rpms/shorewall/F-7 patch-common-4.0.10-1.diff, NONE, 1.1 patch-perl-4.0.10-1.diff, NONE, 1.1

Jonathan G. Underwood (jgu) fedora-extras-commits at redhat.com
Sun May 4 22:51:19 UTC 2008 

Author: jgu

Update of /cvs/extras/rpms/shorewall/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30490

Added Files:
	patch-common-4.0.10-1.diff patch-perl-4.0.10-1.diff 
Log Message:
Add patch-perl-4.0.10-1.diff and patch-common-4.0.10-1.diff

patch-common-4.0.10-1.diff:

--- NEW FILE patch-common-4.0.10-1.diff ---
Index: firewall
===================================================================
--- firewall	(revision 8390)
+++ firewall	(working copy)
@@ -486,9 +486,12 @@
 [ $# -gt 1 ] && [ "$1" = "nolock" ] && { NOLOCK=Yes; shift ; }
 
 SHAREDIR=/usr/share/shorewall
-VARDIR=/var/lib/shorewall
 CONFDIR=/etc/shorewall
 
+[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir ]
+
+[ -n "${VARDIR:=/var/lib/shorewall}" ]
+
 for library in lib.base lib.config; do
     FUNCTIONS=${SHAREDIR}/${library}
 

patch-perl-4.0.10-1.diff:

--- NEW FILE patch-perl-4.0.10-1.diff ---
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm	(revision 8422)
+++ Shorewall/Rules.pm	(working copy)
@@ -444,7 +444,7 @@
 	my $desti   = match_dest_dev $interface;
 
 	emit "\$IPTABLES -A INPUT $sourcei $source -j ACCEPT";
-	emit "\$IPTABLES -A OUTPUT $desti $dest -j ACCEPT"    if $config{ADMINISABSENTMINDED};
+	emit "\$IPTABLES -A OUTPUT $desti $dest -j ACCEPT" unless $config{ADMINISABSENTMINDED};
 
 	my $matched = 0;
 
@@ -550,11 +550,12 @@
 	}
     }
 
-    add_rule $rejectref , '-p tcp -j REJECT --reject-with tcp-reset';
+    add_rule $rejectref , '-p 2 -j DROP';
+    add_rule $rejectref , '-p 6 -j REJECT --reject-with tcp-reset';
 
     if ( $capabilities{ENHANCED_REJECT} ) {
-	add_rule $rejectref , '-p udp -j REJECT';
-	add_rule $rejectref, '-p icmp -j REJECT --reject-with icmp-host-unreachable';
+	add_rule $rejectref , '-p 17 -j REJECT';
+	add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
 	add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
     } else {
 	add_rule $rejectref , '-j REJECT';

More information about the fedora-extras-commits mailing list