extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-07 19:11:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace '@' by the chain name in SWITCH columns.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-26 13:28:23 -08:00
parent bf75b2b919
commit 78ba8bac50
4 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -4624,14 +4624,20 @@ sub do_probability( $ ) {
# #
# Generate a -m condition match # Generate a -m condition match
# #
sub do_condition( $ ) { sub do_condition( $$ ) {
my $condition = shift; my ( $condition, $chain ) = @_;
return '' if $condition eq '-'; return '' if $condition eq '-';
my $invert = $condition =~ s/^!// ? '! ' : ''; my $invert = $condition =~ s/^!// ? '! ' : '';
require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's'; require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's';
if ( $condition =~ /@/ ) {
$chain =~ s/[^\w-]//g;
$condition =~ s/@/$chain/g;
}
fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30; fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30;
"-m condition ${invert}--condition $condition " "-m condition ${invert}--condition $condition "

4
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -123,7 +123,7 @@ sub process_one_masq( )
# #
# Handle Protocol, Ports and Condition # Handle Protocol, Ports and Condition
# #
$baserule .= do_proto( $proto, $ports, '' ) . do_condition( $condition ); $baserule .= do_proto( $proto, $ports, '' );
# #
# Handle Mark # Handle Mark
# #
@ -158,6 +158,8 @@ sub process_one_masq( )
my $chainref = ensure_chain('nat', $pre_nat ? snat_chain $interface : masq_chain $interface); my $chainref = ensure_chain('nat', $pre_nat ? snat_chain $interface : masq_chain $interface);
$baserule .= do_condition( $condition , $chainref->{name} );
my $detectaddress = 0; my $detectaddress = 0;
my $exceptionrule = ''; my $exceptionrule = '';
my $randomize = ''; my $randomize = '';

2
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -74,7 +74,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
my $target = $action; my $target = $action;
my $exception_rule = ''; my $exception_rule = '';
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_condition( $switch ); my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_condition( $switch , $chainref->{name} );
if ( $action eq 'NOTRACK' ) { if ( $action eq 'NOTRACK' ) {
# #

8
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2142,7 +2142,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
do_connlimit( $connlimit ), do_connlimit( $connlimit ),
do_time( $time ) , do_time( $time ) ,
do_headers( $headers ) , do_headers( $headers ) ,
do_condition( $condition ) , do_condition( $condition , $chain ) ,
); );
} elsif ( $section eq 'RELATED' ) { } elsif ( $section eq 'RELATED' ) {
$rule = join( '', $rule = join( '',
@ -2153,7 +2153,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
do_connlimit( $connlimit ), do_connlimit( $connlimit ),
do_time( $time ) , do_time( $time ) ,
do_headers( $headers ) , do_headers( $headers ) ,
do_condition( $condition ) , do_condition( $condition , $chain ) ,
do_helper( $helper ) , do_helper( $helper ) ,
); );
} else { } else {
@ -2165,7 +2165,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
do_connlimit( $connlimit ), do_connlimit( $connlimit ),
do_time( $time ) , do_time( $time ) ,
do_headers( $headers ) , do_headers( $headers ) ,
do_condition( $condition ) , do_condition( $condition , $chain ) ,
); );
} }
@ -2235,7 +2235,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
do_ratelimit( $ratelimit, 'ACCEPT' ), do_ratelimit( $ratelimit, 'ACCEPT' ),
do_user $user, do_user $user,
do_test( $mark , $globals{TC_MASK} ), do_test( $mark , $globals{TC_MASK} ),
do_condition( $condition ) do_condition( $condition , $chain )
); );
$loglevel = ''; $loglevel = '';
$action = 'ACCEPT'; $action = 'ACCEPT';