Menu
▾
▴
[Routingtools-cvs] tools/rc.d firewall,1.27,1.28
|
From: <hur...@us...> - 2004-02-13 17:57:16
|
Update of /cvsroot/routingtools/tools/rc.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30327 Modified Files: firewall Log Message: - changed rp_filter behavior - made use of iptables module for using shorthand --syn instead of specifying long --tcp-flags Index: firewall =================================================================== RCS file: /cvsroot/routingtools/tools/rc.d/firewall,v retrieving revision 1.27 retrieving revision 1.28 diff -C2 -d -r1.27 -r1.28 *** firewall 15 Nov 2003 13:20:54 -0000 1.27 --- firewall 13 Feb 2004 17:51:27 -0000 1.28 *************** *** 253,257 **** echo -n " mss clamping " ! $IPTABLES -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu echo -e "$rc_done" --- 253,257 ---- echo -n " mss clamping " ! $IPTABLES -I FORWARD -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu echo -e "$rc_done" *************** *** 265,269 **** kerneldevs=${IF_WORLD/+/*} for world in `cd /proc/sys/net/ipv4/conf; ls -d $kerneldevs default`; do ! echo 1 > /proc/sys/net/ipv4/conf/$world/rp_filter echo 1 > /proc/sys/net/ipv4/conf/$world/log_martians echo 0 > /proc/sys/net/ipv4/conf/$world/accept_source_route --- 265,269 ---- kerneldevs=${IF_WORLD/+/*} for world in `cd /proc/sys/net/ipv4/conf; ls -d $kerneldevs default`; do ! echo 2 > /proc/sys/net/ipv4/conf/$world/rp_filter echo 1 > /proc/sys/net/ipv4/conf/$world/log_martians echo 0 > /proc/sys/net/ipv4/conf/$world/accept_source_route *************** *** 345,348 **** --- 345,352 ---- # # $Log$ + # Revision 1.28 2004/02/13 17:51:27 hurikhan + # - changed rp_filter behavior + # - made use of iptables module for using shorthand --syn instead of specifying long --tcp-flags + # # Revision 1.27 2003/11/15 13:20:54 hurikhan # - block unclean packets in first place so they never get forwarded to |
