Correct REJECT actions in common.def

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@527 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-26 16:11:31 +00:00 · 2003-03-26 16:11:31 +00:00 · e7d83205db
commit e7d83205db
parent b49e944321
4 changed files with 18 additions and 10 deletions
--- a/STABLE/common.def
+++ b/STABLE/common.def
@ -16,10 +16,10 @@ run_iptables -A common -p icmp -j icmpdef
 ############################################################################
 # NETBIOS chatter
 #
-run_iptables -A common -p udp --dport 137:139     -j REJECT
-run_iptables -A common -p udp --dport 445         -j REJECT
-run_iptables -A common -p tcp --dport 139         -j REJECT
-run_iptables -A common -p tcp --dport 445         -j REJECT
+run_iptables -A common -p udp --dport 137:139     -j reject
+run_iptables -A common -p udp --dport 445         -j reject
+run_iptables -A common -p tcp --dport 139         -j reject
+run_iptables -A common -p tcp --dport 445         -j reject
 run_iptables -A common -p tcp --dport 135	  -j reject
 ############################################################################
 # UPnP
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -5,3 +5,5 @@ Changes since 1.4.1

 2. Create an intermediate chain for input from zones defined in terms
   of specific hosts or networks.
+
+3. Fixed common.def to use 'reject' rather than 'REJECT'.
--- a/Shorewall/common.def
+++ b/Shorewall/common.def
@ -16,10 +16,10 @@ run_iptables -A common -p icmp -j icmpdef
 ############################################################################
 # NETBIOS chatter
 #
-run_iptables -A common -p udp --dport 137:139     -j REJECT
-run_iptables -A common -p udp --dport 445         -j REJECT
-run_iptables -A common -p tcp --dport 139         -j REJECT
-run_iptables -A common -p tcp --dport 445         -j REJECT
+run_iptables -A common -p udp --dport 137:139     -j reject
+run_iptables -A common -p udp --dport 445         -j reject
+run_iptables -A common -p tcp --dport 139         -j reject
+run_iptables -A common -p tcp --dport 445         -j reject
 run_iptables -A common -p tcp --dport 135	  -j reject
 ############################################################################
 # UPnP
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -1,8 +1,14 @@
 This is a minor release of Shorewall.

-Changes are:
+Problems Corrected:

-a) Where an entry in the/etc/shorewall/hosts file specifies a
+1) TCP connection requests rejected out of the common chain are now
+   properly rejected with TCP RST; previously, some of these requests
+   were rejeced with an ICMP port-unreachable response.
+
+New Features:
+
+1) Where an entry in the/etc/shorewall/hosts file specifies a
   particular host or network, Shorewall now creates an intermediate
   chain for handling input from the related zone. This can
   substantially reduce the number of rules traversed by connections