forked from extern/shorewall_code
Fix adding addresses to P-T-P devices
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@683 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
3d9d913b4b
commit
b2729de062
@ -14,3 +14,5 @@ Changes since 1.4.6
|
|||||||
6) Don't allow 'stop' when startup is disabled
|
6) Don't allow 'stop' when startup is disabled
|
||||||
|
|
||||||
7) Added ADMINISABSENTMINDED option.
|
7) Added ADMINISABSENTMINDED option.
|
||||||
|
|
||||||
|
8) Fixed adding addresses to ppp interfaces.
|
||||||
|
@ -3246,10 +3246,14 @@ add_ip_aliases()
|
|||||||
# Get all of the lines that contain inet addresses
|
# Get all of the lines that contain inet addresses
|
||||||
#
|
#
|
||||||
ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do
|
ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do
|
||||||
|
case $cidr in
|
||||||
|
*/*)
|
||||||
if in_subnet $external $cidr; then
|
if in_subnet $external $cidr; then
|
||||||
echo "/${cidr#*/} brd `broadcastaddress $cidr`"
|
echo "/${cidr#*/} brd `broadcastaddress $cidr`"
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#
|
\#
|
||||||
# Shorewall 1.4 - Masquerade file
|
# Shorewall 1.4 - Masquerade file
|
||||||
#
|
#
|
||||||
# /etc/shorewall/masq
|
# /etc/shorewall/masq
|
||||||
|
@ -9,6 +9,19 @@ Problems Corrected since version 1.4.6:
|
|||||||
tcrules file. Previously, these addresses resulted in an invalid
|
tcrules file. Previously, these addresses resulted in an invalid
|
||||||
iptables command.
|
iptables command.
|
||||||
|
|
||||||
|
3) The "shorewall stop" command is now disabled when
|
||||||
|
/etc/shorewall/startup_disabled exists. This prevents people from
|
||||||
|
shooting themselves in the foot prior to having configured
|
||||||
|
Shorewall.
|
||||||
|
|
||||||
|
4) A change introduced in version 1.4.6 caused error messages during
|
||||||
|
"shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were
|
||||||
|
being added to a PPP interface; the addresses were successfully
|
||||||
|
added in spite of the messages.
|
||||||
|
|
||||||
|
The firewall script has been modified to eliminate the error
|
||||||
|
messages.
|
||||||
|
|
||||||
Migration Issues:
|
Migration Issues:
|
||||||
|
|
||||||
1) Once you have installed this version of Shorewall, you must
|
1) Once you have installed this version of Shorewall, you must
|
||||||
@ -34,19 +47,17 @@ New Features:
|
|||||||
2) Thanks to Steve Herber, the help command can now give
|
2) Thanks to Steve Herber, the help command can now give
|
||||||
command-specific help.
|
command-specific help.
|
||||||
|
|
||||||
3) The "shorewall stop" command is now disabled when
|
3) A new option "ADMINISABSENTMINDED" has been added to
|
||||||
/etc/shorewall/startup_disabled exists. This prevents people from
|
|
||||||
shooting themselves in the foot prior to having configured
|
|
||||||
Shorewall.
|
|
||||||
|
|
||||||
4) A new option "ADMINISABSENTMINDED" has been added to
|
|
||||||
/etc/shorewall/shorewall.conf. This option has a default value of
|
/etc/shorewall/shorewall.conf. This option has a default value of
|
||||||
"No" in which case Shorewall's 'stopped' state continues as it has
|
"No" for existing Shorewall users who are upgrading to this release.
|
||||||
|
With this setting, Shorewall's 'stopped' state continues as it has
|
||||||
been; namely, in the stopped state only traffic to/from hosts listed
|
been; namely, in the stopped state only traffic to/from hosts listed
|
||||||
in /etc/shorewall/routestopped is accepted.
|
in /etc/shorewall/routestopped is accepted.
|
||||||
|
|
||||||
With ADMINISABSENTMINDED=Yes, in addition to traffic to/from the
|
The default for new users installing Shorewall for the first time is
|
||||||
hosts listed in /etc/shorewall/routestopped, Shorewall will allow:
|
ADMINISABSENTMINDED=Yes.With that setting, in addition to traffic
|
||||||
|
to/from the hosts listed in /etc/shorewall/routestopped, Shorewall
|
||||||
|
will allow:
|
||||||
|
|
||||||
a) All traffic originating from the firewall itself; and
|
a) All traffic originating from the firewall itself; and
|
||||||
b) All traffic that is part of or related to an already-existing
|
b) All traffic that is part of or related to an already-existing
|
||||||
@ -75,5 +86,3 @@ New Features:
|
|||||||
stop". As part of stopping, Shorewall removes eth0:0 which kills my
|
stop". As part of stopping, Shorewall removes eth0:0 which kills my
|
||||||
SSH connection to 192.168.1.5!!!
|
SSH connection to 192.168.1.5!!!
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user