holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Enhanced support in the SOURCE column of the tcrules file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1963 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-02-18 16:53:39 +00:00
parent 6dc7f529d4
commit 8f82eb2f6a
4 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -3,6 +3,8 @@ Changes in 2.2.2
1) The 'check' command disclaimer is toned down further and only
appears once in the 'check' output.
2) Enhanced support in the SOURCE column of /etc/shorewall/tcrules.
Changes in 2.2.1
1) Add examples to the zones and policy files.

9
Shorewall2/firewall
View File

@ -2333,16 +2333,19 @@ process_tc_rule()
if [ "x$source" != "x-" ]; then
case $source in
*.*.*)
r="-s $source "
r="$(source_ip_range $source) "
;;
~*)
r="$(mac_match $source) "
;;
$FW:*)
chain=tcout
r="$(source_ip_range ${source%:*}) "
;;
$FW)
chain=tcout
;;
*)
*)
verify_interface $source || fatal_error "Unknown interface $source in rule \"$rule\""
r="$(match_source_dev) $source "
;;

10
Shorewall2/releasenotes.txt
View File

@ -2,6 +2,16 @@ Shorewall 2.2.2
-----------------------------------------------------------------------
Problems corrected in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
ranges (assuming that your iptables and kernel support ranges).
-----------------------------------------------------------------------
New Features in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules now allows $FW to
be optionally followed by ":" and a host/network address or address
range.
-----------------------------------------------------------------------
Problems corrected in version 2.2.1

3
Shorewall2/tcrules
View File

@ -80,7 +80,8 @@
# allowed. Use $FW if the packet originates on
# the firewall in which case the MARK column may NOT
# specify either ":P" or ":F" (marking always occurs
# in the OUTPUT chain).
# in the OUTPUT chain). $FW may be optionally followed
# by ":" and a host/network address.
#
# MAC addresses must be prefixed with "~" and use
# "-" as a separator.