holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix ! in hosts file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2015 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-03-28 03:33:56 +00:00
parent eefa28308a
commit ff3b3bdb97
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 2.2.3
3) MACLIST_TTL added. 3) MACLIST_TTL added.
4) Fix ! in hosts file
Changes in 2.2.2 Changes in 2.2.2
1) The 'check' command disclaimer is toned down further and only 1) The 'check' command disclaimer is toned down further and only

16
Shorewall2/firewall
View File

@ -6372,7 +6372,7 @@ activate_rules()
shift shift
if havenatchain $destchain ; then if havenatchain $destchain ; then
run_iptables -t nat -A $sourcechain $@ -j $destchain run_iptables2 -t nat -A $sourcechain $@ -j $destchain
else else
[ -n "$BRIDGING" -a -f $TMP_DIR/physdev ] && -rm -f $TMP_DIR/physdev [ -n "$BRIDGING" -a -f $TMP_DIR/physdev ] && -rm -f $TMP_DIR/physdev
[ -n "$IPRANGE_MATCH" -a -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange [ -n "$IPRANGE_MATCH" -a -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange
@ -6390,7 +6390,7 @@ activate_rules()
shift shift
if havenatchain $destchain; then if havenatchain $destchain; then
eval run_iptables -t nat -I $sourcechain \ eval run_iptables2 -t nat -I $sourcechain \
\$${sourcechain}_rule $@ -j $destchain \$${sourcechain}_rule $@ -j $destchain
eval ${sourcechain}_rule=\$\(\(\$${sourcechain}_rule + 1\)\) eval ${sourcechain}_rule=\$\(\(\$${sourcechain}_rule + 1\)\)
else else
@ -6450,7 +6450,7 @@ activate_rules()
interface=${host%%:*} interface=${host%%:*}
networks=${host#*:} networks=${host#*:}
run_iptables -A $(forward_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $frwd_chain run_iptables2 -A $(forward_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $frwd_chain
done done
fi fi
fi fi
@ -6479,7 +6479,7 @@ activate_rules()
interface=${host%%:*} interface=${host%%:*}
networks=${host#*:} networks=${host#*:}
run_iptables -A OUTPUT -o $interface $(match_dest_hosts $networks) $(match_ipsec_out $zone $host) -j $chain1 run_iptables2 -A OUTPUT -o $interface $(match_dest_hosts $networks) $(match_ipsec_out $zone $host) -j $chain1
# #
# Add jumps from the builtin chains for DNAT and SNAT rules # Add jumps from the builtin chains for DNAT and SNAT rules
@ -6487,10 +6487,10 @@ activate_rules()
addrulejump PREROUTING $(dnat_chain $zone) -i $interface $(match_source_hosts $networks) $(match_ipsec_in $zone $host) addrulejump PREROUTING $(dnat_chain $zone) -i $interface $(match_source_hosts $networks) $(match_ipsec_in $zone $host)
addrulejump POSTROUTING $(snat_chain $zone) -o $interface $(match_dest_hosts $networks) $(match_ipsec_out $zone $host) addrulejump POSTROUTING $(snat_chain $zone) -o $interface $(match_dest_hosts $networks) $(match_ipsec_out $zone $host)
run_iptables -A $(input_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $chain2 run_iptables2 -A $(input_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $chain2
if [ -n "$complex" ] && ! is_ipsec_host $zone $host ; then if [ -n "$complex" ] && ! is_ipsec_host $zone $host ; then
run_iptables -A $(forward_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $frwd_chain run_iptables2 -A $(forward_chain $interface) $(match_source_hosts $networks) $(match_ipsec_in $zone $host) -j $frwd_chain
fi fi
case $networks in case $networks in
@ -6555,7 +6555,7 @@ activate_rules()
# routeback was specified for this host group # routeback was specified for this host group
# #
if [ $zone != $zone1 -o $num_ifaces -gt 1 ] || list_search $host1 $routeback ; then if [ $zone != $zone1 -o $num_ifaces -gt 1 ] || list_search $host1 $routeback ; then
run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain run_iptables2 -A $frwd_chain -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain
fi fi
done done
else else
@ -6570,7 +6570,7 @@ activate_rules()
networks1=${host1#*:} networks1=${host1#*:}
if [ "$host" != "$host1" ] || list_search $host $routeback; then if [ "$host" != "$host1" ] || list_search $host $routeback; then
run_iptables -A $chain1 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain run_iptables2 -A $chain1 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) $(match_ipsec_out $zone1 $host1) -j $chain
fi fi
done done
done done

5
Shorewall2/releasenotes.txt
View File

@ -3,7 +3,10 @@ Shorewall 2.2.3
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.2.3 Problems corrected in version 2.2.3
None. 1) If a zone is defined in /etc/shorewall/hosts using
<interface>:!<network> in the HOSTS column then startup errors occur
on "shorewall [re]start".
----------------------------------------------------------------------- -----------------------------------------------------------------------
New Features in version 2.2.3 New Features in version 2.2.3