From 5211b32aa6e4794045c3a26a6c6bdddabdbd78e3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 25 May 2012 07:05:38 -0700 Subject: [PATCH 1/4] Remove quotes from GEOIPDIR setting Signed-off-by: Tom Eastep --- Shorewall/Samples/Universal/shorewall.conf | 2 +- Shorewall/Samples/one-interface/shorewall.conf | 2 +- Shorewall/Samples/three-interfaces/shorewall.conf | 2 +- Shorewall/Samples/two-interfaces/shorewall.conf | 2 +- Shorewall/configfiles/shorewall.conf | 2 +- Shorewall6/Samples6/Universal/shorewall6.conf | 2 +- Shorewall6/Samples6/one-interface/shorewall6.conf | 2 +- Shorewall6/Samples6/three-interfaces/shorewall6.conf | 2 +- Shorewall6/Samples6/two-interfaces/shorewall6.conf | 2 +- Shorewall6/configfiles/shorewall6.conf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index 6ac918148..8715d5df3 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -55,7 +55,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 75b749177..bb0e7256d 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -66,7 +66,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index 565236e23..468020e17 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -64,7 +64,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 9558b8bf7..a1912ffe7 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -67,7 +67,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 4a01620c6..d2781a307 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -55,7 +55,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index ae9294c87..1314cef8f 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -54,7 +54,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IP6TABLES= diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index fc5183a81..fef70cc79 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -54,7 +54,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IP6TABLES= diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 21a7d58c5..699c9df93 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -54,7 +54,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IP6TABLES= diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index d66a66828..7ac5e0dea 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -54,7 +54,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IP6TABLES= diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 58d345ec3..c5e2231d3 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -54,7 +54,7 @@ TCP_FLAGS_LOG_LEVEL=info CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall" -GEOIPDIR="/usr/share/xt_geoip/LE" +GEOIPDIR=/usr/share/xt_geoip/LE IP6TABLES= From 3a5875dc732e9fcc9e82bc0048b3144eacbd8c88 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 25 May 2012 07:07:14 -0700 Subject: [PATCH 2/4] Add MSSQL Macro Signed-off-by: Tom Eastep --- Shorewall/Macros/macro.MSSQL | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 Shorewall/Macros/macro.MSSQL diff --git a/Shorewall/Macros/macro.MSSQL b/Shorewall/Macros/macro.MSSQL new file mode 100644 index 000000000..708b18a5d --- /dev/null +++ b/Shorewall/Macros/macro.MSSQL @@ -0,0 +1,11 @@ +# +# Shorewall version 4 - MSSQL Macro +# +# /usr/share/shorewall/macro.MSSQL +# +# This macro handles MSSQL (Microsoft SQL Server) +# +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT(S) PORT(S) LIMIT GROUP +PARAM - - tcp 1433 From db50454afc20ac96909833c5f68314d35565ea06 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 25 May 2012 15:41:55 -0700 Subject: [PATCH 3/4] Complete removal of optimize level 4 when level 4 is set. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 9d9ceb6b1..cdecf6eca 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1688,7 +1688,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) { my ( $action, $loglevel) = split_action $target; my ( $basictarget, $param ) = get_target_param $action; my $rule = ''; - my $optimize = $wildcard ? ( $basictarget =~ /!$/ ? 0 : $config{OPTIMIZE} & 1 ) : 0; + my $optimize = $wildcard ? ( $basictarget =~ /!$/ ? 0 : $config{OPTIMIZE} & 5 ) : 0; my $inaction = ''; my $normalized_target; my $normalized_action; @@ -1953,7 +1953,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) { # # Handle Optimization # - if ( $optimize > 0 && $section eq 'NEW' ) { + if ( $optimize == 1 && $section eq 'NEW' ) { my $loglevel = $filter_table->{$chainref->{policychain}}{loglevel}; if ( $loglevel ne '' ) { return 0 if $target eq "${policy}:$loglevel}"; From 32e0f154b541242ebed8cd322e52002dadaa6fa9 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 29 May 2012 06:46:40 -0700 Subject: [PATCH 4/4] Correct pptpserver tunnel configuration. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tunnels.pm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tunnels.pm b/Shorewall/Perl/Shorewall/Tunnels.pm index 218bbca61..7fe7e3b72 100644 --- a/Shorewall/Perl/Shorewall/Tunnels.pm +++ b/Shorewall/Perl/Shorewall/Tunnels.pm @@ -2,7 +2,6 @@ # Shorewall 4.4 -- /usr/share/shorewall/Shorewall/Tunnels.pm # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] -# # (c) 2007,2008,2009,2010,2011 - Tom Eastep (teastep@shorewall.net) # # Complete documentation is available at http://shorewall.net @@ -126,9 +125,9 @@ sub setup_tunnels() { sub setup_pptp_server { my ($inchainref, $outchainref, $kind, $source, $dest ) = @_; - add_tunnel_rule $inchainref, p => 47, @$dest; - add_tunnel_rule $outchainref, p => 47, @$source; - add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$dest + add_tunnel_rule $inchainref, p => 47, @$source; + add_tunnel_rule $outchainref, p => 47, @$dest; + add_tunnel_rule $inchainref, p => 'tcp --dport 1723', @$source } sub setup_one_openvpn {