holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make 'shorewall[-lite] show zones' work better with exclusion

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4719 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-20 15:42:06 +00:00
parent 9e4691cb7d
commit 867a707d83
6 changed files with 45 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-lite/shorewall-lite
View File

@ -767,7 +767,14 @@ show_command() {
while read zone type hosts; do
echo "$zone ($type)"
for host in $hosts; do
case $host in
exclude)
echo " exclude:"
;;
*)
echo " $host"
;;
esac
done
done < ${VARDIR}/zones
echo

6
Shorewall/compiler
View File

@ -4200,7 +4200,11 @@ activate_rules()
eval type=\$${zone}_type
eval exclusions=\"\$${zone}_exclusions\"
echo $zone $type $source_hosts >> $STATEDIR/zones
if [ -n "$exclusions" ]; then
echo "$zone $type $source_hosts exclude $exclusions" >> $STATEDIR/zones
else
echo "$zone $type $source_hosts" >> $STATEDIR/zones
fi
if [ -n "$DYNAMIC_ZONES" ]; then
echo "$FW $zone $chain1" >> $STATEDIR/chains

8
Shorewall/lib.dynamiczones
View File

@ -116,6 +116,12 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
while read z type hosts; do
if [ "$z" = "$zone" ]; then
case "$hosts" in
*exclude*)
rm -f ${VARDIR}/zones_$$
startup_error "Modifying a zone that has an exclude list is not supported"
;;
*)
for h in $hostlist; do
list_search $h $hosts
if [ "$?" -gt 0 ]; then
@ -126,6 +132,8 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
done
[ -z "$hosts" ] && hosts=$newhostlist || hosts="$hosts $newhostlist"
;;
esac
fi
eval ${z}_hosts=\"$hosts\"

4
Shorewall/releasenotes.txt
View File

@ -147,7 +147,7 @@ Other changes in 3.3.3
Example from an earlier shorewall version:
gateway:~ # shorewall show eth2_fwd
gateway:~ # shorewall-lite show eth2_fwd
Shorewall Lite 3.3.2 Chains eth2_fwd at gateway - Thu Oct 19 08:54:37 PDT 2006
Counters reset Thu Oct 19 08:34:47 PDT 2006
@ -163,7 +163,7 @@ Other changes in 3.3.3
This redundancy has been eliminated:
gateway:~ # shorewall show eth2_fwd
gateway:~ # shorewall-lite show eth2_fwd
Shorewall Lite 3.3.3 Chains eth2_fwd at gateway - Thu Oct 19 09:15:24 PDT 2006
Counters reset Thu Oct 19 09:15:19 PDT 2006

7
Shorewall/shorewall
View File

@ -1014,7 +1014,14 @@ show_command() {
while read zone type hosts; do
echo "$zone ($type)"
for host in $hosts; do
case $host in
exclude)
echo " exclude:"
;;
*)
echo " $host"
;;
esac
done
done < ${VARDIR}/zones
echo

9
web/shorewall_index.htm
View File

@ -69,13 +69,14 @@ configuration files and with the help of the iptables utility,
Shorewall configures Netfilter to match your requirements. Shorewall
can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system. Shorewall
does not use Netfilter's ipchains compatibility mode and can thus
does not use Netfilter's ipchains compatibility mode; as a consequence,
Shorewall can
take advantage of Netfilter's connection state tracking
capabilities.<br>
capabilities to create a stateful firewall.<br>
<br>
Shorewall is <u>not</u> a daemon. Once Shorewall
has configured Netfilter, it's job is complete. After that, there is
no Shorewall code running although the <a
has configured Netfilter, it's job is complete and there is
no Shorewall code left running in the system. The <a
href="starting_and_stopping_shorewall.htm">/sbin/shorewall
program can be used at any time to monitor the Netfilter firewall</a>.</p>
<p style="margin-left: 0.42in;">Shorewall is not the easiest to use of