holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix problems reported by Michael Van Damme

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1399 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-06-15 03:41:26 +00:00
parent ed6046a1e9
commit d5d0e7fe85
4 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall2/changelog.txt
View File

@ -29,3 +29,6 @@ Changes since 2.0.2
13) Allow multiple saved configurations. 13) Allow multiple saved configurations.
14) Add %attr spec to /etc/init.d/shorewall in the .spec file. 14) Add %attr spec to /etc/init.d/shorewall in the .spec file.
15) Fix rules that have bridge ports in both SOURCE and DEST. Update
comments in the rules file WRT "all" in SOURCE or DEST.

6
Shorewall2/firewall
View File

@ -3357,7 +3357,7 @@ add_a_rule()
if [ $COMMAND != check ]; then if [ $COMMAND != check ]; then
if [ -n "$loglevel" ]; then if [ -n "$loglevel" ]; then
log_rule_limit $loglevel $chain $logtarget "$ratelimit" "$logtag" $userandgroup \ log_rule_limit $loglevel $chain $logtarget "$ratelimit" "$logtag" $userandgroup \
$(fix_bang $proto $multiport $dest_interface $cli $sports $dports) $(fix_bang $proto $multiport $cli $dest_interface $sports $dports)
fi fi
if [ "$logtarget" != LOG ]; then if [ "$logtarget" != LOG ]; then
@ -3366,8 +3366,8 @@ add_a_rule()
$cli $sports $dports $ratelimit $userandgroup -j RETURN $cli $sports $dports $ratelimit $userandgroup -j RETURN
[ "$logtarget" != NONAT ] && \ [ "$logtarget" != NONAT ] && \
run_iptables2 -A $chain $proto $multiport $dest_interface \ run_iptables2 -A $chain $proto $multiport $cli $dest_interface \
$cli $sports $dports $ratelimit $userandgroup -j $target $sports $dports $ratelimit $userandgroup -j $target
fi fi
fi fi
fi fi

7
Shorewall2/releasenotes.txt
View File

@ -32,6 +32,13 @@ Problems Corrected since 2.0.2
9) The file /etc/init.d/shorewall now gets proper ownership when the 9) The file /etc/init.d/shorewall now gets proper ownership when the
RPM is built by a non-root user. RPM is built by a non-root user.
10) Rules that specify bridge ports in both the SOURCE and DEST
columns no longer cause "shorewall start" to fail.
11) Comments in the rules file have been added to advise users that
"all" in the SOURCE or DEST column does not affect intra-zone
traffic.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3: Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3:

8
Shorewall2/rules
View File

@ -93,6 +93,10 @@
# excluded from the rule by following the zone name with # excluded from the rule by following the zone name with
# "!' and a comma-separated list of sub-zone names. # "!' and a comma-separated list of sub-zone names.
# #
# When "all" is used either in the SOURCE or DEST column
# intra-zone traffic is not affected. You must add
# separate rules to handle that traffic.
#
# Except when "all" is specified, clients may be further # Except when "all" is specified, clients may be further
# restricted to a list of subnets and/or hosts by # restricted to a list of subnets and/or hosts by
# appending ":" and a comma-separated list of subnets # appending ":" and a comma-separated list of subnets
@ -123,6 +127,10 @@
# /etc/shorewall/zones, $FW to indicate the firewall # /etc/shorewall/zones, $FW to indicate the firewall
# itself or "all" # itself or "all"
# #
# When "all" is used either in the SOURCE or DEST column
# intra-zone traffic is not affected. You must add
# separate rules to handle that traffic.
#
# Except when "all" is specified, the server may be # Except when "all" is specified, the server may be
# further restricted to a particular subnet, host or # further restricted to a particular subnet, host or
# interface by appending ":" and the subnet, host or # interface by appending ":" and the subnet, host or