diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2011-12-08 14:49:58 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-12-08 15:40:10 +0000 |
| commit | 438e9609e25928bc0033ad9a29f628ee9b294af7 (patch) | |
| tree | 6b9d867db4636b54408bbbc2d9adf223d7502a15 /main/shorewall-shell | |
| parent | 4537a84f977343600a95b268579a092f74c67d22 (diff) | |
| download | aports-438e9609e25928bc0033ad9a29f628ee9b294af7.tar.bz2 aports-438e9609e25928bc0033ad9a29f628ee9b294af7.tar.xz | |
main/shorewall-shell: set all/rp_filter based on ROUTE_FILTER
The kernel changed behavior around 2.6.31. We need a way to turn off
rp_filter.
details:
http://article.gmane.org/gmane.comp.security.shorewall/23329/match=rp_filter
This will disable routefilter if ROUTE_FILTER=no in
/etc/shorewall/shorewall.conf default. To enable you will need set the
routefilter option in /etc/shorewall/interfaces
Diffstat (limited to 'main/shorewall-shell')
| -rw-r--r-- | main/shorewall-shell/APKBUILD | 6 | ||||
| -rw-r--r-- | main/shorewall-shell/shorewall-shell-rp_filter.patch | 17 |
2 files changed, 21 insertions, 2 deletions
diff --git a/main/shorewall-shell/APKBUILD b/main/shorewall-shell/APKBUILD index c04a3c15a..c2e1eefa1 100644 --- a/main/shorewall-shell/APKBUILD +++ b/main/shorewall-shell/APKBUILD @@ -2,7 +2,7 @@ pkgname=shorewall-shell _v=4.2.11 pkgver=4.2.11 -pkgrel=2 +pkgrel=3 pkgdesc="Shoreline Firewall shell-based compiler." url="http://www.shorewall.net/" arch="noarch" @@ -13,6 +13,7 @@ source="http://www.shorewall.net/pub/shorewall/${_v%.*}/shorewall-$_v/$pkgname-$ shorewall-policyrouting.patch shorewall-shell-ipset.patch shorewall-shell-providers-gateway-none.patch + shorewall-shell-rp_filter.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -33,4 +34,5 @@ build() { md5sums="518a7f389a6f606c109acb7dfbe18372 shorewall-shell-4.2.11.tar.bz2 64c01bc4f57203fb877bb334994eac38 shorewall-policyrouting.patch 79745ea284a08cb167b9a356ee0bff3b shorewall-shell-ipset.patch -66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch" +66b7249c5c56d104f62676c175e222d3 shorewall-shell-providers-gateway-none.patch +d5eadb6be45aa41f80669452baa853a6 shorewall-shell-rp_filter.patch" diff --git a/main/shorewall-shell/shorewall-shell-rp_filter.patch b/main/shorewall-shell/shorewall-shell-rp_filter.patch new file mode 100644 index 000000000..0e3174c92 --- /dev/null +++ b/main/shorewall-shell/shorewall-shell-rp_filter.patch @@ -0,0 +1,17 @@ +--- ./compiler.orig ++++ ./compiler +@@ -3991,12 +3991,12 @@ + __EOF__ + done + +- save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" +- + if [ "$ROUTE_FILTER" = yes ]; then + save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter" ++ save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" + elif [ "$ROUTE_FILTER" = no ]; then + save_command "echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter" ++ save_command "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter" + fi + + save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache" |