diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index ce26d805c..06e8d552b 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1609,7 +1609,7 @@ sub ensure_audit_chain( $;$$ ) { sub require_audit($$;$) { my ($action, $audit, $tgt ) = @_; - return $action unless supplied $audit; + return $action unless supplied $audit && $audit ne '-'; my $target = 'A_' . $action; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 8db5c5e63..fe835b6e7 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -1834,7 +1834,7 @@ sub default_action_params { for ( $i = 1; 1; $i++ ) { last unless defined ( $val = shift ); my $curval = $actparms[$i]; - $actparms[$i] =$val eq '-' ? '' : $val eq '--' ? '-' : $val unless supplied( $curval ); + $actparms[$i] =$val unless supplied( $curval ); } fatal_error "Too Many arguments to action $action" if defined $actparms[$i]; @@ -1845,7 +1845,14 @@ sub get_action_params( $ ) { fatal_error "Invalid argument to get_action_params()" unless $num =~ /^\d+$/ && $num > 0; - @actparms[1..$num]; + my @return; + + for ( my $i = 1; $i <= $num; $i++ ) { + my $val = $actparms[$i]; + push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val; + } + + @return; } sub get_action_chain() { diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index b7fed27e7..4ed028077 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -842,6 +842,7 @@ sub normalize_action( $$$ ) { $level = 'none' unless supplied $level; $tag = '' unless defined $tag; $param = '' unless defined $param; + $param = '' if $param eq '-'; join( ':', $action, $level, $tag, $param ); } diff --git a/Shorewall/action.Drop b/Shorewall/action.Drop index b887946d0..dcc91ced2 100644 --- a/Shorewall/action.Drop +++ b/Shorewall/action.Drop @@ -43,12 +43,12 @@ my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 ); if ( defined $p1 ) { if ( $p1 eq 'audit' ) { - set_action_param( 2, 'A_REJECT') unless defined( $p2 ) && $p2 ne '-'; - set_action_param( 3, 'A_DROP') unless defined( $p3 ) && $p3 ne '-'; - set_action_param( 4, 'A_ACCEPT' ) unless defined( $p4 ) && $p4 ne '-'; - set_action_param( 5, 'A_DROP' ) unless defined( $p5 ) && $p5 ne '-'; + set_action_param( 2, 'A_REJECT') unless supplied $p2; + set_action_param( 3, 'A_DROP') unless supplied $p3; + set_action_param( 4, 'A_ACCEPT' ) unless supplied $p4; + set_action_param( 5, 'A_DROP' ) unless supplied $p5; } else { - fatal_error "Invalid value ($p1) for first Drop parameter" unless $p1 eq '-'; + fatal_error "Invalid value ($p1) for first Drop parameter" if supplied $p1; } } diff --git a/Shorewall/action.Reject b/Shorewall/action.Reject index d142ec1d7..40b9212f9 100644 --- a/Shorewall/action.Reject +++ b/Shorewall/action.Reject @@ -39,12 +39,12 @@ my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 ); if ( defined $p1 ) { if ( $p1 eq 'audit' ) { - set_action_param( 2, 'A_REJECT') unless defined( $p2 ) && $p2 ne '-'; - set_action_param( 3, 'A_REJECT') unless defined( $p3 ) && $p3 ne '-'; - set_action_param( 4, 'A_ACCEPT' ) unless defined( $p5 ) && $p4 ne '-'; - set_action_param( 5, 'A_DROP' ) unless defined( $p5 ) && $p5 ne '-'; + set_action_param( 2, 'A_REJECT') unless supplied $p2; + set_action_param( 3, 'A_REJECT') unless supplied $p3; + set_action_param( 4, 'A_ACCEPT' ) unless supplied $p4; + set_action_param( 5, 'A_DROP' ) unless supplied $p5; } else { - fatal_error "Invalid value ($p1) for first Reject parameter" unless $p1 eq '-'; + fatal_error "Invalid value ($p1) for first Reject parameter" if supplied $p1; } }