holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make 'shorewall[-lite] show zones' work better with exclusion

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4719 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-20 15:42:06 +00:00
parent 9e4691cb7d
commit 867a707d83
6 changed files with 45 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-lite/shorewall-lite
View File

@ -767,7 +767,14 @@ show_command() {
while read zone type hosts; do while read zone type hosts; do
echo "$zone ($type)" echo "$zone ($type)"
for host in $hosts; do for host in $hosts; do
case $host in
exclude)
echo " exclude:"
;;
*)
echo " $host" echo " $host"
;;
esac
done done
done < ${VARDIR}/zones done < ${VARDIR}/zones
echo echo

6
Shorewall/compiler
View File

@ -4200,7 +4200,11 @@ activate_rules()
eval type=\$${zone}_type eval type=\$${zone}_type
eval exclusions=\"\$${zone}_exclusions\" eval exclusions=\"\$${zone}_exclusions\"
echo $zone $type $source_hosts >> $STATEDIR/zones if [ -n "$exclusions" ]; then
echo "$zone $type $source_hosts exclude $exclusions" >> $STATEDIR/zones
else
echo "$zone $type $source_hosts" >> $STATEDIR/zones
fi
if [ -n "$DYNAMIC_ZONES" ]; then if [ -n "$DYNAMIC_ZONES" ]; then
echo "$FW $zone $chain1" >> $STATEDIR/chains echo "$FW $zone $chain1" >> $STATEDIR/chains

8
Shorewall/lib.dynamiczones
View File

@ -116,6 +116,12 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
while read z type hosts; do while read z type hosts; do
if [ "$z" = "$zone" ]; then if [ "$z" = "$zone" ]; then
case "$hosts" in
*exclude*)
rm -f ${VARDIR}/zones_$$
startup_error "Modifying a zone that has an exclude list is not supported"
;;
*)
for h in $hostlist; do for h in $hostlist; do
list_search $h $hosts list_search $h $hosts
if [ "$?" -gt 0 ]; then if [ "$?" -gt 0 ]; then
@ -126,6 +132,8 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
done done
[ -z "$hosts" ] && hosts=$newhostlist || hosts="$hosts $newhostlist" [ -z "$hosts" ] && hosts=$newhostlist || hosts="$hosts $newhostlist"
;;
esac
fi fi
eval ${z}_hosts=\"$hosts\" eval ${z}_hosts=\"$hosts\"

4
Shorewall/releasenotes.txt
View File

@ -147,7 +147,7 @@ Other changes in 3.3.3
Example from an earlier shorewall version: Example from an earlier shorewall version:
gateway:~ # shorewall show eth2_fwd gateway:~ # shorewall-lite show eth2_fwd
Shorewall Lite 3.3.2 Chains eth2_fwd at gateway - Thu Oct 19 08:54:37 PDT 2006 Shorewall Lite 3.3.2 Chains eth2_fwd at gateway - Thu Oct 19 08:54:37 PDT 2006
Counters reset Thu Oct 19 08:34:47 PDT 2006 Counters reset Thu Oct 19 08:34:47 PDT 2006
@ -163,7 +163,7 @@ Other changes in 3.3.3
This redundancy has been eliminated: This redundancy has been eliminated:
gateway:~ # shorewall show eth2_fwd gateway:~ # shorewall-lite show eth2_fwd
Shorewall Lite 3.3.3 Chains eth2_fwd at gateway - Thu Oct 19 09:15:24 PDT 2006 Shorewall Lite 3.3.3 Chains eth2_fwd at gateway - Thu Oct 19 09:15:24 PDT 2006
Counters reset Thu Oct 19 09:15:19 PDT 2006 Counters reset Thu Oct 19 09:15:19 PDT 2006

7
Shorewall/shorewall
View File

@ -1014,7 +1014,14 @@ show_command() {
while read zone type hosts; do while read zone type hosts; do
echo "$zone ($type)" echo "$zone ($type)"
for host in $hosts; do for host in $hosts; do
case $host in
exclude)
echo " exclude:"
;;
*)
echo " $host" echo " $host"
;;
esac
done done
done < ${VARDIR}/zones done < ${VARDIR}/zones
echo echo

9
web/shorewall_index.htm
View File

@ -69,13 +69,14 @@ configuration files and with the help of the iptables utility,
Shorewall configures Netfilter to match your requirements. Shorewall Shorewall configures Netfilter to match your requirements. Shorewall
can be used on a dedicated firewall system, a multi-function can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system. Shorewall gateway/router/server or on a standalone GNU/Linux system. Shorewall
does not use Netfilter's ipchains compatibility mode and can thus does not use Netfilter's ipchains compatibility mode; as a consequence,
Shorewall can
take advantage of Netfilter's connection state tracking take advantage of Netfilter's connection state tracking
capabilities.<br> capabilities to create a stateful firewall.<br>
<br> <br>
Shorewall is <u>not</u> a daemon. Once Shorewall Shorewall is <u>not</u> a daemon. Once Shorewall
has configured Netfilter, it's job is complete. After that, there is has configured Netfilter, it's job is complete and there is
no Shorewall code running although the <a no Shorewall code left running in the system. The <a
href="starting_and_stopping_shorewall.htm">/sbin/shorewall href="starting_and_stopping_shorewall.htm">/sbin/shorewall
program can be used at any time to monitor the Netfilter firewall</a>.</p> program can be used at any time to monitor the Netfilter firewall</a>.</p>
<p style="margin-left: 0.42in;">Shorewall is not the easiest to use of <p style="margin-left: 0.42in;">Shorewall is not the easiest to use of