forked from extern/shorewall_code
A few bug fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
d96767b50a
commit
92e45e1586
@ -3117,21 +3117,30 @@ display_list() # $1 = List Title, rest of $* = list to display
|
|||||||
policy_rules() # $1 = chain to add rules to
|
policy_rules() # $1 = chain to add rules to
|
||||||
# $2 = policy
|
# $2 = policy
|
||||||
# $3 = loglevel
|
# $3 = loglevel
|
||||||
|
# $4 = Default Action/Macro
|
||||||
{
|
{
|
||||||
local target="$2"
|
local target="$2"
|
||||||
local default
|
local default="$4"
|
||||||
|
|
||||||
eval default=\$${1}_default
|
|
||||||
|
|
||||||
if [ -n "$default" ]; then
|
if [ -n "$default" ]; then
|
||||||
[ "$default" = none ] || run_iptables -A $1 -j $default
|
[ "$default" = none ] || run_iptables -A $1 -j $default
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $# -eq 3 -a "x${3}" != "x-" ]; then
|
|
||||||
|
if [ $# -ge 3 -a "x${3}" != "x-" ]; then
|
||||||
log_rule $3 $1 $2
|
log_rule $3 $1 $2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -n "$target" ] && run_iptables -A $1 -j $target
|
if [ -n "$target" ]; then
|
||||||
|
case $target in
|
||||||
|
REJECT)
|
||||||
|
run_iptables -A $1 -j reject
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
run_iptables -A $1 -j $target
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -3173,6 +3182,7 @@ default_policy() # $1 = client $2 = server
|
|||||||
eval policy=\$${chain1}_policy
|
eval policy=\$${chain1}_policy
|
||||||
eval loglevel=\$${chain1}_loglevel
|
eval loglevel=\$${chain1}_loglevel
|
||||||
eval synparams=\$${chain1}_synparams
|
eval synparams=\$${chain1}_synparams
|
||||||
|
eval default=\$${chain1}_default
|
||||||
#
|
#
|
||||||
# Add the appropriate rules to the canonical chain ($chain) to enforce
|
# Add the appropriate rules to the canonical chain ($chain) to enforce
|
||||||
# the specified policy
|
# the specified policy
|
||||||
@ -3182,7 +3192,7 @@ default_policy() # $1 = client $2 = server
|
|||||||
# The policy chain is the canonical chain; add policy rule to it
|
# The policy chain is the canonical chain; add policy rule to it
|
||||||
# The syn flood jump has already been added if required.
|
# The syn flood jump has already been added if required.
|
||||||
#
|
#
|
||||||
policy_rules $chain $policy $loglevel
|
policy_rules $chain $policy $loglevel $default
|
||||||
else
|
else
|
||||||
#
|
#
|
||||||
# The policy chain is different from the canonical chain -- approach
|
# The policy chain is different from the canonical chain -- approach
|
||||||
@ -3196,7 +3206,7 @@ default_policy() # $1 = client $2 = server
|
|||||||
# in this chain.
|
# in this chain.
|
||||||
#
|
#
|
||||||
report_syn_flood_protection
|
report_syn_flood_protection
|
||||||
policy_rules $chain $policy $loglevel
|
policy_rules $chain $policy $loglevel $default
|
||||||
else
|
else
|
||||||
#
|
#
|
||||||
# No problem with double-counting so just jump to the
|
# No problem with double-counting so just jump to the
|
||||||
@ -3212,7 +3222,7 @@ default_policy() # $1 = client $2 = server
|
|||||||
#
|
#
|
||||||
[ -n "$synparams" ] && \
|
[ -n "$synparams" ] && \
|
||||||
report_syn_flood_protection
|
report_syn_flood_protection
|
||||||
policy_rules $chain $policy $loglevel
|
policy_rules $chain $policy $loglevel $default
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
#
|
#
|
||||||
@ -3252,6 +3262,7 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
|
|||||||
local policy=
|
local policy=
|
||||||
local loglevel=
|
local loglevel=
|
||||||
local policychain=
|
local policychain=
|
||||||
|
local default=
|
||||||
|
|
||||||
run_user_exit $1
|
run_user_exit $1
|
||||||
|
|
||||||
@ -3260,9 +3271,10 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
|
|||||||
if [ -n "$policychain" ]; then
|
if [ -n "$policychain" ]; then
|
||||||
eval policy=\$${policychain}_policy
|
eval policy=\$${policychain}_policy
|
||||||
eval loglevel=\$${policychain}_loglevel
|
eval loglevel=\$${policychain}_loglevel
|
||||||
|
eval default=\$${policychain}_default
|
||||||
eval
|
eval
|
||||||
|
|
||||||
policy_rules $1 $policy $loglevel
|
policy_rules $1 $policy $loglevel $default
|
||||||
else
|
else
|
||||||
policy_rules $1 DROP info
|
policy_rules $1 DROP info
|
||||||
fi
|
fi
|
||||||
@ -3968,6 +3980,7 @@ apply_policy_rules() {
|
|||||||
eval policy=\$${chain}_policy
|
eval policy=\$${chain}_policy
|
||||||
eval loglevel=\$${chain}_loglevel
|
eval loglevel=\$${chain}_loglevel
|
||||||
eval optional=\$${chain}_is_optional
|
eval optional=\$${chain}_is_optional
|
||||||
|
eval default=\$${chain}_default
|
||||||
|
|
||||||
if [ "$policy" != NONE ]; then
|
if [ "$policy" != NONE ]; then
|
||||||
if ! havechain $chain && [ -z "$optional" -a "$policy" != CONTINUE ]; then
|
if ! havechain $chain && [ -z "$optional" -a "$policy" != CONTINUE ]; then
|
||||||
@ -3986,7 +3999,7 @@ apply_policy_rules() {
|
|||||||
case $chain in
|
case $chain in
|
||||||
all2*|*2all)
|
all2*|*2all)
|
||||||
run_user_exit $chain
|
run_user_exit $chain
|
||||||
policy_rules $chain $policy $loglevel
|
policy_rules $chain $policy $loglevel $default
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user