From 3960e7b1050ad6fab22c5759b8d0dc20feb70d89 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 10 Jun 2007 23:41:30 +0000 Subject: [PATCH] Send non-port traffic through 'accountout' git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6509 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Accounting.pm | 41 ++++++++++++++++++-------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl/Shorewall/Accounting.pm index eb27af198..aa8be6baf 100644 --- a/Shorewall-perl/Shorewall/Accounting.pm +++ b/Shorewall-perl/Shorewall/Accounting.pm @@ -59,17 +59,6 @@ sub process_accounting_rule( $$$$$$$$$ ) { "-j $jumpchain"; } - my $restriction = NO_RESTRICT; - - if ( @bridges && $source =~ /^$firewall_zone:?/ ) { - $restriction = OUTPUT_RESTRICT; - $chain = 'accountout' unless $chain and $chain ne '-'; - } else { - $chain = 'accounting' unless $chain and $chain ne '-'; - } - - my $chainref = ensure_filter_chain $chain , 0; - my $target = ''; $proto = '' if $proto eq 'any'; @@ -97,8 +86,36 @@ sub process_accounting_rule( $$$$$$$$$ ) { } } + my $restriction = NO_RESTRICT; + $source = ALLIPv4 if $source eq 'any' || $source eq 'all'; - $dest = ALLIPv4 if $dest eq 'any' || $dest eq 'all'; + + if ( @bridges ) { + if ( $source =~ /^$firewall_zone:?/ ) { + $restriction = OUTPUT_RESTRICT; + $chain = 'accountout' unless $chain and $chain ne '-'; + } else { + $chain = 'accounting' unless $chain and $chain ne '-'; + if ( $dest eq 'any' || $dest eq 'all' || $dest eq ALLIPv4 ) { + expand_rule( + ensure_filter_chain( 'accountout' , 0 ) , + OUTPUT_RESTRICT , + $rule , + $source , + $dest = ALLIPv4 , + '' , + $target , + '' , + '' , + '' ); + } + } + } else { + $chain = 'accounting'; + $dest = ALLIPv4 if $dest eq 'any' || $dest eq 'all'; + } + + my $chainref = ensure_filter_chain $chain , 0; expand_rule $chainref ,