~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
classify.m4: Reject the RFC5737 documentation-only addresses.
[firewall]
/
functions.m4
diff --git
a/functions.m4
b/functions.m4
index
891b037
..
2267af6
100644
(file)
--- a/
functions.m4
+++ b/
functions.m4
@@
-289,11
+289,12
@@
allowservices () {
## Add rules to CHAIN to allow NTP with NTPSERVERs.
ntpclient () {
set -e
## Add rules to CHAIN to allow NTP with NTPSERVERs.
ntpclient () {
set -e
- chain=$1; shift
- for ntp; do
- run iptables -A $chain -s $ntp -j ACCEPT \
- -p udp --source-port 123 --destination-port 123
- done
+ ntpchain=$1; shift
+
+ clearchain ntp-servers
+ for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
+ run iptables -A $ntpchain -j ntp-servers \
+ -p udp --source-port 123 --destination-port 123
}
## dnsresolver CHAIN
}
## dnsresolver CHAIN
@@
-389,6
+390,7
@@
defnetclass () {
## Pass 1. Establish the from_NAME and to_NAME constants, and the
## netclass's mask bit.
## Pass 1. Establish the from_NAME and to_NAME constants, and the
## netclass's mask bit.
+ trace "netclass $name = $netclassindex"
eval from_$name=$(( $netclassindex << $BIT_FROM ))
eval to_$name=$(( $netclassindex << $BIT_TO ))
eval _mask_$name=$(( 1 << ($netclassindex + $BIT_MASK) ))
eval from_$name=$(( $netclassindex << $BIT_FROM ))
eval to_$name=$(( $netclassindex << $BIT_TO ))
eval _mask_$name=$(( 1 << ($netclassindex + $BIT_MASK) ))