More ORIGINAL DEST fixes; restore last 'Hits' report

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@579 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-06-01 03:14:20 +00:00
parent e3bafeecaa
commit 89bb721da4
3 changed files with 17 additions and 21 deletions

View File

@ -1966,6 +1966,7 @@ add_nat_rule() {
#
add_a_rule()
{
local natrule=
rule_error() {
fatal_error "Only DNAT and REDIRECT rules may specify port mapping; rule \"$rule\""
@ -1975,7 +1976,7 @@ add_a_rule()
cli=
[ -n "$client" ] && case "$client" in
case "$client" in
-)
;;
*:*)
@ -1988,7 +1989,7 @@ add_a_rule()
cli=`mac_match $client`
;;
*)
cli="-i $client"
[ -n "$client" ] && cli="-i $client"
;;
esac
@ -1997,7 +1998,7 @@ add_a_rule()
dest_interface=
serv=
[ -n "$server" ] && case "$server" in
case "$server" in
-)
;;
*.*.*)
@ -2007,7 +2008,7 @@ add_a_rule()
fatal_error "Rule \"$rule\" - Destination may not be specified by MAC Address"
;;
*)
dest_interface="-o $server"
[ -n "$server" ] && dest_interface="-o $server"
;;
esac
@ -2073,10 +2074,12 @@ add_a_rule()
[ -n "$serv" ] && startup_error "REDIRECT rules cannot"\
" specify a server IP; rule: \"$rule\""
servport=${servport:=$port}
natrule=Yes
;;
DNAT)
[ -n "$serv" ] || fatal_error "DNAT rules require a" \
" server address; rule: \"$rule\""
natrule=Yes
;;
LOG)
[ -z "$loglevel" ] && fatal_error "LOG requires log level"
@ -2095,19 +2098,11 @@ add_a_rule()
# A specific server or server port given
case "$logtarget" in
REDIRECT|DNAT)
if [ -n "$natrule" ]; then
add_nat_rule
;;
*)
if [ -n "$addr" -a "$addr" != "$serv" ]; then
rule_error
elif [ -n "$servport" -a "$servport" != "$port" ]; then
rule_error
fi
;;
esac
elif [ -n "$addr" -a "$addr" != "$serv" ] || [ -n "$servport" -a "$servport" != "$port" ]; then
rule_error
fi
if [ -z "$dnat_only" -a $chain != ${FW}2${FW} ]; then
serv="${serv:+-d $serv}"
@ -2289,8 +2284,6 @@ process_rule() # $1 = target
return
;;
esac
else
[ $command = check ] || ensurechain $chain
fi
# Generate Netfilter rule(s)

View File

@ -170,13 +170,16 @@
# specified in the DEST column.
#
# A comma-separated list of addresses may also be used.
# This is usually most useful with the REDIRECT target.
# This is usually most useful with the REDIRECT target
# where you want to redirect traffic destined for
# particular set of hosts.
#
# Finally, if the list of addresses begins with "!" then
# the rule will be followed only if the original
# destination address in the connection request does not
# match any of the addresses listed.
#
# The address may optionally be followed by
# The address (list) may optionally be followed by
# a colon (":") and a second IP address. This causes
# Shorewall to use the second IP address as the source
# address in forwarded packets. See the Shorewall

View File

@ -756,7 +756,7 @@ case "$1" in
echo " HITS PORT SERVICE(S)"
echo " ---- ----- ----------"
grep '${LOGFORMAT}.*DPT' $LOGFILE | sed 's/\(.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2/' | sort | uniq -c | sort -rn | \
grep "$LOGFORMAT.*DPT" $LOGFILE | sed 's/\(.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2/' | sort | uniq -c | sort -rn | \
while read count port ; do
# List all services defined for the given port
srv=`grep "^[^#].*\\b$port/" /etc/services | cut -f 1 | sort -u`