forked from extern/shorewall_code
Merge Tuomo Soini's 'shorewall add' patch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2174 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
6f46bb3859
commit
7974d98eea
@ -4,6 +4,8 @@ Changes in 2.4.0-RC2
|
||||
|
||||
2) Fix detection via 'nexthop' so it will work with BusyBox
|
||||
|
||||
3) Merge Tuomo Soini's fix for "shorewall add"
|
||||
|
||||
Changes in 2.4.0-RC1
|
||||
|
||||
1) Fix output from firewall itself vis-a-vis multiple providers.
|
||||
|
||||
@ -7641,7 +7641,8 @@ refresh_firewall()
|
||||
add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
|
||||
{
|
||||
local interface host zone z h z1 z2 chain
|
||||
local dhcp_interfaces blacklist_interfaces maclist_interfaces tcpflags_interfaces
|
||||
local dhcp_interfaces blacklist_interfaces maclist_interfaces
|
||||
local tcpflags_interfaces newhostlist=
|
||||
local rulenum source_chain dest_hosts iface hosts hostlist=
|
||||
|
||||
nat_chain_exists() # $1 = chain name
|
||||
@ -7725,16 +7726,16 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
|
||||
|
||||
while read z hosts; do
|
||||
if [ "$z" = "$zone" ]; then
|
||||
for h in $hosts; do
|
||||
for host in $hostlist; do
|
||||
if [ "$h" = "$host" ]; then
|
||||
rm -f ${STATEDIR}/zones_$$
|
||||
startup_error "$host already in zone $zone"
|
||||
fi
|
||||
done
|
||||
for h in $hostlist; do
|
||||
list_search $h $hosts
|
||||
if [ "$?" -gt 0 ]; then
|
||||
newhostlist="$newhostlist $h"
|
||||
else
|
||||
error_message "$h already in zone $zone"
|
||||
fi
|
||||
done
|
||||
|
||||
[ -z "$hosts" ] && hosts=$hostlist || hosts="$hosts $hostlist"
|
||||
[ -z "$hosts" ] && hosts=$newhostlist || hosts="$hosts $newhostlist"
|
||||
fi
|
||||
|
||||
eval ${z}_hosts=\"$hosts\"
|
||||
@ -7748,7 +7749,7 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
|
||||
#
|
||||
# Create a new Zone state file
|
||||
#
|
||||
for newhost in $hostlist; do
|
||||
for newhost in $newhostlist; do
|
||||
#
|
||||
# Isolate interface and host parts
|
||||
#
|
||||
@ -7908,7 +7909,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
||||
fi
|
||||
done
|
||||
|
||||
[ -n "$found" ] || error_message "Warning: $1 does not appear to be in zone $2"
|
||||
[ -n "$found" ] || error_message "Warning: $host does not appear to be in zone $zone"
|
||||
done
|
||||
|
||||
for h in $temp; do
|
||||
|
||||
@ -6,6 +6,11 @@ Problems Corrected since 2.4.0-RC1
|
||||
1) The value 'detect' in the GATEWAY column of the providers file
|
||||
is no longer restricted to P-T-P interfaces.
|
||||
|
||||
2) Previously "shorewall add" would terminate with an error if any of
|
||||
the listed hosts were already in the specified zone. Now a warning
|
||||
message is issued and an attempt is made to add the non-duplicate
|
||||
hosts to the zone (Patch by Tuomo Soini).
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Upgrade Issues when moving to 2.4.0
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user