holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix tcrules processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@773 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-10-21 20:26:23 +00:00
parent bb55ad3128
commit f6c8974bda
3 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
STABLE/changelog.txt
View File

@ -11,3 +11,5 @@ Changes since 1.4.7
4) Corrected handling of LOGUNCLEAN. 4) Corrected handling of LOGUNCLEAN.
5) Corrected handling of "complex" zones. 5) Corrected handling of "complex" zones.
6) Fix tcrules processing.

43
STABLE/firewall
View File

@ -1668,9 +1668,10 @@ setup_ecn() # $1 = file name
# #
process_tc_rule() process_tc_rule()
{ {
chain=$marking_chain
add_a_tc_rule() { add_a_tc_rule() {
r= r=
chain=$marking_chain
if [ "x$source" != "x-" ]; then if [ "x$source" != "x-" ]; then
case $source in case $source in
@ -1693,26 +1694,6 @@ process_tc_rule()
esac esac
fi fi
if [ "$mark" != "${mark%:*}" ]; then
[ "$chain" = tcout ] && \
fatal_error "Chain designator not allowed when source is \$FW; rule \"$rule\""
case "${mark#*:}" in
p|P)
chain=tcpre
;;
f|F)
chain=tcfor
;;
*)
fatal_error "Invalid chain designator: (${mark#*:}) in rule \"$rule\""
;;
esac
mark="${mark%:*}"
fi
[ "x$dest" = "x-" ] || r="${r}-d $dest " [ "x$dest" = "x-" ] || r="${r}-d $dest "
[ "$proto" = "all" ] || r="${r}-p $proto " [ "$proto" = "all" ] || r="${r}-p $proto "
[ "x$port" = "x-" ] || r="${r}--dport $port " [ "x$port" = "x-" ] || r="${r}--dport $port "
@ -1722,6 +1703,26 @@ process_tc_rule()
} }
if [ "$mark" != "${mark%:*}" ]; then
[ "$chain" = tcout ] && \
fatal_error "Chain designator not allowed when source is \$FW; rule \"$rule\""
case "${mark#*:}" in
p|P)
chain=tcpre
;;
f|F)
chain=tcfor
;;
*)
fatal_error "Invalid chain designator: (${mark#*:}) in rule \"$rule\""
;;
esac
mark="${mark%:*}"
fi
for source in `separate_list ${sources:=-}`; do for source in `separate_list ${sources:=-}`; do
for dest in `separate_list ${dests:=-}`; do for dest in `separate_list ${dests:=-}`; do
for port in `separate_list ${ports:=-}`; do for port in `separate_list ${ports:=-}`; do

8
STABLE/releasenotes.txt
View File

@ -1,4 +1,4 @@
This is a minor release of Shorewall. This is a bugfix release of Shorewall.
Problems Corrected since version 1.4.6: Problems Corrected since version 1.4.6:
@ -31,7 +31,11 @@ Problems Corrected since version 1.4.6:
defined using the /etc/shorewall/hosts file. It has since been defined using the /etc/shorewall/hosts file. It has since been
discovered that in many cases these new chains contain redundant discovered that in many cases these new chains contain redundant
rules and that the "optimization" turns out to be less than rules and that the "optimization" turns out to be less than
optimal. The implementation has now been corrected. optimal. The implementation has now been corrected.
6) When the MARK value in a tcrules entry is followed by ":F" or ":P",
the ":F" or ":P" was previously only applied to the first Netfilter
rule generated by the entry. It is now applied to all entries.
Migration Issues: Migration Issues: