From 8278203e03f355d612e4a5543bd443b2d9f6ddea Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 9 Apr 2009 22:21:48 +0000 Subject: [PATCH] Remove one argument from expand_rule() Signed-off-by: Tom Eastep git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9835 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/Perl/Shorewall/Accounting.pm | 3 --- Shorewall/Perl/Shorewall/Actions.pm | 1 - Shorewall/Perl/Shorewall/Chains.pm | 11 +---------- Shorewall/Perl/Shorewall/Nat.pm | 1 - Shorewall/Perl/Shorewall/Raw.pm | 1 - Shorewall/Perl/Shorewall/Rules.pm | 7 ++----- Shorewall/Perl/Shorewall/Tc.pm | 1 - 7 files changed, 3 insertions(+), 22 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index 7d8caa4f0..fd88b1169 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -132,7 +132,6 @@ sub process_accounting_rule( $$$$$$$$$ ) { $source , $dest = ALLIP , '' , - '' , $target , '' , $disposition , @@ -153,7 +152,6 @@ sub process_accounting_rule( $$$$$$$$$ ) { $source , $dest , '' , - '' , $target , '' , $disposition , @@ -170,7 +168,6 @@ sub process_accounting_rule( $$$$$$$$$ ) { '' , '' , '' , - '' , '' ; } } diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm index 776eed8bc..7e95cb382 100644 --- a/Shorewall/Perl/Shorewall/Actions.pm +++ b/Shorewall/Perl/Shorewall/Actions.pm @@ -579,7 +579,6 @@ sub process_action( $$$$$$$$$$ ) { $source , $dest , '', #Original Dest - '', #Original Dest port $action ? "-j $action" : '', $level , $action , diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index f3a632417..1fa1c25ab 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2303,7 +2303,7 @@ sub set_global_variables( $ ) { # # Returns the destination interface specified in the rule, if any. # -sub expand_rule( $$$$$$$$$$$ ) +sub expand_rule( $$$$$$$$$$ ) { my ($chainref , # Chain $restriction, # Determines what to do with interface names in the SOURCE or DEST @@ -2311,7 +2311,6 @@ sub expand_rule( $$$$$$$$$$$ ) $source, # SOURCE $dest, # DEST $origdest, # ORIGINAL DEST - $oport, # original destination port $target, # Target ('-j' part of the rule) $loglevel , # Log level (and tag) $disposition, # Primative part of the target (RETURN, ACCEPT, ...) @@ -2519,12 +2518,9 @@ sub expand_rule( $$$$$$$$$$$ ) $diface = ''; } - $oport = '' if defined $oport && $oport eq '-'; - if ( $origdest ) { if ( $origdest eq '-' || ! $capabilities{CONNTRACK_MATCH} ) { $origdest = ''; - $rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport; } elsif ( $origdest =~ /^detect:(.*)$/ ) { # # Either the filter part of a DNAT rule or 'detect' was given in the ORIG DEST column @@ -2545,7 +2541,6 @@ sub expand_rule( $$$$$$$$$$$ ) push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional; $rule .= '-m conntrack --ctorigdst $address '; - $rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport; } else { my $interface = $interfaces[0]; my $variable = get_interface_address( $interface ); @@ -2553,7 +2548,6 @@ sub expand_rule( $$$$$$$$$$$ ) push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi' ) if interface_is_optional( $interface ); $rule .= "-m conntrack --ctorigdst $variable "; - $rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport; } $origdest = ''; @@ -2578,12 +2572,9 @@ sub expand_rule( $$$$$$$$$$$ ) $oexcl = ''; } } - - $rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport; } } else { $oexcl = ''; - $rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport; } # diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index cad5a579d..ddf0919a0 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -268,7 +268,6 @@ sub setup_one_masq($$$$$$$) $networks , $destnets , '' , - '' , $target , '' , '' , diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm index 1c5709136..bba02ee69 100644 --- a/Shorewall/Perl/Shorewall/Raw.pm +++ b/Shorewall/Perl/Shorewall/Raw.pm @@ -64,7 +64,6 @@ sub process_notrack_rule( $$$$$$ ) { $source , $dest , '' , - '' , '-j NOTRACK' , '' , 'NOTRACK' , diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 8bca2bfd3..7094b8756 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -152,7 +152,6 @@ sub process_tos() { $src , $dst , '' , - '' , "-j TOS --set-tos $tos" , '' , '' , @@ -330,7 +329,6 @@ sub setup_blacklist() { $networks , '' , '' , - '' , "-j $target" , '' , $disposition , @@ -1307,7 +1305,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $source , $origdest , '' , - '' , $target , $loglevel , $log_action , @@ -1345,7 +1342,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $source , $dest , $origdest , - '', '-j RETURN ' , $loglevel , $log_action , @@ -1368,13 +1364,14 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $origdest = ''; } + $rule .= "-m conntrack --ctorigdstport $origdstports " if $capabilities{NEW_CONNTRACK_MATCH} && $origdstports; + expand_rule( ensure_chain( 'filter', $chain ) , $restriction , $rule , $source , $dest , $origdest , - $origdstports , $action ? "-j $action " : '' , $loglevel , $log_action , diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 00304f2f0..8c8bcef38 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -336,7 +336,6 @@ sub process_tc_rule( $$$$$$$$$$$$ ) { $source , $dest , '' , - '' , "-j $target $mark" , '' , '' ,