holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2016-09-20 08:47:07 -07:00
commit d854185c56
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
4 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3400,7 +3400,7 @@ sub embedded_shell( $ ) {
sub embedded_perl( $ ) { sub embedded_perl( $ ) {
my $multiline = shift; my $multiline = shift;
my ( $command , $linenumber ) = ( qq(package Shorewall::User;\nno strict;\n# line $currentlinenumber "$currentfilename"\n$currentline), $currentlinenumber ); my ( $command , $linenumber ) = ( qq(package Shorewall::User;\nno strict;\nuse Shorewall::Config (qw/shorewall/);\n# line $currentlinenumber "$currentfilename"\n$currentline), $currentlinenumber );
$directive_callback->( 'PERL', $currentline ) if $directive_callback; $directive_callback->( 'PERL', $currentline ) if $directive_callback;
@ -3853,7 +3853,7 @@ sub process_shorewallrc( $$ ) {
$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product"; $shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product";
} }
} elsif ( supplied $shorewallrc{VARLIB} ) { } elsif ( supplied $shorewallrc{VARLIB} ) {
$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product" unless supplied $shorewallrc{VARDIR}; $shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product";
} }
} }

23
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -628,15 +628,15 @@ sub handle_nfqueue( $$ ) {
# #
# Process an entry in the policy file. # Process an entry in the policy file.
# #
sub process_a_policy1($$$$$$) { sub process_a_policy1($$$$$$$) {
our %validpolicies; our %validpolicies;
our @zonelist; our @zonelist;
my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit ) = @_; my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit, $intrazone ) = @_;
my $clientwild = ( "\L$client" =~ /^all(\+)?$/ ); my $clientwild = ( "\L$client" =~ /^all(\+)?$/ );
my $intrazone = $clientwild && $1; $intrazone = $clientwild && $1;
fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client ); fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
@ -761,13 +761,24 @@ sub process_a_policy() {
$synparams = '' if $synparams eq '-'; $synparams = '' if $synparams eq '-';
$connlimit = '' if $connlimit eq '-'; $connlimit = '' if $connlimit eq '-';
my $intrazone;
if ( $intrazone = $clients =~ /.*,.*\+$/) {
$clients =~ s/\+$//;
}
if ( $servers =~ /.*,.*\+$/ ) {
$servers =~ s/\+$//;
$intrazone = 1;
}
fatal_error 'SOURCE must be specified' if $clients eq '-'; fatal_error 'SOURCE must be specified' if $clients eq '-';
fatal_error 'DEST must be specified' if $servers eq '-'; fatal_error 'DEST must be specified' if $servers eq '-';
fatal_error 'POLICY must be specified' if $policy eq '-'; fatal_error 'POLICY must be specified' if $policy eq '-';
for my $client ( split_list( $clients, 'zone' ) ) { for my $client ( split_list( $clients, 'zone' ) ) {
for my $server ( split_list( $servers, 'zone' ) ) { for my $server ( split_list( $servers, 'zone' ) ) {
process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit ); process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit, $intrazone );
} }
} }
} }
@ -4185,8 +4196,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
}, },
CHECKSUM => { CHECKSUM => {
defaultchain => 0, defaultchain => POSTROUTING,
allowedchains => ALLCHAINS, allowedchains => POSTROUTING | FORWARD | OUTPUT,
minparams => 0, minparams => 0,
maxparams => 0 , maxparams => 0 ,
function => sub() { function => sub() {

14
Shorewall/manpages/shorewall-policy.xml
View File

@ -61,7 +61,7 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">SOURCE</emphasis> - <term><emphasis role="bold">SOURCE</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis <emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term> role="bold">all+</emphasis></term>
@ -76,13 +76,16 @@
does.</para> does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed <para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para> separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">DEST</emphasis> - <term><emphasis role="bold">DEST</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis <emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term> role="bold">all+</emphasis></term>
@ -100,7 +103,10 @@
does.</para> does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed <para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para> separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

14
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -61,7 +61,7 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis role="bold">SOURCE</emphasis> - <term><emphasis role="bold">SOURCE</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis <emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term> role="bold">all+</emphasis></term>
@ -76,13 +76,16 @@
does.</para> does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed <para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para> separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">DEST</emphasis> - <term><emphasis role="bold">DEST</emphasis> -
<emphasis>zone</emphasis>[,...]|<emphasis <emphasis>zone</emphasis>[,...[+]]|<emphasis
role="bold">$FW</emphasis>|<emphasis role="bold">$FW</emphasis>|<emphasis
role="bold">all</emphasis>|<emphasis role="bold">all</emphasis>|<emphasis
role="bold">all+</emphasis></term> role="bold">all+</emphasis></term>
@ -100,7 +103,10 @@
does.</para> does.</para>
<para>Beginning with Shorewall 5.0.12, multiple zones may be listed <para>Beginning with Shorewall 5.0.12, multiple zones may be listed
separated by commas.</para> separated by commas. As above, if '+' is specified after two or more
zone names, then the policy overrides the implicit intra-zone ACCEPT
policy if the same <replaceable>zone</replaceable> appears in both
the SOURCE and DEST columns.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>