From 8b6f2616d085b1c08962f36721f29acbd6b188e2 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 22 Mar 2007 23:06:16 +0000
Subject: [PATCH] Call user actions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5641 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Actions.pm | 20 +++++++++++++++-----
 New/Shorewall/Config.pm  | 20 +++++++++++++++++++-
 New/Shorewall/Policy.pm  |  9 ++++++++-
 3 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/New/Shorewall/Actions.pm b/New/Shorewall/Actions.pm
index daf51a7dc..1ec34b9d9 100644
--- a/New/Shorewall/Actions.pm
+++ b/New/Shorewall/Actions.pm
@@ -36,7 +36,7 @@ our @EXPORT = qw( merge_levels
 		  split_action 
 		  isolate_basic_target
 		  add_requiredby 
-		  createlogactionchain 
+		  createlogactionchain
 		  createactionchain 
 		  find_logactionchain
 		  process_actions1
@@ -185,11 +185,21 @@ sub createlogactionchain( $$ ) {
 
     $level = 'none' unless $level;
 
-    $logactionchains{"$action:$level"} = new_chain 'filter', '%' . $chain . $actionref->{actchain}++;
+    $logactionchains{"$action:$level"} = $chainref = new_chain 'filter', '%' . $chain . $actionref->{actchain}++;
 
-    #
-    # Fixme -- action file
-    #
+    unless ( $targets{$action} & STANDARD ) {
+	my $file = find_file $chain;
+
+	if ( -f $file ) {
+	    progress_message "Processing $file...";
+
+	    unless ( my $return = do $file ) {
+		fatal_error "Couldn't parse $file: $@" if $@;
+		fatal_error "Couldn't do $file: $!"    unless defined $return;
+		fatal_error "Couldn't run $file"       unless $return;
+	    }
+	}
+    }
 }
 
 #
diff --git a/New/Shorewall/Config.pm b/New/Shorewall/Config.pm
index b6e6b2d94..bc3c3a5e1 100644
--- a/New/Shorewall/Config.pm
+++ b/New/Shorewall/Config.pm
@@ -28,7 +28,7 @@ use warnings;
 use Shorewall::Common;
 
 our @ISA = qw(Exporter);
-our @EXPORT = qw(find_file get_configuration report_capabilities propagateconfig append_file generate_aux_config %config %env %capabilities );
+our @EXPORT = qw(find_file get_configuration report_capabilities propagateconfig append_file run_user_exit generate_aux_config %config %env %capabilities );
 our @EXPORT_OK = ();
 our @VERSION = 1.00;
 
@@ -525,6 +525,24 @@ sub append_file( $ ) {
     }   
 }
 
+#
+# Run a Perl extension script
+#
+sub run_user_exit( $ ) {
+    my $chainref = $_[0];
+    my $file = find_file $chainref->{name};
+
+    if ( -f $file ) {
+	progress_message "Processing $file...";
+
+	unless (my $return = do $file) {
+	    fatal_error "Couldn't parse $file: $@" if $@;
+	    fatal_error "Couldn't do $file: $!"    unless defined $return;
+	    fatal_error "Couldn't run $file"       unless $return;
+	}
+    }
+}
+
 sub generate_aux_config() {
     sub conditionally_add_option( $ ) {
 	my $option = $_[0];
diff --git a/New/Shorewall/Policy.pm b/New/Shorewall/Policy.pm
index 3947a32ac..5dc8984cd 100644
--- a/New/Shorewall/Policy.pm
+++ b/New/Shorewall/Policy.pm
@@ -302,6 +302,7 @@ sub apply_policy_rules() {
 	    }
 
 	    if ( $name =~ /^all2|2all$/ ) {
+		run_user_exit $chainref;
 		policy_rules $chainref , $policy, $loglevel , $default;
 	    }
 
@@ -311,7 +312,11 @@ sub apply_policy_rules() {
     for my $zone ( @zones ) {
 	for my $zone1 ( @zones ) {
 	    my $chainref = $filter_table->{"${zone}2${zone1}"};
-	    default_policy $chainref, $zone, $zone1 if $chainref->{referenced};
+
+	    if ( $chainref->{referenced} ) {
+		run_user_exit $chainref;
+		default_policy $chainref, $zone, $zone1;
+	    }
 	}
     }
 }
@@ -328,6 +333,8 @@ sub apply_policy_rules() {
 sub complete_standard_chain ( $$$ ) {
     my ( $stdchainref, $zone, $zone2 ) = @_;
 
+    run_user_exit $stdchainref;
+
     my $ruleschainref = $filter_table->{"${zone}2${zone2}"};
     my ( $policy, $loglevel, $default ) = ( 'DROP', 'info', $config{DROP_DEFAULT} );
     my $policychainref;