holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix bug in policy with default action/macro but no log level; improve creation of rt_table DB

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4774 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-31 21:50:21 +00:00
parent 9ec9cfc7e9
commit 325da6543d
3 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/compiler
View File

@ -1537,7 +1537,7 @@ __EOF__
Limit) Limit)
set -- $(separate_list $xtag) set -- $(separate_list $xtag)
[ $# -eq 3 ] || fatal_error "Rule must include <set name>,<max connections>,<interval> as the log tag" [ $# -eq 3 ] || fatal_error "Limit rules must include <set name>,<max connections>,<interval> as the log tag"
run_iptables -A $xchain -m recent --name $1 --set run_iptables -A $xchain -m recent --name $1 --set
@ -3219,7 +3219,7 @@ default_policy() # $1 = client $2 = server
# The policy chain is the canonical chain; add policy rule to it # The policy chain is the canonical chain; add policy rule to it
# The syn flood jump has already been added if required. # The syn flood jump has already been added if required.
# #
policy_rules $chain $policy $loglevel $default policy_rules $chain $policy "${loglevel:--}" $default
else else
# #
# The policy chain is different from the canonical chain -- approach # The policy chain is different from the canonical chain -- approach
@ -3233,7 +3233,7 @@ default_policy() # $1 = client $2 = server
# in this chain. # in this chain.
# #
report_syn_flood_protection report_syn_flood_protection
policy_rules $chain $policy $loglevel $default policy_rules $chain $policy "${loglevel:--}" $default
else else
# #
# No problem with double-counting so just jump to the # No problem with double-counting so just jump to the
@ -3249,7 +3249,7 @@ default_policy() # $1 = client $2 = server
# #
[ -n "$synparams" ] && \ [ -n "$synparams" ] && \
report_syn_flood_protection report_syn_flood_protection
policy_rules $chain $policy $loglevel $default policy_rules $chain $policy "${loglevel:--}" $default
;; ;;
*) *)
# #
@ -3301,7 +3301,7 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
eval default=\$${policychain}_default eval default=\$${policychain}_default
eval eval
policy_rules $1 $policy $loglevel $default policy_rules $1 $policy "${loglevel:--}" $default
else else
policy_rules $1 DROP info $DROP_DEFAULT policy_rules $1 DROP info $DROP_DEFAULT
fi fi
@ -4021,7 +4021,7 @@ apply_policy_rules() {
case $chain in case $chain in
all2*|*2all) all2*|*2all)
run_user_exit $chain run_user_exit $chain
policy_rules $chain $policy $loglevel $default policy_rules $chain $policy "${loglevel:--}" $default
;; ;;
esac esac
fi fi

18
Shorewall/lib.base
View File

@ -1352,3 +1352,21 @@ restore_default_route() {
rm -f ${VARDIR}/default_route rm -f ${VARDIR}/default_route
fi fi
} }
#
# Determine how to do "echo -e"
find_echo() {
local result
result=$(echo "a\tb")
[ ${#result} -eq 3 ] && echo echo
result=$(echo -e "a\tb")
[ ${#result} -eq 3 ] && echo "echo -e"
result=$(which echo)
[ -n "$result" ] && echo "$result -e"
echo echo
}

5
Shorewall/lib.providers
View File

@ -382,12 +382,13 @@ ${INDENT}cat > /etc/iproute2/rt_tables <<EOF
# local # local
# #
EOF EOF
echocommand=\$(find_echo)
__EOF__ __EOF__
for table in $PROVIDERS; do for table in $PROVIDERS; do
eval number=\$${table}_number eval number=\$${table}_number
indent >&3 << __EOF__ indent >&3 << __EOF__
echobin=\$(mywhich echo) \$echocommand "$number\t$table" >> /etc/iproute2/rt_tables
\${echobin:-echo} -e "$number\t$table" >> /etc/iproute2/rt_tables
__EOF__ __EOF__
done done