holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix SAME/ADD_SNAT_ALIASES bug

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-03-25 16:58:08 +00:00
parent 3e05dab080
commit a15f3e25c8
3 changed files with 30 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,6 +4,8 @@ Changes in 3.2.0 Beta 3
2) Add IMPLICIT_CONTINUE option to shorewall.conf. 2) Add IMPLICIT_CONTINUE option to shorewall.conf.
3) Fix SAME/ADD_SNAT_ALIASES interaction.
Changes in 3.2.0 Beta 2 Changes in 3.2.0 Beta 2
1) Make "shorewall start -f" work correctly. 1) Make "shorewall start -f" work correctly.

44
Shorewall/compiler
View File

@ -6625,27 +6625,6 @@ setup_masq()
;; ;;
esac esac
[ "x$addresses" = x- ] && addresses=
if [ -n "$addresses" -a -n "$add_snat_aliases" ]; then
for address in $(separate_list $addresses); do
address=${address%:)}
if [ -n "$address" ]; then
for addr in $(ip_range_explicit ${address%:*}) ; do
if ! list_search $addr $ALIASES_TO_ADD; then
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
case $fullinterface in
*:*)
fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 ))
;;
esac
fi
done
fi
done
fi
[ "x$proto" = x- ] && proto= [ "x$proto" = x- ] && proto=
[ "x$ports" = x- ] && ports= [ "x$ports" = x- ] && ports=
@ -6788,6 +6767,8 @@ __EOF__
addrlist= addrlist=
target=MASQUERADE target=MASQUERADE
[ "x$addresses" = x- ] && addresses=
if [ -n "$addresses" ]; then if [ -n "$addresses" ]; then
case "$addresses" in case "$addresses" in
SAME:nodst:*) SAME:nodst:*)
@ -6818,6 +6799,27 @@ __EOF__
done done
;; ;;
esac esac
if [ -n"$add_snat_aliases" ]; then
for address in $(separate_list $addresses); do
address=${address%:)}
if [ -n "$address" ]; then
for addr in $(ip_range_explicit ${address%:*}) ; do
if ! list_search $addr $ALIASES_TO_ADD; then
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
case $fullinterface in
*:*)
fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 ))
;;
esac
fi
done
fi
done
fi
fi fi
if [ -n "$networks" ]; then if [ -n "$networks" ]; then

5
Shorewall/releasenotes.txt
View File

@ -36,6 +36,11 @@ Problems Corrected in 3.2.0 Beta 3
in the RPM .spec file. This prevented updated versions of the file in the RPM .spec file. This prevented updated versions of the file
from being installed properly. from being installed properly.
3) If you use SAME or SAME:nodst in the ADDRESS column of /etc/shorewall/masq
and if you set ADD_SNAT_ALIASES=Yes in shorewall.conf, then "shorewall
start" will fail with the error 'Error: an inet prefix is expected rather
than "SAME".'.
Other changes in 3.2.0 Beta 2 Other changes in 3.2.0 Beta 2
2) A new IMPLICIT_CONTINUE option has been added to shorewall.conf. When 2) A new IMPLICIT_CONTINUE option has been added to shorewall.conf. When