holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2016-09-20 08:47:07 -07:00
commit d854185c56
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
4 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3400,7 +3400,7 @@ sub embedded_shell( $ ) {
sub embedded_perl( $ ) {
my $multiline = shift;
my ( $command , $linenumber ) = ( qq(package Shorewall::User;\nno strict;\n# line $currentlinenumber "$currentfilename"\n$currentline), $currentlinenumber );
my ( $command , $linenumber ) = ( qq(package Shorewall::User;\nno strict;\nuse Shorewall::Config (qw/shorewall/);\n# line $currentlinenumber "$currentfilename"\n$currentline), $currentlinenumber );
$directive_callback->( 'PERL', $currentline ) if $directive_callback;
@ -3853,7 +3853,7 @@ sub process_shorewallrc( $$ ) {
$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product";
}
} elsif ( supplied $shorewallrc{VARLIB} ) {
$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product" unless supplied $shorewallrc{VARDIR};
$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product";
}
}

23
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -628,15 +628,15 @@ sub handle_nfqueue( $$ ) {
#
# Process an entry in the policy file.
#
sub process_a_policy1($$$$$$) {
sub process_a_policy1($$$$$$$) {
our %validpolicies;
our @zonelist;
my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit ) = @_;
my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit, $intrazone ) = @_;
my $clientwild = ( "\L$client" =~ /^all(\+)?$/ );
my $intrazone = $clientwild && $1;
$intrazone = $clientwild && $1;
fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
@ -761,13 +761,24 @@ sub process_a_policy() {
$synparams = '' if $synparams eq '-';
$connlimit = '' if $connlimit eq '-';
my $intrazone;
if ( $intrazone = $clients =~ /.*,.*\+$/) {
$clients =~ s/\+$//;
}
if ( $servers =~ /.*,.*\+$/ ) {
$servers =~ s/\+$//;
$intrazone = 1;
}
fatal_error 'SOURCE must be specified' if $clients eq '-';
fatal_error 'DEST must be specified' if $servers eq '-';
fatal_error 'POLICY must be specified' if $policy eq '-';
for my $client ( split_list( $clients, 'zone' ) ) {
for my $server ( split_list( $servers, 'zone' ) ) {
process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit );
process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit, $intrazone );
}
}
}
@ -4185,8 +4196,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
},
CHECKSUM => {
defaultchain => 0,
allowedchains => ALLCHAINS,
defaultchain => POSTROUTING,
allowedchains => POSTROUTING | FORWARD | OUTPUT,
minparams => 0,
maxparams => 0 ,
function => sub() {

14
Shorewall/manpages/shorewall-policy.xml
View File

@ -61,7 +61,7 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">SOURCE</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis
<emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term>
@ -76,13 +76,16 @@
does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para>
separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">DEST</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis
<emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term>
@ -100,7 +103,10 @@
does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para>
separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem>
</varlistentry>

14
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -61,7 +61,7 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">SOURCE</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis
<emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term>
@ -76,13 +76,16 @@
does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para>
separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">DEST</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis
<emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term>
@ -100,7 +103,10 @@
does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para>
separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem>
</varlistentry>