mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-25 04:01:45 +02:00
Fix several problems with 'all' processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6037 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
5fe9aa1c94
commit
2ebfa7c88f
@ -26,6 +26,8 @@ Changes in 3.9.3
|
|||||||
|
|
||||||
13) Add check for firewall zone existance.
|
13) Add check for firewall zone existance.
|
||||||
|
|
||||||
|
14) Add checks for zone existance in 'all' processing.
|
||||||
|
|
||||||
Changes in 3.9.2
|
Changes in 3.9.2
|
||||||
|
|
||||||
1) Implement '-C {shell|perl}'.
|
1) Implement '-C {shell|perl}'.
|
||||||
|
|||||||
@ -61,6 +61,10 @@ Problems corrected in Shorewall 3.9.3
|
|||||||
11) The Shorewall-perl compiler now raises an error if there is no
|
11) The Shorewall-perl compiler now raises an error if there is no
|
||||||
firewall zone declared.
|
firewall zone declared.
|
||||||
|
|
||||||
|
12) If 'all' appeared in the SOURCE column and an undefined zone was
|
||||||
|
specified in the DEST column of /etc/shorewall/rules, then a Perl
|
||||||
|
run-time diagnostic was produced.
|
||||||
|
|
||||||
Other changes in Shorewall 3.9.3
|
Other changes in Shorewall 3.9.3
|
||||||
|
|
||||||
1) An 'optional' option has been added to
|
1) An 'optional' option has been added to
|
||||||
|
|||||||
@ -1188,18 +1188,40 @@ sub process_rule ( $$$$$$$$$ ) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
my $destzone = (split /:/, $dest)[0];
|
my $destzone = (split /:/, $dest)[0];
|
||||||
|
fatal_error "Unknown destination zone ($destzone)" unless $zones{$destzone};
|
||||||
my $policychainref = $filter_table->{"${zone}2${destzone}"}{policychain};
|
my $policychainref = $filter_table->{"${zone}2${destzone}"}{policychain};
|
||||||
if ( $policychainref->{policy} ne 'NONE' ) {
|
fatal_error "No policy from zone $zone to zone $destzone" unless $policychainref;
|
||||||
|
if ( ( ( my $policy ) = $policychainref->{policy} ) ne 'NONE' ) {
|
||||||
|
if ( $optimize > 0 ) {
|
||||||
|
my $loglevel = $policychainref->{loglevel};
|
||||||
|
if ( $loglevel ) {
|
||||||
|
next if $target eq "${policy}:$loglevel}";
|
||||||
|
} else {
|
||||||
|
next if $action eq $policy;
|
||||||
|
}
|
||||||
|
}
|
||||||
process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user;
|
process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} elsif ( $dest eq 'all' ) {
|
} elsif ( $dest eq 'all' ) {
|
||||||
for my $zone1 ( @zones ) {
|
for my $zone ( @zones ) {
|
||||||
my $zone = ( split /:/, $source )[0];
|
my $sourcezone = ( split /:/, $source )[0];
|
||||||
if ( ( $includedstfw || ( $zones{$zone1}{type} ne 'firewall') ) &&( ( $zone ne $zone1 ) || $intrazone) ) {
|
if ( ( $includedstfw || ( $zones{$zone}{type} ne 'firewall') ) && ( ( $sourcezone ne $zone ) || $intrazone) ) {
|
||||||
process_rule1 $target, $source, $zone1 , $proto, $ports, $sports, $origdest, $ratelimit, $user;
|
fatal_error "Unknown source zone ($sourcezone)" unless $zones{$sourcezone};
|
||||||
|
my $policychainref = $filter_table->{"${sourcezone}2${zone}"}{policychain};
|
||||||
|
if ( ( ( my $policy ) = $policychainref->{policy} ) ne 'NONE' ) {
|
||||||
|
if ( $optimize > 0 ) {
|
||||||
|
my $loglevel = $policychainref->{loglevel};
|
||||||
|
if ( $loglevel ) {
|
||||||
|
next if $target eq "${policy}:$loglevel}";
|
||||||
|
} else {
|
||||||
|
next if $action eq $policy;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
process_rule1 $target, $source, $zone , $proto, $ports, $sports, $origdest, $ratelimit, $user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user