holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add support for UDP Lite

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-03-16 09:42:50 -07:00
parent 5ac2b16936
commit a01fa345b7
12 changed files with 46 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1846,12 +1846,12 @@ sub do_proto( $$$;$ )
PROTO: PROTO:
{ {
if ( $proto == TCP || $proto == UDP || $proto == SCTP || $proto == DCCP ) { if ( $proto == TCP || $proto == UDP || $proto == SCTP || $proto == DCCP || $proto == UDPLITE ) {
my $multiport = 0; my $multiport = 0;
if ( $ports ne '' ) { if ( $ports ne '' ) {
$invert = $ports =~ s/^!// ? '! ' : ''; $invert = $ports =~ s/^!// ? '! ' : '';
if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 ) { if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 || $proto == UDPLITE ) {
fatal_error "Port lists require Multiport support in your kernel/iptables" unless have_capability( 'MULTIPORT' ); fatal_error "Port lists require Multiport support in your kernel/iptables" unless have_capability( 'MULTIPORT' );
fatal_error "Multiple ports not supported with SCTP" if $proto == SCTP; fatal_error "Multiple ports not supported with SCTP" if $proto == SCTP;
fatal_error "A port list in this file may only have up to 15 ports" if $restricted && port_count( $ports ) > 15; fatal_error "A port list in this file may only have up to 15 ports" if $restricted && port_count( $ports ) > 15;

4
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -47,6 +47,7 @@ our @EXPORT = qw( ALLIPv4
ALL ALL
TCP TCP
UDP UDP
UDPLITE
ICMP ICMP
DCCP DCCP
IPv6_ICMP IPv6_ICMP
@ -103,7 +104,8 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
UDP => 17, UDP => 17,
DCCP => 33, DCCP => 33,
IPv6_ICMP => 58, IPv6_ICMP => 58,
SCTP => 132 }; SCTP => 132,
UDPLITE => 136 };
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );

2
Shorewall/changelog.txt
View File

@ -29,6 +29,8 @@ Changes in Shorewall 4.4.8
14) Replace OPTIMIZE=-1 with undocumented optimize 4096 which DISABLES 14) Replace OPTIMIZE=-1 with undocumented optimize 4096 which DISABLES
default optimizations. default optimizations.
15) Add support for UDPLITE
Changes in Shorewall 4.4.7 Changes in Shorewall 4.4.7
1) Backport optimization changes from 4.5. 1) Backport optimization changes from 4.5.

3
Shorewall/releasenotes.txt
View File

@ -346,6 +346,9 @@ None.
ERROR: The separator for a port range is ':', not '-' (21-22) : ERROR: The separator for a port range is ':', not '-' (21-22) :
/etc/shorewall/rules (line 3) /etc/shorewall/rules (line 3)
5) Support has been added for UDPLITE (proto 136) in that DEST PORT(S)
and SOURCE PORT(S) may be specified for that protocol.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
I N P R I O R R E L E A S E S I N P R I O R R E L E A S E S

14
docs/Accounting.xml
View File

@ -126,17 +126,19 @@
<listitem> <listitem>
<para><emphasis role="bold">DEST PORT</emphasis> - Destination Port <para><emphasis role="bold">DEST PORT</emphasis> - Destination Port
number. Service name from <filename>/etc/services</filename> or port number. Service name from <filename>/etc/services</filename> or port
number. May only be specified if the protocol is TCP or UDP (6 or 17). number. May only be specified if the protocol is TCP (6), UDP (17),
If the PROTOCOL is <quote>ipp2p</quote>, then this column is DCCP (33), SCTP (132) or UDPLITE (136). If the PROTOCOL is
interpreted as an ipp2p option without the leading <quote>--</quote> <quote>ipp2p</quote>, then this column is interpreted as an ipp2p
(default <quote>ipp2p</quote>). For a list of value ipp2p options, as option without the leading <quote>--</quote> (default
root type <command>iptables -m ipp2p --help</command>.</para> <quote>ipp2p</quote>). For a list of value ipp2p options, as root type
<command>iptables -m ipp2p --help</command>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">SOURCE PORT</emphasis>- Source Port <para><emphasis role="bold">SOURCE PORT</emphasis>- Source Port
number. Service name from /etc/services or port number. May only be number. Service name from /etc/services or port number. May only be
specified if the protocol is TCP or UDP (6 or 17).</para> specified if the protocol is TCP (6), UDP (17), DCCP (33), SCTP (132)
or UDPLITE (136).</para>
</listitem> </listitem>
<listitem> <listitem>

8
manpages/shorewall-accounting.xml
View File

@ -165,8 +165,8 @@
<listitem> <listitem>
<para>Destination Port number. Service name from services(5) or <para>Destination Port number. Service name from services(5) or
<emphasis>port number</emphasis>. May only be specified if the <emphasis>port number</emphasis>. May only be specified if the
protocol is <emphasis role="bold">tcp</emphasis> or <emphasis protocol is TCP (6), UDP (17), DCCP (33), SCTP (132) or UDPLITE
role="bold">udp</emphasis> (6 or 17).</para> (136).</para>
<para>You may place a comma-separated list of port names or numbers <para>You may place a comma-separated list of port names or numbers
in this column if your kernel and iptables include multiport match in this column if your kernel and iptables include multiport match
@ -188,8 +188,8 @@
<listitem> <listitem>
<para>Service name from services(5) or <emphasis>port <para>Service name from services(5) or <emphasis>port
number</emphasis>. May only be specified if the protocol is TCP or number</emphasis>. May only be specified if the protocol is TCP (6),
UDP (6 or 17).</para> UDP (17), DCCP (33), SCTP (132) or UDPLITE (136).</para>
<para>You may place a comma-separated list of port numbers in this <para>You may place a comma-separated list of port numbers in this
column if your kernel and iptables include multiport match column if your kernel and iptables include multiport match

8
manpages/shorewall-masq.xml
View File

@ -237,10 +237,10 @@
[[!]<emphasis>port-name-or-number</emphasis>[,<emphasis>port-name-or-number</emphasis>]...]</term> [[!]<emphasis>port-name-or-number</emphasis>[,<emphasis>port-name-or-number</emphasis>]...]</term>
<listitem> <listitem>
<para>If the PROTO column specifies TCP (protocol 6) or UDP <para>If the PROTO column specifies TCP (6), UDP (17), DCCP (33),
(protocol 17) then you may list one or more port numbers (or names SCTP (132) or UDPLITE (136) then you may list one or more port
from services(5)) separated by commas or you may list a single port numbers (or names from services(5)) separated by commas or you may
range list a single port range
(<emphasis>lowport</emphasis>:<emphasis>highport</emphasis>).</para> (<emphasis>lowport</emphasis>:<emphasis>highport</emphasis>).</para>
<para>Where a comma-separated list is given, your kernel and <para>Where a comma-separated list is given, your kernel and

7
manpages/shorewall-tcpri.xml
View File

@ -84,9 +84,10 @@
<term>PORT(S) - <replaceable>port</replaceable> [,...]</term> <term>PORT(S) - <replaceable>port</replaceable> [,...]</term>
<listitem> <listitem>
<para>Optional. May only be given if the the PROTO is tcp (6) or udp <para>Optional. May only be given if the the PROTO is TCP (6), UDP
(17). A list of one or more port numbers or service names from (17), DCCP (33), SCTP (132) or UDPLITE (136). A list of one or more
/etc/services. Port ranges of the form port numbers or service names from /etc/services. Port ranges of the
form
<replaceable>lowport</replaceable>:<replaceable>highport</replaceable> <replaceable>lowport</replaceable>:<replaceable>highport</replaceable>
may also be included.</para> may also be included.</para>
</listitem> </listitem>

8
manpages6/shorewall6-accounting.xml
View File

@ -164,8 +164,8 @@
<listitem> <listitem>
<para>Destination Port number. Service name from services(5) or <para>Destination Port number. Service name from services(5) or
<emphasis>port number</emphasis>. May only be specified if the <emphasis>port number</emphasis>. May only be specified if the
protocol is <emphasis role="bold">tcp</emphasis> or <emphasis protocol is TCP (6), UDP (17), DCCP (33), SCTP (132) or UDPLITE
role="bold">udp</emphasis> (6 or 17).</para> (136).</para>
<para>You may place a comma-separated list of port names or numbers <para>You may place a comma-separated list of port names or numbers
in this column if your kernel and ip6tables include multiport match in this column if your kernel and ip6tables include multiport match
@ -187,8 +187,8 @@
<listitem> <listitem>
<para>Service name from services(5) or <emphasis>port <para>Service name from services(5) or <emphasis>port
number</emphasis>. May only be specified if the protocol is TCP or number</emphasis>. May only be specified if the protocol is TCP (6),
UDP (6 or 17).</para> UDP (17), DCCP (33), SCTP (132) or UDPLITE (136).</para>
<para>You may place a comma-separated list of port numbers in this <para>You may place a comma-separated list of port numbers in this
column if your kernel and ip6tables include multiport match column if your kernel and ip6tables include multiport match

11
manpages6/shorewall6-blacklist.xml
View File

@ -37,8 +37,9 @@
<listitem> <listitem>
<para>Host address, network address, MAC address, IP address range <para>Host address, network address, MAC address, IP address range
(if your kernel and ip6tables contain iprange match support) or ipset (if your kernel and ip6tables contain iprange match support) or
name prefaced by "+" (if your kernel supports ipset match).</para> ipset name prefaced by "+" (if your kernel supports ipset
match).</para>
<para>MAC addresses must be prefixed with "~" and use "-" as a <para>MAC addresses must be prefixed with "~" and use "-" as a
separator.</para> separator.</para>
@ -67,9 +68,9 @@
role="bold">-</emphasis>|<emphasis>port-name-or-number</emphasis>[,<emphasis>port-name-or-number</emphasis>]...}</term> role="bold">-</emphasis>|<emphasis>port-name-or-number</emphasis>[,<emphasis>port-name-or-number</emphasis>]...}</term>
<listitem> <listitem>
<para>May only be specified if the protocol is TCP (6) or UDP (17). <para>May only be specified if the protocol is TCP (6), UDP (17),
A comma-separated list of destination port numbers or service names DCCP (33), SCTP (132) or UDPLITE (136). A comma-separated list of
from services(5).</para> destination port numbers or service names from services(5).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

9
manpages6/shorewall6-tcpri.xml
View File

@ -84,9 +84,10 @@
<term>PORT(S) - <replaceable>port</replaceable> [,...]</term> <term>PORT(S) - <replaceable>port</replaceable> [,...]</term>
<listitem> <listitem>
<para>Optional. May only be given if the the PROTO is tcp (6) or udp <para>Optional. May only be given if the the PROTO is TCP (6), UDP
(17). A list of one or more port numbers or service names from (17), DCCP (33), SCTP (132) or UDPLITE (136). A list of one or more
/etc/services. Port ranges of the form port numbers or service names from /etc/services. Port ranges of the
form
<replaceable>lowport</replaceable>:<replaceable>highport</replaceable> <replaceable>lowport</replaceable>:<replaceable>highport</replaceable>
may also be included.</para> may also be included.</para>
</listitem> </listitem>
@ -152,6 +153,6 @@
shorewall6-providers(5), shorewall6-route_rules(5), shorewall6-providers(5), shorewall6-route_rules(5),
shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-tcinterfaces(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-tcinterfaces(5), shorewall6-tos(5), shorewall6-tunnels(5),
shorewall6-zones(5) </para> shorewall6-zones(5)</para>
</refsect1> </refsect1>
</refentry> </refentry>