mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 03:10:39 +01:00
More log level zero fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6962 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ff9fd332a3
commit
66ec1cc9a1
@ -657,7 +657,7 @@ sub process_actions3 () {
|
|||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
if ( $capabilities{ADDRTYPE} ) {
|
if ( $capabilities{ADDRTYPE} ) {
|
||||||
if ( $level ) {
|
if ( defined $level && level ne '' ) {
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4';
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4';
|
||||||
}
|
}
|
||||||
@ -666,12 +666,12 @@ sub process_actions3 () {
|
|||||||
} else {
|
} else {
|
||||||
add_command $chainref, 'for address in $ALL_BCASTS; do';
|
add_command $chainref, 'for address in $ALL_BCASTS; do';
|
||||||
push_cmd_mode $chainref;
|
push_cmd_mode $chainref;
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d $address' if $level;
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d $address' if defined level && $level ne '';
|
||||||
add_rule $chainref, '-d $address -j DROP';
|
add_rule $chainref, '-d $address -j DROP';
|
||||||
pop_cmd_mode $chainref;
|
pop_cmd_mode $chainref;
|
||||||
add_command $chainref, 'done';
|
add_command $chainref, 'done';
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4' if $level;
|
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4' if defined level && $level ne '';
|
||||||
}
|
}
|
||||||
|
|
||||||
add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
|
add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
|
||||||
@ -681,7 +681,7 @@ sub process_actions3 () {
|
|||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
if ( $capabilities{ADDRTYPE} ) {
|
if ( $capabilities{ADDRTYPE} ) {
|
||||||
if ( $level ) {
|
if ( defined $level && level ne '' ) {
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -m addrtype --dst-type BROADCAST';
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4';
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4';
|
||||||
}
|
}
|
||||||
@ -690,12 +690,12 @@ sub process_actions3 () {
|
|||||||
} else {
|
} else {
|
||||||
add_command $chainref, 'for address in $ALL_BCASTS; do';
|
add_command $chainref, 'for address in $ALL_BCASTS; do';
|
||||||
push_cmd_mode $chainref;
|
push_cmd_mode $chainref;
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d $address' if $level;
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d $address' if defined level && $level ne '';
|
||||||
add_rule $chainref, '-d $address -j ACCEPT';
|
add_rule $chainref, '-d $address -j ACCEPT';
|
||||||
pop_cmd_mode $chainref;
|
pop_cmd_mode $chainref;
|
||||||
add_command $chainref, 'done';
|
add_command $chainref, 'done';
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4' if $level;
|
log_rule_limit $level, $chainref, 'allowBcast' , 'ACCEPT', '', $tag, 'add', ' -d 224.0.0.0/4' if defined level && $level ne '';
|
||||||
}
|
}
|
||||||
add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
|
add_rule $chainref, '-d 224.0.0.0/4 -j ACCEPT';
|
||||||
}
|
}
|
||||||
@ -703,28 +703,28 @@ sub process_actions3 () {
|
|||||||
sub dropNotSyn ( $$$ ) {
|
sub dropNotSyn ( $$$ ) {
|
||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p tcp ! --syn ' if $level;
|
log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p tcp ! --syn ' if defined level && $level ne '';
|
||||||
add_rule $chainref , '-p tcp ! --syn -j DROP';
|
add_rule $chainref , '-p tcp ! --syn -j DROP';
|
||||||
}
|
}
|
||||||
|
|
||||||
sub rejNotSyn ( $$$ ) {
|
sub rejNotSyn ( $$$ ) {
|
||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p tcp ! --syn ' if $level;
|
log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p tcp ! --syn ' if defined level && $level ne '';
|
||||||
add_rule $chainref , '-p tcp ! --syn -j REJECT --reject-with tcp-reset';
|
add_rule $chainref , '-p tcp ! --syn -j REJECT --reject-with tcp-reset';
|
||||||
}
|
}
|
||||||
|
|
||||||
sub dropInvalid ( $$$ ) {
|
sub dropInvalid ( $$$ ) {
|
||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', '-m state --state INVALID ' if $level;
|
log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', '-m state --state INVALID ' if defined level && $level ne '';
|
||||||
add_rule $chainref , '-m state --state INVALID -j DROP';
|
add_rule $chainref , '-m state --state INVALID -j DROP';
|
||||||
}
|
}
|
||||||
|
|
||||||
sub allowInvalid ( $$$ ) {
|
sub allowInvalid ( $$$ ) {
|
||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', '-m state --state INVALID ' if $level;
|
log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', '-m state --state INVALID ' if defined level && $level ne '';
|
||||||
add_rule $chainref , '-m state --state INVALID -j ACCEPT';
|
add_rule $chainref , '-m state --state INVALID -j ACCEPT';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -734,7 +734,7 @@ sub process_actions3 () {
|
|||||||
sub allowinUPnP ( $$$ ) {
|
sub allowinUPnP ( $$$ ) {
|
||||||
my ($chainref, $level, $tag) = @_;
|
my ($chainref, $level, $tag) = @_;
|
||||||
|
|
||||||
if ( $level ) {
|
if ( defined level && $level ne '' ) {
|
||||||
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p udp --dport 1900 ';
|
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p udp --dport 1900 ';
|
||||||
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p tcp --dport 49152 ';
|
log_rule_limit $level, $chainref, 'allowinUPnP' , 'ACCEPT', '', $tag, 'add', '-p tcp --dport 49152 ';
|
||||||
}
|
}
|
||||||
@ -762,7 +762,7 @@ sub process_actions3 () {
|
|||||||
|
|
||||||
add_rule $chainref, "-m recent --name $set --set";
|
add_rule $chainref, "-m recent --name $set --set";
|
||||||
|
|
||||||
if ( $level ) {
|
if ( defined level && $level ne '' ) {
|
||||||
my $xchainref = new_chain 'filter' , "$chainref->{name}%";
|
my $xchainref = new_chain 'filter' , "$chainref->{name}%";
|
||||||
log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', '';
|
log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', '';
|
||||||
add_rule $xchainref, '-j DROP';
|
add_rule $xchainref, '-j DROP';
|
||||||
|
Loading…
Reference in New Issue
Block a user