From 5712438bcb780be335043f42ee7d52b1eba564f7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 16 Nov 2012 09:50:36 -0800 Subject: [PATCH 1/5] Eliminate Shell syntax error when a provider and its interface have the same name. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 384d6f196..bd33f02b7 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1262,7 +1262,7 @@ EOF if ( $providerref->{optional} ) { if ( $providerref->{shared} || $providerref->{physical} eq $provider) { - emit "$provider})"; + emit "$provider)"; } else { emit( "$providerref->{physical}|$provider)" ); } From dfd02c932ea73f8860d4c6530ad58f348294c47c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 18 Nov 2012 08:30:47 -0800 Subject: [PATCH 2/5] Correct typo in shorewall(8) and shorewall6(8). Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall.xml | 8 ++++---- Shorewall6/manpages/shorewall6.xml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 4c8d40d00..6c1d7944d 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -716,10 +716,10 @@ url="shorewall.conf.html">shorewall.conf(5). Each v adds one to the effective verbosity and each q subtracts one from the effective - VERBOSITY. Anternately, v may be followed - immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may - be no white space between v and the - VERBOSITY. + VERBOSITY. Alternatively, v may be + followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. + There may be no white space between v and + the VERBOSITY. The options may also include the letter which causes all progress messages to be diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 8636416ab..570d083da 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -633,10 +633,10 @@ url="shorewall6.conf.html">shorewall6.conf(5). Each v adds one to the effective verbosity and each q subtracts one from the effective - VERBOSITY. Anternately, v may be followed - immediately with one of -1,0,1,2 to specify a specify VERBOSITY. There may - be no white space between v and the - VERBOSITY. + VERBOSITY. Alternatively, v may be + followed immediately with one of -1,0,1,2 to specify a specify VERBOSITY. + There may be no white space between v and + the VERBOSITY. The options may also include the letter which causes all progress messages to be From 65e1b1c9e75cddc3bf62e917a9004300a5d6530d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 18 Nov 2012 13:13:43 -0800 Subject: [PATCH 3/5] Allow NFLOG as a target Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 68dc1c010..a1aa5d518 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1714,6 +1714,16 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) { ( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || $param; } + unless ( $actiontype ) { + if ( $action =~ /^NFLOG\(?/ ) { + $basictarget = 'LOG'; + $actiontype = $targets{LOG}; + fatal_error "Invalid NFLOG action($action:$loglevel)" if $loglevel; + $loglevel = supplied $param ? "NFLOG($param)" : 'NFLOG'; + $param = ''; + } + } + fatal_error "Unknown ACTION ($action)" unless $actiontype; if ( $actiontype == MACRO ) { From a4294658b6bc06cba4b49955d37a0e43cb3b711a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 18 Nov 2012 14:50:59 -0800 Subject: [PATCH 4/5] Add a capability to use log levels as a target. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index a1aa5d518..65be3f295 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1588,6 +1588,11 @@ sub process_macro ( $$$$$$$$$$$$$$$$$$$) { $mtarget = substitute_param $param, $mtarget; } + if ( $mtarget =~ s/&$// ) { + fatal_error "$mtarget& requires a parameter to be supplied in macro invocation" unless $param ne ''; + $mtarget = "$mtarget:$macro($param)"; + } + my $action = isolate_basic_target $mtarget; fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action; @@ -1714,16 +1719,6 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) { ( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || $param; } - unless ( $actiontype ) { - if ( $action =~ /^NFLOG\(?/ ) { - $basictarget = 'LOG'; - $actiontype = $targets{LOG}; - fatal_error "Invalid NFLOG action($action:$loglevel)" if $loglevel; - $loglevel = supplied $param ? "NFLOG($param)" : 'NFLOG'; - $param = ''; - } - } - fatal_error "Unknown ACTION ($action)" unless $actiontype; if ( $actiontype == MACRO ) { From 263f4e57cbb8b0bf462d6b9bf343758f3cf571ea Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 18 Nov 2012 14:52:53 -0800 Subject: [PATCH 5/5] Add an NFLOG Macro Signed-off-by: Tom Eastep --- Shorewall/Macros/macro.NFLOG | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Shorewall/Macros/macro.NFLOG diff --git a/Shorewall/Macros/macro.NFLOG b/Shorewall/Macros/macro.NFLOG new file mode 100644 index 000000000..7a3b05ab0 --- /dev/null +++ b/Shorewall/Macros/macro.NFLOG @@ -0,0 +1,14 @@ +# +# Shorewall version 4 - NFLOG Macro +# +# /usr/share/shorewall/macro.NFLOG +# +# This macro handles the NFLOG Target. +# +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT(S) PORT(S) LIMIT GROUP + +FORMAT 2 +DEFAULT 0 +LOG&