forked from extern/shorewall_code
Reimplement MAPOLDACTIONS=Yes
This commit is contained in:
Tom Eastep
parent
477c0ef9e8
commit
70ebe17cb3
@ -265,6 +265,30 @@ sub add_requiredby ( $$ ) {
|
||||
$actions{$requires}{requires}{$requiredby} = 1;
|
||||
}
|
||||
|
||||
#
|
||||
# Map pre-3.0 actions to the corresponding Macro invocation
|
||||
#
|
||||
sub map_old_actions( $ ) {
|
||||
my $target = shift;
|
||||
my $macro;
|
||||
my $param;
|
||||
|
||||
if ( $target =~ /^Allow(.*)$/ ) {
|
||||
$macro = $1;
|
||||
$param = 'ACCEPT';
|
||||
} elsif ( $target =~ /^Drop(.*)$/ ) {
|
||||
$macro = $1;
|
||||
$param = 'DROP';
|
||||
} elsif ( $target = /^Reject(.*)$/ ) {
|
||||
$macro = $1;
|
||||
$param = 'REJECT';
|
||||
} else {
|
||||
return ( $target, 0, '' );
|
||||
}
|
||||
|
||||
( $macro, find_macro( $macro ) , $param );
|
||||
}
|
||||
|
||||
#
|
||||
# Create and record a log action chain -- Log action chains have names
|
||||
# that are formed from the action name by prepending a "%" and appending
|
||||
|
||||
@ -2356,11 +2356,11 @@ sub get_configuration( $ ) {
|
||||
unsupported_yes_no_warning 'DYNAMIC_ZONES';
|
||||
unsupported_yes_no 'BRIDGING';
|
||||
unsupported_yes_no_warning 'SAVE_IPSETS';
|
||||
unsupported_yes_no 'MAPOLDACTIONS';
|
||||
unsupported_yes_no_warning 'RFC1918_STRICT';
|
||||
|
||||
default_yes_no 'STARTUP_ENABLED' , 'Yes';
|
||||
default_yes_no 'DELAYBLACKLISTLOAD' , '';
|
||||
default_yes_no 'MAPOLDACTIONS' , 'Yes';
|
||||
|
||||
warning_message 'DELAYBLACKLISTLOAD=Yes is not supported by Shorewall ' . $globals{VERSION} if $config{DELAYBLACKLISTLOAD};
|
||||
|
||||
|
||||
@ -959,6 +959,10 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
#
|
||||
my $actiontype = $targets{$basictarget} || find_macro( $basictarget );
|
||||
|
||||
if ( $config{ MAPOLDACTIONS } ) {
|
||||
( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless ( $actiontype || $param );
|
||||
}
|
||||
|
||||
fatal_error "Unknown action ($action)" unless $actiontype;
|
||||
|
||||
if ( $actiontype == MACRO ) {
|
||||
|
||||
@ -9,6 +9,8 @@ Changes in Shorewall 4.4.2
|
||||
4) Let the Actions module add the builtin actions to
|
||||
%Shorewall::Chains::targets. Much better modularization that way.
|
||||
|
||||
5) Some changes to mmake Lenny->Squeeze less painful.
|
||||
|
||||
Changes in Shorewall 4.4.1
|
||||
|
||||
1) Deleted extra 'use ...IPAddrs.pm' from Nat.pm.
|
||||
|
||||
@ -249,26 +249,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>MAPOLDACTIONS</term>
|
||||
|
||||
<listitem>
|
||||
<para>If you have set this option to Yes, you will receive the
|
||||
following error.</para>
|
||||
|
||||
<para><emphasis role="bold">ERROR: MAPOLDACTIONS=Yes is not
|
||||
supported by Shorewall 4.4.x</emphasis></para>
|
||||
|
||||
<para>Only the very oldest of configurations should receive this
|
||||
error. If your configuration is that old, this might be a good
|
||||
time to reconfigure from scratch.</para>
|
||||
|
||||
<para>The alternative is to change your
|
||||
<filename>/etc/shorewall/rules</filename> file as described in the
|
||||
Shorewall 3.0.0 upgrade issues from 2005.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>RFC1918_LOG_LEVEL</term>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user