mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 11:04:03 +01:00
Merge branch '4.4.21'
This commit is contained in:
commit
029ac610fe
@ -1829,13 +1829,16 @@ sub pop_action_params( $ ) {
|
||||
}
|
||||
|
||||
sub default_action_params {
|
||||
my $val;
|
||||
my $action = shift;
|
||||
my ( $val, $i );
|
||||
|
||||
for ( my $i = 1; 1; $i++ ) {
|
||||
for ( $i = 1; 1; $i++ ) {
|
||||
last unless defined ( $val = shift );
|
||||
my $curval = $actparms[$i];
|
||||
$actparms[$i] =$val eq '-' ? '' : $val eq '--' ? '-' : $val unless supplied( $curval );
|
||||
}
|
||||
|
||||
fatal_error "Too Many arguments to action $action" if defined $actparms[$i];
|
||||
}
|
||||
|
||||
sub get_action_params( $ ) {
|
||||
|
@ -1148,63 +1148,6 @@ sub map_old_actions( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
|
||||
|
||||
sub ensure_audit_chain( $;$$ ) {
|
||||
my ( $target, $action, $tgt ) = @_;
|
||||
|
||||
push_comment( '' );
|
||||
|
||||
my $ref = $filter_table->{$target};
|
||||
|
||||
unless ( $ref ) {
|
||||
$ref = new_chain 'filter', $target;
|
||||
|
||||
unless ( $action ) {
|
||||
$action = $target;
|
||||
$action =~ s/^A_//;
|
||||
}
|
||||
|
||||
$tgt ||= $action;
|
||||
|
||||
if ( $config{FAKE_AUDIT} ) {
|
||||
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
|
||||
} else {
|
||||
add_rule $ref, '-j AUDIT --type ' . lc $action;
|
||||
}
|
||||
|
||||
|
||||
if ( $tgt eq 'REJECT' ) {
|
||||
add_jump $ref , 'reject', 1;
|
||||
} else {
|
||||
add_jump $ref , $tgt, 0;
|
||||
}
|
||||
}
|
||||
|
||||
pop_comment;
|
||||
|
||||
return $target;
|
||||
}
|
||||
|
||||
#
|
||||
# Return the appropriate target based on whether the second argument is 'audit'
|
||||
#
|
||||
|
||||
sub require_audit($$;$) {
|
||||
my ($action, $audit, $tgt ) = @_;
|
||||
|
||||
return $action unless supplied $audit;
|
||||
|
||||
my $target = 'A_' . $action;
|
||||
|
||||
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
|
||||
|
||||
require_capability 'AUDIT_TARGET', 'audit', 's';
|
||||
|
||||
return ensure_audit_chain $target, $action, $tgt;
|
||||
}
|
||||
|
||||
#
|
||||
# The following small functions generate rules for the builtin actions of the same name
|
||||
#
|
||||
@ -1496,7 +1439,7 @@ sub process_action( $) {
|
||||
}
|
||||
|
||||
if ( $target eq 'DEFAULTS' ) {
|
||||
default_action_params( split_list $source, 'defaults' ), next if $format == 2;
|
||||
default_action_params( $action, split_list $source, 'defaults' ), next if $format == 2;
|
||||
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
|
||||
}
|
||||
|
||||
|
@ -39,9 +39,7 @@ FORMAT 2
|
||||
BEGIN PERL
|
||||
use Shorewall::Config;
|
||||
|
||||
my ( $p1, $p2, $p3 , $p4, $p5, $p6 ) = get_action_params( 6 );
|
||||
|
||||
fatal_error "Too many parameters to Drop" if defined $p6;
|
||||
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
|
||||
|
||||
if ( defined $p1 ) {
|
||||
if ( $p1 eq 'audit' ) {
|
||||
|
@ -35,9 +35,7 @@ FORMAT 2
|
||||
BEGIN PERL
|
||||
use Shorewall::Config;
|
||||
|
||||
my ( $p1, $p2, $p3 , $p4, $p5, $p6 ) = get_action_params( 6 );
|
||||
|
||||
fatal_error "Too many parameters to Reject" if defined $p6;
|
||||
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
|
||||
|
||||
if ( defined $p1 ) {
|
||||
if ( $p1 eq 'audit' ) {
|
||||
|
@ -4,6 +4,14 @@ Changes in Shorewall 4.4.21 Final
|
||||
|
||||
2) Make 'fallback' and 'balance' mutually exclusive.
|
||||
|
||||
3) Generate error if too many parameters to a function with DEFAULT
|
||||
|
||||
4) Prepare for more parameterized actions
|
||||
|
||||
5) Fix parameter push/pop in process_action()
|
||||
|
||||
6) Add comment push/pop in process_action()
|
||||
|
||||
Changes in Shorewall 4.4.21 RC 1
|
||||
|
||||
1) Fix empty parameter lists in _DEFAULT settings.
|
||||
|
@ -67,6 +67,10 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
is the default value for the second parameter and so on. To specify
|
||||
an empty default, use '-'.
|
||||
|
||||
The DEFAULTS directive also determines the maximum number of
|
||||
parameters that an action may have. If more parameters are passed
|
||||
than have default values, an error message is issued.
|
||||
|
||||
3) Parameterized macros may now specify a default parameter value
|
||||
using the DEFAULT directive.
|
||||
|
||||
|
@ -386,6 +386,10 @@ REDIRECT net - tcp 80 - 1.2.3.4</programlisting>
|
||||
first parameter, <replaceable>def2</replaceable> is the default value
|
||||
for the second parameter and so on. You can specify an empty default
|
||||
using '-' (e.g. DEFAULTS DROP,-,audit).</para>
|
||||
|
||||
<para>The DEFAULTS directive also determines the maximum number of
|
||||
parameters that an action may have. If more parameters are passed than
|
||||
have default values, an error message is issued. </para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
Loading…
Reference in New Issue
Block a user