holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch '4.4.23'

Browse Source
This commit is contained in:
Tom Eastep 2011-09-05 17:25:03 -07:00
commit b19a6f0bfd
5 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -554,9 +554,11 @@ sub add_common_rules() {
if ( @filters ) { if ( @filters ) {
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters; add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
$interfaceref->{options}{use_forward_chain} = 1;
} elsif ( $interfaceref->{bridge} eq $interface ) { } elsif ( $interfaceref->{bridge} eq $interface ) {
add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++ add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+'; unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
$interfaceref->{options}{use_forward_chain} = 1;
} }
add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT}; add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT};
@ -566,6 +568,7 @@ sub add_common_rules() {
if ( @filters ) { if ( @filters ) {
add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters; add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
$interfaceref->{options}{use_input_chain} = 1;
} }
add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT}; add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT};

3
Shorewall/Perl/prog.header6
View File

@ -822,6 +822,9 @@ debug_restore_input() {
'*'raw) '*'raw)
table=raw table=raw
;; ;;
'*'rawpost)
table=rawpost
;;
'*'mangle) '*'mangle)
table=mangle table=mangle
;; ;;

4
Shorewall/lib.common
View File

@ -294,7 +294,7 @@ reload_kernel_modules() {
uname=$(uname -r) && \ uname=$(uname -r) && \
MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
MODULES=$(lsmod | cut -d ' ' -f1) [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
for directory in $(split $MODULESDIR); do for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory" [ -d $directory ] && moduledirectories="$moduledirectories $directory"
@ -340,7 +340,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
[ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
if [ -f $modules -a -n "$moduledirectories" ]; then if [ -f $modules -a -n "$moduledirectories" ]; then
MODULES=$(lsmod | cut -d ' ' -f1) [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
progress_message "Loading Modules..." progress_message "Loading Modules..."
. $modules . $modules
if [ $savemoduleinfo = Yes ]; then if [ $savemoduleinfo = Yes ]; then

4
Shorewall6/lib.common
View File

@ -312,7 +312,7 @@ reload_kernel_modules() {
[ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ] [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched
MODULES=$(lsmod | cut -d ' ' -f1) [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
for directory in $(split $MODULESDIR); do for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory" [ -d $directory ] && moduledirectories="$moduledirectories $directory"
@ -356,7 +356,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
[ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
if [ -f $modules -a -n "$moduledirectories" ]; then if [ -f $modules -a -n "$moduledirectories" ]; then
MODULES=$(lsmod | cut -d ' ' -f1) [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
progress_message "Loading Modules..." progress_message "Loading Modules..."
. $modules . $modules
if [ $savemoduleinfo = Yes ]; then if [ $savemoduleinfo = Yes ]; then

4
docs/FAQ.xml
View File

@ -1596,7 +1596,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>filter</term> <term>sfilter</term>
<listitem> <listitem>
<para>On systems running Shorewall 4.4.20 or later, either the <para>On systems running Shorewall 4.4.20 or later, either the
@ -1604,7 +1604,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
url="manpages/shorewall-interfaces.html">interface option</ulink> url="manpages/shorewall-interfaces.html">interface option</ulink>
or it is being routed out of the same interface on which it or it is being routed out of the same interface on which it
arrived and the interface does not have the arrived and the interface does not have the
<option>routeback</option> <ulink <option>routeback</option> or <option>routefilter</option> <ulink
url="manpages/shorewall-interfaces.html">interface url="manpages/shorewall-interfaces.html">interface
option</ulink>.</para> option</ulink>.</para>
</listitem> </listitem>