forked from extern/shorewall_code
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c6fab61c3d | ||
|
|
03a9b92a14 | ||
|
b3b637d663 | ||
|
|
363679bb4c | ||
|
|
458c26c2d6 | ||
|
|
e229849c5b |
@@ -1583,6 +1583,19 @@ show_status() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Don't dump empty SPD entries
|
||||||
|
#
|
||||||
|
spd_filter()
|
||||||
|
{
|
||||||
|
awk \
|
||||||
|
'BEGIN { skip=0; }; \
|
||||||
|
/^src/ { skip=0; }; \
|
||||||
|
/^src 0.0.0.0\/0/ { skip=1; }; \
|
||||||
|
/^src ::\/0/ { skip=1; }; \
|
||||||
|
{ if ( skip == 0 ) print; };'
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Dump Command Executor
|
# Dump Command Executor
|
||||||
#
|
#
|
||||||
@@ -1733,12 +1746,10 @@ do_dump_command() {
|
|||||||
heading "Events"
|
heading "Events"
|
||||||
show_events
|
show_events
|
||||||
|
|
||||||
if qt mywhich setkey; then
|
heading "PFKEY SPD"
|
||||||
heading "PFKEY SPD"
|
$IP -s xfrm policy | spd_filter
|
||||||
setkey -DP
|
heading "PFKEY SAD"
|
||||||
heading "PFKEY SAD"
|
$IP -s -$g_family xfrm state | egrep -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
|
||||||
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
|
||||||
fi
|
|
||||||
|
|
||||||
heading "/proc"
|
heading "/proc"
|
||||||
show_proc /proc/version
|
show_proc /proc/version
|
||||||
|
|||||||
@@ -1195,9 +1195,16 @@ sub compatible( $$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
# Don't combine chains where each specifies '-m policy'
|
# Don't combine chains where each specifies
|
||||||
|
# -m policy
|
||||||
|
# or when one specifies
|
||||||
|
# -m multiport
|
||||||
|
# and the other specifies
|
||||||
|
# --dport or --sport or -m multiport
|
||||||
#
|
#
|
||||||
return ! ( $ref1->{policy} && $ref2->{policy} );
|
return ! ( $ref1->{policy} && $ref2->{policy} ||
|
||||||
|
( ( $ref1->{multiport} && ( $ref2->{dport} || $ref2->{sport} || $ref2->{multiport} ) ) ||
|
||||||
|
( $ref2->{multiport} && ( $ref1->{dport} || $ref1->{sport} ) ) ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -638,7 +638,8 @@ sub process_a_policy1($$$$$$$) {
|
|||||||
my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit, $intrazone ) = @_;
|
my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit, $intrazone ) = @_;
|
||||||
|
|
||||||
my $clientwild = ( "\L$client" =~ /^all(\+)?$/ );
|
my $clientwild = ( "\L$client" =~ /^all(\+)?$/ );
|
||||||
$intrazone = $clientwild && $1;
|
|
||||||
|
$intrazone ||= $clientwild && $1;
|
||||||
|
|
||||||
fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
|
fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
|
||||||
|
|
||||||
@@ -763,25 +764,28 @@ sub process_a_policy() {
|
|||||||
$synparams = '' if $synparams eq '-';
|
$synparams = '' if $synparams eq '-';
|
||||||
$connlimit = '' if $connlimit eq '-';
|
$connlimit = '' if $connlimit eq '-';
|
||||||
|
|
||||||
my $intrazone;
|
my ( $intrazone, $clientlist, $serverlist );
|
||||||
|
|
||||||
if ( $intrazone = $clients =~ /.*,.*\+$/) {
|
if ( $clientlist = ( $clients =~ /,/ ) ) {
|
||||||
$clients =~ s/\+$//;
|
$intrazone = ( $clients =~ s/\+$// );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $servers =~ /.*,.*\+$/ ) {
|
if ( $serverlist = ( $servers =~ /,/ ) ) {
|
||||||
$servers =~ s/\+$//;
|
$intrazone ||= ( $servers =~ s/\+$// );
|
||||||
$intrazone = 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fatal_error 'SOURCE must be specified' if $clients eq '-';
|
fatal_error 'SOURCE must be specified' if $clients eq '-';
|
||||||
fatal_error 'DEST must be specified' if $servers eq '-';
|
fatal_error 'DEST must be specified' if $servers eq '-';
|
||||||
fatal_error 'POLICY must be specified' if $policy eq '-';
|
fatal_error 'POLICY must be specified' if $policy eq '-';
|
||||||
|
|
||||||
for my $client ( split_list( $clients, 'zone' ) ) {
|
if ( $clientlist || $serverlist ) {
|
||||||
for my $server ( split_list( $servers, 'zone' ) ) {
|
for my $client ( split_list( $clients, 'zone' ) ) {
|
||||||
process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit, $intrazone );
|
for my $server ( split_list( $servers, 'zone' ) ) {
|
||||||
|
process_a_policy1( $client, $server, $policy, $loglevel, $synparams, $connlimit, $intrazone ) if $intrazone || $client ne $server;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
process_a_policy1( $clients, $servers, $policy, $loglevel, $synparams, $connlimit, 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -28,6 +28,7 @@
|
|||||||
|
|
||||||
VERSION=xxx #The Build script inserts the actual version
|
VERSION=xxx #The Build script inserts the actual version
|
||||||
PRODUCT=shorewall
|
PRODUCT=shorewall
|
||||||
|
Product=Shorewall
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user