mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-18 11:38:14 +01:00
Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
183a0a75a1
commit
50494f667c
@ -63,6 +63,7 @@ our @EXPORT = qw(
|
|||||||
get_action_logging
|
get_action_logging
|
||||||
get_action_disposition
|
get_action_disposition
|
||||||
set_action_param
|
set_action_param
|
||||||
|
get_inline_matches
|
||||||
|
|
||||||
have_capability
|
have_capability
|
||||||
require_capability
|
require_capability
|
||||||
@ -154,6 +155,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
|||||||
$debug
|
$debug
|
||||||
$file_format
|
$file_format
|
||||||
$comment
|
$comment
|
||||||
|
|
||||||
%config
|
%config
|
||||||
%globals
|
%globals
|
||||||
%config_files
|
%config_files
|
||||||
@ -495,6 +497,7 @@ our %compiler_params;
|
|||||||
#
|
#
|
||||||
our %actparms;
|
our %actparms;
|
||||||
our $parmsmodified;
|
our $parmsmodified;
|
||||||
|
our $inline_matches;
|
||||||
|
|
||||||
our $currentline; # Current config file line image
|
our $currentline; # Current config file line image
|
||||||
our $currentfile; # File handle reference
|
our $currentfile; # File handle reference
|
||||||
@ -1948,6 +1951,9 @@ sub split_line1( $$;$$ ) {
|
|||||||
$pairs =~ s/^\s*//;
|
$pairs =~ s/^\s*//;
|
||||||
$pairs =~ s/\s*$//;
|
$pairs =~ s/\s*$//;
|
||||||
|
|
||||||
|
if ( $first eq 'INLINE') {
|
||||||
|
$inline_matches = $pairs;
|
||||||
|
} else {
|
||||||
my @pairs = split( /,?\s+/, $pairs );
|
my @pairs = split( /,?\s+/, $pairs );
|
||||||
|
|
||||||
for ( @pairs ) {
|
for ( @pairs ) {
|
||||||
@ -1962,6 +1968,7 @@ sub split_line1( $$;$$ ) {
|
|||||||
$line[$column] = $value;
|
$line[$column] = $value;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@line;
|
@line;
|
||||||
}
|
}
|
||||||
@ -2827,6 +2834,13 @@ sub embedded_perl( $ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Return inline matches
|
||||||
|
#
|
||||||
|
sub get_inline_matches() {
|
||||||
|
$inline_matches;
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Push/pop acton params
|
# Push/pop acton params
|
||||||
#
|
#
|
||||||
|
28
Shorewall/action.INLINE
Normal file
28
Shorewall/action.INLINE
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
#
|
||||||
|
# Shorewall version 4 - INLINE Action
|
||||||
|
#
|
||||||
|
# /usr/share/shorewall/action.INLINE
|
||||||
|
#
|
||||||
|
#################################################################################
|
||||||
|
?FORMAT 2
|
||||||
|
|
||||||
|
DEFAULTS -
|
||||||
|
|
||||||
|
?BEGIN PERL;
|
||||||
|
use strict;
|
||||||
|
use Shorewall::Chains;
|
||||||
|
use Shorewall::Rules;
|
||||||
|
|
||||||
|
my $chainref = get_action_chain;
|
||||||
|
my $rule = get_inline_matches;
|
||||||
|
|
||||||
|
add_rule( $chainref, $rule, '' );
|
||||||
|
|
||||||
|
allow_optimize( $chainref );
|
||||||
|
|
||||||
|
?END PERL;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -33,6 +33,7 @@ Drop # Default Action for DROP policy
|
|||||||
dropInvalid inline # Drops packets in the INVALID conntrack state
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
||||||
DropSmurfs noinline # Drop smurf packets
|
DropSmurfs noinline # Drop smurf packets
|
||||||
Established inline # Handles packets in the ESTABLISHED state
|
Established inline # Handles packets in the ESTABLISHED state
|
||||||
|
INLINE nolog # Handles in-line rules
|
||||||
Invalid inline # Handles packets in the INVALID conntrack state
|
Invalid inline # Handles packets in the INVALID conntrack state
|
||||||
New inline # Handles packets in the NEW conntrack state
|
New inline # Handles packets in the NEW conntrack state
|
||||||
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
|
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
|
||||||
|
@ -25,6 +25,7 @@ Drop # Default Action for DROP policy
|
|||||||
dropInvalid inline # Drops packets in the INVALID conntrack state
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
||||||
DropSmurfs noinline # Handles packets with a broadcast source address
|
DropSmurfs noinline # Handles packets with a broadcast source address
|
||||||
Established inline # Handles packets in the ESTABLISHED state
|
Established inline # Handles packets in the ESTABLISHED state
|
||||||
|
INLINE nolog # Handles in-line rules
|
||||||
Invalid inline # Handles packets in the INVALID conntrack state
|
Invalid inline # Handles packets in the INVALID conntrack state
|
||||||
New inline # Handles packets in the NEW conntrack state
|
New inline # Handles packets in the NEW conntrack state
|
||||||
NotSyn inline # Handles TCP packets that do not have SYN=1 and ACK=0
|
NotSyn inline # Handles TCP packets that do not have SYN=1 and ACK=0
|
||||||
|
Loading…
Reference in New Issue
Block a user