From 064fc3c41501e699e9b898994d74c2fe846037b6 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Wed, 16 Apr 2008 09:49:51 -0700 Subject: VC4.0.2 --- debian/changelog | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/debian/changelog b/debian/changelog index 32c601d..a2579e9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +vyatta-cfg-firewall (0.5) unstable; urgency=low + + VC4.0.2 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 3127: look for an exact match to replace/delete. + + [ Mark O'Brien ] + + -- Mark O'Brien Wed, 16 Apr 2008 09:49:51 -0700 + vyatta-cfg-firewall (0.4) unstable; urgency=low 3.0.2 -- cgit v1.2.3 From 019d7da7481bb91d00ce9c6f3337107e1e5796b5 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Wed, 16 Apr 2008 14:12:47 -0700 Subject: fix for bug 3167: get the actual return status from iptables. --- scripts/firewall/vyatta-firewall.pl | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index 374ef3c..c409f82 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -141,8 +141,8 @@ sub update_rules() { last; } system ("$logger Running: iptables --insert $name $iptablesrule $_"); - system ("iptables --insert $name $iptablesrule $_ 2>&1 | $logger") == 0 - || die "iptables error: $? - $_\n"; + system ("iptables --insert $name $iptablesrule $_"); + die "iptables error: $! - $_" if ($? >> 8); $iptablesrule++; } } elsif ("$rulehash{$rule}" eq "changed") { @@ -164,8 +164,8 @@ sub update_rules() { my $ipt_rules = $oldnode->get_num_ipt_rules(); for (1 .. $ipt_rules) { system ("$logger Running: iptables --delete $name $iptablesrule"); - system ("iptables --delete $name $iptablesrule 2>&1 | $logger") == 0 - || die "iptables error: $? - $rule\n"; + system ("iptables --delete $name $iptablesrule"); + die "iptables error: $! - $rule" if ($? >> 8); } foreach (@rule_strs) { @@ -173,8 +173,8 @@ sub update_rules() { last; } system ("$logger Running: iptables --insert $name $iptablesrule $_"); - system ("iptables --insert $name $iptablesrule $_ 2>&1 | $logger") == 0 - || die "iptables error: $? - $rule_str\n"; + system ("iptables --insert $name $iptablesrule $_"); + die "iptables error: $! - $rule_str" if ($? >> 8); $iptablesrule++; } } elsif ("$rulehash{$rule}" eq "deleted") { @@ -184,8 +184,8 @@ sub update_rules() { my $ipt_rules = $node->get_num_ipt_rules(); for (1 .. $ipt_rules) { system ("$logger Running: iptables --delete $name $iptablesrule"); - system ("iptables --delete $name $iptablesrule 2>&1 | $logger") == 0 - || die "iptables error: $? - $rule\n"; + system ("iptables --delete $name $iptablesrule"); + die "iptables error: $! - $rule" if ($? >> 8); } } } @@ -284,7 +284,7 @@ sub update_ints() { } system ("$logger Running: iptables $cmd"); - system("iptables $cmd 2>&1 | $logger"); + system("iptables $cmd"); exit 1 if ($? >> 8); if ($action eq 'replace' || $action eq 'delete') { @@ -365,7 +365,8 @@ sub setup_chain($) { $_ = $configured; if (!/^Chain $chain/) { - system("iptables --new-chain $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --new-chain: $?\n"; + system("iptables --new-chain $chain"); + die "iptables error: $chain --new-chain: $!" if ($? >> 8); add_default_drop_rule($chain); } } @@ -386,9 +387,11 @@ sub delete_chain($) { my $configured = `iptables -n -L $chain 2>&1 | head -1`; if ($configured =~ /^Chain $chain/) { - system("iptables --flush $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --flush: $?\n"; + system("iptables --flush $chain"); + die "iptables error: $chain --flush: $!" if ($? >> 8); if (!chain_referenced($chain)) { - system("iptables --delete-chain $chain 2>&1 | $logger") == 0 || die "iptables error: $chain --delete-chain: $?\n"; + system("iptables --delete-chain $chain"); + die "iptables error: $chain --delete-chain: $!" if ($? >> 8); } else { add_default_drop_rule($chain); } -- cgit v1.2.3 From 39ba6c4198867381cdf5218853f4bcbcea233e2e Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Wed, 16 Apr 2008 14:39:18 -0700 Subject: fix for bug 3167: disallow multiport specification if both source and destination ports are defined. --- scripts/firewall/VyattaIpTablesRule.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/firewall/VyattaIpTablesRule.pm b/scripts/firewall/VyattaIpTablesRule.pm index c2174c4..a4ec902 100644 --- a/scripts/firewall/VyattaIpTablesRule.pm +++ b/scripts/firewall/VyattaIpTablesRule.pm @@ -210,6 +210,12 @@ sub rule { return ($err_str, ) if (!defined($srcrule)); ($dstrule, $err_str) = $dst->rule(); return ($err_str, ) if (!defined($dstrule)); + if ((grep /multiport/, $srcrule) || (grep /multiport/, $dstrule)) { + if ((grep /sport/, $srcrule) && (grep /dport/, $dstrule)) { + return ('Cannot specify multiple ports when both ' + . 'source and destination ports are specified', ); + } + } $rule .= " $srcrule $dstrule "; my $chain = $self->{_name}; -- cgit v1.2.3 From ee9bc358266744dd09c768b01654e5a6c19fe841 Mon Sep 17 00:00:00 2001 From: Mark O'Brien Date: Sat, 19 Apr 2008 11:55:57 -0700 Subject: VC4.0.2 --- debian/changelog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/debian/changelog b/debian/changelog index a2579e9..2318686 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +vyatta-cfg-firewall (0.6) unstable; urgency=low + + VC4.0.2 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * fix for bug 3167: get the actual return status from iptables. + * fix for bug 3167: disallow multiport specification if both source + and + + [ Mark O'Brien ] + + -- Mark O'Brien Sat, 19 Apr 2008 11:55:56 -0700 + vyatta-cfg-firewall (0.5) unstable; urgency=low VC4.0.2 -- cgit v1.2.3 From 633d7559cc9acef41ebbf8ac2b49c2fb522fdce2 Mon Sep 17 00:00:00 2001 From: rbalocca Date: Mon, 21 Apr 2008 12:30:23 -0700 Subject: Indicate the VC4.0.2 release candidate in the changelog --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2318686..c06f47c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,7 +15,7 @@ vyatta-cfg-firewall (0.6) unstable; urgency=low vyatta-cfg-firewall (0.5) unstable; urgency=low - VC4.0.2 + VC4.0.2 release candidate [ Mark O'Brien ] -- cgit v1.2.3