forked from extern/shorewall_code
Relax port list limitation in /etc/shorewall/routestopped
This commit is contained in:
Tom Eastep
parent
4f5c602d5f
commit
4548db58da
@ -379,24 +379,24 @@ sub process_routestopped() {
|
||||
my $desti = match_dest_dev $interface;
|
||||
my $rule = shift @rule;
|
||||
|
||||
add_rule $filter_table->{INPUT}, "$sourcei $source $rule -j ACCEPT";
|
||||
add_rule $filter_table->{OUTPUT}, "$desti $dest $rule -j ACCEPT" unless $config{ADMINISABSENTMINDED};
|
||||
add_rule $filter_table->{INPUT}, "$sourcei $source $rule -j ACCEPT", 1;
|
||||
add_rule $filter_table->{OUTPUT}, "$desti $dest $rule -j ACCEPT", 1 unless $config{ADMINISABSENTMINDED};
|
||||
|
||||
my $matched = 0;
|
||||
|
||||
if ( $source{$host} ) {
|
||||
add_rule $filter_table->{FORWARD}, "$sourcei $source $rule -j ACCEPT";
|
||||
add_rule $filter_table->{FORWARD}, "$sourcei $source $rule -j ACCEPT", 1;
|
||||
$matched = 1;
|
||||
}
|
||||
|
||||
if ( $dest{$host} ) {
|
||||
add_rule $filter_table->{FORWARD}, "$desti $dest $rule -j ACCEPT";
|
||||
add_rule $filter_table->{FORWARD}, "$desti $dest $rule -j ACCEPT", 1;
|
||||
$matched = 1;
|
||||
}
|
||||
|
||||
if ( $notrack{$host} ) {
|
||||
add_rule $raw_table->{PREROUTING}, "$sourcei $source $rule -j NOTRACK";
|
||||
add_rule $raw_table->{OUTPUT}, "$desti $dest $rule -j NOTRACK";
|
||||
add_rule $raw_table->{PREROUTING}, "$sourcei $source $rule -j NOTRACK", 1;
|
||||
add_rule $raw_table->{OUTPUT}, "$desti $dest $rule -j NOTRACK", 1;
|
||||
}
|
||||
|
||||
unless ( $matched ) {
|
||||
@ -405,7 +405,7 @@ sub process_routestopped() {
|
||||
my ( $interface1, $h1 , $seq1 ) = split /\|/, $host1;
|
||||
my $dest1 = match_dest_net $h1;
|
||||
my $desti1 = match_dest_dev $interface1;
|
||||
add_rule $filter_table->{FORWARD}, "$sourcei $desti1 $source $dest1 $rule -j ACCEPT";
|
||||
add_rule $filter_table->{FORWARD}, "$sourcei $desti1 $source $dest1 $rule -j ACCEPT", 1;
|
||||
clearrule;
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,6 +6,8 @@ Changes in Shorewall 4.4.4
|
||||
|
||||
3) Add logrotate scripts.
|
||||
|
||||
4) Allow long port lists in /etc/shorewall/routestopped.
|
||||
|
||||
Changes in Shorewall 4.4.3
|
||||
|
||||
1) Move Debian INITLOG initialization to /etc/default/shorewall
|
||||
|
||||
@ -204,6 +204,9 @@ None.
|
||||
while the RPMs do not depend on the logrotate package, RPM installation
|
||||
will produce an error message if that package is not installed.
|
||||
|
||||
2) The limit of 15 entries in a port list has been relaxed in
|
||||
/etc/shorewall/routestopped.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S I N 4 . 4 . 0
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
@ -1060,7 +1060,7 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
|
||||
<para>Also, unless otherwise documented, a port list can be preceded by
|
||||
'!' to specify "All ports except these" (e.g., "!80,443").</para>
|
||||
|
||||
<para>Port lists appearing in the <ulink
|
||||
<para>Prior to Shorewall 4.4.4, port lists appearing in the <ulink
|
||||
url="manpages/shorewall-routestopped.html">/etc/shorewall/routestopped</ulink>
|
||||
file may specify no more than 15 ports; port ranges appearing in a list
|
||||
count as two ports each.</para>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user