mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-18 12:20:42 +01:00
Remove one argument from expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9835 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f20013898e
commit
8278203e03
@ -132,7 +132,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
||||
$source ,
|
||||
$dest = ALLIP ,
|
||||
'' ,
|
||||
'' ,
|
||||
$target ,
|
||||
'' ,
|
||||
$disposition ,
|
||||
@ -153,7 +152,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
||||
$source ,
|
||||
$dest ,
|
||||
'' ,
|
||||
'' ,
|
||||
$target ,
|
||||
'' ,
|
||||
$disposition ,
|
||||
@ -170,7 +168,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
||||
'' ,
|
||||
'' ,
|
||||
'' ,
|
||||
'' ,
|
||||
'' ;
|
||||
}
|
||||
}
|
||||
|
||||
@ -579,7 +579,6 @@ sub process_action( $$$$$$$$$$ ) {
|
||||
$source ,
|
||||
$dest ,
|
||||
'', #Original Dest
|
||||
'', #Original Dest port
|
||||
$action ? "-j $action" : '',
|
||||
$level ,
|
||||
$action ,
|
||||
|
||||
@ -2303,7 +2303,7 @@ sub set_global_variables( $ ) {
|
||||
#
|
||||
# Returns the destination interface specified in the rule, if any.
|
||||
#
|
||||
sub expand_rule( $$$$$$$$$$$ )
|
||||
sub expand_rule( $$$$$$$$$$ )
|
||||
{
|
||||
my ($chainref , # Chain
|
||||
$restriction, # Determines what to do with interface names in the SOURCE or DEST
|
||||
@ -2311,7 +2311,6 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
$source, # SOURCE
|
||||
$dest, # DEST
|
||||
$origdest, # ORIGINAL DEST
|
||||
$oport, # original destination port
|
||||
$target, # Target ('-j' part of the rule)
|
||||
$loglevel , # Log level (and tag)
|
||||
$disposition, # Primative part of the target (RETURN, ACCEPT, ...)
|
||||
@ -2519,12 +2518,9 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
$diface = '';
|
||||
}
|
||||
|
||||
$oport = '' if defined $oport && $oport eq '-';
|
||||
|
||||
if ( $origdest ) {
|
||||
if ( $origdest eq '-' || ! $capabilities{CONNTRACK_MATCH} ) {
|
||||
$origdest = '';
|
||||
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
|
||||
} elsif ( $origdest =~ /^detect:(.*)$/ ) {
|
||||
#
|
||||
# Either the filter part of a DNAT rule or 'detect' was given in the ORIG DEST column
|
||||
@ -2545,7 +2541,6 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional;
|
||||
|
||||
$rule .= '-m conntrack --ctorigdst $address ';
|
||||
$rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
|
||||
} else {
|
||||
my $interface = $interfaces[0];
|
||||
my $variable = get_interface_address( $interface );
|
||||
@ -2553,7 +2548,6 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi' ) if interface_is_optional( $interface );
|
||||
|
||||
$rule .= "-m conntrack --ctorigdst $variable ";
|
||||
$rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
|
||||
}
|
||||
|
||||
$origdest = '';
|
||||
@ -2578,12 +2572,9 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
$oexcl = '';
|
||||
}
|
||||
}
|
||||
|
||||
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
|
||||
}
|
||||
} else {
|
||||
$oexcl = '';
|
||||
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
|
||||
}
|
||||
|
||||
#
|
||||
|
||||
@ -268,7 +268,6 @@ sub setup_one_masq($$$$$$$)
|
||||
$networks ,
|
||||
$destnets ,
|
||||
'' ,
|
||||
'' ,
|
||||
$target ,
|
||||
'' ,
|
||||
'' ,
|
||||
|
||||
@ -64,7 +64,6 @@ sub process_notrack_rule( $$$$$$ ) {
|
||||
$source ,
|
||||
$dest ,
|
||||
'' ,
|
||||
'' ,
|
||||
'-j NOTRACK' ,
|
||||
'' ,
|
||||
'NOTRACK' ,
|
||||
|
||||
@ -152,7 +152,6 @@ sub process_tos() {
|
||||
$src ,
|
||||
$dst ,
|
||||
'' ,
|
||||
'' ,
|
||||
"-j TOS --set-tos $tos" ,
|
||||
'' ,
|
||||
'' ,
|
||||
@ -330,7 +329,6 @@ sub setup_blacklist() {
|
||||
$networks ,
|
||||
'' ,
|
||||
'' ,
|
||||
'' ,
|
||||
"-j $target" ,
|
||||
'' ,
|
||||
$disposition ,
|
||||
@ -1307,7 +1305,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
$source ,
|
||||
$origdest ,
|
||||
'' ,
|
||||
'' ,
|
||||
$target ,
|
||||
$loglevel ,
|
||||
$log_action ,
|
||||
@ -1345,7 +1342,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
$source ,
|
||||
$dest ,
|
||||
$origdest ,
|
||||
'',
|
||||
'-j RETURN ' ,
|
||||
$loglevel ,
|
||||
$log_action ,
|
||||
@ -1368,13 +1364,14 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
$origdest = '';
|
||||
}
|
||||
|
||||
$rule .= "-m conntrack --ctorigdstport $origdstports " if $capabilities{NEW_CONNTRACK_MATCH} && $origdstports;
|
||||
|
||||
expand_rule( ensure_chain( 'filter', $chain ) ,
|
||||
$restriction ,
|
||||
$rule ,
|
||||
$source ,
|
||||
$dest ,
|
||||
$origdest ,
|
||||
$origdstports ,
|
||||
$action ? "-j $action " : '' ,
|
||||
$loglevel ,
|
||||
$log_action ,
|
||||
|
||||
@ -336,7 +336,6 @@ sub process_tc_rule( $$$$$$$$$$$$ ) {
|
||||
$source ,
|
||||
$dest ,
|
||||
'' ,
|
||||
'' ,
|
||||
"-j $target $mark" ,
|
||||
'' ,
|
||||
'' ,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user