forked from extern/shorewall_code
Move more 4.2 changes to trunk
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9218 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
53bd365b46
commit
f404b45b8f
@ -782,13 +782,12 @@ sub generate_script_3($) {
|
|||||||
|
|
||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
emit<<'EOF';
|
emit( 'setup_routing_and_traffic_shaping',
|
||||||
setup_routing_and_traffic_shaping
|
'',
|
||||||
|
'if [ $COMMAND = restore ]; then',
|
||||||
|
' iptables_save_file=${VARDIR}/$(basename $0)-iptables',
|
||||||
|
' if [ -f $iptables_save_file ]; then' );
|
||||||
|
|
||||||
if [ $COMMAND = restore ]; then
|
|
||||||
iptables_save_file=${VARDIR}/$(basename $0)-iptables
|
|
||||||
if [ -f $iptables_save_file ]; then
|
|
||||||
EOF
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
emit ' cat $iptables_save_file | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
|
emit ' cat $iptables_save_file | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
|
||||||
} else {
|
} else {
|
||||||
|
@ -347,10 +347,10 @@ sub setup_blacklist() {
|
|||||||
my $policy = $capabilities{POLICY_MATCH} ? "-m policy --pol $ipsec --dir in " : '';
|
my $policy = $capabilities{POLICY_MATCH} ? "-m policy --pol $ipsec --dir in " : '';
|
||||||
my $network = $hostref->[2];
|
my $network = $hostref->[2];
|
||||||
my $source = match_source_net $network;
|
my $source = match_source_net $network;
|
||||||
my $target = source_exclusion( $hostref->[3], 'blacklst' );
|
my $target = source_exclusion( $hostref->[3], $chainref );
|
||||||
|
|
||||||
for my $chain ( first_chains $interface ) {
|
for my $chain ( first_chains $interface ) {
|
||||||
add_rule $filter_table->{$chain} , "${source}${state}${policy}-j $target";
|
add_jump $filter_table->{$chain} , $chainref, 0, "${source}${state}${policy}";
|
||||||
}
|
}
|
||||||
|
|
||||||
set_interface_option $interface, 'use_input_chain', 1;
|
set_interface_option $interface, 'use_input_chain', 1;
|
||||||
@ -1759,7 +1759,7 @@ sub generate_matrix() {
|
|||||||
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
|
add_jump( $outputref , $nextchain, 0, join('', $interfacematch, '-d 255.255.255.255 ' , $ipsec_out_match ) )
|
||||||
if $hostref->{options}{broadcast};
|
if $hostref->{options}{broadcast};
|
||||||
|
|
||||||
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$nextchain} ) unless use_output_chain $interface;
|
move_rules( $filter_table->{output_chain $interface} , $filter_table->{$chain1} ) unless use_output_chain $interface;
|
||||||
}
|
}
|
||||||
|
|
||||||
clearrule;
|
clearrule;
|
||||||
@ -1792,11 +1792,8 @@ sub generate_matrix() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $chain2 ) {
|
if ( $chain2 ) {
|
||||||
my $nextchain = source_exclusion( $exclusions, $chain2 );
|
add_jump $inputchainref, source_exclusion( $exclusions, $chain2 ), 0, join( '', $interfacematch, $source, $ipsec_in_match );
|
||||||
|
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$chain2} ) unless use_input_chain $interface;
|
||||||
add_jump $inputchainref, $nextchain, 0, join( '', $interfacematch, $source, $ipsec_in_match );
|
|
||||||
|
|
||||||
move_rules( $filter_table->{input_chain $interface} , $filter_table->{$nextchain} ) unless use_input_chain $interface;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {
|
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user