On 05/17/2011 08:03 PM, Mr Dash Four wrote: > so it looks as though there are two possible solutions: 1) new > implementation of a whitelist in shorewall; or 2) I stick to my own > solution and use the hack I listed in the first post of this thread.
Please give the attached patch a try. It treats entries that begin with
w: (or W:) as whitelist entries.
If you use the ipset 'whitelist' as your whitelist, then you can place
the following in your blacklist file:
W:+whitelist
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index f3dda3f..71478d9 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -249,6 +249,8 @@ sub setup_blacklist() {
my ( $to, $from ) = ( 0, 0 );
+ my $tgt = ( $networks =~ s/^[wW]:// ) ? 'RETURN' : $target;
+
for ( split /,/, $options ) {
if ( $_ =~ /^(?:from|src)$/ ) {
if ( $from++ ) {
@@ -262,9 +264,9 @@ sub setup_blacklist() {
$networks,
'',
'' ,
- $target ,
+ $tgt ,
'' ,
- $target ,
+ $tgt ,
'' );
} else {
warning_message '"src" entry ignored because there are no "blacklist in" zones';
@@ -282,9 +284,9 @@ sub setup_blacklist() {
'',
$networks,
'' ,
- $target ,
+ $tgt ,
'' ,
- $target ,
+ $tgt ,
'' );
} else {
warning_message '"dst" entry ignored because there are no "blacklist out" zones';
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
