Make detectnets and routeback play nice together

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1155 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-19 23:05:17 +00:00
parent 080bdfa9e2
commit 321488cc24
3 changed files with 16 additions and 9 deletions

View File

@ -48,3 +48,5 @@ Changes since 1.4.10
23) Allow rate limiting on CONTINUE and REJECT. 23) Allow rate limiting on CONTINUE and REJECT.
24) Move rfc1918 to /usr/share/shorewall 24) Move rfc1918 to /usr/share/shorewall
25) Make detectnets and routeback play nice together.

View File

@ -475,7 +475,6 @@ determine_hosts() {
for interface in $interfaces; do for interface in $interfaces; do
eval options=\$$(chain_base $interface)_options eval options=\$$(chain_base $interface)_options
if list_search detectnets $options; then if list_search detectnets $options; then
subnets=$(get_routed_subnets $interface) subnets=$(get_routed_subnets $interface)
else else
@ -488,6 +487,10 @@ determine_hosts() {
else else
hosts="$hosts $interface:$subnet" hosts="$hosts $interface:$subnet"
fi fi
if list_search routeback $options; then
eval ${zone}_routeback=\"$interface:$subnet \$${zone}_routeback\"
fi
done done
done done
@ -495,16 +498,15 @@ determine_hosts() {
for host in $hosts; do for host in $hosts; do
interface=${host%:*} interface=${host%:*}
if ! list_search $interface $interfaces; then if list_search $interface $interfaces; then
eval ${zone}_is_complex=Yes
else
if [ -z "$interfaces" ]; then if [ -z "$interfaces" ]; then
interfaces=$interface interfaces=$interface
else else
interfaces="$interfaces $interface" interfaces="$interfaces $interface"
fi fi
fi fi
[ "${host#*:}" = "0.0.0.0/0" ] || \
eval ${zone}_is_complex=Yes
done done
eval ${zone}_interfaces="\$interfaces" eval ${zone}_interfaces="\$interfaces"
@ -587,10 +589,9 @@ validate_interfaces_file() {
detectnets) detectnets)
[ -n "$wildcard" ] && \ [ -n "$wildcard" ] && \
startup_error "The \"detectnets\" option may not be used with a wild-card interface" startup_error "The \"detectnets\" option may not be used with a wild-card interface"
;; ;;
routeback) routeback)
[ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface" [ -n "$z" ] || startup_error "The routeback option may not be specified on a multi-zone interface"
eval ${z}_routeback=\"$interface:0.0.0.0/0 \$${z}_routeback\"
;; ;;
*) *)
error_message "Warning: Invalid option ($option) in record \"$r\"" error_message "Warning: Invalid option ($option) in record \"$r\""
@ -4835,6 +4836,7 @@ activate_rules()
else else
for host in $source_hosts; do for host in $source_hosts; do
interface=${host%:*} interface=${host%:*}
subnet=${host#*:}
chain1=$(forward_chain $interface) chain1=$(forward_chain $interface)
@ -4843,7 +4845,7 @@ activate_rules()
subnet1=${host1#*:} subnet1=${host1#*:}
if [ "$host" != "$host1" ] || list_search $host $routeback; then if [ "$host" != "$host1" ] || list_search $host $routeback; then
run_iptables -A $chain1 -o $interface1 -d $subnet1 -j $chain run_iptables -A $chain1 -s $subnet -o $interface1 -d $subnet1 -j $chain
fi fi
done done
done done

View File

@ -1,7 +1,7 @@
Shorewall 2.0.0-Beta3 Shorewall 2.0.0-Beta3
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since prior version. Problems Corrected since 1.4.10
1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes 1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
a [re]start error. a [re]start error.
@ -11,6 +11,9 @@ Problems Corrected since prior version.
3) The "shorewall add" command no longer inserts rules before checking 3) The "shorewall add" command no longer inserts rules before checking
of the blacklist. of the blacklist.
4) The 'detectnets' and 'routeback' options may now be used together
with the intended effect.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: