forked from extern/shorewall_code
Fix multiple excluded zones problem
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1182 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d711731678
commit
a469d0d317
@ -56,3 +56,5 @@ Changes since 1.4.10
|
||||
27) Allow backrouting of 'routestopped' devices.
|
||||
|
||||
28) Fix the help file.
|
||||
|
||||
29) Correct handling of !z1,z2,... in a DNAT/REDIRECT rule.
|
||||
|
@ -2661,7 +2661,7 @@ add_nat_rule() {
|
||||
addnatrule $(dnat_chain $source) $cli $proto $multiport $sports $dports -d $adr -j $chain
|
||||
done
|
||||
|
||||
for z in $excludezones; do
|
||||
for z in $(separate_list $excludezones); do
|
||||
eval hosts=\$${z}_hosts
|
||||
for host in $hosts; do
|
||||
addnatrule $chain -s ${host#*:} -j RETURN
|
||||
|
@ -15,6 +15,10 @@ Problems Corrected since 1.4.10
|
||||
4) The 'detectnets' and 'routeback' options may now be used together
|
||||
with the intended effect.
|
||||
|
||||
5) The following syntax previously produced an error:
|
||||
|
||||
DNAT z1!z2,z3 z4...
|
||||
|
||||
Problems Corrected since RC1
|
||||
|
||||
1) After a "shorewall stop", traffic routed back to networks in
|
||||
|
@ -14,7 +14,11 @@
|
||||
# indicate that the rule matches all addresses except the address/subnet
|
||||
# given. Notice that no white space is permitted between "!" and the
|
||||
# address/subnet.
|
||||
#
|
||||
#------------------------------------------------------------------------------
|
||||
# WARNING: If you masquerade or use SNAT from a local system to the internet,
|
||||
# you cannot use an ACCEPT rule to allow traffic from the internet to
|
||||
# that system. You *must* use a DNAT rule instead.
|
||||
#-------------------------------------------------------------------------------#
|
||||
# Columns are:
|
||||
#
|
||||
# ACTION ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT, CONTINUE,
|
||||
|
Loading…
Reference in New Issue
Block a user