rpms/shorewall/F-9 patch-common-4.0.10-1.diff, NONE, 1.1 patch-perl-4.0.10-1.diff, NONE, 1.1
Jonathan G. Underwood (jgu)
fedora-extras-commits at redhat.com
Sun May 4 22:52:26 UTC 2008
Author: jgu
Update of /cvs/extras/rpms/shorewall/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30630
Added Files:
patch-common-4.0.10-1.diff patch-perl-4.0.10-1.diff
Log Message:
Add patch-perl-4.0.10-1.diff and patch-common-4.0.10-1.diff
patch-common-4.0.10-1.diff:
--- NEW FILE patch-common-4.0.10-1.diff ---
Index: firewall
===================================================================
--- firewall (revision 8390)
+++ firewall (working copy)
@@ -486,9 +486,12 @@
[ $# -gt 1 ] && [ "$1" = "nolock" ] && { NOLOCK=Yes; shift ; }
SHAREDIR=/usr/share/shorewall
-VARDIR=/var/lib/shorewall
CONFDIR=/etc/shorewall
+[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir ]
+
+[ -n "${VARDIR:=/var/lib/shorewall}" ]
+
for library in lib.base lib.config; do
FUNCTIONS=${SHAREDIR}/${library}
patch-perl-4.0.10-1.diff:
--- NEW FILE patch-perl-4.0.10-1.diff ---
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm (revision 8422)
+++ Shorewall/Rules.pm (working copy)
@@ -444,7 +444,7 @@
my $desti = match_dest_dev $interface;
emit "\$IPTABLES -A INPUT $sourcei $source -j ACCEPT";
- emit "\$IPTABLES -A OUTPUT $desti $dest -j ACCEPT" if $config{ADMINISABSENTMINDED};
+ emit "\$IPTABLES -A OUTPUT $desti $dest -j ACCEPT" unless $config{ADMINISABSENTMINDED};
my $matched = 0;
@@ -550,11 +550,12 @@
}
}
- add_rule $rejectref , '-p tcp -j REJECT --reject-with tcp-reset';
+ add_rule $rejectref , '-p 2 -j DROP';
+ add_rule $rejectref , '-p 6 -j REJECT --reject-with tcp-reset';
if ( $capabilities{ENHANCED_REJECT} ) {
- add_rule $rejectref , '-p udp -j REJECT';
- add_rule $rejectref, '-p icmp -j REJECT --reject-with icmp-host-unreachable';
+ add_rule $rejectref , '-p 17 -j REJECT';
+ add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
} else {
add_rule $rejectref , '-j REJECT';
More information about the scm-commits
mailing list