holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix ZONE type check in tunnels file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-06 15:22:57 +00:00
parent e925f2fce5
commit 6e73d52321
4 changed files with 27 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 4.0.0 RC 2
1) Fix zone type check in Tunnels File.
Changes in 4.0.0 RC 1 Changes in 4.0.0 RC 1
1) shorewall-perl RPM no longer installable under shorewall 3.4. 1) shorewall-perl RPM no longer installable under shorewall 3.4.

56
Shorewall-common/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 4.0.0 RC 1 Shorewall 4.0.0 RC 2
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
R E L E A S E H I G H L I G H T S R E L E A S E H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -12,9 +12,12 @@ Shorewall 4.0.0 RC 1
- Shorewall-shell ( the shell-based compiler ) - Shorewall-shell ( the shell-based compiler )
- Shorewall-perl (the Perl-based compiler ) - Shorewall-perl (the Perl-based compiler )
You must install Shorewall-common and at least one of the compiler You must install at least one of the compiler packages (you may
packages (you may install them both). See the Migration install them both) along with Shorewall-common.
Considerations below for further information.
YOU DO NOT NEED TO UNINSTALL ANY OF YOUR CURRENT PACKAGES.
See the Migration Considerations below for further information.
3) The facilities for supporting bridge/firewalls under earlier 3) The facilities for supporting bridge/firewalls under earlier
releases are deprecated and their documentation is omitted from the releases are deprecated and their documentation is omitted from the
@ -22,49 +25,14 @@ Shorewall 4.0.0 RC 1
Shorewall-perl compiler. This support utilizes the reduced-function Shorewall-perl compiler. This support utilizes the reduced-function
physdev match support available in Linux kernel 2.6.20 and later. physdev match support available in Linux kernel 2.6.20 and later.
Problems corrected in 4.0.0 RC 1. Problems corrected in 4.0.0 RC 2.
1) If 'routeback' and 'detectnets' were specified on an interface, 1) Shorewall-perl now correctly permits zones of type 'ipsec' in the
limited broadcasts (to 255.255.255.255) and multicasts were dropped ZONE column of /etc/shorewall/tunnels.
when forwarded through the interface. This could cause broadcast
and multicast based applications to fail when running through a
bridge with 'detectnets'.
2) Entries in the hosts file are now more carefully validated by Other changes in Shorewall 4.0.0 RC 2.
Shorewall-perl. Previously, very obvious typing errors would result
in run-time errors.
3) "shorewall start" and "shorewall restart" with Shorewall-perl no None.
longer fail on SELinux due to iptables-restore not being allowed to
read from /var.
4) ipsec zones are now allowed in the GATEWAY ZONE(S) column when
using Shorewall-perl.
5) A fatal error is now raised if the Shorewall-perl compiler is
unable to secure the output file for execute access.
6) Shell variables that have a value of zero are now handled
correctly.
Other changes in Shorewall 4.0.0 RC 1.
1) The shorewall-perl RPM may no longer be installed under Shorewall
3.4. It requires shorewall-common.
2) The Shorewall-perl compiler's CPU utilization has been reduced
further.
3) ":noah" is now the default for all IPSEC tunnels. Tunnels that use
AH (protocol 51) must specify "ipsec:ah" in the TYPE column.
4) The 'refresh' command has been restored. It now behaves like
'restart' except:
- 'refresh' fails if Shorewall is not started.
- A directory name cannot be passed to 'refresh'.
- 'refresh' only rebuilds the static blacklist whereas 'restore'
rebuilds the entire Netfilter ruleset.
Migration Considerations: Migration Considerations:

7
Shorewall-perl/Shorewall/Tunnels.pm
View File

@ -81,7 +81,8 @@ sub setup_tunnels() {
unless ( $gatewayzones eq '-' ) { unless ( $gatewayzones eq '-' ) {
for my $zone ( split /,/, $gatewayzones ) { for my $zone ( split /,/, $gatewayzones ) {
fatal_error "Unknown zone ($zone)" unless $zones{$zone}; fatal_error "Unknown zone ($zone)" unless $zones{$zone};
fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall'; my $type = $zones{$zone}{type};
fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4';
$inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1; $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
$outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1; $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;
@ -227,7 +228,9 @@ sub setup_tunnels() {
fatal_error "Unknown zone ($zone)" unless $zones{$zone}; fatal_error "Unknown zone ($zone)" unless $zones{$zone};
fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4'; my $zonetype = $zones{$zone}{type};
fatal_error "Invalid zone ($zone) for tunnel ZONE" if $zonetype eq 'firewall' || $zonetype eq 'bport4';
my $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1; my $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
my $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1; my $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;

12
web/shorewall_index.htm
View File

@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
license is included in the section entitled “<a href="GnuCopyright.htm" license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p> target="_self">GNU Free Documentation License</a>”.</p>
<p>2007-06-29</p> <p>2007-07-05</p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
@ -131,20 +131,20 @@ is 3.2.10<br>
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li>
</ul> </ul>
The <span style="font-weight: bold;">current Development Release</span> is The <span style="font-weight: bold;">current Development Release</span> is
4.0.0 Beta 7 4.0.0 RC1
<ul> <ul>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/releasenotes.txt">release href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/releasenotes.txt">release
notes</a> <br> notes</a> <br>
</li> </li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/known_problems.txt">known
problems</a> and <a problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/errata/">updates</a>.</li>
</ul> </ul>
<div style="margin-left: 40px;"> <div style="margin-left: 40px;">
Read about the <a href="Shorewall-4.html">New Development Release Read about the <a href="4.0/Shorewall-4.html">New Development Release
here</a>.<br> here</a>.<br>
</div> </div>
</div> </div>