holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Don't use "-m multiport" if port lists don't have more than one element.

Browse Source 
Clarify comments on the MULTIPORT option in shorewall.conf.
Update versions to 1.3.2.
Update release notes and change log.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@51 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-06-02 19:47:17 +00:00
parent ca9c02ce7f
commit 3563a47103
8 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/changelog.txt
View File

@ -1,12 +1,9 @@
Changes since 1.3.0 Changes since 1.3.0
1. Corrected policy handling for "all z CONTINUE" policies. 1. Corrected double-counting of SYN packets.
2. Corrected problems with "-" as LOGLEVEL in the policy file. 2. Added IANA reserved addresses to the rfc1918 file.
3. Added /etc/shorewall/rfc1918 file for defining the behavior of the 3. Added MULTIPORT support.
'norfc1918' interface option. 4. Added "logwatch" command to /sbin/shorewall.
4. Avoided forwarding rules between zones on the same interface when 'multi'
isn't specified on that interface.

2
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=1.3.1 VERSION=1.3.2
usage() # $1 = exit status usage() # $1 = exit status
{ {

6
Shorewall/firewall
View File

@ -1515,13 +1515,15 @@ process_rule() {
case $proto in case $proto in
tcp|udp|TCP|UDP|6|17) tcp|udp|TCP|UDP|6|17)
if [ -n "$port" -a "x${port}" != "x-" ]; then if [ -n "$port" -a "x${port}" != "x-" ]; then
[ `list_count $port` -gt 1 ] && \
multiport="$multioption"
dports="--dport $port" dports="--dport $port"
multiport="$multioption"
fi fi
if [ -n "$cport" -a "x${cport}" != "x-" ]; then if [ -n "$cport" -a "x${cport}" != "x-" ]; then
[ `list_count $cport` -gt 1 ] && \
multiport="$multioption"
sports="--sport $cport" sports="--sport $cport"
multiport="$multioption"
fi fi
;; ;;
icmp|ICMP|0) icmp|ICMP|0)

2
Shorewall/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall. # /etc/rc.d/rc.local file is modified to start the firewall.
# #
VERSION=1.3.1 VERSION=1.3.2
usage() # $1 = exit status usage() # $1 = exit status
{ {

11
Shorewall/releasenotes.txt
View File

@ -2,13 +2,12 @@ This is a minor release of Shorewall.
In this release: In this release:
1. The handling of "all z CONTINUE" policies has been corrected. Use of 1. A new "logwatch" command has been added to the /sbin/shorewall program.
these policies greatly simplifies whitelisting and other nested zone
configuration.
2. Added an /etc/shorewall/rfc1918 configuration file for defining the
behavior of the 'norfc1918' interface option.
2. Shorewall can now take advantage of the Netfilter 'multiport' match
function.
3.

8
Shorewall/shorewall.conf
View File

@ -213,11 +213,15 @@ NAT_BEFORE_RULES=Yes
# If your kernel supports the multiport match option, you may enable it's use # If your kernel supports the multiport match option, you may enable it's use
# here. When this option is enabled by setting it's value to "Yes" or "yes": # here. When this option is enabled by setting it's value to "Yes" or "yes":
# #
# 1) You may not list more that 15 ports in a comma-seperated list in # 1) If you list more that 15 ports in a comma-seperated list in
# /etc/shorewall/rules. # /etc/shorewall/rules, Shorewall will not use the multiport option
# but will generate a separate rule for each element of each port
# list.
# 2) If you include a port range (<low port>:<high port>) in the # 2) If you include a port range (<low port>:<high port>) in the
# rule, Shorewall will not use the multiport option but will generate # rule, Shorewall will not use the multiport option but will generate
# a separate rule for each element of each port list. # a separate rule for each element of each port list.
#
# if this variable is not set or is set to the empty value, "No" is assumed.
MULTIPORT=No MULTIPORT=No

4
Shorewall/shorewall.spec
View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 1.3 %define version 1.3
%define release 1 %define release 2
%define prefix /usr %define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -78,6 +78,8 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Sun Jun 02 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.1
* Fri May 31 2002 Tom Eastep <tom@shorewall.net> * Fri May 31 2002 Tom Eastep <tom@shorewall.net>
- Changed version to 1.3.1 - Changed version to 1.3.1
- Added the rfc1918 file - Added the rfc1918 file

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=1.3.1 VERSION=1.3.2
usage() # $1 = exit status usage() # $1 = exit status
{ {