From 97825f937c26ad8be11f2a9387ceeb87e3670425 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 9 Oct 2003 22:33:44 +0000 Subject: [PATCH] Clean up QUEUE target code git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 57 ++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 35 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index 3416925b8..8a8b3437e 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2315,6 +2315,26 @@ add_a_rule() { local natrule= + do_ports() { + if [ -n "$port" ]; then + dports="--dport" + if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then + multiport="$multioption" + dports="--dports" + fi + dports="$dports $port" + fi + + if [ -n "$cport" ]; then + sports="--sport" + if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then + multiport="$multioption" + sports="--sports" + fi + sports="$sports $cport" + fi + } + # Set source variables. The 'cli' variable will hold the client match predicate(s). cli= @@ -2370,44 +2390,11 @@ add_a_rule() case $proto in tcp|TCP|6) - if [ -n "$port" ]; then - dports="--dport" - if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then - multiport="$multioption" - dports="--dports" - fi - dports="$dports $port" - fi - - if [ -n "$cport" ]; then - sports="--sport" - if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then - multiport="$multioption" - sports="--sports" - fi - sports="$sports $cport" - fi - + do_ports [ "$target" = QUEUE ] && proto="$proto --syn" ;; udp|UDP|17) - if [ -n "$port" ]; then - dports="--dport" - if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then - multiport="$multioption" - dports="--dports" - fi - dports="$dports $port" - fi - - if [ -n "$cport" ]; then - sports="--sport" - if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then - multiport="$multioption" - sports="--sports" - fi - sports="$sports $cport" - fi + do_ports ;; icmp|ICMP|1) [ -n "$port" ] && dports="--icmp-type $port"