/[smecontribs]/rpms/smeserver-coova-chilli/contribs7/smeserver-coova-chilli-0.2-allow_uamallowed.patch
ViewVC logotype

Annotation of /rpms/smeserver-coova-chilli/contribs7/smeserver-coova-chilli-0.2-allow_uamallowed.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon May 4 14:38:02 2009 UTC (15 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: smeserver-coova-chilli-0_2-14_el4_sme, smeserver-coova-chilli-0_2-17_el4_sme, smeserver-coova-chilli-0_2-16_el4_sme, smeserver-coova-chilli-0_2-13_el4_sme, smeserver-coova-chilli-0_2-19_el4_sme, smeserver-coova-chilli-0_2-12_el4_sme, smeserver-coova-chilli-0_2-18_el4_sme, smeserver-coova-chilli-0_2-20_el4_sme, smeserver-coova-chilli-0_2-15_el4_sme, HEAD
Add missing patch (locally generated)

1 vip-ire 1.1 --- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed 2008-09-02 13:28:02.000000000 +0200
2     +++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2009-03-13 09:11:24.000000000 +0100
3     @@ -14,12 +14,12 @@
4    
5     HERE
6    
7     -# Allow services specidied in AllowedOutgoing
8     +my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
9     +my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
10     +my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
11    
12     +# Allow services specidied in AllowedOutgoing
13     foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
14     - my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
15     - my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
16     - my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
17     # Check the rules has the form proto:remote_host:remote_port
18     next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
19     my @params = split(/:/, $_);
20     @@ -35,6 +35,22 @@
21     $OUT .= "-j ACCEPT\n"
22     }
23    
24     +foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){
25     + # Check the rules has the form proto:remote_host:remote_port
26     + # Or host:port or protocol:host
27     + next unless /^((tcp|TCP|udp|UDP):)?((${ReIpAddr})|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
28     + my $proto = $1;
29     + my $host = $2;
30     + my $dport = $3;
31     + $OUT .= " # $_ is allowed:\n";
32     + $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI ";
33     + $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
34     + $OUT .= "-d $host ";
35     + $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
36     + $OUT .= "--syn " if ($proto =~ /tcp/i);
37     + $OUT .= "-j ACCEPT\n"
38     +}
39     +
40     # Allow the two dns servers specified
41     $OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" .
42     " /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed