extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 20:30:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove one argument from expand_rule()

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9835 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-09 22:21:48 +00:00
parent f20013898e
commit 8278203e03
7 changed files with 3 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -132,7 +132,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
$source , $source ,
$dest = ALLIP , $dest = ALLIP ,
'' , '' ,
'' ,
$target , $target ,
'' , '' ,
$disposition , $disposition ,
@ -153,7 +152,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
$source , $source ,
$dest , $dest ,
'' , '' ,
'' ,
$target , $target ,
'' , '' ,
$disposition , $disposition ,
@ -170,7 +168,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
'' , '' ,
'' , '' ,
'' , '' ,
'' ,
'' ; '' ;
} }
} }

1
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -579,7 +579,6 @@ sub process_action( $$$$$$$$$$ ) {
$source , $source ,
$dest , $dest ,
'', #Original Dest '', #Original Dest
'', #Original Dest port
$action ? "-j $action" : '', $action ? "-j $action" : '',
$level , $level ,
$action , $action ,

11
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2303,7 +2303,7 @@ sub set_global_variables( $ ) {
# #
# Returns the destination interface specified in the rule, if any. # Returns the destination interface specified in the rule, if any.
# #
sub expand_rule( $$$$$$$$$$$ ) sub expand_rule( $$$$$$$$$$ )
{ {
my ($chainref , # Chain my ($chainref , # Chain
$restriction, # Determines what to do with interface names in the SOURCE or DEST $restriction, # Determines what to do with interface names in the SOURCE or DEST
@ -2311,7 +2311,6 @@ sub expand_rule( $$$$$$$$$$$ )
$source, # SOURCE $source, # SOURCE
$dest, # DEST $dest, # DEST
$origdest, # ORIGINAL DEST $origdest, # ORIGINAL DEST
$oport, # original destination port
$target, # Target ('-j' part of the rule) $target, # Target ('-j' part of the rule)
$loglevel , # Log level (and tag) $loglevel , # Log level (and tag)
$disposition, # Primative part of the target (RETURN, ACCEPT, ...) $disposition, # Primative part of the target (RETURN, ACCEPT, ...)
@ -2519,12 +2518,9 @@ sub expand_rule( $$$$$$$$$$$ )
$diface = ''; $diface = '';
} }
$oport = '' if defined $oport && $oport eq '-';
if ( $origdest ) { if ( $origdest ) {
if ( $origdest eq '-' || ! $capabilities{CONNTRACK_MATCH} ) { if ( $origdest eq '-' || ! $capabilities{CONNTRACK_MATCH} ) {
$origdest = ''; $origdest = '';
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
} elsif ( $origdest =~ /^detect:(.*)$/ ) { } elsif ( $origdest =~ /^detect:(.*)$/ ) {
# #
# Either the filter part of a DNAT rule or 'detect' was given in the ORIG DEST column # Either the filter part of a DNAT rule or 'detect' was given in the ORIG DEST column
@ -2545,7 +2541,6 @@ sub expand_rule( $$$$$$$$$$$ )
push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional; push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional;
$rule .= '-m conntrack --ctorigdst $address '; $rule .= '-m conntrack --ctorigdst $address ';
$rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
} else { } else {
my $interface = $interfaces[0]; my $interface = $interfaces[0];
my $variable = get_interface_address( $interface ); my $variable = get_interface_address( $interface );
@ -2553,7 +2548,6 @@ sub expand_rule( $$$$$$$$$$$ )
push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi' ) if interface_is_optional( $interface ); push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi' ) if interface_is_optional( $interface );
$rule .= "-m conntrack --ctorigdst $variable "; $rule .= "-m conntrack --ctorigdst $variable ";
$rule .= "--ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
} }
$origdest = ''; $origdest = '';
@ -2578,12 +2572,9 @@ sub expand_rule( $$$$$$$$$$$ )
$oexcl = ''; $oexcl = '';
} }
} }
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
} }
} else { } else {
$oexcl = ''; $oexcl = '';
$rule .= "-m conntrack --ctorigdstport $oport " if $capabilities{NEW_CONNTRACK_MATCH} && $oport;
} }
# #

1
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -268,7 +268,6 @@ sub setup_one_masq($$$$$$$)
$networks , $networks ,
$destnets , $destnets ,
'' , '' ,
'' ,
$target , $target ,
'' , '' ,
'' , '' ,

1
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -64,7 +64,6 @@ sub process_notrack_rule( $$$$$$ ) {
$source , $source ,
$dest , $dest ,
'' , '' ,
'' ,
'-j NOTRACK' , '-j NOTRACK' ,
'' , '' ,
'NOTRACK' , 'NOTRACK' ,

7
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -152,7 +152,6 @@ sub process_tos() {
$src , $src ,
$dst , $dst ,
'' , '' ,
'' ,
"-j TOS --set-tos $tos" , "-j TOS --set-tos $tos" ,
'' , '' ,
'' , '' ,
@ -330,7 +329,6 @@ sub setup_blacklist() {
$networks , $networks ,
'' , '' ,
'' , '' ,
'' ,
"-j $target" , "-j $target" ,
'' , '' ,
$disposition , $disposition ,
@ -1307,7 +1305,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
$source , $source ,
$origdest , $origdest ,
'' , '' ,
'' ,
$target , $target ,
$loglevel , $loglevel ,
$log_action , $log_action ,
@ -1345,7 +1342,6 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
$source , $source ,
$dest , $dest ,
$origdest , $origdest ,
'',
'-j RETURN ' , '-j RETURN ' ,
$loglevel , $loglevel ,
$log_action , $log_action ,
@ -1368,13 +1364,14 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
$origdest = ''; $origdest = '';
} }
$rule .= "-m conntrack --ctorigdstport $origdstports " if $capabilities{NEW_CONNTRACK_MATCH} && $origdstports;
expand_rule( ensure_chain( 'filter', $chain ) , expand_rule( ensure_chain( 'filter', $chain ) ,
$restriction , $restriction ,
$rule , $rule ,
$source , $source ,
$dest , $dest ,
$origdest , $origdest ,
$origdstports ,
$action ? "-j $action " : '' , $action ? "-j $action " : '' ,
$loglevel , $loglevel ,
$log_action , $log_action ,

1
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -336,7 +336,6 @@ sub process_tc_rule( $$$$$$$$$$$$ ) {
$source , $source ,
$dest , $dest ,
'' , '' ,
'' ,
"-j $target $mark" , "-j $target $mark" ,
'' , '' ,
'' , '' ,