mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-20 20:48:54 +01:00
Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
75258083e3
commit
95abeaea24
@ -207,7 +207,7 @@ sub initialize( $ ) {
|
|||||||
sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
|
sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
|
||||||
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_;
|
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_;
|
||||||
|
|
||||||
our %tccmd;
|
our %tccmd;
|
||||||
|
|
||||||
unless ( %tccmd ) {
|
unless ( %tccmd ) {
|
||||||
%tccmd = ( SAVE => { match => sub ( $ ) { $_[0] eq 'SAVE' } ,
|
%tccmd = ( SAVE => { match => sub ( $ ) { $_[0] eq 'SAVE' } ,
|
||||||
@ -316,6 +316,15 @@ our %tccmd;
|
|||||||
|
|
||||||
fatal_error 'MARK must be specified' if $originalmark eq '-';
|
fatal_error 'MARK must be specified' if $originalmark eq '-';
|
||||||
|
|
||||||
|
my $inline;
|
||||||
|
my $raw = '';
|
||||||
|
|
||||||
|
if ( $inline = ( $originalmark =~ /^INLINE\((.+)\)(:.*)?$/ ) ) {
|
||||||
|
$originalmark = $1;
|
||||||
|
$originalmark .= $2 if $2;
|
||||||
|
$raw = get_inline_matches;
|
||||||
|
}
|
||||||
|
|
||||||
my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 );
|
my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 );
|
||||||
|
|
||||||
fatal_error "Invalid MARK ($originalmark)" unless supplied $mark;
|
fatal_error "Invalid MARK ($originalmark)" unless supplied $mark;
|
||||||
@ -557,9 +566,12 @@ our %tccmd;
|
|||||||
assert ( $cmd eq 'INLINE' );
|
assert ( $cmd eq 'INLINE' );
|
||||||
$matches = get_inline_matches;
|
$matches = get_inline_matches;
|
||||||
|
|
||||||
if ( $matches =~ /^(.*\s+)-j\s+(.+) $/ ) {
|
if ( $matches =~ /^(.*\s+)-j\s+(.+)$/ ) {
|
||||||
$matches = $1;
|
$matches = $1;
|
||||||
$target = $2;
|
$target = $2;
|
||||||
|
my $action = $target;
|
||||||
|
$action = $1 if $action =~ /^(.+?)\s/;
|
||||||
|
fatal_error "Unknown target ($action)" unless $targets{$action} || $builtin_target{$action};
|
||||||
} else {
|
} else {
|
||||||
$target = '';
|
$target = '';
|
||||||
}
|
}
|
||||||
|
@ -473,6 +473,33 @@
|
|||||||
in your kernel and iptables.</para>
|
in your kernel and iptables.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis
|
||||||
|
role="bold">INLINE</emphasis>[(<replaceable>action</replaceable>)]</para>
|
||||||
|
|
||||||
|
<para>Added in Shorewall 4.6.0. Allows you to place your own
|
||||||
|
ip[6]tables matches at the end of the line following a semicolon
|
||||||
|
(";"). If an <replaceable>action</replaceable> is specified, the
|
||||||
|
compiler procedes as if that <replaceable>action</replaceable>
|
||||||
|
had been specified in this column. If no action is specified,
|
||||||
|
then you may include your own jump ("-j
|
||||||
|
<replaceable>target</replaceable>
|
||||||
|
[<replaceable>option</replaceable>] ...") after any matches
|
||||||
|
specified at the end of the rule. If the target is not one known
|
||||||
|
to Shorewall, then it must be defined as a builtin action in
|
||||||
|
<ulink url="shorewall-actions.html">shorewall-actions</ulink>
|
||||||
|
(5).</para>
|
||||||
|
|
||||||
|
<para>The following rules are equivalent:</para>
|
||||||
|
|
||||||
|
<programlisting>2:P eth0 - tcp 22
|
||||||
|
INLINE(2):P eth0 - tcp 22
|
||||||
|
INLINE(2):P eth0 - ; -p tcp
|
||||||
|
INLINE eth0 - tcp 22 ; -j MARK --set-mark 2
|
||||||
|
INLINE eth0 - ; -p tcp -j MARK --set-mark 2
|
||||||
|
</programlisting>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis role="bold">IPMARK</emphasis> ‒ Assigns a mark
|
<para><emphasis role="bold">IPMARK</emphasis> ‒ Assigns a mark
|
||||||
to each matching packet based on the either the source or
|
to each matching packet based on the either the source or
|
||||||
|
@ -503,6 +503,32 @@
|
|||||||
in your kernel and ip6tables.</para>
|
in your kernel and ip6tables.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis
|
||||||
|
role="bold">INLINE</emphasis>[(<replaceable>action</replaceable>)]</para>
|
||||||
|
|
||||||
|
<para>Added in Shorewall 4.6.0. Allows you to place your own
|
||||||
|
ip[6]tables matches at the end of the line following a semicolon
|
||||||
|
(";"). If an <replaceable>action</replaceable> is specified, the
|
||||||
|
compiler procedes as if that <replaceable>action</replaceable>
|
||||||
|
had been specified in this column. If no action is specified,
|
||||||
|
then you may include your own jump ("-j
|
||||||
|
<replaceable>target</replaceable>
|
||||||
|
[<replaceable>option</replaceable>] ...") after any matches
|
||||||
|
specified at the end of the rule. If the target is not one known
|
||||||
|
to Shorewall, then it must be defined as a builtin action in
|
||||||
|
<ulink url="shorewall6-actions.html">shorewall6-actions</ulink>
|
||||||
|
(5).</para>
|
||||||
|
|
||||||
|
<para>The following rules are equivalent:</para>
|
||||||
|
|
||||||
|
<programlisting>2:P eth0 - tcp 22
|
||||||
|
INLINE(2):P eth0 - tcp 22
|
||||||
|
INLINE(2):P eth0 - ; -p tcp
|
||||||
|
INLINE eth0 - tcp 22 ; -j MARK --set-mark 2
|
||||||
|
INLINE eth0 - ; -p tcp -j MARK --set-mark 2</programlisting>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis
|
<para><emphasis
|
||||||
role="bold">RESTORE</emphasis>[/<emphasis>mask</emphasis>] --
|
role="bold">RESTORE</emphasis>[/<emphasis>mask</emphasis>] --
|
||||||
|
Loading…
Reference in New Issue
Block a user