summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Grad <florin@mandriva.com>2004-02-27 15:48:44 +0000
committerFlorin Grad <florin@mandriva.com>2004-02-27 15:48:44 +0000
commitff3eb281c2d50589e4f7b44721b8c97a3652f1b2 (patch)
treec4528ccf62bdb3bc0d83589a73962af972e59855
parent60e2285768b6eb4a41232109af6ccff8f220f21f (diff)
downloaddrakx-ff3eb281c2d50589e4f7b44721b8c97a3652f1b2.tar
drakx-ff3eb281c2d50589e4f7b44721b8c97a3652f1b2.tar.gz
drakx-ff3eb281c2d50589e4f7b44721b8c97a3652f1b2.tar.bz2
drakx-ff3eb281c2d50589e4f7b44721b8c97a3652f1b2.tar.xz
drakx-ff3eb281c2d50589e4f7b44721b8c97a3652f1b2.zip
remove the masq zone and add policies, rules only if there is an interface in loc
-rw-r--r--perl-install/network/drakfirewall.pm2
-rw-r--r--perl-install/network/shorewall.pm18
2 files changed, 8 insertions, 12 deletions
diff --git a/perl-install/network/drakfirewall.pm b/perl-install/network/drakfirewall.pm
index fb8647a44..e65a92917 100644
--- a/perl-install/network/drakfirewall.pm
+++ b/perl-install/network/drakfirewall.pm
@@ -168,7 +168,7 @@ sub choose {
$in->ask_from_({
messages => N("Which services would you like to allow the Internet to connect to?"),
advanced_messages => N("You can enter miscellaneous ports.
-Valid examples are: 139/tcp 139/udp.
+Valid examples are: 139/tcp 139/udp 600:610/tcp 600:610/udp.
Have a look at /etc/services for information."),
callbacks => {
complete => sub {
diff --git a/perl-install/network/shorewall.pm b/perl-install/network/shorewall.pm
index c957cbf51..6bcc03933 100644
--- a/perl-install/network/shorewall.pm
+++ b/perl-install/network/shorewall.pm
@@ -120,17 +120,14 @@ sub write {
set_config_file("zones",
[ 'net', 'Net', 'Internet zone' ],
- if_($conf->{masquerade}, [ 'masq', 'Masquerade', 'Masquerade Local' ]),
- if_($conf->{loc_interface}, [ 'loc', 'Local', 'Local' ]),
+ if_($conf->{loc_interface}[0], [ 'loc', 'Local', 'Local' ]),
);
set_config_file('interfaces',
[ 'net', $conf->{net_interface}, 'detect' ],
- $conf->{masquerade} ? [ 'masq', $conf->{masquerade}{interface}, 'detect' ] : (),
(map { [ 'loc', $_, 'detect' ] } @{$conf->{loc_interface} || []}),
);
set_config_file('policy',
- if_($conf->{masquerade}, [ 'masq', 'net', 'ACCEPT' ]),
- if_($conf->{loc_interface}, [ 'loc', 'net', 'ACCEPT' ]),
+ if_($conf->{loc_interface}[0], [ 'loc', 'net', 'ACCEPT' ]),
[ 'fw', 'net', 'ACCEPT' ],
[ 'net', 'all', 'DROP', 'info' ],
[ 'all', 'all', 'REJECT', 'info' ],
@@ -140,20 +137,19 @@ sub write {
if_(cat_("$::prefix$connect_file") =~ /pptp/, [ 'ACCEPT', 'fw', 'loc:10.0.0.138', 'gre' ]),
(map {
map_each { [ 'ACCEPT', $_, 'fw', $::a, join(',', @$::b), '-' ] } %ports_by_proto
- } ('net', if_($conf->{masquerade}, 'masq'), if_($conf->{loc_interface}, 'loc'))),
- if_($conf->{masquerade}, map { [ 'ACCEPT', 'masq', 'fw', $_, join(',', @drakgw_ports), '-' ] } 'tcp', 'udp'),
- if_($conf->{masquerade}, map { [ 'ACCEPT', 'fw', 'masq', $_, join(',', @internal_ports), '-' ] } 'tcp', 'udp'),
+ } ('net', if_($conf->{loc_interface}[0], 'loc'))),
);
set_config_file('masq',
$conf->{masquerade} ? [ $conf->{net_interface}, $conf->{masquerade}{subnet} ] : (),
);
- system('uniq /etc/shorewall/masq > /etc/shorewall/masq.uniq');
- rename("/etc/shorewall/masq.uniq", "/etc/shorewall/masq");
+# system('uniq /etc/shorewall/masq > /etc/shorewall/masq.uniq');
+# system('uniq /etc/shorewall/interfaces > /etc/shorewall/interfaces.uniq');
+# rename("/etc/shorewall/masq.uniq", "/etc/shorewall/masq");
+# rename("/etc/shorewall/interfaces.uniq", "/etc/shorewall/interfaces");
if ($conf->{disabled}) {
run_program::rooted($::prefix, 'chkconfig', '--del', 'shorewall');
run_program::run('service', '>', '/dev/null', 'shorewall', 'stop') if $::isStandalone;
- run_program::run('service', '>', '/dev/null', 'shorewall', 'clear') if $::isStandalone;
} else {
run_program::rooted($::prefix, 'chkconfig', '--add', 'shorewall');
run_program::run('service', '>', '/dev/null', 'shorewall', 'restart') if $::isStandalone;