holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct the handling of tcp-reset

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-03-07 10:33:51 -08:00
parent 2fb1f9db01
commit bdf0950317
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -372,6 +372,7 @@ sub initialize( $ ) {
'icmp-host-prohibited' => 1,
'icmp-admin-prohibited' => 1,
'icmp-tcp-reset' => 2,
'tcp-reset' => 2,
);
} else {
@ -2917,6 +2918,8 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# tcp-reset
#
fatal_error "tcp-reset may only be used with PROTO tcp" unless ( resolve_proto( $proto ) || 0 ) == TCP;
$exceptionrule = '-p 6 ';
$param = 'tcp-reset';
}
$action = "REJECT --reject-with $param";