extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-16 01:39:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix several problems with 'all' processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6037 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-20 16:47:04 +00:00
parent 5fe9aa1c94
commit 2ebfa7c88f
3 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -26,6 +26,8 @@ Changes in 3.9.3
13) Add check for firewall zone existance.
14) Add checks for zone existance in 'all' processing.
Changes in 3.9.2
1) Implement '-C {shell|perl}'.

4
Shorewall-common/releasenotes.txt
View File

@ -61,6 +61,10 @@ Problems corrected in Shorewall 3.9.3
11) The Shorewall-perl compiler now raises an error if there is no
firewall zone declared.
12) If 'all' appeared in the SOURCE column and an undefined zone was
specified in the DEST column of /etc/shorewall/rules, then a Perl
run-time diagnostic was produced.
Other changes in Shorewall 3.9.3
1) An 'optional' option has been added to

32
Shorewall-perl/Shorewall/Rules.pm
View File

@ -1188,18 +1188,40 @@ sub process_rule ( $$$$$$$$$ ) {
}
} else {
my $destzone = (split /:/, $dest)[0];
fatal_error "Unknown destination zone ($destzone)" unless $zones{$destzone};
my $policychainref = $filter_table->{"${zone}2${destzone}"}{policychain};
if ( $policychainref->{policy} ne 'NONE' ) {
fatal_error "No policy from zone $zone to zone $destzone" unless $policychainref;
if ( ( ( my $policy ) = $policychainref->{policy} ) ne 'NONE' ) {
if ( $optimize > 0 ) {
my $loglevel = $policychainref->{loglevel};
if ( $loglevel ) {
next if $target eq "${policy}:$loglevel}";
} else {
next if $action eq $policy;
}
}
process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user;
}
}
}
}
} elsif ( $dest eq 'all' ) {
for my $zone1 ( @zones ) {
my $zone = ( split /:/, $source )[0];
if ( ( $includedstfw || ( $zones{$zone1}{type} ne 'firewall') ) &&( ( $zone ne $zone1 ) || $intrazone) ) {
process_rule1 $target, $source, $zone1 , $proto, $ports, $sports, $origdest, $ratelimit, $user;
for my $zone ( @zones ) {
my $sourcezone = ( split /:/, $source )[0];
if ( ( $includedstfw || ( $zones{$zone}{type} ne 'firewall') ) && ( ( $sourcezone ne $zone ) || $intrazone) ) {
fatal_error "Unknown source zone ($sourcezone)" unless $zones{$sourcezone};
my $policychainref = $filter_table->{"${sourcezone}2${zone}"}{policychain};
if ( ( ( my $policy ) = $policychainref->{policy} ) ne 'NONE' ) {
if ( $optimize > 0 ) {
my $loglevel = $policychainref->{loglevel};
if ( $loglevel ) {
next if $target eq "${policy}:$loglevel}";
} else {
next if $action eq $policy;
}
}
}
process_rule1 $target, $source, $zone , $proto, $ports, $sports, $origdest, $ratelimit, $user;
}
}
} else {