From a3eaa7f9af555b4fc7bea934e10ba79834c493d2 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 27 Nov 2003 18:24:57 +0000 Subject: [PATCH] Rework ip_forward handling; update release file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 4 ++++ Shorewall/firewall | 41 +++++++++++++++++++------------------- Shorewall/releasenotes.txt | 12 +++++------ 3 files changed, 30 insertions(+), 27 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 1ec38406a..fada16d99 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -3,3 +3,7 @@ Changes since 1.4.8 1) Replace "Static NAT" with "One-to-one NAT". 2) Change SMB common rules to DROP. + +3) Change wording in release notes. + +4) Move ip_forward handling to a function. diff --git a/Shorewall/firewall b/Shorewall/firewall index 482d17f68..6132b9adc 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1027,6 +1027,22 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo log_rule_limit $level $chain $disposition "$LOGLIMIT" $@ } +# +# Set /proc/sys/net/ipv4/ip_forward based on $IP_FORWARDING +# +setup_forwarding() { + case "$IP_FORWARDING" in + [Oo][Nn]) + echo 1 > /proc/sys/net/ipv4/ip_forward + echo "IP Forwarding Enabled" + ;; + [Oo][Ff][Ff]) + echo 0 > /proc/sys/net/ipv4/ip_forward + echo "IP Forwarding Disabled!" + ;; + esac +} + # # Stop the Firewall # @@ -1118,14 +1134,7 @@ stop_firewall() { iptables -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT done - case "$IP_FORWARDING" in - [Oo][Nn]) - echo 1 > /proc/sys/net/ipv4/ip_forward - ;; - [Oo][Ff][Ff]) - echo 0 > /proc/sys/net/ipv4/ip_forward - ;; - esac + setup_forwarding run_user_exit stopped @@ -4235,19 +4244,8 @@ add_common_rules() { [ -n "$ROUTE_FILTER" ] && echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter run_ip route flush cache fi - # - # IP Forwarding - # - case "$IP_FORWARDING" in - [Oo][Nn]) - echo 1 > /proc/sys/net/ipv4/ip_forward - echo "IP Forwarding Enabled" - ;; - [Oo][Ff][Ff]) - echo 0 > /proc/sys/net/ipv4/ip_forward - echo "IP Forwarding Disabled!" - ;; - esac + + setup_forwarding } # @@ -4473,6 +4471,7 @@ activate_rules() run_iptables -D $chain -m state --state ESTABLISHED,RELATED -j ACCEPT run_iptables -D $chain -p udp --dport 53 -j ACCEPT done + } # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index d1ec08d83..42e774c0d 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -2,10 +2,10 @@ This is a minor release of Shorewall. Problems Corrected since version 1.4.8: -1) There has been a low level of confusion over the terms "Source NAT" (SNAT) - and "Static NAT". To avoid future confusion, all instances of "Static - NAT" have been replaced with "One-to-one NAT" in the documentation and - configuration files. +1) There has been a low continuing level of confusion over the terms + "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all + instances of "Static NAT" have been replaced with "One-to-one NAT" + in the documentation and configuration files. Migration Issues: @@ -14,9 +14,9 @@ None. New Features: 1) To cut down on the number of "Why are these ports closed rather than - sealthed?" questions, the SMB-related rules in + stealthed?" questions, the SMB-related rules in /etc/shorewall/common.def have been changed from 'reject' to 'DROP'. - +