holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix an iprange problem with the hosts file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6120 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-25 21:03:40 +00:00
parent 41b02f5029
commit e3f35a632a
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Chains.pm
View File

@ -932,7 +932,7 @@ sub iprange_match() {
require_capability( 'IPRANGE_MATCH' , 'Address Ranges' ); require_capability( 'IPRANGE_MATCH' , 'Address Ranges' );
unless ( $iprangematch ) { unless ( $iprangematch ) {
$match = '-m iprange '; $match = '-m iprange ';
$iprangematch = 1; $iprangematch = 1 unless $capabilities{KLUDGEFREE};
} }
$match; $match;

5
Shorewall-perl/Shorewall/Rules.pm
View File

@ -414,6 +414,7 @@ sub process_routestopped() {
my $dest = match_dest_net $host; my $dest = match_dest_net $host;
emit "run_iptables -A FORWARD -i $interface -o $interface $source $dest -j ACCEPT"; emit "run_iptables -A FORWARD -i $interface -o $interface $source $dest -j ACCEPT";
clearrule;
} }
} }
} elsif ( $option eq 'source' ) { } elsif ( $option eq 'source' ) {
@ -459,6 +460,7 @@ sub process_routestopped() {
my ( $interface1, $h1 ) = split /:/, $host1; my ( $interface1, $h1 ) = split /:/, $host1;
my $dest1 = match_dest_net $h1; my $dest1 = match_dest_net $h1;
emit "\$IPTABLES -A FORWARD -i $interface -o $interface1 $source $dest1 -j ACCEPT"; emit "\$IPTABLES -A FORWARD -i $interface -o $interface1 $source $dest1 -j ACCEPT";
clearrule;
} }
} }
} }
@ -1456,7 +1458,6 @@ sub generate_matrix() {
my $ipsec_in_match = match_ipsec_in $zone , $hostref; my $ipsec_in_match = match_ipsec_in $zone , $hostref;
my $ipsec_out_match = match_ipsec_out $zone , $hostref; my $ipsec_out_match = match_ipsec_out $zone , $hostref;
for my $net ( @{$hostref->{hosts}} ) { for my $net ( @{$hostref->{hosts}} ) {
my $source = match_source_net $net;
my $dest = match_dest_net $net; my $dest = match_dest_net $net;
if ( $chain1 ) { if ( $chain1 ) {
@ -1468,6 +1469,8 @@ sub generate_matrix() {
} }
} }
my $source = match_source_net $net;
insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', "-i $interface ", $source, $ipsec_in_match ); insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', "-i $interface ", $source, $ipsec_in_match );
if ( $chain2 ) { if ( $chain2 ) {