releasenotes.txt
View File

@ -1,7 +1,7 @@
Shorewall 2.0.0-Beta3 Shorewall 2.0.0-Beta3
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since prior version. Problems Corrected since 1.4.10
1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes 1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
a [re]start error. a [re]start error.
@ -11,6 +11,9 @@ Problems Corrected since prior version.
3) The "shorewall add" command no longer inserts rules before checking 3) The "shorewall add" command no longer inserts rules before checking
of the blacklist. of the blacklist.
4) The 'detectnets' and 'routeback' options may now be used together
with the intended effect.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: