holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch '4.4.20'

Browse Source
This commit is contained in:
Tom Eastep 2011-06-02 10:07:03 -07:00
commit c3b56c1e73
5 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1604,8 +1604,10 @@ sub process_secmark_rule() {
O => 'tcout' , ); O => 'tcout' , );
my %state = ( N => 'NEW' , my %state = ( N => 'NEW' ,
NI => 'NEW,INVALID',
E => 'ESTABLISHED' , E => 'ESTABLISHED' ,
ER => 'ESTABLISHED,RELATED' ); ER => 'ESTABLISHED,RELATED',
);
my ( $chain , $state, $rest) = split ':', $chainin , 3; my ( $chain , $state, $rest) = split ':', $chainin , 3;

2
Shorewall/changelog.txt
View File

@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Final
1) Set /proc/sys/net/bridge/bridge_nf_call_ip6?tables. 1) Set /proc/sys/net/bridge/bridge_nf_call_ip6?tables.
2) Add 'NI' STATE in secmarks.
Changes in Shorewall 4.4.20 RC 1 Changes in Shorewall 4.4.20 RC 1
1) Update release documents. 1) Update release documents.

3
Shorewall/releasenotes.txt
View File

@ -253,6 +253,9 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
versions are available in the configfiles directory within the versions are available in the configfiles directory within the
tarball. tarball.
11) The STATE subcolumn of the secmarks file now allow the value 'NI'
which will match packets in either NEW or INVALID state.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

6
manpages/shorewall-secmarks.xml
View File

@ -90,7 +90,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">CHAIN:STATE - <term><emphasis role="bold">CHAIN:STATE -
{P|I|F|O|T}[:{N|E|ER}]</emphasis></term> {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>
<listitem> <listitem>
<para>This column determines the CHAIN where the SElinux context is <para>This column determines the CHAIN where the SElinux context is
@ -109,12 +109,14 @@
</simplelist> </simplelist>
<para>It may be optionally followed by a colon and an indication of <para>It may be optionally followed by a colon and an indication of
the connection state(s) at which the context is to be the Netfilter connection state(s) at which the context is to be
applied:</para> applied:</para>
<simplelist> <simplelist>
<member>:N - NEW connection</member> <member>:N - NEW connection</member>
<member>:NI - NEW or INVALID connection</member>
<member>:E - ESTABLISHED connection</member> <member>:E - ESTABLISHED connection</member>
<member>:ER - ESTABLISHED or RELATED connection</member> <member>:ER - ESTABLISHED or RELATED connection</member>

6
manpages6/shorewall6-secmarks.xml
View File

@ -90,7 +90,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">CHAIN - <term><emphasis role="bold">CHAIN -
{P|I|F|O|T}[:{N|E|ER}]</emphasis></term> {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>
<listitem> <listitem>
<simplelist> <simplelist>
@ -106,12 +106,14 @@
</simplelist> </simplelist>
<para>It may be optionally followed by a colon and an indication of <para>It may be optionally followed by a colon and an indication of
the connection state(s) at which the context is to be the Netfilter connection state(s) at which the context is to be
applied:</para> applied:</para>
<simplelist> <simplelist>
<member>:N - NEW connection</member> <member>:N - NEW connection</member>
<member>:NI - New or INVALID connection</member>
<member>:E - ESTABLISHED connection</member> <member>:E - ESTABLISHED connection</member>
<member>:ER - ESTABLISHED or RELATED connection</member> <member>:ER - ESTABLISHED or RELATED connection</member>