forked from extern/shorewall_code
Compare commits
12 Commits
5.0.15-Bet
...
5.0.15.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
5ea78b8078 | ||
|
036a6e5a83 | ||
|
|
192486eb0a | ||
|
|
e4804e1900 | ||
|
|
f537e3e15c | ||
|
|
4949569383 | ||
|
|
a1981823f4 | ||
|
|
ff81980552 | ||
|
8a6dcc469b | ||
|
|
ccab75e69a | ||
|
|
9eb390403b | ||
|
|
ab9f340c55 |
@@ -1161,6 +1161,11 @@ show_macros() {
|
||||
done
|
||||
}
|
||||
|
||||
show_a_macro() {
|
||||
echo "Shorewall $SHOREWALL_VERSION Macro $1 at $g_hostname - $(date)"
|
||||
cat ${directory}/macro.$1
|
||||
}
|
||||
|
||||
#
|
||||
# Show Command Executor
|
||||
#
|
||||
@@ -1441,8 +1446,7 @@ show_command() {
|
||||
[ $# -ne 2 ] && too_many_arguments $2
|
||||
for directory in $(split $CONFIG_PATH); do
|
||||
if [ -f ${directory}/macro.$2 ]; then
|
||||
echo "Shorewall $SHOREWALL_VERSION Macro $2 at $g_hostname - $(date)"
|
||||
cat ${directory}/macro.$2
|
||||
eval show_a_macro $2 $g_pager
|
||||
return
|
||||
fi
|
||||
done
|
||||
@@ -1805,6 +1809,7 @@ dump_command() {
|
||||
restore_command() {
|
||||
local finished
|
||||
finished=0
|
||||
local result
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
option=$1
|
||||
@@ -1869,8 +1874,11 @@ restore_command() {
|
||||
progress_message3 "Restoring $g_product..."
|
||||
|
||||
run_it $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
|
||||
result=$?
|
||||
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
|
||||
exit $result
|
||||
else
|
||||
echo "File $g_restorepath: file not found"
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
@@ -3992,24 +4000,26 @@ get_config() {
|
||||
|
||||
g_loopback=$(find_loopback_interfaces)
|
||||
|
||||
[ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER
|
||||
if [ -z "$g_nopager" ]; then
|
||||
[ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER
|
||||
|
||||
if [ -n "$PAGER" -a -t 1 ]; then
|
||||
case $PAGER in
|
||||
/*)
|
||||
g_pager="$PAGER"
|
||||
[ -f "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
|
||||
;;
|
||||
*)
|
||||
g_pager=$(mywhich $PAGER 2> /dev/null)
|
||||
[ -n "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
|
||||
;;
|
||||
esac
|
||||
if [ -n "$PAGER" -a -t 1 ]; then
|
||||
case $PAGER in
|
||||
/*)
|
||||
g_pager="$PAGER"
|
||||
[ -f "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
|
||||
;;
|
||||
*)
|
||||
g_pager=$(mywhich $PAGER 2> /dev/null)
|
||||
[ -n "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
|
||||
[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
|
||||
|
||||
g_pager="| $g_pager"
|
||||
fi
|
||||
g_pager="| $g_pager"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$DYNAMIC_BLACKLIST" ]; then
|
||||
setup_dbl
|
||||
@@ -4357,6 +4367,7 @@ shorewall_cli() {
|
||||
g_loopback=
|
||||
g_compiled=
|
||||
g_pager=
|
||||
g_nopager=
|
||||
g_blacklistipset=
|
||||
g_disconnect=
|
||||
|
||||
@@ -4453,6 +4464,11 @@ shorewall_cli() {
|
||||
g_timestamp=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
p*)
|
||||
g_nopager=Yes
|
||||
option=${option#p}
|
||||
;;
|
||||
|
||||
-)
|
||||
finished=1
|
||||
option=
|
||||
|
||||
@@ -810,7 +810,6 @@ sub initialize( $$$ ) {
|
||||
DNAT => 1,
|
||||
MASQUERADE => 1,
|
||||
NETMAP => 1,
|
||||
NFQUEUE => 1,
|
||||
NOTRACK => 1,
|
||||
RAWDNAT => 1,
|
||||
REDIRECT => 1,
|
||||
@@ -1218,6 +1217,7 @@ sub merge_rules( $$$ ) {
|
||||
if ( exists $fromref->{$option} ) {
|
||||
push( @{$toref->{matches}}, $option ) unless exists $toref->{$option};
|
||||
$toref->{$option} = $fromref->{$option};
|
||||
$toref->{simple} = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1512,7 +1512,7 @@ sub finish_providers() {
|
||||
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
emit ( " run_ip -4 route replace default scope global table $table \$DEFAULT_ROUTE" );
|
||||
emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" );
|
||||
} else {
|
||||
emit ( " if echo \$DEFAULT_ROUTE | grep -q 'nexthop.+nexthop'; then",
|
||||
" qt \$IP -6 route delete default scope global table $table \$DEFAULT_ROUTE",
|
||||
@@ -1577,7 +1577,7 @@ sub finish_providers() {
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" );
|
||||
} ele {
|
||||
} else {
|
||||
emit( " run_ip route delete default scope global table $default \$FALLBACK_ROUTE" );
|
||||
emit( " run_ip route add default scope global table $default \$FALLBACK_ROUTE" );
|
||||
}
|
||||
|
||||
@@ -318,21 +318,23 @@ get_config() {
|
||||
|
||||
[ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER
|
||||
|
||||
if [ -n "$PAGER" -a -t 1 ]; then
|
||||
case $PAGER in
|
||||
/*)
|
||||
g_pager="$PAGER"
|
||||
[ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist"
|
||||
;;
|
||||
*)
|
||||
g_pager=$(mywhich $PAGER 2> /dev/null)
|
||||
[ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found"
|
||||
;;
|
||||
esac
|
||||
if [ -z "$g_nopager" ]; then
|
||||
if [ -n "$PAGER" -a -t 1 ]; then
|
||||
case $PAGER in
|
||||
/*)
|
||||
g_pager="$PAGER"
|
||||
[ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist"
|
||||
;;
|
||||
*)
|
||||
g_pager=$(mywhich $PAGER 2> /dev/null)
|
||||
[ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found"
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
|
||||
[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
|
||||
|
||||
g_pager="| $g_pager"
|
||||
g_pager="| $g_pager"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$DYNAMIC_BLACKLIST" ]; then
|
||||
|
||||
@@ -171,7 +171,7 @@
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SOURCE</emphasis> (Optional) -
|
||||
[<emphasis>interface</emphasis>|<emphasis>address</emphasis>[<emphasis
|
||||
role="bold">,</emphasis><emphasis>address</emphasis>][<emphasis>exclusion</emphasis>]]</term>
|
||||
role="bold">,</emphasis><emphasis>address</emphasis>...][<emphasis>exclusion</emphasis>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Set of hosts that you wish to masquerade. You can specify this
|
||||
|
||||
14
Shorewall6/Macros/macro.mDNSbi
Normal file
14
Shorewall6/Macros/macro.mDNSbi
Normal file
@@ -0,0 +1,14 @@
|
||||
#
|
||||
# Shorewall6 -- /usr/share/shorewall6/macro.mDNSbi
|
||||
#
|
||||
# This macro handles bidirectional multicast DNS traffic.
|
||||
#
|
||||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||
|
||||
PARAM - [ff02::fb] udp 5353
|
||||
PARAM - - udp 1024: 5353
|
||||
PARAM - [ff02::fb] 2
|
||||
PARAM DEST SOURCE:[ff02::fb] udp 5353
|
||||
PARAM DEST SOURCE udp 1024: 5353
|
||||
PARAM DEST SOURCE:[ff02::fb] 2
|
||||
@@ -131,6 +131,18 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>logjump</option></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 5.0.8. Performs the same function as
|
||||
<option>nolog</option> (below), with the addition that the
|
||||
jump to the actions chain is logged if a log level is
|
||||
specified on the action invocation. For inline actions, this
|
||||
option is identical to <option>nolog</option>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>mangle</option></term>
|
||||
|
||||
@@ -143,6 +155,20 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>nat</option></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 5.0.13. Specifies that this action is
|
||||
to be used in <ulink
|
||||
url="shorewall6-snat.html">shorewall6-snat(5)</ulink> rather
|
||||
than <ulink
|
||||
url="shorewall6-rules.html">shorewall6-rules(5)</ulink>. The
|
||||
<option>mangle</option> and <option>nat</option> options are
|
||||
mutually exclusive.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>noinline</option></term>
|
||||
|
||||
|
||||
@@ -170,7 +170,7 @@
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SOURCE</emphasis> (Optional) -
|
||||
[<emphasis>interface</emphasis>|<emphasis>address</emphasis>[<emphasis
|
||||
role="bold">,</emphasis><emphasis>address</emphasis>][<emphasis>exclusion</emphasis>]]</term>
|
||||
role="bold">,</emphasis><emphasis>address</emphasis>...][<emphasis>exclusion</emphasis>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Set of hosts that you wish to SNAT; one or more host or
|
||||
|
||||
@@ -44,7 +44,7 @@
|
||||
</caution>
|
||||
|
||||
<important>
|
||||
<para>/etc/shorewall/mangle superseded /etc/shorewall/tcruels in Shorewall
|
||||
<para>/etc/shorewall/mangle superseded /etc/shorewall/tcrules in Shorewall
|
||||
4.6.0. /etc/shorwall/tcrules is still supported but its use is
|
||||
deprecated.</para>
|
||||
</important>
|
||||
|
||||
Reference in New Issue
Block a user