mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
Don't lookup standard target if target is an action, macro, or chain
This commit is contained in:
Tom Eastep
parent
97672455b2
commit
14c4bd99aa
@ -44,7 +44,7 @@ our @EXPORT = qw(
|
||||
);
|
||||
|
||||
our @EXPORT_OK = qw( initialize );
|
||||
our $VERSION = '4.4_16';
|
||||
our $VERSION = '4.4_17';
|
||||
|
||||
our %macros;
|
||||
|
||||
@ -1020,32 +1020,34 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
|
||||
#
|
||||
my $log_action = $action;
|
||||
|
||||
if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
|
||||
if ( $shorewall_target == TGT_REDIRECT ) {
|
||||
my $z = $actiontype & NATONLY ? '' : firewall_zone;
|
||||
if ( $dest eq '-' ) {
|
||||
$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
|
||||
} elsif ( $inaction ) {
|
||||
$dest = ":$dest";
|
||||
} else {
|
||||
$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
|
||||
unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
|
||||
if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
|
||||
if ( $shorewall_target == TGT_REDIRECT ) {
|
||||
my $z = $actiontype & NATONLY ? '' : firewall_zone;
|
||||
if ( $dest eq '-' ) {
|
||||
$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
|
||||
} elsif ( $inaction ) {
|
||||
$dest = ":$dest";
|
||||
} else {
|
||||
$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
|
||||
}
|
||||
} elsif ( $shorewall_target == TGT_REJECT ) {
|
||||
$action = 'reject';
|
||||
} elsif ( $shorewall_target == TGT_CONTINUE ) {
|
||||
$action = 'RETURN';
|
||||
} elsif ( $shorewall_target == TGT_COUNT ) {
|
||||
$action = '';
|
||||
} elsif ( $shorewall_target == TGT_LOG ) {
|
||||
fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
|
||||
} elsif ( $actiontype & SET ) {
|
||||
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
||||
|
||||
my ( $setname, $flags, $rest ) = split ':', $param, 3;
|
||||
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
||||
fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
|
||||
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
||||
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
||||
}
|
||||
} elsif ( $shorewall_target == TGT_REJECT ) {
|
||||
$action = 'reject';
|
||||
} elsif ( $shorewall_target == TGT_CONTINUE ) {
|
||||
$action = 'RETURN';
|
||||
} elsif ( $shorewall_target == TGT_COUNT ) {
|
||||
$action = '';
|
||||
} elsif ( $shorewall_target == TGT_LOG ) {
|
||||
fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
|
||||
} elsif ( $actiontype & SET ) {
|
||||
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
||||
|
||||
my ( $setname, $flags, $rest ) = split ':', $param, 3;
|
||||
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
||||
fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
|
||||
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
||||
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
||||
}
|
||||
}
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user