Tom Eastep wrote: > > Attached is a patch to /usr/share/shorewall/compiler which corrects this > problem. >
Hmmm -- the patch I sent previously included the fix for your other problem as well as this one. The one attached to this post corrects only the CRITICALHOSTS problem. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: compiler
===================================================================
--- compiler (revision 5526)
+++ compiler (working copy)
@@ -4657,13 +4659,17 @@
deleteallchains
- for host in $CRITICALHOSTS; do
- interface=\${host%:*}
- networks=\${host#*:}
- \$IPTABLES -A INPUT -i \$interface \$(source_ip_range \$networks) -j ACCEPT
- \$IPTABLES -A OUTPUT -o \$interface \$(dest_ip_range \$networks) -j ACCEPT
- done
+__EOF__
+ for host in $CRITICALHOSTS; do
+ interface=${host%:*}
+ networks=${host#*:}
+ do_iptables -A INPUT -i $interface $(source_ip_range $networks) -j ACCEPT
+ do_iptables -A OUTPUT -o $interface $(dest_ip_range $networks) -j ACCEPT
+ done
+
+ cat >&3 << __EOF__
+
for chain in INPUT OUTPUT; do
setpolicy \$chain DROP
done
@@ -4680,13 +4686,16 @@
deleteallchains
- for host in $CRITICALHOSTS; do
- interface=\${host%:*}
- networks=\${host#*:}
- \$IPTABLES -A INPUT -i \$interface \$(source_ip_range \$networks) -j ACCEPT
- \$IPTABLES -A OUTPUT -o \$interface \$(dest_ip_range \$networks) -j ACCEPT
- done
+__EOF__
+ for host in $CRITICALHOSTS; do
+ interface=${host%:*}
+ networks=${host#*:}
+ do_iptables -A INPUT -i $interface $(source_ip_range $networks) -j ACCEPT
+ do_iptables -A OUTPUT -o $interface $(dest_ip_range $networks) -j ACCEPT
+ done
+ cat >&3 << __EOF__
+
setpolicy INPUT DROP
for chain in INPUT FORWARD; do
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
