mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-19 17:28:35 +02:00
Add QUOTA_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
35457f4e95
commit
4824c9b8ff
@ -435,7 +435,7 @@ sub initialize( $ ) {
|
|||||||
KLUDGEFREE => '',
|
KLUDGEFREE => '',
|
||||||
STATEMATCH => '-m state --state',
|
STATEMATCH => '-m state --state',
|
||||||
UNTRACKED => 0,
|
UNTRACKED => 0,
|
||||||
VERSION => "4.4.22-Beta1",
|
VERSION => "4.4.22.1",
|
||||||
CAPVERSION => 40421 ,
|
CAPVERSION => 40421 ,
|
||||||
);
|
);
|
||||||
#
|
#
|
||||||
@ -1442,7 +1442,7 @@ sub close_file() {
|
|||||||
#
|
#
|
||||||
# Functions for copying a file into the script
|
# Functions for copying a file into the script
|
||||||
#
|
#
|
||||||
sub copy( $;$ ) {
|
sub copy( $ ) {
|
||||||
assert( $script_enabled );
|
assert( $script_enabled );
|
||||||
|
|
||||||
if ( $script ) {
|
if ( $script ) {
|
||||||
@ -3376,8 +3376,6 @@ sub get_configuration( $$$ ) {
|
|||||||
|
|
||||||
my ( $export, $update, $annotate ) = @_;
|
my ( $export, $update, $annotate ) = @_;
|
||||||
|
|
||||||
my $val;
|
|
||||||
|
|
||||||
$globals{EXPORT} = $export;
|
$globals{EXPORT} = $export;
|
||||||
|
|
||||||
our ( $once, @originalinc );
|
our ( $once, @originalinc );
|
||||||
@ -3405,18 +3403,6 @@ sub get_configuration( $$$ ) {
|
|||||||
|
|
||||||
get_capabilities( $export );
|
get_capabilities( $export );
|
||||||
|
|
||||||
if ( supplied( $val = $config{SHOREWALL_SHELL} ) ) {
|
|
||||||
unless ( $val =~ /^\// ) {
|
|
||||||
if ( $export ) {
|
|
||||||
$val = $config{SHOREWALL_SHELL} = "/bin/$val";
|
|
||||||
warning_message "Assuming SHOREWALL_SHELL=$val";
|
|
||||||
} else {
|
|
||||||
warning_message "Can't find SHOREWALL_SHELL ($val)" unless $config{SHOREWALL_SHELL} = which $val;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$config{SHOREWALL_SHELL} = '/bin/sh';
|
|
||||||
}
|
|
||||||
|
|
||||||
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
|
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
|
||||||
|
|
||||||
@ -3491,6 +3477,8 @@ sub get_configuration( $$$ ) {
|
|||||||
|
|
||||||
check_trivalue ( 'IP_FORWARDING', 'on' );
|
check_trivalue ( 'IP_FORWARDING', 'on' );
|
||||||
|
|
||||||
|
my $val;
|
||||||
|
|
||||||
if ( have_capability( 'KERNELVERSION' ) < 20631 ) {
|
if ( have_capability( 'KERNELVERSION' ) < 20631 ) {
|
||||||
check_trivalue ( 'ROUTE_FILTER', '' );
|
check_trivalue ( 'ROUTE_FILTER', '' );
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -1922,7 +1922,9 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
|
|||||||
do_user( $user ) ,
|
do_user( $user ) ,
|
||||||
do_test( $mark , $globals{TC_MASK} ) ,
|
do_test( $mark , $globals{TC_MASK} ) ,
|
||||||
do_connlimit( $connlimit ),
|
do_connlimit( $connlimit ),
|
||||||
do_time( $time ) );
|
do_time( $time ) ,
|
||||||
|
do_headers( $headers ) ,
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
$rule = join( '',
|
$rule = join( '',
|
||||||
do_proto($proto, $ports, $sports),
|
do_proto($proto, $ports, $sports),
|
||||||
|
|||||||
@ -28,7 +28,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
SHOREWALL_LIBVERSION=40407
|
SHOREWALL_LIBVERSION=40407
|
||||||
SHOREWALL_CAPVERSION=40421
|
SHOREWALL_CAPVERSION=40423
|
||||||
|
|
||||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||||
|
|||||||
@ -1722,6 +1722,7 @@ determine_capabilities() {
|
|||||||
HEADER_MATCH=
|
HEADER_MATCH=
|
||||||
ACCOUNT_TARGET=
|
ACCOUNT_TARGET=
|
||||||
AUDIT_TARGET=
|
AUDIT_TARGET=
|
||||||
|
QUOTA_MATCH=
|
||||||
|
|
||||||
chain=fooX$$
|
chain=fooX$$
|
||||||
|
|
||||||
@ -1871,7 +1872,7 @@ determine_capabilities() {
|
|||||||
qt $IPTABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
|
qt $IPTABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
|
||||||
qt $IPTABLES -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
|
qt $IPTABLES -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
|
||||||
qt $IPTABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
qt $IPTABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
||||||
|
qt $IPTABLES -A $chain -m quota --quota 1000 & QUOTA_MATCH=Yes
|
||||||
qt $IPTABLES -F $chain
|
qt $IPTABLES -F $chain
|
||||||
qt $IPTABLES -X $chain
|
qt $IPTABLES -X $chain
|
||||||
qt $IPTABLES -F $chain1
|
qt $IPTABLES -F $chain1
|
||||||
@ -1964,6 +1965,7 @@ report_capabilities() {
|
|||||||
report_capability "Header Match" $HEADER_MATCH
|
report_capability "Header Match" $HEADER_MATCH
|
||||||
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
||||||
report_capability "AUDIT Target" $AUDIT_TARGET
|
report_capability "AUDIT Target" $AUDIT_TARGET
|
||||||
|
report_capability "Quota Match" $QUOTA_MATCH
|
||||||
report_capability "ipset V5" $IPSET_V5
|
report_capability "ipset V5" $IPSET_V5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -2033,6 +2035,7 @@ report_capabilities1() {
|
|||||||
report_capability1 HEADER_MATCH
|
report_capability1 HEADER_MATCH
|
||||||
report_capability1 ACCOUNT_TARGET
|
report_capability1 ACCOUNT_TARGET
|
||||||
report_capability1 AUDIT_TARGET
|
report_capability1 AUDIT_TARGET
|
||||||
|
report_capability1 QUOTA_MATCH
|
||||||
report_capability1 IPSET_V5
|
report_capability1 IPSET_V5
|
||||||
|
|
||||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||||
|
|||||||
@ -32,7 +32,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
SHOREWALL_LIBVERSION=40407
|
SHOREWALL_LIBVERSION=40407
|
||||||
SHOREWALL_CAPVERSION=40421
|
SHOREWALL_CAPVERSION=40423
|
||||||
|
|
||||||
[ -n "${VARDIR:=/var/lib/shorewall6}" ]
|
[ -n "${VARDIR:=/var/lib/shorewall6}" ]
|
||||||
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
|
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
|
||||||
|
|||||||
@ -1549,6 +1549,7 @@ determine_capabilities() {
|
|||||||
HEADER_MATCH=
|
HEADER_MATCH=
|
||||||
ACCOUNT_TARGET=
|
ACCOUNT_TARGET=
|
||||||
AUDIT_TARGET=
|
AUDIT_TARGET=
|
||||||
|
QUOTA_MATCH=
|
||||||
IPSET_V5=
|
IPSET_V5=
|
||||||
|
|
||||||
chain=fooX$$
|
chain=fooX$$
|
||||||
@ -1700,6 +1701,7 @@ determine_capabilities() {
|
|||||||
qt $IP6TABLES -A $chain -m ipv6header --header 255 && HEADER_MATCH=Yes
|
qt $IP6TABLES -A $chain -m ipv6header --header 255 && HEADER_MATCH=Yes
|
||||||
qt $IP6TABLES -A $chain -j ACCOUNT --addr 1::/122 --tname $chain && ACCOUNT_TARGET=Yes
|
qt $IP6TABLES -A $chain -j ACCOUNT --addr 1::/122 --tname $chain && ACCOUNT_TARGET=Yes
|
||||||
qt $IP6TABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
qt $IP6TABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
||||||
|
qt $IP6TABLES -A $chain -m quota --quota 1000 && QUOTA_MATCH=Yes
|
||||||
|
|
||||||
|
|
||||||
qt $IP6TABLES -F $chain
|
qt $IP6TABLES -F $chain
|
||||||
@ -1791,6 +1793,7 @@ report_capabilities() {
|
|||||||
report_capability "Header Match" $HEADER_MATCH
|
report_capability "Header Match" $HEADER_MATCH
|
||||||
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
||||||
report_capability "AUDIT Target" $AUDIT_TARGET
|
report_capability "AUDIT Target" $AUDIT_TARGET
|
||||||
|
report_capability "Quota Match" $QUOTA_MATCH
|
||||||
report_capability "ipset V5" $IPSET_V5
|
report_capability "ipset V5" $IPSET_V5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -1857,6 +1860,7 @@ report_capabilities1() {
|
|||||||
report_capability1 HEADER_MATCH
|
report_capability1 HEADER_MATCH
|
||||||
report_capability1 ACCOUNT_TARGET
|
report_capability1 ACCOUNT_TARGET
|
||||||
report_capability1 AUDIT_TARGET
|
report_capability1 AUDIT_TARGET
|
||||||
|
report_capability1 QUOTA_MATCH
|
||||||
report_capability1 IPSET_V5
|
report_capability1 IPSET_V5
|
||||||
|
|
||||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user