holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Split addrule into two functions

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1652 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-26 22:59:42 +00:00
parent 1c8880d839
commit fc28f2f2be
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Shorewall2/firewall
View File

@ -293,6 +293,12 @@ ensurechain1() # $1 = chain name
# Add a rule to a chain creating the chain if necessary # Add a rule to a chain creating the chain if necessary
# #
addrule() # $1 = chain name, remainder of arguments specify the rule addrule() # $1 = chain name, remainder of arguments specify the rule
{
ensurechain $1
run_iptables -A $@
}
addrule2() # $1 = chain name, remainder of arguments specify the rule
{ {
ensurechain $1 ensurechain $1
run_iptables2 -A $@ run_iptables2 -A $@
@ -1558,8 +1564,8 @@ setup_tunnels() # $1 = name of tunnels file
[ $kind = IPSEC ] && kind=ipsec [ $kind = IPSEC ] && kind=ipsec
options="-m state --state NEW -j ACCEPT" options="-m state --state NEW -j ACCEPT"
addrule $inchain -p 50 $(source_ip_range $1) -j ACCEPT addrule2 $inchain -p 50 $(source_ip_range $1) -j ACCEPT
addrule $outchain -p 50 $(dest_ip_range $1) -j ACCEPT addrule2 $outchain -p 50 $(dest_ip_range $1) -j ACCEPT
if [ -z "$noah" ]; then if [ -z "$noah" ]; then
run_iptables -A $inchain -p 51 $(source_ip_range $1) -j ACCEPT run_iptables -A $inchain -p 51 $(source_ip_range $1) -j ACCEPT
run_iptables -A $outchain -p 51 $(dest_ip_range $1) -j ACCEPT run_iptables -A $outchain -p 51 $(dest_ip_range $1) -j ACCEPT
@ -1593,26 +1599,26 @@ setup_tunnels() # $1 = name of tunnels file
setup_one_other() # $1 = TYPE, $2 = gateway, $3 = protocol setup_one_other() # $1 = TYPE, $2 = gateway, $3 = protocol
{ {
addrule $inchain -p $3 $(source_ip_range $2) -j ACCEPT addrule2 $inchain -p $3 $(source_ip_range $2) -j ACCEPT
addrule $outchain -p $3 $(dest_ip_range $2) -j ACCEPT addrule2 $outchain -p $3 $(dest_ip_range $2) -j ACCEPT
progress_message " $1 tunnel to $2 defined." progress_message " $1 tunnel to $2 defined."
} }
setup_pptp_client() # $1 = gateway setup_pptp_client() # $1 = gateway
{ {
addrule $outchain -p 47 $(dest_ip_range $1) -j ACCEPT addrule2 $outchain -p 47 $(dest_ip_range $1) -j ACCEPT
addrule $inchain -p 47 -j ACCEPT addrule2 $inchain -p 47 $(source_ip_range $1) -j ACCEPT
addrule $outchain -p tcp --dport 1723 $(dest_ip_range $1) -j ACCEPT addrule2 $outchain -p tcp --dport 1723 $(dest_ip_range $1) -j ACCEPT
progress_message " PPTP tunnel to $1 defined." progress_message " PPTP tunnel to $1 defined."
} }
setup_pptp_server() # $1 = gateway setup_pptp_server() # $1 = gateway
{ {
addrule $inchain -p 47 -s $1 -j ACCEPT addrule2 $inchain -p 47 $(source_ip_range $1) -j ACCEPT
addrule $outchain -p 47 -d $1 -j ACCEPT addrule2 $outchain -p 47 $(dest_ip_range $1) -j ACCEPT
addrule $inchain -p tcp --dport 1723 -s $1 -j ACCEPT addrule2 $inchain -p tcp --dport 1723 $(source_ip_range $1) -j ACCEPT
progress_message " PPTP server defined." progress_message " PPTP server defined."
} }
@ -1628,8 +1634,8 @@ setup_tunnels() # $1 = name of tunnels file
;; ;;
esac esac
addrule $inchain -p udp $(source_ip_range $1) --dport $p -j ACCEPT addrule2 $inchain -p udp $(source_ip_range $1) --dport $p -j ACCEPT
addrule $outchain -p udp $(dest_ip_range $1) --dport $p -j ACCEPT addrule2 $outchain -p udp $(dest_ip_range $1) --dport $p -j ACCEPT
progress_message " OPENVPN tunnel to $1:$p defined." progress_message " OPENVPN tunnel to $1:$p defined."
} }
@ -1656,8 +1662,8 @@ setup_tunnels() # $1 = name of tunnels file
p=${p:+--dport $p} p=${p:+--dport $p}
addrule $inchain -p $protocol $(source_ip_range $1) $p -j ACCEPT addrule2 $inchain -p $protocol $(source_ip_range $1) $p -j ACCEPT
addrule $outchain -p $protocol $(dest_ip_range $1) $p -j ACCEPT addrule2 $outchain -p $protocol $(dest_ip_range $1) $p -j ACCEPT
for z in $(separate_list $3); do for z in $(separate_list $3); do
if validate_zone $z; then if validate_zone $z; then