From bbbf5646f4d88ab79acd0fc900c93a322ea09b51 Mon Sep 17 00:00:00 2001 From: bbruns Date: Sat, 12 Apr 2014 19:07:19 +0000 Subject: [PATCH] --- CHANGELOG | 6 +++++- lib/iptables.inc | 10 +++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 67c6d9d..bf16db7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,7 +1,11 @@ 2.00 Alpha 2 - 04/11/2014 - Slightly better documentation - Kernel module loading - 4/11/2014 - - Add syn matching to acl.conf rules + - The next two changes affect config files: + - Add syn matching to acl.conf rules - this may break existing rules + - Add syn and port/protocol matching to forward.conf rules - this will not + break existing rules since it adds 4 new options at the end that can + be omitted completely. 2.00 Alpha 1 - 04/10/2014 - Complete code rewrite and restructure to solve some long standing issues with v1 diff --git a/lib/iptables.inc b/lib/iptables.inc index d20d0d9..2441e3b 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -378,9 +378,9 @@ function enable_forwarding { [[ ${syn} == "notsyn" ]] && syn="! --syn" [[ ${dstport} != "-" ]] && dstport="--dport ${dstport}" [[ ${srcport} != "-" ]] && srcport="--sport ${srcport}" - ([[ ${bidirectional} == "yes" ]] && [[ ${srcport} != "-" ]]) && revsrcport="--dport ${srcport}" - ([[ ${bidirectional} == "yes" ]] && [[ ${dstport} != "-" ]]) && revdstport="--sport ${dstport}" - [[ ${protocol} != "-" ]] && protocol="-p ${protocol}" + ([[ ${bidirectional} == "yes" ]] && [[ ${srcport} != "-" ]] && [[ ${srcport} != ""]]) && revsrcport="--dport ${srcport}" + ([[ ${bidirectional} == "yes" ]] && [[ ${dstport} != "-" ]] && [[ ${dstport} != ""]]) && revdstport="--sport ${dstport}" + ([[ ${protocol} != "-" ]] && [[ ${protocol} != ""]]) && protocol="-p ${protocol}" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${action} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${bidirectional} ${src-port} ${dst-port} ${protocol} ${syn}" @@ -389,8 +389,8 @@ function enable_forwarding { [[ ${dstinterface} == "-" ]] && dstinterface="" [[ ${dstaddress} == "-" ]] && dstaddress="" [[ ${srcaddress} == "-" ]] && srcaddress="" - [[ ${dstport} == "-" ]] && dstport="" - [[ ${srcport} == "-" ]] && srcport="" + ([[ ${dstport} == "-" ]] && [[ ${dstport} != ""]]) && dstport="" + ([[ ${srcport} == "-" ]] && [[ ${srcport} != ""]]) && srcport="" [[ ${syn} == "-" ]] && syn="" [[ ${bidirectional} == "-" ]] && bidirectional="no"