holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct release notes & a couple of tweaks

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4556 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-09-09 16:16:41 +00:00
parent af0320f28b
commit 66e7bf74df
3 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/compiler
View File

@ -395,7 +395,7 @@ ensurenatchain() # $1 = chain name
} }
# #
# Add a rule to a nat chain creating the chain if necessary%attr(0444,root,root) /usr/share/shorewall/lib.accounting # Add a rule to a nat chain creating the chain if necessary
# #
addnatrule() # $1 = chain name, remainder of arguments specify the rule addnatrule() # $1 = chain name, remainder of arguments specify the rule
@ -4656,6 +4656,11 @@ __EOF__
setpolicy() { setpolicy() {
\$IPTABLES -P \$1 \$2 \$IPTABLES -P \$1 \$2
} }
__EOF__
compile_stop_firewall
cat >&3 << __EOF__
# #
# Remove all Shorewall-added rules # Remove all Shorewall-added rules

4
Shorewall/lib.config
View File

@ -21,8 +21,8 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
# This library contains the code common to /usr/share/shorewall/compiler and # This library contains the configuration file parsing code common to
# /usr/share/shorewall/firewall # /usr/share/shorewall/compiler and /usr/share/shorewall/firewall
# #
# #

16
Shorewall/releasenotes.txt
View File

@ -80,7 +80,7 @@ Migration Considerations:
b) Now that we have modularized action processing (see the New b) Now that we have modularized action processing (see the New
Features section below), we need a way to define default rules Features section below), we need a way to define default rules
for a policy. for a policy that does not involve actions.
If you have not overridden the defaults using entries in If you have not overridden the defaults using entries in
/etc/shorewall/actions then you need make no changes to migrate to /etc/shorewall/actions then you need make no changes to migrate to
@ -166,8 +166,9 @@ New Features:
a) All DROP policies must use the same default action and all a) All DROP policies must use the same default action and all
REJECT policies must use the same default action. REJECT policies must use the same default action.
b) Now that we have modularized action processing, we need a way to b) Now that we have modularized action processing (see the New
define default rules for a policy. Features section below), we need a way to define default rules
for a policy that does not involve actions.
The solution is two-fold: The solution is two-fold:
@ -212,9 +213,8 @@ New Features:
of the following: of the following:
a) The word "None" or "none". This causes any default a) The word "None" or "none". This causes any default
action define in /etc/shorewall/actions.std or action defined in /etc/shorewall/shorewall.conf
/etc/shorewall/actions to be omitted for this to be omitted for this policy.
policy.
b) The name of an action (requires that USE_ACTIONS=Yes b) The name of an action (requires that USE_ACTIONS=Yes
in shorewall.conf). That action will be invoked in shorewall.conf). That action will be invoked
before the policy is enforced. before the policy is enforced.
@ -227,8 +227,8 @@ New Features:
#SOURCE DEST POLICY LOG #SOURCE DEST POLICY LOG
# LEVEL # LEVEL
loc net ACCEPT loc net ACCEPT
net all DROP:Drop info net all DROP:MyDrop info
# #
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
# #
all all REJECT:Reject info all all REJECT:MyReject info