To be compatible with old rules all will be translated to tcp and udp
like in earlier versions of outgoingfw. So all is not doing what you
expect, but if we change this all old rules using all and ports need to
be translated to udp or tcp.
When using GRE and ESP ports will be ignored.
@proto = ("esp");
} elsif ($configline[3] eq 'gre') {
@proto = ("gre");
- } elsif ($configline[3] eq 'tcp&udp') {
- @proto = ("tcp","udp");
} else {
- @proto = ("all");
+ @proto = ("tcp","udp");
}
+
foreach $PROTO (@proto) {
$CMD = "/sbin/iptables -A OUTGOINGFW -s $SOURCE -d $DESTINATION -p $PROTO";
- if ($configline[8]) {
+ if ($configline[8] && $configline[3] ne 'esp' && $configline[3] ne 'gre') {
$DPORT = "$configline[8]";
$CMD = "$CMD --dport $DPORT";
- }
+ }
if ($DEV) {
$CMD = "$CMD -i $DEV";
<option value='udp' $selected{'PROT'}{'udp'}>UDP</option>
<option value='gre' $selected{'PROT'}{'gre'}>GRE</option>
<option value='esp' $selected{'PROT'}{'esp'}>ESP</option>
- <option value='tcp&udp' $selected{'PROT'}{'tcp&udp'}>TCP & UDP</option>
</select>
<td width='20%' align='right' colspan='2'>$Lang::tr{'policy'}:
<td width='30%' align='left' colspan='2'>
projects / people / pmueller / ipfire-2.x.git / commitdiff
