forked from extern/shorewall_code
More comprehensive fix for duplicate / -[piosd] /
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
8547b735f7
commit
8fb003476d
@ -645,6 +645,8 @@ sub add_jump( $$$;$$$ ) {
|
|||||||
|
|
||||||
my $param = $goto_ok && $toref && have_capability( 'GOTO_TARGET' ) ? 'g' : 'j';
|
my $param = $goto_ok && $toref && have_capability( 'GOTO_TARGET' ) ? 'g' : 'j';
|
||||||
|
|
||||||
|
$fromref->{dont_optimize} = 1 if $predicate =~ /! -[piosd] /;
|
||||||
|
|
||||||
if ( defined $index ) {
|
if ( defined $index ) {
|
||||||
assert( ! $expandports );
|
assert( ! $expandports );
|
||||||
insert_rule1( $fromref, $index, join( '', $predicate, "-$param $to" ));
|
insert_rule1( $fromref, $index, join( '', $predicate, "-$param $to" ));
|
||||||
@ -1429,6 +1431,14 @@ sub replace_references1( $$$ ) {
|
|||||||
my $table = $chainref->{table};
|
my $table = $chainref->{table};
|
||||||
my $count = 0;
|
my $count = 0;
|
||||||
my $name = $chainref->{name};
|
my $name = $chainref->{name};
|
||||||
|
#
|
||||||
|
# The caller has ensured that $matches does not contain /! -[piosd] /
|
||||||
|
#
|
||||||
|
my $hasp = $matches =~ / -p /;
|
||||||
|
my $hasi = $matches =~ / -i /;
|
||||||
|
my $haso = $matches =~ / -o /;
|
||||||
|
my $hass = $matches =~ / -s /;
|
||||||
|
my $hasd = $matches =~ / -d /;
|
||||||
|
|
||||||
$name =~ s/\+/\\+/;
|
$name =~ s/\+/\\+/;
|
||||||
#
|
#
|
||||||
@ -1447,9 +1457,14 @@ sub replace_references1( $$$ ) {
|
|||||||
for ( @{$fromref->{rules}} ) {
|
for ( @{$fromref->{rules}} ) {
|
||||||
if ( defined && /^-A $fromname .*-[jg] $name\b/ ) {
|
if ( defined && /^-A $fromname .*-[jg] $name\b/ ) {
|
||||||
#
|
#
|
||||||
# Prevent multiple '-p' matches
|
# Prevent multiple '-p', '-i', '-o', '-s' and '-d' matches
|
||||||
#
|
#
|
||||||
s/ -p [^ ]+ / / if / -p / && $matches =~ / -p /;
|
s/( !)? -p [^ ]+ / / if $hasp;
|
||||||
|
s/( !)? -i [^ ]+ / / if $hasi;
|
||||||
|
s/( !)? -o [^ ]+ / / if $haso;
|
||||||
|
s/( !)? -s [^ ]+ / / if $hass;
|
||||||
|
s/( !)? -d [^ ]+ / / if $hasd;
|
||||||
|
|
||||||
s/\s+-([jg]) $name(\b)/$matches -$1 ${target}$2/;
|
s/\s+-([jg]) $name(\b)/$matches -$1 ${target}$2/;
|
||||||
add_reference( $fromref, $chain_table{$table}{$target} );
|
add_reference( $fromref, $chain_table{$table}{$target} );
|
||||||
$count++;
|
$count++;
|
||||||
@ -1470,9 +1485,14 @@ sub replace_references1( $$$ ) {
|
|||||||
for ( @{$fromref->{rules}} ) {
|
for ( @{$fromref->{rules}} ) {
|
||||||
if ( defined && /^-A $fromname .*-[jg] $name\b/ ) {
|
if ( defined && /^-A $fromname .*-[jg] $name\b/ ) {
|
||||||
#
|
#
|
||||||
# Prevent multiple '-p' matches
|
# Prevent multiple '-p', '-i', '-o', '-s' and '-d' matches
|
||||||
#
|
#
|
||||||
s/ -p [^ ]+ / / if / -p / && $matches =~ / -p /;
|
s/( !)? -p [^ ]+ / / if $hasp;
|
||||||
|
s/( !)? -i [^ ]+ / / if $hasi;
|
||||||
|
s/( !)? -o [^ ]+ / / if $haso;
|
||||||
|
s/( !)? -s [^ ]+ / / if $hass;
|
||||||
|
s/( !)? -d [^ ]+ / / if $hasd;
|
||||||
|
|
||||||
s/\s+-[jg] $name(\b)/$matches -j ${target}$1/;
|
s/\s+-[jg] $name(\b)/$matches -j ${target}$1/;
|
||||||
$count++;
|
$count++;
|
||||||
}
|
}
|
||||||
|
@ -229,11 +229,13 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
|||||||
#ZONE INTERFACE BROADCAST OPTIONS
|
#ZONE INTERFACE BROADCAST OPTIONS
|
||||||
vpn TUN+ - tun+
|
vpn TUN+ - tun+
|
||||||
|
|
||||||
/etc/shorewall/netmap:
|
/etc/shorewall/masq:
|
||||||
|
|
||||||
#TYPE NET1 INTEFACE NET2
|
#INTERFACE SOURCE ADDRESS PROTO PORT
|
||||||
SNAT 1.2.3.0/24 TUN0 3.4.5.0/24
|
tun0 192.168.1.0/24
|
||||||
DNAT 3.4.5.0/24 TUN0 1.2.3.0/24
|
|
||||||
|
Use of tunN in the nat and netmap files also produced invalid
|
||||||
|
iptables-restore input.
|
||||||
|
|
||||||
4.4.8.4
|
4.4.8.4
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user