extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-08 22:11:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restore order in the NFACCT target.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-19 11:11:37 -07:00
parent 6c2679ce75
commit 1fd62e1612
3 changed files with 4 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -6951,7 +6951,7 @@ sub expand_rule( $$$$$$$$$$;$ )
{ {
my ($chainref , # Chain my ($chainref , # Chain
$restriction, # Determines what to do with interface names in the SOURCE or DEST $restriction, # Determines what to do with interface names in the SOURCE or DEST
$rule, # Caller's matches that don't depend on the SOURCE, DEST and ORIGINAL DEST $callersrule, # Caller's matches that don't depend on the SOURCE, DEST and ORIGINAL DEST
$source, # SOURCE $source, # SOURCE
$dest, # DEST $dest, # DEST
$origdest, # ORIGINAL DEST $origdest, # ORIGINAL DEST
@ -6971,6 +6971,7 @@ sub expand_rule( $$$$$$$$$$;$ )
my ( $jump, $mac, $targetref, $basictarget ); my ( $jump, $mac, $targetref, $basictarget );
our @ends = (); our @ends = ();
my $deferdns = $config{DEFER_DNS_RESOLUTION}; my $deferdns = $config{DEFER_DNS_RESOLUTION};
my $rule = '';
if ( $target ) { if ( $target ) {
( $basictarget, my $rest ) = split ' ', $target, 2; ( $basictarget, my $rest ) = split ' ', $target, 2;
@ -7077,7 +7078,7 @@ sub expand_rule( $$$$$$$$$$;$ )
# #
( $rule, $done ) = handle_exclusion( $disposition, ( $rule, $done ) = handle_exclusion( $disposition,
$table, $table,
$rule, $rule . $callersrule,
$restriction, $restriction,
$inets, $inets,
$iexcl, $iexcl,
@ -7114,7 +7115,7 @@ sub expand_rule( $$$$$$$$$$;$ )
for my $dnet ( split_host_list( $dnets, $deferdns ) ) { for my $dnet ( split_host_list( $dnets, $deferdns ) ) {
$source_match = match_source_net( $inet, $restriction, $mac ) unless $globals{KLUDGEFREE}; $source_match = match_source_net( $inet, $restriction, $mac ) unless $globals{KLUDGEFREE};
my $dest_match = match_dest_net( $dnet, $restriction ); my $dest_match = match_dest_net( $dnet, $restriction );
my $matches = join( '', $rule, $source_match, $dest_match, $onet ); my $matches = join( '', $source_match, $dest_match, $onet, $rule, $callersrule );
my $cond3 = conditional_rule( $chainref, $dnet ); my $cond3 = conditional_rule( $chainref, $dnet );

8
Shorewall/manpages/shorewall-accounting.xml
View File

@ -312,14 +312,6 @@
<replaceable>object</replaceable> could be specified. <replaceable>object</replaceable> could be specified.
Beginning with Shorewall 4.5.16, an arbitrary number of Beginning with Shorewall 4.5.16, an arbitrary number of
objects may be given.</para> objects may be given.</para>
<caution>
<para>If you specify ipset names in the SOURCE or
DESTINATION columns, you should not use NFACCT in the ACTION
column. You should rather use COUNT and specify the nfacct
object(s) together with the ipset. See <ulink
url="shorewall-ipsets.html">shorewall-ipsets</ulink>(5).</para>
</caution>
</listitem> </listitem>
</varlistentry> </varlistentry>

8
Shorewall6/manpages/shorewall6-accounting.xml
View File

@ -254,14 +254,6 @@
<replaceable>object</replaceable> could be specified. <replaceable>object</replaceable> could be specified.
Beginning with Shorewall 4.5.16, an arbitrary number of Beginning with Shorewall 4.5.16, an arbitrary number of
objects may be given.</para> objects may be given.</para>
<caution>
<para>If you specify ipset names in the SOURCE or
DESTINATION columns, you should not use NFACCT in the ACTION
column. You should rather use COUNT and specify the nfacct
object(s) together with the ipset. See <ulink
url="shorewall-ipsets.html">shorewall6-ipsets</ulink>(5).</para>
</caution>
</listitem> </listitem>
</varlistentry> </varlistentry>