extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 17:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Handle nfacct object lists in parens following an ipset name.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-22 07:56:56 -07:00
parent 6d57e7a0ce
commit 739013f248
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -6016,8 +6016,8 @@ sub addnatjump( $$;@ ) {
}
#
# Split a comma-separated source or destination host list but keep [...] together. Used for spliting address lists
# where an element of the list might be +ipset[flag,...] or +[ipset[flag,...],...]. The second argument ($deferresolve)
# Split a comma-separated source or destination host list but keep [...] and (...) together. Used for spliting address lists
# where an element of the list might be +ipset[flag,...](obj) or +[ipset[flag,...](obj),...]. The second argument ($deferresolve)
# should be 'true' when the passed input list may include exclusion.
#
sub split_host_list( $$;$ ) {
@ -6056,6 +6056,33 @@ sub split_host_list( $$;$ ) {
@result = @input;
}
if ( $input =~ /\(/ ) {
@input = @result;
@result = ();
while ( @input ) {
my $element = shift @input;
if ( $element =~ /\(/ ) {
while ( $element =~ tr/(/(/ > $element =~ tr/)/)/ ) {
fatal_error "Missing ')' ($element)" unless @input;
$element .= ( ',' . shift @input );
}
unless ( $loose ) {
fatal_error "Invalid host list ($input)" if $exclude && $element =~ /!/;
$exclude ||= $element =~ /^!/ || $element =~ /\)!/;
}
fatal_error "Mismatched (...) ($element)" unless $element =~ tr/(/(/ == $element =~ tr/)/)/;
} else {
$exclude ||= $element =~ /!/ unless $loose;
}
push @result, $element;
}
}
unless ( $deferresolve ) {
my @result1;