Implement IFACE_MATCH capability

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-21 23:23:13 +01:00 · 2015-01-02 09:05:06 -08:00 · 2015-01-02 09:05:06 -08:00 · 4a4bfe77ce
commit 4a4bfe77ce
parent 3890b8a884
2 changed files with 17 additions and 2 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -25,7 +25,7 @@
 # loaded after this one and replaces some of the functions declared here.
 #

-SHOREWALL_CAPVERSION=40600
+SHOREWALL_CAPVERSION=40606

 [ -n "${g_program:=shorewall}" ]

@ -2393,6 +2393,7 @@ determine_capabilities() {
    UDPLITEREDIRECT=
    NEW_TOS_MATCH=
    TARPIT_TARGET=
+    IFACE_MATCH=

    AMANDA_HELPER=
    FTP_HELPER=
@ -2548,6 +2549,8 @@ determine_capabilities() {

    qt $g_tool -A $chain -p tcp -j TARPIT && TARPIT_TARGET=Yes

+    qt $g_tool -A $chain -m iface --iface lo --loopback && IFACE_MATCH=Yes
+
    if [ -n "$MANGLE_ENABLED" ]; then
 	qt $g_tool -t mangle -N $chain

@ -2826,6 +2829,7 @@ report_capabilities_unsorted() {
    report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
    report_capability "New tos Match" $NEW_TOS_MATCH
    report_capability "TARPIT Target" $TARPIT_TARGET
+    report_capability "Iface Match" $IFACE_MATCH

    report_capability "Amanda Helper" $AMANDA_HELPER
    report_capability "FTP Helper" $FTP_HELPER
@ -2954,6 +2958,7 @@ report_capabilities_unsorted1() {
    report_capability1 UDPLITEREDIRECT
    report_capability1 NEW_TOS_MATCH
    report_capability1 TARPIT_TARGET
+    report_capability1 IFACE_MATCH

    report_capability1 AMANDA_HELPER
    report_capability1 FTP_HELPER
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -395,6 +395,7 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 UDPLITEREDIRECT => 'UDPLITE Port Redirection',
 		 NEW_TOS_MATCH   => 'New tos Match',
 		 TARPIT_TARGET   => 'TARPIT Target',
+		 IFACE_MATCH     => 'Iface Match',

 		 AMANDA_HELPER   => 'Amanda Helper',
 		 FTP_HELPER      => 'FTP Helper',
@ -713,7 +714,7 @@ sub initialize( $;$$) {
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
 		    VERSION                 => "4.5.19-Beta1",
-		    CAPVERSION              => 40600 ,
+		    CAPVERSION              => 40606 ,
 		  );
    #
    # From shorewall.conf file
@ -981,6 +982,7 @@ sub initialize( $;$$) {
 	       NEW_TOS_MATCH => undef,
 	       REAP_OPTION => undef,
 	       TARPIT_TARGET => undef,
+	       IFACE_MATCH => undef,

 	       AMANDA_HELPER => undef,
 	       FTP_HELPER => undef,
@ -4462,6 +4464,12 @@ sub Arptables_JF() {
    }
 }

+sub Iface_Match() {
+    qt1( "$iptables $iptablesw -A $sillyname -m iface --iface lo --loopback" );
+}
+
+
+
 our %detect_capability =
    ( ACCOUNT_TARGET =>\&Account_Target,
      AMANDA_HELPER => \&Amanda_Helper,
@ -4494,6 +4502,7 @@ our %detect_capability =
      HASHLIMIT_MATCH => \&Hashlimit_Match,
      HEADER_MATCH => \&Header_Match,
      HELPER_MATCH => \&Helper_Match,
+      IFACE_MATCH => \&Iface_Match,
      IMQ_TARGET => \&Imq_Target,
      IPMARK_TARGET => \&IPMark_Target,
      IPP2P_MATCH => \&Ipp2p_Match,
@ -4700,6 +4709,7 @@ sub determine_capabilities() {
 	$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
 	$capabilities{NEW_TOS_MATCH}   = detect_capability( 'NEW_TOS_MATCH' );
 	$capabilities{TARPIT_TARGET}   = detect_capability( 'TARPIT_TARGET' );
+	$capabilities{IFACE_MATCH}     = detect_capability( 'IFACE_MATCH' );

 	unless ( have_capability 'CT_TARGET' ) {
 	    $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';