forked from extern/shorewall_code
Create 'sourceonly' hosts option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8093 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
336279e679
commit
746a00994d
@ -14,6 +14,10 @@ Changes in 4.1.4
|
||||
|
||||
6) Allow loose match of interface names used in masq, nat and netmap.
|
||||
|
||||
7) Allow loose match of interface names in match_source_dev().
|
||||
|
||||
8) Implement 'sourceonly' host entry option.
|
||||
|
||||
Changes in 4.1.3
|
||||
|
||||
1) Fix NFLOG/ULOG upcasing problem.
|
||||
|
@ -154,6 +154,11 @@ Other changes in Shorewall 4.1.4.
|
||||
|
||||
tun1 192.168.4.0/24
|
||||
|
||||
5) A new 'sourceonly' OPTION has been added for entries in
|
||||
/etc/shorewall/hosts. This option is the opposite of the 'destonly'
|
||||
option in that only packets *from* this set of hosts is considered
|
||||
to originate in the specified ZONE.
|
||||
|
||||
Migration Issues.
|
||||
|
||||
1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
|
||||
|
@ -1786,6 +1786,7 @@ sub generate_matrix() {
|
||||
for my $interface ( keys %$typeref ) {
|
||||
my $arrayref = $typeref->{$interface};
|
||||
for my $hostref ( @$arrayref ) {
|
||||
next if $hostref->{options}{sourceonly};
|
||||
if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) {
|
||||
my $ipsec_out_match = match_ipsec_out $zone1 , $hostref;
|
||||
for my $net ( @{$hostref->{hosts}} ) {
|
||||
@ -1807,6 +1808,7 @@ sub generate_matrix() {
|
||||
for my $interface1 ( keys %$type1ref ) {
|
||||
my $array1ref = $type1ref->{$interface1};
|
||||
for my $host1ref ( @$array1ref ) {
|
||||
next if $host1ref->{options}{sourceonly};
|
||||
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
|
||||
for my $net1 ( @{$host1ref->{hosts}} ) {
|
||||
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {
|
||||
|
@ -895,6 +895,7 @@ sub validate_hosts_file()
|
||||
tcpflags => 1,
|
||||
broadcast => 1,
|
||||
destonly => 1,
|
||||
sourceonly => 1,
|
||||
);
|
||||
|
||||
my $ipsec = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user