holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add ACCEPT_DEFAULT and QUEUE_DEFAULT options

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4496 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-31 06:14:47 +00:00
parent 0c32938bdc
commit 63bfea114a
4 changed files with 40 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/compiler
View File

@ -438,7 +438,7 @@ validate_policy()
progress_message " Policy for $1 to $2 is $policy using chain $chain" progress_message " Policy for $1 to $2 is $policy using chain $chain"
} }
for var in DROP_DEFAULT REJECT_DEFAULT; do for var in DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT; do
eval default=\$$var eval default=\$$var
case $default in case $default in
@ -545,6 +545,12 @@ validate_policy()
REJECT) REJECT)
[ -n "${default:=$REJECT_DEFAULT}" ] [ -n "${default:=$REJECT_DEFAULT}" ]
;; ;;
ACCEPT)
[ -n "${default:=$ACCEPTT_DEFAULT}" ]
;;
QUEUE)
[ -n "${default:=$QUEUE_DEFAULT}" ]
;;
NONE) NONE)
[ "$client" = "$FW" -o "$server" = "$FW" ] && \ [ "$client" = "$FW" -o "$server" = "$FW" ] && \
fatal_error " $client $server $policy $loglevel $synparams: NONE policy not allowed to/from the $FW zone" fatal_error " $client $server $policy $loglevel $synparams: NONE policy not allowed to/from the $FW zone"

14
Shorewall/functions
View File

@ -2918,6 +2918,8 @@ do_initialize() {
USE_ACTIONS= USE_ACTIONS=
DROP_DEFAULT= DROP_DEFAULT=
REJECT_DEFAULT= REJECT_DEFAULT=
ACCEPT_DEFAULT=
QUEUE_DEFAULT=
LOGLIMIT= LOGLIMIT=
LOGPARMS= LOGPARMS=
@ -3190,6 +3192,18 @@ do_initialize() {
;; ;;
esac esac
case "${QUEUE_DEFAULT:=none}" in
None)
QUEUE_DEFAULT=none
;;
esac
case "${ACCEPT_DEFAULT:=none}" in
None)
ACCEPT_DEFAULT=none
;;
esac
# #
# Strip the files that we use often # Strip the files that we use often
# #

17
Shorewall/releasenotes.txt
View File

@ -161,16 +161,18 @@ New Features:
The solution is two-fold: The solution is two-fold:
- Two new options have been added to the - Four new options have been added to the
/etc/shorewall/shorewall.conf file that allow specifying the /etc/shorewall/shorewall.conf file that allow specifying the
default action for DROP and REJECT. default action for DROP, REJECT, ACCEPT and QUEUE.
The options are DROP_DEFAULT and REJECT_DEFAULT. The options are DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT and
QUEUE_DEFAULT.
DROP_DEFAULT describes the rules to be applied before a DROP_DEFAULT describes the rules to be applied before a
connection request is dropped by a DROP policy; REJECT_DEFAULT connection request is dropped by a DROP policy; REJECT_DEFAULT
describes the rules to be applied if a connection request is describes the rules to be applied if a connection request is
rejected by a REJECT policy. rejected by a REJECT policy. The other two are similar for
ACCEPT and QUEUE policies.
The value assigned to these may be: The value assigned to these may be:
@ -182,6 +184,8 @@ New Features:
DROP_DEFAULT="Drop" DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject" REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT=none
QUEUE_DEFAULT=none
If USE_ACTIONS=Yes, then these values refer to action.Drop and If USE_ACTIONS=Yes, then these values refer to action.Drop and
action.Reject respectively. If USE_ACTIONS=No, then these values action.Reject respectively. If USE_ACTIONS=No, then these values
@ -193,8 +197,9 @@ New Features:
- The POLICY column in /etc/shorewall/policy has been extended. - The POLICY column in /etc/shorewall/policy has been extended.
In /etc/shorewall/policy, when the POLICY is DROP or REJECT then In /etc/shorewall/policy, when the POLICY is DROP, REJECT,
the policy may be followed by ":" and one of the following: ACCEPT or QUEUE then the policy may be followed by ":" and one
of the following:
a) The word "None" or "none". This causes any default a) The word "None" or "none". This causes any default
action define in /etc/shorewall/actions.std or action define in /etc/shorewall/actions.std or

10
Shorewall/shorewall.conf
View File

@ -385,11 +385,13 @@ IPSECFILE=zones
# policies was specified in the file /usr/share/shorewall/actions.std. # policies was specified in the file /usr/share/shorewall/actions.std.
# #
# To allow for default rules to be applied when USE_ACTIONS=No, the # To allow for default rules to be applied when USE_ACTIONS=No, the
# DROP_DEFAULT and REJECT_DEFAULT options have been added. # DROP_DEFAULT, REJECT_DEFAULT, ACCEPT_DEFAULT and QUEUE_DEFAULT options have
# been added.
# #
# DROP_DEFAULT describes the rules to be applied before a connection request # DROP_DEFAULT describes the rules to be applied before a connection request
# is dropped by a DROP policy; REJECT_DEFAULT describes the rules to be applied # is dropped by a DROP policy; REJECT_DEFAULT describes the rules to be applied
# if a connection request is rejected by a REJECT policy. # if a connection request is rejected by a REJECT policy. The other two are
# similar for ACCEPT and QUEUE policies.
# #
# The value applied to these may be: # The value applied to these may be:
# #
@ -401,6 +403,8 @@ IPSECFILE=zones
# #
# DROP_DEFAULT="Drop" # DROP_DEFAULT="Drop"
# REJECT_DEFAULT="Reject" # REJECT_DEFAULT="Reject"
# ACCEPT_DEFAULT="none"
# QUEUE_DEFAULT="none"
# #
# If USE_ACTIONS=Yes, then these values refer to action.Drop and action.Reject # If USE_ACTIONS=Yes, then these values refer to action.Drop and action.Reject
# respectively. If USE_ACTIONS=No, then these values refer to macro.Drop and # respectively. If USE_ACTIONS=No, then these values refer to macro.Drop and
@ -412,6 +416,8 @@ IPSECFILE=zones
DROP_DEFAULT="Drop" DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject" REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S