Hello community, here is the log from the commit of package SuSEfirewall2 checked in at Tue Jun 6 12:44:32 CEST 2006. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2006-05-22 13:39:52.000000000 +0200 +++ SuSEfirewall2/SuSEfirewall2.changes 2006-06-06 09:17:08.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Jun 6 09:16:53 CEST 2006 - lnussel@suse.de + +- install rule for interface 'any' last in order to make it work + with additional zones like DMZ (#181308) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.4_SVNr143.tar.bz2 New: ---- SuSEfirewall2-3.4_SVNr144.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.Jc8qr9/_old 2006-06-06 12:43:59.000000000 +0200 +++ /var/tmp/diff_new_pack.Jc8qr9/_new 2006-06-06 12:43:59.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.4_SVNr143) +# spec file for package SuSEfirewall2 (Version 3.4_SVNr144) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,7 +12,7 @@ # icecream 0 Name: SuSEfirewall2 -Version: 3.4_SVNr143 +Version: 3.4_SVNr144 Release: 1 License: GPL Group: Productivity/Networking/Security @@ -205,6 +205,9 @@ rm -rf %{buildroot} %changelog -n SuSEfirewall2 +* Tue Jun 06 2006 - lnussel@suse.de +- install rule for interface 'any' last in order to make it work + with additional zones like DMZ (#181308) * Mon May 22 2006 - lnussel@suse.de - fix FW_FORWARD not working with ipsec flag (#170530) * Thu Mar 30 2006 - lnussel@suse.de ++++++ SuSEfirewall2-3.4_SVNr143.tar.bz2 -> SuSEfirewall2-3.4_SVNr144.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.4_SVNr143/SuSEfirewall2 new/SuSEfirewall2-3.4_SVNr144/SuSEfirewall2 --- old/SuSEfirewall2-3.4_SVNr143/SuSEfirewall2 2006-05-22 11:42:07.000000000 +0200 +++ new/SuSEfirewall2-3.4_SVNr144/SuSEfirewall2 2006-06-06 09:08:21.000000000 +0200 @@ -1098,6 +1098,7 @@ local dev local devs local any + local anyzone='' for iptables in "$IPTABLES" "$IP6TABLES"; do for zone in $saved_input_zones; do @@ -1107,9 +1108,17 @@ done eval any="\$DEV_${zone}_ANY" if [ "$any" = 'yes' ]; then - $iptables -A INPUT -j input_$zone + if [ -n "$anyzone" ]; then + [ "$iptables" != ':' ] && warning "interface 'any' already in zone '$anyzone', ignoring '$zone'" + else + anyzone=$zone + fi fi done + if [ -n "$anyzone" ]; then + $iptables -A INPUT -j input_$anyzone + anyzone='' + fi if [ "$FW_ROUTE" = yes ]; then for zone in $forward_zones; do eval devs="\$FW_DEV_$zone" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org