Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:12.1:Update:Test checked in at 2011-12-15 16:42:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/SuSEfirewall2 (Old) and /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/SuSEfirewall2/SuSEfirewall2.changes 2011-12-01 15:46:10.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.SuSEfirewall2.new/SuSEfirewall2.changes 2011-12-15 16:42:43.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Dec 14 17:00:31 UTC 2011 - [email protected] + +- fix forward masquerading (bnc#736205) + +------------------------------------------------------------------- New: ---- SuSEfirewall2-fix-forward-masquerading-bnc-736205.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.Mv5FfJ/_old 2011-12-15 16:42:43.000000000 +0100 +++ /var/tmp/diff_new_pack.Mv5FfJ/_new 2011-12-15 16:42:43.000000000 +0100 @@ -29,6 +29,7 @@ Summary: Stateful Packet Filter Using iptables and netfilter Source: SuSEfirewall2-%{version}.tar.bz2 Patch0: SuSEfirewall2-negated-options.diff +Patch1: SuSEfirewall2-fix-forward-masquerading-bnc-736205.diff BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -43,6 +44,7 @@ %prep %setup %patch0 -p1 +%patch1 -p1 # please send patches to lnussel for inclusion in git first # http://gitorious.org/opensuse/susefirewall2 ++++++ SuSEfirewall2-fix-forward-masquerading-bnc-736205.diff ++++++ >From cb9cbaf4e7f5ff1bde03d9c9a9b673c0b105e620 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Wed, 14 Dec 2011 17:54:32 +0100 Subject: [PATCH] fix forward masquerading (bnc#736205) --- SuSEfirewall2 | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/SuSEfirewall2 b/SuSEfirewall2 index 0bb8ee3..8079ae2 100755 --- a/SuSEfirewall2 +++ b/SuSEfirewall2 @@ -2182,6 +2182,7 @@ forward_masquerading_rules() else eval `net2srcdst net1 "$net1"` eval `net2srcdst net2 "$net2"` + eval `net2srcdst target "$target"` proto="-p $proto" test -z "$port2" && port2="$port1" port1="--dport $port1" @@ -2198,10 +2199,10 @@ forward_masquerading_rules() done for chain in $forward_zones; do chain=forward_$chain - $LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $net2_dst $dport2 -m conntrack --ctstate NEW - $LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $net2_dst $dport2 - $IPTABLES -A $chain -j "$ACCEPT" $proto $net1_src $net2_dst $dport2 - $IPTABLES -A $chain -j "$ACCEPT" $proto $net1_dst $net2_src -m conntrack --ctstate ESTABLISHED,RELATED + $LAC $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $target_dst $dport2 -m conntrack --ctstate NEW + $LAA $IPTABLES -A $chain ${LOG}"-`rulelog $chain`-ACC-REVMASQ " $proto $net1_src $target_dst $dport2 + $IPTABLES -A $chain -j "$ACCEPT" $proto $net1_src $target_dst $dport2 + $IPTABLES -A $chain -j "$ACCEPT" $proto $net1_dst $target_src -m conntrack --ctstate ESTABLISHED,RELATED done fi done -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
