diff options
| author | Bill Nottingham <notting@redhat.com> | 2005-04-15 16:22:47 +0000 |
|---|---|---|
| committer | Bill Nottingham <notting@redhat.com> | 2005-04-15 16:22:47 +0000 |
| commit | 761f40d8e5576ab8b0c42776866d1b10f21ddaf5 (patch) | |
| tree | 17e2333f18c61a059ed1faae3c852acc87805043 | |
| parent | d915440414cde20c90151fd8099c45e6df2a6f9b (diff) | |
| download | initscripts-761f40d8e5576ab8b0c42776866d1b10f21ddaf5.tar initscripts-761f40d8e5576ab8b0c42776866d1b10f21ddaf5.tar.gz initscripts-761f40d8e5576ab8b0c42776866d1b10f21ddaf5.tar.bz2 initscripts-761f40d8e5576ab8b0c42776866d1b10f21ddaf5.tar.xz initscripts-761f40d8e5576ab8b0c42776866d1b10f21ddaf5.zip | |
remove support for the old firewall type
| -rw-r--r-- | sysconfig.txt | 2 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-eth | 19 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-post | 13 |
3 files changed, 0 insertions, 34 deletions
diff --git a/sysconfig.txt b/sysconfig.txt index b37ba3ed..09b99ab2 100644 --- a/sysconfig.txt +++ b/sysconfig.txt @@ -541,8 +541,6 @@ Files in /etc/sysconfig/network-scripts/ DNS{1,2}=<ipaddress> provide DNS addresses that are dropped into the resolv.conf file if PEERDNS is not set to "no". - FIREWALL_MODS=yes|no - modify firewall to attempt to allow DNS through. Defaults to 'yes'. SRCADDR= use the specified source address for outgoing packets HWADDR= diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth index b488d272..5bbdb713 100755 --- a/sysconfig/network-scripts/ifup-eth +++ b/sysconfig/network-scripts/ifup-eth @@ -128,14 +128,6 @@ if [ -n "${MTU}" ]; then ip link set dev ${DEVICE} mtu ${MTU} fi -# Is there a firewall running, and does it look like one we configured? -FWACTIVE= -if iptables -L -n 2>/dev/null | LC_ALL=C grep -q RH-Lokkit-0-50-INPUT ; then - FWACTIVE=1 -else - modprobe -r iptable_filter >/dev/null 2>&1 -fi - # Remove any temporary references which were previously added to dhclient config if [ -w /etc/dhclient-${DEVICE}.conf ] && [ -x /sbin/dhclient ] ; then LC_ALL=C grep -v "# temporary RHL ifup addition" /etc/dhclient-${DEVICE}.conf > /etc/dhclient-${DEVICE}.conf.ifupnew 2> /dev/null @@ -195,24 +187,13 @@ if [ -n "${DYNCONFIG}" ]; then /sbin/ethtool -s ${REALDEVICE} $ETHTOOL_OPTS fi - # DHCP clients need DNS to be available, and we don't know - # what DNS server they're using until they are done. - FWHACK= - if [ -n "$FWACTIVE" -a "$FIREWALL_MODS" != "no" ]; then - iptables -I RH-Lokkit-0-50-INPUT -m udp -s 0/0 --sport 53 -d 0/0 --dport 1025:65535 -p udp -j ACCEPT - FWHACK=1 - fi - if [ -x /sbin/dhclient ] && /sbin/dhclient ${DHCLIENTARGS} ${DEVICE} ; then echo $" done." else echo $" failed." - [ -n "$FWHACK" ] && iptables -D RH-Lokkit-0-50-INPUT -m udp -s 0/0 --sport 53 -d 0/0 --dport 1025:65535 -p udp -j ACCEPT exit 1 fi - [ -n "$FWHACK" ] && iptables -D RH-Lokkit-0-50-INPUT -m udp -s 0/0 --sport 53 -d 0/0 --dport 1025:65535 -p udp -j ACCEPT - # DHCP likes to create duplicate routes. Fix that up. NUMDEFROUTES=`ip -o route | \ awk '/^default/ { nlines++ } END { print nlines }'` diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post index 77b678bc..cf07130b 100755 --- a/sysconfig/network-scripts/ifup-post +++ b/sysconfig/network-scripts/ifup-post @@ -71,19 +71,6 @@ if [ "$PEERDNS" != "no" -o -n "$RESOLV_MODS" -a "$RESOLV_MODS" != "no" ]; then fi fi -if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/iptables ] && \ - iptables -L -n 2>/dev/null | grep -q RH-Lokkit-0-50-INPUT ; then - ns=`awk '/^nameserver / { print $2 }' /etc/resolv.conf` - if [ -n "$ns" ]; then - for nameserver in $ns ; do - if ! iptables -L RH-Lokkit-0-50-INPUT -n | grep -q "$nameserver.* --sport 53 " ; then - iptables -I RH-Lokkit-0-50-INPUT -m udp -s $nameserver/32 --sport 53 -d 0/0 --dport 1025:65535 -p udp -j ACCEPT - [ -x /usr/bin/logger ] && logger $"punching nameserver $nameserver through the firewall" - fi - done - fi -fi - # don't set hostname on ppp/slip connections if [ "$2" = "boot" -a \ "${DEVICE}" != lo -a \ |