extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 08:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow protocol and user lists in actions and macros

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-03-30 08:34:42 -07:00
parent 404540ffe1
commit 38aa7797c4
1 changed files with 86 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1914,12 +1914,12 @@ sub process_action(\$\$$) {
set_inline_matches( $matches ); set_inline_matches( $matches );
} }
} else { } else {
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper ); my ($target, $source, $dest, $protos, $ports, $sports, $origdest, $rate, $users, $mark, $connlimit, $time, $headers, $condition, $helper );
if ( $file_format == 1 ) { if ( $file_format == 1 ) {
fatal_error( "FORMAT-1 actions are no longer supported" ); fatal_error( "FORMAT-1 actions are no longer supported" );
} else { } else {
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper ) ($target, $source, $dest, $protos, $ports, $sports, $origdest, $rate, $users, $mark, $connlimit, $time, $headers, $condition, $helper )
= split_line2( 'action file', = split_line2( 'action file',
\%rulecolumns, \%rulecolumns,
$action_commands, $action_commands,
@ -1943,6 +1943,8 @@ sub process_action(\$\$$) {
next; next;
} }
for my $proto ( split_list( $protos, 'Protocol' ) ) {
for my $user ( split_list( $users, 'User/Group' ) ) {
process_rule( $chainref, process_rule( $chainref,
'', '',
'', '',
@ -1967,6 +1969,8 @@ sub process_action(\$\$$) {
set_inline_matches( $matches ); set_inline_matches( $matches );
} }
} }
}
}
pop_comment( $save_comment ); pop_comment( $save_comment );
@ -2213,7 +2217,7 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
while ( read_a_line( NORMAL_READ ) ) { while ( read_a_line( NORMAL_READ ) ) {
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders, $mcondition, $mhelper); my ( $mtarget, $msource, $mdest, $mprotos, $mports, $msports, $morigdest, $mrate, $musers, $mmark, $mconnlimit, $mtime, $mheaders, $mcondition, $mhelper);
if ( $file_format == 1 ) { if ( $file_format == 1 ) {
fatal_error( "FORMAT-1 macros are no longer supported" ); fatal_error( "FORMAT-1 macros are no longer supported" );
@ -2221,12 +2225,12 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
( $mtarget, ( $mtarget,
$msource, $msource,
$mdest, $mdest,
$mproto, $mprotos,
$mports, $mports,
$msports, $msports,
$morigdest, $morigdest,
$mrate, $mrate,
$muser, $musers,
$mmark, $mmark,
$mconnlimit, $mconnlimit,
$mtime, $mtime,
@ -2287,20 +2291,21 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
$mdest = ''; $mdest = '';
} }
$generated |= process_rule( for my $mp ( split_list( $mprotos, 'Protocol' ) ) {
$chainref, for my $mu ( split_list( $musers, 'User/Group' ) ) {
$generated |= process_rule( $chainref,
$matches, $matches,
$matches1, $matches1,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
$mdest, $mdest,
merge_macro_column( $mproto, $proto ) , merge_macro_column( $mp, $proto ) ,
merge_macro_column( $mports, $ports ) , merge_macro_column( $mports, $ports ) ,
merge_macro_column( $msports, $sports ) , merge_macro_column( $msports, $sports ) ,
merge_macro_column( $morigdest, $origdest ) , merge_macro_column( $morigdest, $origdest ) ,
merge_macro_column( $mrate, $rate ) , merge_macro_column( $mrate, $rate ) ,
merge_macro_column( $muser, $user ) , merge_macro_column( $mu, $user ) ,
merge_macro_column( $mmark, $mark ) , merge_macro_column( $mmark, $mark ) ,
merge_macro_column( $mconnlimit, $connlimit) , merge_macro_column( $mconnlimit, $connlimit) ,
merge_macro_column( $mtime, $time ), merge_macro_column( $mtime, $time ),
@ -2310,10 +2315,12 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
$wildcard $wildcard
); );
progress_message " Rule \"$currentline\" $done";
set_inline_matches( $save_matches ); set_inline_matches( $save_matches );
} }
}
progress_message " Rule \"$currentline\" $done";
}
pop_open; pop_open;
@ -2358,12 +2365,12 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
my ( $mtarget, my ( $mtarget,
$msource, $msource,
$mdest, $mdest,
$mproto, $mprotos,
$mports, $mports,
$msports, $msports,
$morigdest, $morigdest,
$mrate, $mrate,
$muser, $musers,
$mmark, $mmark,
$mconnlimit, $mconnlimit,
$mtime, $mtime,
@ -2428,20 +2435,21 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
$mdest = ''; $mdest = '';
} }
$generated |= process_rule( for my $mp ( split_list( $mprotos, 'Protocol' ) ) {
$chainref, for my $mu ( split_list( $musers, 'User/Group' ) ) {
$generated |= process_rule( $chainref,
$matches, $matches,
$matches1, $matches1,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
$mdest, $mdest,
merge_macro_column( $mproto, $proto ) , merge_macro_column( $mp, $proto ) ,
merge_macro_column( $mports, $ports ) , merge_macro_column( $mports, $ports ) ,
merge_macro_column( $msports, $sports ) , merge_macro_column( $msports, $sports ) ,
merge_macro_column( $morigdest, $origdest ) , merge_macro_column( $morigdest, $origdest ) ,
merge_macro_column( $mrate, $rate ) , merge_macro_column( $mrate, $rate ) ,
merge_macro_column( $muser, $user ) , merge_macro_column( $mu, $user ) ,
merge_macro_column( $mmark, $mark ) , merge_macro_column( $mmark, $mark ) ,
merge_macro_column( $mconnlimit, $connlimit) , merge_macro_column( $mconnlimit, $connlimit) ,
merge_macro_column( $mtime, $time ), merge_macro_column( $mtime, $time ),
@ -2451,10 +2459,12 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
$wildcard $wildcard
); );
progress_message " Rule \"$currentline\" $done";
set_inline_matches( $save_matches ); set_inline_matches( $save_matches );
} }
}
progress_message " Rule \"$currentline\" $done";
}
pop_comment( $save_comment ); pop_comment( $save_comment );