mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
Simplify exception processing in process_rules1()
This commit is contained in:
parent
fd6afa7742
commit
a04e854f21
@ -77,7 +77,6 @@ our %EXPORT_TAGS = (
|
||||
NOT_RESTORE
|
||||
|
||||
initialize_chain_table
|
||||
lookup_shorewall_action
|
||||
add_commands
|
||||
move_rules
|
||||
insert_rule1
|
||||
@ -198,7 +197,7 @@ our %EXPORT_TAGS = (
|
||||
|
||||
Exporter::export_ok_tags('internal');
|
||||
|
||||
our $VERSION = '4.4_17';
|
||||
our $VERSION = '4.4_16';
|
||||
|
||||
#
|
||||
# Chain Table
|
||||
@ -281,37 +280,6 @@ use constant { STANDARD => 1, #defined by Netfilter
|
||||
#
|
||||
our %targets;
|
||||
|
||||
#
|
||||
# Shorewall-defined targets
|
||||
#
|
||||
|
||||
use constant { TGT_ACCEPT => 1,
|
||||
TGT_REJECT => 2,
|
||||
TGT_DROP => 3,
|
||||
TGT_NONAT => 4,
|
||||
TGT_LOG => 5,
|
||||
TGT_CONTINUE => 6,
|
||||
TGT_COUNT => 7,
|
||||
TGT_QUEUE => 8,
|
||||
TGT_NFQUEUE => 9,
|
||||
TGT_ADD => 10,
|
||||
TGT_DEL => 11,
|
||||
TGT_REDIRECT => 12,
|
||||
};
|
||||
|
||||
our %shorewall_targets = ( ACCEPT => TGT_ACCEPT,
|
||||
REJECT => TGT_REJECT,
|
||||
DROP => TGT_DROP,
|
||||
NONAT => TGT_NONAT,
|
||||
LOG => TGT_LOG,
|
||||
CONTINUE => TGT_CONTINUE,
|
||||
COUNT => TGT_COUNT,
|
||||
QUEUE => TGT_QUEUE,
|
||||
NFQUEUE => TGT_NFQUEUE,
|
||||
ADD => TGT_ADD,
|
||||
DEL => TGT_DEL,
|
||||
REDIRECT => TGT_REDIRECT,
|
||||
);
|
||||
#
|
||||
# expand_rule() restrictions
|
||||
#
|
||||
@ -450,17 +418,6 @@ sub initialize( $ ) {
|
||||
#
|
||||
}
|
||||
|
||||
#
|
||||
# Lookup a standard action
|
||||
#
|
||||
sub lookup_shorewall_action( $ ) {
|
||||
my $target = shift;
|
||||
|
||||
$target =~ s/[-+!]$//;
|
||||
|
||||
$shorewall_targets{ $target };
|
||||
}
|
||||
|
||||
#
|
||||
# Process a COMMENT line (in $currentline)
|
||||
#
|
||||
|
@ -1021,33 +1021,38 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
|
||||
my $log_action = $action;
|
||||
|
||||
unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
|
||||
if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
|
||||
if ( $shorewall_target == TGT_REDIRECT ) {
|
||||
my $z = $actiontype & NATONLY ? '' : firewall_zone;
|
||||
if ( $dest eq '-' ) {
|
||||
$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
|
||||
} elsif ( $inaction ) {
|
||||
$dest = ":$dest";
|
||||
} else {
|
||||
$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
|
||||
}
|
||||
} elsif ( $shorewall_target == TGT_REJECT ) {
|
||||
$action = 'reject';
|
||||
} elsif ( $shorewall_target == TGT_CONTINUE ) {
|
||||
$action = 'RETURN';
|
||||
} elsif ( $shorewall_target == TGT_COUNT ) {
|
||||
$action = '';
|
||||
} elsif ( $shorewall_target == TGT_LOG ) {
|
||||
fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
|
||||
} elsif ( $actiontype & SET ) {
|
||||
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
||||
|
||||
my ( $setname, $flags, $rest ) = split ':', $param, 3;
|
||||
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
||||
fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
|
||||
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
||||
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
||||
}
|
||||
my $bt = $basictarget;
|
||||
|
||||
$bt =~ s/[-+!]$//;
|
||||
|
||||
my %functions = ( REDIRECT => sub () {
|
||||
my $z = $actiontype & NATONLY ? '' : firewall_zone;
|
||||
if ( $dest eq '-' ) {
|
||||
$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
|
||||
} elsif ( $inaction ) {
|
||||
$dest = ":$dest";
|
||||
} else {
|
||||
$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
|
||||
}
|
||||
} ,
|
||||
REJECT => sub { $action = 'reject'; } ,
|
||||
CONTINUE => sub { $action = 'RETURN'; } ,
|
||||
COUNT => sub { $action = ''; } ,
|
||||
LOG => sub { fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne ''; } ,
|
||||
);
|
||||
|
||||
my $function = $functions{ $bt };
|
||||
|
||||
if ( $function ) {
|
||||
$function->();
|
||||
} elsif ( $actiontype & SET ) {
|
||||
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
||||
|
||||
my ( $setname, $flags, $rest ) = split ':', $param, 3;
|
||||
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
||||
fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
|
||||
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
||||
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
||||
}
|
||||
}
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user