holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Create 'sourceonly' hosts option

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8093 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-01-22 23:48:03 +00:00
parent 336279e679
commit 746a00994d
4 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/changelog.txt
View File

@ -14,6 +14,10 @@ Changes in 4.1.4
6) Allow loose match of interface names used in masq, nat and netmap. 6) Allow loose match of interface names used in masq, nat and netmap.
7) Allow loose match of interface names in match_source_dev().
8) Implement 'sourceonly' host entry option.
Changes in 4.1.3 Changes in 4.1.3
1) Fix NFLOG/ULOG upcasing problem. 1) Fix NFLOG/ULOG upcasing problem.

5
Shorewall-common/releasenotes.txt
View File

@ -154,6 +154,11 @@ Other changes in Shorewall 4.1.4.
tun1 192.168.4.0/24 tun1 192.168.4.0/24
5) A new 'sourceonly' OPTION has been added for entries in
/etc/shorewall/hosts. This option is the opposite of the 'destonly'
option in that only packets *from* this set of hosts is considered
to originate in the specified ZONE.
Migration Issues. Migration Issues.
1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero 1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1786,6 +1786,7 @@ sub generate_matrix() {
for my $interface ( keys %$typeref ) { for my $interface ( keys %$typeref ) {
my $arrayref = $typeref->{$interface}; my $arrayref = $typeref->{$interface};
for my $hostref ( @$arrayref ) { for my $hostref ( @$arrayref ) {
next if $hostref->{options}{sourceonly};
if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) { if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) {
my $ipsec_out_match = match_ipsec_out $zone1 , $hostref; my $ipsec_out_match = match_ipsec_out $zone1 , $hostref;
for my $net ( @{$hostref->{hosts}} ) { for my $net ( @{$hostref->{hosts}} ) {
@ -1807,6 +1808,7 @@ sub generate_matrix() {
for my $interface1 ( keys %$type1ref ) { for my $interface1 ( keys %$type1ref ) {
my $array1ref = $type1ref->{$interface1}; my $array1ref = $type1ref->{$interface1};
for my $host1ref ( @$array1ref ) { for my $host1ref ( @$array1ref ) {
next if $host1ref->{options}{sourceonly};
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref; my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
for my $net1 ( @{$host1ref->{hosts}} ) { for my $net1 ( @{$host1ref->{hosts}} ) {
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) { unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {

1
Shorewall-perl/Shorewall/Zones.pm
View File

@ -895,6 +895,7 @@ sub validate_hosts_file()
tcpflags => 1, tcpflags => 1,
broadcast => 1, broadcast => 1,
destonly => 1, destonly => 1,
sourceonly => 1,
); );
my $ipsec = 0; my $ipsec = 0;