forked from extern/shorewall_code
Make detectnets and routeback play nice together
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1155 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
080bdfa9e2
commit
321488cc24
@ -48,3 +48,5 @@ Changes since 1.4.10
|
|||||||
23) Allow rate limiting on CONTINUE and REJECT.
|
23) Allow rate limiting on CONTINUE and REJECT.
|
||||||
|
|
||||||
24) Move rfc1918 to /usr/share/shorewall
|
24) Move rfc1918 to /usr/share/shorewall
|
||||||
|
|
||||||
|
25) Make detectnets and routeback play nice together.
|
||||||
|
@ -475,7 +475,6 @@ determine_hosts() {
|
|||||||
|
|
||||||
for interface in $interfaces; do
|
for interface in $interfaces; do
|
||||||
eval options=\$$(chain_base $interface)_options
|
eval options=\$$(chain_base $interface)_options
|
||||||
|
|
||||||
if list_search detectnets $options; then
|
if list_search detectnets $options; then
|
||||||
subnets=$(get_routed_subnets $interface)
|
subnets=$(get_routed_subnets $interface)
|
||||||
else
|
else
|
||||||
@ -488,6 +487,10 @@ determine_hosts() {
|
|||||||
else
|
else
|
||||||
hosts="$hosts $interface:$subnet"
|
hosts="$hosts $interface:$subnet"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if list_search routeback $options; then
|
||||||
|
eval ${zone}_routeback=\"$interface:$subnet \$${zone}_routeback\"
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -495,16 +498,15 @@ determine_hosts() {
|
|||||||
|
|
||||||
for host in $hosts; do
|
for host in $hosts; do
|
||||||
interface=${host%:*}
|
interface=${host%:*}
|
||||||
if ! list_search $interface $interfaces; then
|
if list_search $interface $interfaces; then
|
||||||
|
eval ${zone}_is_complex=Yes
|
||||||
|
else
|
||||||
if [ -z "$interfaces" ]; then
|
if [ -z "$interfaces" ]; then
|
||||||
interfaces=$interface
|
interfaces=$interface
|
||||||
else
|
else
|
||||||
interfaces="$interfaces $interface"
|
interfaces="$interfaces $interface"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ "${host#*:}" = "0.0.0.0/0" ] || \
|
|
||||||
eval ${zone}_is_complex=Yes
|
|
||||||
done
|
done
|
||||||
|
|
||||||
eval ${zone}_interfaces="\$interfaces"
|
eval ${zone}_interfaces="\$interfaces"
|
||||||
@ -587,10 +589,9 @@ validate_interfaces_file() {
|
|||||||
detectnets)
|
detectnets)
|
||||||
[ -n "$wildcard" ] && \
|
[ -n "$wildcard" ] && \
|
||||||
startup_error "The \"detectnets\" option may not be used with a wild-card interface"
|
startup_error "The \"detectnets\" option may not be used with a wild-card interface"
|
||||||
;;
|
;;
|
||||||
routeback)
|
routeback)
|
||||||
[ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface"
|
[ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface"
|
||||||
eval ${z}_routeback=\"$interface:0.0.0.0/0 \$${z}_routeback\"
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
error_message "Warning: Invalid option ($option) in record \"$r\""
|
error_message "Warning: Invalid option ($option) in record \"$r\""
|
||||||
@ -4835,6 +4836,7 @@ activate_rules()
|
|||||||
else
|
else
|
||||||
for host in $source_hosts; do
|
for host in $source_hosts; do
|
||||||
interface=${host%:*}
|
interface=${host%:*}
|
||||||
|
subnet=${host#*:}
|
||||||
|
|
||||||
chain1=$(forward_chain $interface)
|
chain1=$(forward_chain $interface)
|
||||||
|
|
||||||
@ -4843,7 +4845,7 @@ activate_rules()
|
|||||||
subnet1=${host1#*:}
|
subnet1=${host1#*:}
|
||||||
|
|
||||||
if [ "$host" != "$host1" ] || list_search $host $routeback; then
|
if [ "$host" != "$host1" ] || list_search $host $routeback; then
|
||||||
run_iptables -A $chain1 -o $interface1 -d $subnet1 -j $chain
|
run_iptables -A $chain1 -s $subnet -o $interface1 -d $subnet1 -j $chain
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Shorewall 2.0.0-Beta3
|
Shorewall 2.0.0-Beta3
|
||||||
|
|
||||||
----------------------------------------------------------------------
|
----------------------------------------------------------------------
|
||||||
Problems Corrected since prior version.
|
Problems Corrected since 1.4.10
|
||||||
|
|
||||||
1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
|
1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
|
||||||
a [re]start error.
|
a [re]start error.
|
||||||
@ -11,6 +11,9 @@ Problems Corrected since prior version.
|
|||||||
|
|
||||||
3) The "shorewall add" command no longer inserts rules before checking
|
3) The "shorewall add" command no longer inserts rules before checking
|
||||||
of the blacklist.
|
of the blacklist.
|
||||||
|
|
||||||
|
4) The 'detectnets' and 'routeback' options may now be used together
|
||||||
|
with the intended effect.
|
||||||
-----------------------------------------------------------------------
|
-----------------------------------------------------------------------
|
||||||
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user