holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Document tos file changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5687 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-25 19:43:33 +00:00
parent 307e82a2f4
commit eff828015c
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
New/Shorewall/Rules.pm
View File

@ -88,7 +88,10 @@ sub process_tos() {
$restriction = OUTPUT_RESTRICT; $restriction = OUTPUT_RESTRICT;
} else { } else {
$chainref = $pretosref; $chainref = $pretosref;
$src =~ s/^all://;
} }
dst =~ s/^all://;
expand_rule expand_rule
$chainref , $chainref ,
@ -104,8 +107,6 @@ sub process_tos() {
} }
close TOS; close TOS;
$comment = '';
} }
} }
@ -784,12 +785,6 @@ sub process_rule1 ( $$$$$$$$$ ) {
my $rule = ''; my $rule = '';
my $actionchainref; my $actionchainref;
$ports = '' unless defined $ports;
$sports = '' unless defined $sports;
$origdest = '' unless defined $origdest;
$ratelimit = '' unless defined $ratelimit;
$user = '' unless defined $user;
# #
# Determine the validity of the action # Determine the validity of the action
# #
@ -863,6 +858,14 @@ sub process_rule1 ( $$$$$$$$$ ) {
fatal_error "Unknown source zone ($sourcezone) in rule \"$line\"" unless $zones{$sourcezone}; fatal_error "Unknown source zone ($sourcezone) in rule \"$line\"" unless $zones{$sourcezone};
fatal_error "Unknown destination zone ($destzone) in rule \"$line\"" unless $zones{$destzone}; fatal_error "Unknown destination zone ($destzone) in rule \"$line\"" unless $zones{$destzone};
my $restriction = NO_RESTRICT;
if ( $sourcezone eq $firewall_zone ) {
$restriction = $destzone eq $firewall_zone ? ALL_RESTRICT : OUTPUT_RESTRICT;
} else {
$restriction = INPUT_RESTRICT if $destzone eq $firewall_zone;
}
# #
# Take care of chain # Take care of chain
# #
@ -996,7 +999,7 @@ sub process_rule1 ( $$$$$$$$$ ) {
expand_rule expand_rule
ensure_chain ('filter', $chain ) , ensure_chain ('filter', $chain ) ,
NO_RESTRICT , $restriction ,
$rule , $rule ,
$source , $source ,
$dest , $dest ,

14
New/releasenotes.txt
View File

@ -73,7 +73,19 @@ f) Some run-time extension scripts are no longer supported because they
refresh refresh
refreshed refreshed
g) Currently, support for ipsets is untested. That will change with g) The /etc/shorewall/tos file now has a format similar to the tcrules.
The SOURCE column may be one of the following:
[all:]<address>[,...]
[all:]<interface>[:<address>[,...]]
$FW[:<address>[,...]]
The DEST column may be one of the following:
[all:]<address>[,...]
[all:]<interface>[:<address>[,...]]
h) Currently, support for ipsets is untested. That will change with
future releases but one thing is certain -- Shorewall is now out of the future releases but one thing is certain -- Shorewall is now out of the
ipset load/reload business. If the Netfilter ruleset is never cleared, ipset load/reload business. If the Netfilter ruleset is never cleared,
then there is no opportunity for Shorewall to load/reload your then there is no opportunity for Shorewall to load/reload your