Use '@{0}' as the chain name surrogate in SWITCH columns

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-08 00:34:04 +01:00 · 2012-11-29 07:17:13 -08:00 · 2012-11-29 07:17:13 -08:00 · 9c0d8a2533
commit 9c0d8a2533
parent bff91cd325
6 changed files with 29 additions and 9 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4654,9 +4654,9 @@ sub do_condition( $$ ) {

    require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's';

-    if ( $condition =~ /@/ ) {
+    if ( $condition =~ /\@\{0\}/ ) {
 	$chain     =~ s/[^\w-]//g;
-	$condition =~ s/@/$chain/g;
+	$condition =~ s/\@\{0\}/$chain/g;
    }

    fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30;
--- a/Shorewall/manpages/shorewall-conntrack.xml
+++ b/Shorewall/manpages/shorewall-conntrack.xml
@ -397,7 +397,11 @@
          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
          is 1. The rule is disabled if that file contains 0 (the default). If
          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. <replaceable>switch-name</replaceable> must
+          if the file contains 0.</para>
+
+          <para>Within the <replaceable>switch-name</replaceable>, '@{0}' is
+          replaced by the name of the chain to which the rule is a added. The
+          <replaceable>switch-name</replaceable> (after '@{0}' expansion) must
          begin with a letter and be composed of letters, decimal digits,
          underscores or hyphens. Switch names must be 30 characters or less
          in length.</para>
--- a/Shorewall/manpages/shorewall-masq.xml
+++ b/Shorewall/manpages/shorewall-masq.xml
@ -471,7 +471,11 @@
          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
          is 1. The rule is disabled if that file contains 0 (the default). If
          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. <replaceable>switch-name</replaceable> must
+          if the file contains 0.</para>
+
+          <para>Within the <replaceable>switch-name</replaceable>, '@{0}' is
+          replaced by the name of the chain to which the rule is a added. The
+          <replaceable>switch-name</replaceable> (after '@{0}' expansion) must
          begin with a letter and be composed of letters, decimal digits,
          underscores or hyphens. Switch names must be 30 characters or less
          in length.</para>
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@ -1380,7 +1380,11 @@
          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
          is 1. The rule is disabled if that file contains 0 (the default). If
          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. <replaceable>switch-name</replaceable> must
+          if the file contains 0.</para>
+
+          <para>Within the <replaceable>switch-name</replaceable>, '@{0}' is
+          replaced by the name of the chain to which the rule is a added. The
+          <replaceable>switch-name</replaceable> (after '@{0}' expansion) must
          begin with a letter and be composed of letters, decimal digits,
          underscores or hyphens. Switch names must be 30 characters or less
          in length.</para>
--- a/Shorewall6/manpages/shorewall6-conntrack.xml
+++ b/Shorewall6/manpages/shorewall6-conntrack.xml
@ -293,8 +293,12 @@
          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
          is 1. Disables the rule if that file contains 0 (the default). If
          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. The <replaceable>switch-name</replaceable>
-          must begin with a letter and be composed of letters, decimal digits,
+          if the file contains 0.</para>
+
+          <para>Within the <replaceable>switch-name</replaceable>, '@{0}' is
+          replaced by the name of the chain to which the rule is a added. The
+          <replaceable>switch-name</replaceable> (after '@{0}' expansion) must
+          begin with a letter and be composed of letters, decimal digits,
          underscores or hyphens. Switch names must be 30 characters or less
          in length.</para>

--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@ -1255,8 +1255,12 @@
          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
          is 1. Disables the rule if that file contains 0 (the default). If
          '!' is supplied, the test is inverted such that the rule is enabled
-          if the file contains 0. The <replaceable>switch-name</replaceable>
-          must begin with a letter and be composed of letters, decimal digits,
+          if the file contains 0.</para>
+
+          <para>Within the <replaceable>switch-name</replaceable>, '@{0}' is
+          replaced by the name of the chain to which the rule is a added. The
+          <replaceable>switch-name</replaceable> (after '@{0}' expansion) must
+          begin with a letter and be composed of letters, decimal digits,
          underscores or hyphens. Switch names must be 30 characters or less
          in length.</para>