extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for per-IP accounting

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-01-30 07:20:05 -08:00
parent 4cc8e5422d
commit 70fc8bdfb6
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -102,6 +102,14 @@ sub process_accounting_rule( ) {
unless ( $action eq 'COUNT' ) { unless ( $action eq 'COUNT' ) {
if ( $action eq 'DONE' ) { if ( $action eq 'DONE' ) {
$target = 'RETURN'; $target = 'RETURN';
} elsif ( $action =~ /^ACCOUNT\((.+)\)$/ ) {
my ( $table, $net ) = split/,/, $1;
require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
fatal_error "Invalid or Missing Table Name ($table)" unless $table =~ /^([-\w.]+)$/;
fatal_error "Invalid Network Address" unless $net =~ '/(\d+)$';
fatal_error "Netmask ($1) out of range" unless $1 >= 8;
validate_net $net, 0;
$target = "ACCOUNT --addr $net --tname $table";
} else { } else {
( $action, my $cmd ) = split /:/, $action; ( $action, my $cmd ) = split /:/, $action;
if ( $cmd ) { if ( $cmd ) {

2
Shorewall6/lib.cli
View File

@ -1479,7 +1479,7 @@ determine_capabilities() {
qt $IP6TABLES -A $chain -j LOG || LOG_TARGET= qt $IP6TABLES -A $chain -j LOG || LOG_TARGET=
qt $IP6TABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes qt $IP6TABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
qt $IP6TABLES -A $chain -m ipv6header --header 255 && HEADER_MATCH=Yes qt $IP6TABLES -A $chain -m ipv6header --header 255 && HEADER_MATCH=Yes
qt $IP6TABLES -A $chain -j ACCOUNT --addr 1::/29 --tname $chain qt $IP6TABLES -A $chain -j ACCOUNT --addr 1::/122 --tname $chain && ACCOUNT_TARGET=Yes
qt $IP6TABLES -F $chain qt $IP6TABLES -F $chain
qt $IP6TABLES -X $chain qt $IP6TABLES -X $chain