holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow <zone>::<serverport> in the rules file DEST column

Browse Source
This commit is contained in:
Tom Eastep 2009-11-23 09:56:15 -08:00
parent 2eaf396f5a
commit b30cae89e3
3 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1238,9 +1238,9 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
} }
} }
} else { } else {
fatal_error "A server must be specified in the DEST column in $action rules" if $server eq ''; if ( $server eq '' ) {
fatal_error "A server and/or port must be specified in the DEST column in $action rules" unless $serverport;
if ( $server =~ /^(.+)-(.+)$/ ) { } elsif ( $server =~ /^(.+)-(.+)$/ ) {
validate_range( $1, $2 ); validate_range( $1, $2 );
} else { } else {
my @servers = validate_address $server, 1; my @servers = validate_address $server, 1;
@ -1249,9 +1249,13 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
if ( $action eq 'DNAT' ) { if ( $action eq 'DNAT' ) {
$target = '-j DNAT '; $target = '-j DNAT ';
$serverport = ":$serverport" if $serverport; if ( $server ) {
for my $serv ( split /,/, $server ) { $serverport = ":$serverport" if $serverport;
$target .= "--to-destination ${serv}${serverport} "; for my $serv ( split /,/, $server ) {
$target .= "--to-destination ${serv}${serverport} ";
}
} else {
$target .= "--to-destination :$serverport ";
} }
} }

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in Shorewall 4.4.5
3) Generate error for port number 0 3) Generate error for port number 0
4) Allow zone::serverport in rules DEST column.
Changes in Shorewall 4.4.4 Changes in Shorewall 4.4.4
1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf. 1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.

14
Shorewall/releasenotes.txt
View File

@ -201,7 +201,19 @@ None.
N E W F E A T U R E S I N 4 . 4 . 5 N E W F E A T U R E S I N 4 . 4 . 5
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
None. 1) Shorewall now allows DNAT rules that change only the destination
port.
Example:
DNAT loc net::456 udp 234
That rule will modify the destination port in UDP packets received
from the 'loc' zone from 456 to 234. Note that if the destination
is the firewall itself, then the destination port will be rewritten
but that no ACCEPT rule from the loc zone to the $FW zone will have
been created to handle the request. So such rules should probably
exclude the firewall's IP addresses in the ORIGINAL DEST column.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0 N E W F E A T U R E S I N 4 . 4 . 0