Alloc 'ipsec' zones in the GATEWAY ZONES(S) column of the tunnels file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-07-03 20:53:43 +00:00 · 2007-07-03 20:53:43 +00:00 · 42e9e8bc45
commit 42e9e8bc45
parent e919906ea2
4 changed files with 17 additions and 2 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -16,6 +16,8 @@ Changes in 4.0.0 RC 1

 8)  Restore the 'refresh' command.

+9)  Allow ipsec zone in GATEWAY ZONE column of the tunnels file.
+
 Changes in 4.0.0 Beta 6

 1)  First step to adding compiler debugging facility.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -37,6 +37,8 @@ Problems corrected in 4.0.0 Beta 7.
 3)  "shorewall start" and "shorewall restart" no longer fail on SELinux
    due to iptables-restore not being allowed to read from /var.

+4)  ipsec zones are now allowed in the GATEWAY ZONE(S) column.
+
 Other changes in Shorewall 4.0.0 RC 1.

 1)  The shorewall-perl RPM may no longer be installed under Shorewall
@ -48,6 +50,14 @@ Other changes in Shorewall 4.0.0 RC 1.
 3)  ":noah" is now the default for all IPSEC tunnels. Tunnels that use
    AH (protocol 51) must specify "ipsec:ah" in the TYPE column.

+4)  The 'refresh' command has been restored. It now behaves like
+    'restart' except:
+
+    - 'refresh' fails if Shorewall is not started.
+    - A directory name cannot be passed to 'refresh'.
+    - 'refresh' only rebuilds the static blacklist while 'restore'
+      rebuilds the entire Netfilter ruleset.
+
 Migration Considerations:

 1)  Beginning with Shorewall 4.0.0, there is no single 'shorewall'
--- a/Shorewall-perl/Shorewall/Compiler.pm
+++ b/Shorewall-perl/Shorewall/Compiler.pm
@ -98,7 +98,10 @@ sub generate_script_1() {
 	emit "}\n";
    }

-    emitj ( 'initialize()',
+    emitj ( '#',
+	    '# This function initializes the global variables used by the program',
+	    '#',
+	    'initialize()',
 	    '{',
 	    '    #',
 	    '    # These variables are required by the library functions called in this script',
--- a/Shorewall-perl/Shorewall/Tunnels.pm
+++ b/Shorewall-perl/Shorewall/Tunnels.pm
@ -81,7 +81,7 @@ sub setup_tunnels() {
 	unless ( $gatewayzones eq '-' ) {
 	    for my $zone ( split /,/, $gatewayzones ) {
 		fatal_error "Unknown zone ($zone)" unless $zones{$zone};
-		fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4';
+		fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall';
 		$inchainref  = ensure_filter_chain "${zone}2${firewall_zone}", 1;
 		$outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;