extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Combine functions

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4705 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-19 00:03:33 +00:00
parent c0bf7f5c46
commit 74eb7d2918
1 changed files with 8 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall/compiler
View File

@ -4077,35 +4077,19 @@ activate_rules()
run_iptables -A $2 -j ${1}_dyn run_iptables -A $2 -j ${1}_dyn
} }
# #
# Add a set of exclusions at the end of a nat chain
#
add_nat_exclusions() # $1 = chain name $2 - $n = exclusions
{
local c=$1 num=0
shift
for host in $*; do
interface=${host%%:*}
networks=${host#*:}
num=$(($num + 1))
run_iptables -t nat -I $c $num -i $interface -s $networks -j RETURN
done
}
#
# Insert a set of exclusions at the front of a chain # Insert a set of exclusions at the front of a chain
# #
insert_exclusions() # $1 = chain name, $2 - $n = exclusions insert_exclusions() # $1 = table $2 = chain name, $3 - $n = exclusions
{ {
local c=$1 num=0 local t=$1 c=$2 num=0
shift shift 2
for host1 in $*; do for host1 in $*; do
interface1=${host1%%:*} interface1=${host1%%:*}
networks1=${host1#*:} networks1=${host1#*:}
num=$(($num + 1)) num=$(($num + 1))
run_iptables -I $c $num -o $interface1 -d $networks1 -j RETURN run_iptables -t $t -I $c $num -o $interface1 -d $networks1 -j RETURN
done done
} }
# #
@ -4213,7 +4197,7 @@ activate_rules()
frwd_chain=${zone}_frwd frwd_chain=${zone}_frwd
chain=$(dnat_chain $zone) chain=$(dnat_chain $zone)
if havenatchain $chain; then if havenatchain $chain; then
add_nat_exclusions $chain $exclusions insert_exclusions nat $chain $exclusions
fi fi
fi fi
@ -4310,20 +4294,20 @@ activate_rules()
all2$zone1) all2$zone1)
if eval test -z \"\$${chain}_exclusions\"; then if eval test -z \"\$${chain}_exclusions\"; then
eval ${chain}_exclusions=Yes eval ${chain}_exclusions=Yes
insert_exclusions $chain $exclusions1 insert_exclusions filter $chain $exclusions1
fi fi
;; ;;
*2all) *2all)
chain1=${chain}_${zone1}_ex chain1=${chain}_${zone1}_ex
if ! havechain $chain1; then if ! havechain $chain1; then
createchain $chain1 no createchain $chain1 no
insert_exclusions $chain1 $exclusions1 insert_exclusions filter $chain1 $exclusions1
run_iptables -A $chain1 -j $chain run_iptables -A $chain1 -j $chain
chain=$chain1 chain=$chain1
fi fi
;; ;;
*) *)
insert_exclusions $chain $exclusions1 insert_exclusions filter $chain $exclusions1
;; ;;
esac esac
fi fi