Overview

File SuSEfirewall2-3.6_SVNr211.diff of Package SuSEfirewall2

From 29a22da3f463b8b6cb653380afaa133b7caab187 Mon Sep 17 00:00:00 2001
From: lnussel <lnussel@b36d0de6-17df-0310-aa5c-c2ebc275e154>
Date: Fri, 23 Jan 2009 09:37:12 +0000
Subject: [PATCH] allow service files to specify kernel modules and allow related packets

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@211 b36d0de6-17df-0310-aa5c-c2ebc275e154
---
 SuSEfirewall2                  |   11 +++++++++++
 SuSEfirewall2.service.TEMPLATE |   18 ++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/SuSEfirewall2 b/SuSEfirewall2
index 7cab747..6873ddd 100755
--- a/SuSEfirewall2
+++ b/SuSEfirewall2
@@ -1076,6 +1076,8 @@ parse_configurations()
 	    local RPC=''
 	    local IP=''
 	    local BROADCAST=''
+	    local RELATED=''
+	    local MODULES=''
 
 	    # XXX: could use a sub shell in order to enforce use of known variables only
 	    if [ ! -r $CONFIGURATIONSDIR_0/$config ] || ! . $CONFIGURATIONSDIR_0/$config; then
@@ -1097,6 +1099,15 @@ parse_configurations()
 		    eval $var="\"\$$var \$BROADCAST\""
 		fi
 	    fi
+	    
+	    if [ -n "$RELATED" ]; then
+		eval FW_SERVICES_ACCEPT_RELATED_`cibiz $zone`="\"\$FW_SERVICES_ACCEPT_RELATED_`cibiz $zone` \$RELATED\""
+	    fi
+
+	    if [ -n "$MODULES" ]; then
+		eval FW_LOAD_MODULES="\"\$FW_LOAD_MODULES \$MODULES\""
+	    fi
+
 	done
     done
 }
diff --git a/SuSEfirewall2.service.TEMPLATE b/SuSEfirewall2.service.TEMPLATE
index 9a5622d..7771036 100644
--- a/SuSEfirewall2.service.TEMPLATE
+++ b/SuSEfirewall2.service.TEMPLATE
@@ -1,8 +1,10 @@
 # Do not edit this file as it's just a template and will be
 # overwritten on package updates! Copy to a new file instead.
+# Fill in the required variables and delete the unused ones.
+# If in doubt ask security@suse.de
 #
-# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
-# More may be supported in the future.
+# Only the variables TCP, UDP, RPC, IP, BROADCAST, RELATED and
+# MODULES are allowed. More may be supported in the future.
 #
 # For a more detailed description of the individual variables see
 # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2
@@ -25,3 +27,15 @@ IP=""
 
 # space separated list of allowed UDP broadcast ports
 BROADCAST=""
+
+### variables below are only needed in very special cases
+
+# space separated list of net,protocol[,sport[,dport]]
+# see FW_SERVICES_ACCEPT_RELATED_EXT
+# net 0/0 means IPv4 and IPv6. If this sevice should only work for
+# IPv4 use 0.0.0.0/0
+RELATED=""
+
+# additional kernel modules needed for this service
+# see FW_LOAD_MODULES
+MODULES=""
-- 
1.6.0.2
openSUSE Build Service is sponsored by
Places