holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix nat logging rules

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-07-06 20:42:43 +00:00
parent 2b3606dd25
commit f3ffda3c4a
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
LrpN/usr/share/shorewall/firewall
View File

@ -1046,15 +1046,6 @@ find_interface_address() # $1 = interface
echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//' echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//'
} }
#
# Find interface addresses--returns the set of addresses assigned to the passed
# device
#
find_interface_addresses() # $1 = interface
{
ip -f inet addr show $1 | grep inet | sed 's/inet //;s/\/.*//;s/ peer.*//'
}
# #
# Find interfaces that have the passed option specified # Find interfaces that have the passed option specified
# #
@ -2775,7 +2766,7 @@ createactionchain() # $1 = chain name
process_actions1() { process_actions1() {
ACTIONS="dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn dLogNotSyn" ACTIONS="dropBcast dropNonSyn dropNotSyn rejNotSyn logNotSyn rLogNotSyn dLogNotSyn dropInvalid"
USEDACTIONS= USEDACTIONS=
strip_file actions strip_file actions
@ -2949,6 +2940,9 @@ process_actions2() {
dLogNotSyn) dLogNotSyn)
log_action dLogNotSyn DROP log_action dLogNotSyn DROP
;; ;;
dropInvalid)
[ "COMMAND" != check ] && run_iptables -A dropInvalid -m state --state INVALID -j DROP
;;
*) *)
f=action.$xaction f=action.$xaction
fn=$(find_file $f) fn=$(find_file $f)
@ -3068,7 +3062,7 @@ add_nat_rule() {
else else
for adr in $(separate_list $addr); do for adr in $(separate_list $addr); do
if [ -n "$loglevel" ]; then if [ -n "$loglevel" ]; then
log_rule_limit $loglevel $OUTPUT $logtarget "$ratelimit" "$logtag" -t nat \ log_rule_limit $loglevel OUTPUT $logtarget "$ratelimit" "$logtag" -t nat \
$(fix_bang $proto $cli $sports $userandgroup -d $adr $multiport $dports) $(fix_bang $proto $cli $sports $userandgroup -d $adr $multiport $dports)
fi fi
@ -3099,7 +3093,7 @@ add_nat_rule() {
done done
if [ -n "$loglevel" ]; then if [ -n "$loglevel" ]; then
log_rule_limit $loglevel $chain $logtarget "$ratelimit" -t nat log_rule_limit $loglevel $chain $logtarget "$ratelimit" "$logtag" -t nat
fi fi
addnatrule $chain $ratelimit $proto -j $target1 # Protocol is necessary for port redirection addnatrule $chain $ratelimit $proto -j $target1 # Protocol is necessary for port redirection