Fix adding addresses to P-T-P devices

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@683 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-08-05 15:05:45 +00:00
parent 3d9d913b4b
commit b2729de062
4 changed files with 34 additions and 19 deletions

View File

@ -14,3 +14,5 @@ Changes since 1.4.6
6) Don't allow 'stop' when startup is disabled 6) Don't allow 'stop' when startup is disabled
7) Added ADMINISABSENTMINDED option. 7) Added ADMINISABSENTMINDED option.
8) Fixed adding addresses to ppp interfaces.

View File

@ -3246,10 +3246,14 @@ add_ip_aliases()
# Get all of the lines that contain inet addresses # Get all of the lines that contain inet addresses
# #
ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do
if in_subnet $external $cidr; then case $cidr in
echo "/${cidr#*/} brd `broadcastaddress $cidr`" */*)
break if in_subnet $external $cidr; then
fi echo "/${cidr#*/} brd `broadcastaddress $cidr`"
break
fi
;;
esac
done done
} }

View File

@ -1,4 +1,4 @@
# \#
# Shorewall 1.4 - Masquerade file # Shorewall 1.4 - Masquerade file
# #
# /etc/shorewall/masq # /etc/shorewall/masq

View File

@ -9,6 +9,19 @@ Problems Corrected since version 1.4.6:
tcrules file. Previously, these addresses resulted in an invalid tcrules file. Previously, these addresses resulted in an invalid
iptables command. iptables command.
3) The "shorewall stop" command is now disabled when
/etc/shorewall/startup_disabled exists. This prevents people from
shooting themselves in the foot prior to having configured
Shorewall.
4) A change introduced in version 1.4.6 caused error messages during
"shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were
being added to a PPP interface; the addresses were successfully
added in spite of the messages.
The firewall script has been modified to eliminate the error
messages.
Migration Issues: Migration Issues:
1) Once you have installed this version of Shorewall, you must 1) Once you have installed this version of Shorewall, you must
@ -34,23 +47,21 @@ New Features:
2) Thanks to Steve Herber, the help command can now give 2) Thanks to Steve Herber, the help command can now give
command-specific help. command-specific help.
3) The "shorewall stop" command is now disabled when 3) A new option "ADMINISABSENTMINDED" has been added to
/etc/shorewall/startup_disabled exists. This prevents people from
shooting themselves in the foot prior to having configured
Shorewall.
4) A new option "ADMINISABSENTMINDED" has been added to
/etc/shorewall/shorewall.conf. This option has a default value of /etc/shorewall/shorewall.conf. This option has a default value of
"No" in which case Shorewall's 'stopped' state continues as it has "No" for existing Shorewall users who are upgrading to this release.
With this setting, Shorewall's 'stopped' state continues as it has
been; namely, in the stopped state only traffic to/from hosts listed been; namely, in the stopped state only traffic to/from hosts listed
in /etc/shorewall/routestopped is accepted. in /etc/shorewall/routestopped is accepted.
With ADMINISABSENTMINDED=Yes, in addition to traffic to/from the The default for new users installing Shorewall for the first time is
hosts listed in /etc/shorewall/routestopped, Shorewall will allow: ADMINISABSENTMINDED=Yes.With that setting, in addition to traffic
to/from the hosts listed in /etc/shorewall/routestopped, Shorewall
will allow:
a) All traffic originating from the firewall itself; and a) All traffic originating from the firewall itself; and
b) All traffic that is part of or related to an already-existing b) All traffic that is part of or related to an already-existing
connection. connection.
In particular, with ADMINISABSENTMINDED=Yes, a "shorewall stop" In particular, with ADMINISABSENTMINDED=Yes, a "shorewall stop"
entered through an ssh session will not kill the session. entered through an ssh session will not kill the session.
@ -75,5 +86,3 @@ New Features:
stop". As part of stopping, Shorewall removes eth0:0 which kills my stop". As part of stopping, Shorewall removes eth0:0 which kills my
SSH connection to 192.168.1.5!!! SSH connection to 192.168.1.5!!!