holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Mention maclist file in shorewall-ipsets(5)

Browse Source
This commit is contained in:
Tom Eastep 2010-09-25 16:07:56 -07:00
parent f07ec1e9d3
commit 74f1cb2443
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1860,6 +1860,7 @@ sub generate_matrix() {
our %forward_jump_added = ();
progress_message2 'Generating Rule Matrix...';
progress_message ' Handling blacklisting and complex zones...';
#
# Special processing for complex and/or blacklisting configurations
#
@ -1874,11 +1875,14 @@ sub generate_matrix() {
add_jump ensure_filter_chain( rules_chain( $zone, $_ ), 1 ) , $blackref , 0, $state, 0, -1 for firewall_zone, @vservers;
if ( $simple ) {
#
# We won't create a zone forwarding chain for this zone so we must add blacklisting jumps to the rules chains
#
for my $zone1 ( @zones ) {
my $ruleschain = rules_chain( $zone, $zone1 );
my $ruleschainref = $filter_table->{$ruleschain};
if ( ( $zone ne $zone1 || ( $ruleschainref && $ruleschainref->{referenced} ) ) && $ruleschainref->{policy} ne 'NONE' ) {
if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
add_jump( ensure_filter_chain( $ruleschain, 1 ), $blackref, 0, $state, 0, -1 );
}
}
@ -1893,7 +1897,7 @@ sub generate_matrix() {
my $ruleschain = rules_chain( $zone1, $zone );
my $ruleschainref = $filter_table->{$ruleschain};
if ( $zone ne $zone1 || ( $ruleschainref && $ruleschainref->{referenced} ) ) {
if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
add_jump( ensure_filter_chain( $ruleschain, 1 ), $blackref, 0, $state, 0, -1 );
}
}
@ -1953,6 +1957,8 @@ sub generate_matrix() {
#
# Main source-zone matrix-generation loop
#
progress_message ' Entering main matrix-generation loop...';
for my $zone ( @zones ) {
my $zoneref = find_zone( $zone );
my $source_hosts_ref = $zoneref->{hosts};
@ -2301,6 +2307,8 @@ sub generate_matrix() {
add_jump $frwd_ref , $last_chain, 1 if $frwd_ref && $last_chain;
}
progress_message ' Finishing matrix...';
add_interface_jumps @interfaces unless $interface_jumps_added;
promote_blacklist_rules;

3
manpages/shorewall-ipsets.xml
View File

@ -97,6 +97,9 @@
<para>/etc/shorewall/hosts -- <emphasis role="bold">Note:</emphasis>
Multiple matches enclosed in +[...] may not be used in this file.</para>
<para>/etc/shorewall/maclist -- <emphasis role="bold">Note:</emphasis>
Multiple matches enclosed in +[...] may not be used in this file.</para>
<para>/etc/shorewall/masq</para>
<para>/etc/shorewall/rules</para>