From 75c89dda939be23c5ca359fdd839419859628ae1 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 21 Mar 2007 17:54:17 +0000 Subject: [PATCH] Generate fatal_error if iptables-restore fails; Fix Limit rule generation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5611 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/Shorewall/Actions.pm | 13 +++++++------ New/Shorewall/Chains.pm | 5 +++++ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/New/Shorewall/Actions.pm b/New/Shorewall/Actions.pm index 4f643f8dc..daf51a7dc 100644 --- a/New/Shorewall/Actions.pm +++ b/New/Shorewall/Actions.pm @@ -589,19 +589,20 @@ sub process_actions3 () { my @tag = split /,/, $tag; - my $count = $tag[1] + 1; - fatal_error 'Limit rules must include ,, as the log tag' unless @tag == 3; - - add_rule $chainref, '-m recent --name $tag[0] --set'; + + my $set = $tag[0]; + my $count = $tag[1] + 1; + + add_rule $chainref, "-m recent --name $set --set"; if ( $level ) { my $xchainref = new_chain 'filter' , "$chainref->{name}%"; log_rule_limit $level, $xchainref, $tag[0], 'DROP', '', '', 'add', ''; add_rule $xchainref, '-j DROP'; - add_rule $chainref, "-m recent --name $tag[0] --update --seconds $tag[2] --hitcount $count -j $chainref->{name}%"; + add_rule $chainref, "-m recent --name $set --update --seconds $tag[2] --hitcount $count -j $chainref->{name}%"; } else { - add_rule $chainref, "-m recent --update --name $tag[0] --seconds $tag[2] --hitcount $count -j DROP"; + add_rule $chainref, "-m recent --update --name $set --seconds $tag[2] --hitcount $count -j DROP"; } add_rule $chainref, '-j ACCEPT'; diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm index 2bb766e5e..930a74dbb 100644 --- a/New/Shorewall/Chains.pm +++ b/New/Shorewall/Chains.pm @@ -1254,6 +1254,11 @@ sub create_netfilter_load() { } emit '__EOF__'; + + emit 'if [ $? != 0 ]; then'; + emit ' fatal_error "iptables-restore Failed"'; + emit "fi\n"; + emit "}\n"; }