~ubuntu-branches/debian/sid/shorewall/sid

« back to all changes in this revision

Viewing changes to Perl/Shorewall/Misc.pm

• browse files at revision 69
• compare with another revision
• download diff
• download tarball
• view history from revision 69

Show diffs side-by-side

added

removed

Perl/Shorewall/Misc.pm

46

46

                  generate_matrix

47

47

                  );

48

48

our @EXPORT_OK = qw( initialize );

49

 

our $VERSION = '4.5_20';

 

49

our $VERSION = '4.5_21';

50

50

 

51

51

our $family;

52

52

 

983

983

        }

984

984

    }

985

985

 

986

 

    if ( have_capability( 'ADDRTYPE' ) ) {

987

 

        add_ijump $rejectref , j => 'DROP' , addrtype => '--src-type BROADCAST';

988

 

    } else {

989

 

        if ( $family == F_IPV4 ) {

990

 

            add_commands $rejectref, 'for address in $ALL_BCASTS; do';

991

 

        } else {

992

 

            add_commands $rejectref, 'for address in $ALL_ACASTS; do';

993

 

        }

994

 

 

995

 

        incr_cmd_level $rejectref;

996

 

        add_ijump $rejectref, j => 'DROP', d => '$address';

997

 

        decr_cmd_level $rejectref;

998

 

        add_commands $rejectref, 'done';

999

 

    }

1000

 

 

1001

 

    if ( $family == F_IPV4 ) {

1002

 

        add_ijump $rejectref , j => 'DROP', s => '224.0.0.0/4';

1003

 

    } else {

1004

 

        add_ijump $rejectref , j => 'DROP', s => IPv6_MULTICAST;

1005

 

    }

1006

 

 

1007

 

    add_ijump $rejectref , j => 'DROP', p => 2;

1008

 

    add_ijump $rejectref , j => 'REJECT', targetopts => '--reject-with tcp-reset', p => 6;

1009

 

 

1010

 

    if ( have_capability( 'ENHANCED_REJECT' ) ) {

1011

 

        add_ijump $rejectref , j => 'REJECT', p => 17;

1012

 

 

1013

 

        if ( $family == F_IPV4 ) {

1014

 

            add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-unreachable', p => 1;

1015

 

            add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-prohibited';

1016

 

        } else {

1017

 

            add_ijump $rejectref, j => 'REJECT --reject-with icmp6-addr-unreachable', p => 58;

1018

 

            add_ijump $rejectref, j => 'REJECT --reject-with icmp6-adm-prohibited';

1019

 

        }

1020

 

    } else {

1021

 

        add_ijump $rejectref , j => 'REJECT';

 

986

    unless ( $config{REJECT_ACTION} ) {

 

987

        if ( have_capability( 'ADDRTYPE' ) ) {

 

988

            add_ijump $rejectref , j => 'DROP' , addrtype => '--src-type BROADCAST';

 

989

        } else {

 

990

            if ( $family == F_IPV4 ) {

 

991

                add_commands $rejectref, 'for address in $ALL_BCASTS; do';

 

992

            } else {

 

993

                add_commands $rejectref, 'for address in $ALL_ACASTS; do';

 

994

            }

 

995

 

 

996

            incr_cmd_level $rejectref;

 

997

            add_ijump $rejectref, j => 'DROP', d => '$address';

 

998

            decr_cmd_level $rejectref;

 

999

            add_commands $rejectref, 'done';

 

1000

        }

 

1001

 

 

1002

        if ( $family == F_IPV4 ) {

 

1003

            add_ijump $rejectref , j => 'DROP', s => '224.0.0.0/4';

 

1004

        } else {

 

1005

            add_ijump $rejectref , j => 'DROP', s => IPv6_MULTICAST;

 

1006

        }

 

1007

 

 

1008

        add_ijump $rejectref , j => 'DROP', p => 2;

 

1009

        add_ijump $rejectref , j => 'REJECT', targetopts => '--reject-with tcp-reset', p => 6;

 

1010

 

 

1011

        if ( have_capability( 'ENHANCED_REJECT' ) ) {

 

1012

            add_ijump $rejectref , j => 'REJECT', p => 17;

 

1013

 

 

1014

            if ( $family == F_IPV4 ) {

 

1015

                add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-unreachable', p => 1;

 

1016

                add_ijump $rejectref, j => 'REJECT --reject-with icmp-host-prohibited';

 

1017

            } else {

 

1018

                add_ijump $rejectref, j => 'REJECT --reject-with icmp6-addr-unreachable', p => 58;

 

1019

                add_ijump $rejectref, j => 'REJECT --reject-with icmp6-adm-prohibited';

 

1020

            }

 

1021

        } else {

 

1022

            add_ijump $rejectref , j => 'REJECT';

 

1023

        }

1022

1024

    }

1023

1025

 

1024

1026

    $list = find_interfaces_by_option 'dhcp';

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1