holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use <> rather than [] to delineate addresses

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9036 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-13 20:45:23 +00:00
parent bc15c4dffe
commit dc2e7a9922
4 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Shorewall-common/releasenotes.txt
View File

@ -1,5 +1,19 @@
Shorewall 4.3.3 Shorewall 4.3.3
Notice:
There are two incompatible changes in this release.
1) Rather than square brackets ([]), addresses following an interface
name are now enclosed in angle brackets (<>). This change is made
to avoid confusion in the documentation with the meta characters
'[' and ']'.
2) Only those macros that have different contents in IPv6 are now
included in /usr/share/shorewall6/. As a consequence,
/usr/share/shorewall must be added to your CONFIG_PATH in
/etc/shorewall6/shorewall6.conf.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
R E L E A S E 4 . 3 H I G H L I G H T S R E L E A S E 4 . 3 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -98,10 +112,10 @@ New Features in Shorewall 4.3
f) When both an interface and an address or address list need to f) When both an interface and an address or address list need to
be specified in a rule, the address or list must be enclosed in be specified in a rule, the address or list must be enclosed in
square brackets. Example: angle brackets. Example:
#ACTION SOURCE DEST #ACTION SOURCE DEST
ACCEPT net:eth0:[2001:19f0:feee::dead:beef:cafe] dmz ACCEPT net:eth0:<2001:19f0:feee::dead:beef:cafe> dmz
Note that this includes MAC addresses as well as IPv6 addresses. Note that this includes MAC addresses as well as IPv6 addresses.
@ -109,13 +123,13 @@ New Features in Shorewall 4.3
convention: convention:
#ZONE HOSTS OPTIONS #ZONE HOSTS OPTIONS
chat6 eth0:[2001:19f0:feee::dead:beef:cafe] chat6 eth0:<2001:19f0:feee::dead:beef:cafe>
Even when an interface is not specified, it is permitted to Even when an interface is not specified, it is permitted to
enclose addresses in [] to improve readability. Example: enclose addresses in <> to improve readability. Example:
#ACTION SOURCE DEST #ACTION SOURCE DEST
ACCEPT net:[2001:1::1] $FW ACCEPT net:<2001:1::1> $FW
g) There are currently no Shorewall6 or Shorewall6-lite manpages. g) There are currently no Shorewall6 or Shorewall6-lite manpages.

8
Shorewall-perl/Shorewall/Chains.pm
View File

@ -2008,11 +2008,11 @@ sub expand_rule( $$$$$$$$$$$ )
} else { } else {
$iiface = $source; $iiface = $source;
} }
} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) { } elsif ( $source =~ /^(.+?):<(.+)>\s*$/ ) {
$iiface = $1; $iiface = $1;
$inets = $2; $inets = $2;
} elsif ( $source =~ /:/ ) { } elsif ( $source =~ /:/ ) {
if ( $source =~ /^\[(.+)\]$/ ) { if ( $source =~ /^<(.+)>$/ ) {
$inets = $1; $inets = $1;
} else { } else {
$inets = $source; $inets = $source;
@ -2095,11 +2095,11 @@ sub expand_rule( $$$$$$$$$$$ )
} else { } else {
$diface = $dest; $diface = $dest;
} }
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) { } elsif ( $dest =~ /^(.+?):<(.+)>\s*$/ ) {
$diface = $1; $diface = $1;
$dnets = $2; $dnets = $2;
} elsif ( $dest =~ /:/ ) { } elsif ( $dest =~ /:/ ) {
if ( $dest =~ /^\[(.+)\]$/ ) { if ( $dest =~ /^<(.+)>$/ ) {
$dnets = $1; $dnets = $1;
} else { } else {
$dnets = $dest; $dnets = $dest;

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -128,7 +128,7 @@ sub process_tos() {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); ( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
fatal_error 'Invalid SOURCE' if defined $remainder; fatal_error 'Invalid SOURCE' if defined $remainder;
} elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) { } elsif ( $src =~ /^(.+?):<(.*)>\s*$/ ) {
$srczone = $1; $srczone = $1;
$source = $2; $source = $2;
} else { } else {

2
Shorewall-perl/Shorewall/Zones.pm
View File

@ -1022,7 +1022,7 @@ sub validate_hosts_file()
fatal_error "Invalid HOST(S) column contents: $hosts"; fatal_error "Invalid HOST(S) column contents: $hosts";
} }
} else { } else {
if ( $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]\s*$/ ) { if ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>\s*$/ ) {
$interface = $1; $interface = $1;
$hosts = $2; $hosts = $2;
$zoneref->{options}{complex} = 1 if $hosts =~ /^\+/; $zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;