extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify exception processing in process_rules1()

Browse Source
This commit is contained in:
Tom Eastep 2011-01-10 17:02:12 -08:00
parent fd6afa7742
commit a04e854f21
2 changed files with 33 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -77,7 +77,6 @@ our %EXPORT_TAGS = (
NOT_RESTORE NOT_RESTORE
initialize_chain_table initialize_chain_table
lookup_shorewall_action
add_commands add_commands
move_rules move_rules
insert_rule1 insert_rule1
@ -198,7 +197,7 @@ our %EXPORT_TAGS = (
Exporter::export_ok_tags('internal'); Exporter::export_ok_tags('internal');
our $VERSION = '4.4_17'; our $VERSION = '4.4_16';
# #
# Chain Table # Chain Table
@ -281,37 +280,6 @@ use constant { STANDARD => 1, #defined by Netfilter
# #
our %targets; our %targets;
#
# Shorewall-defined targets
#
use constant { TGT_ACCEPT => 1,
TGT_REJECT => 2,
TGT_DROP => 3,
TGT_NONAT => 4,
TGT_LOG => 5,
TGT_CONTINUE => 6,
TGT_COUNT => 7,
TGT_QUEUE => 8,
TGT_NFQUEUE => 9,
TGT_ADD => 10,
TGT_DEL => 11,
TGT_REDIRECT => 12,
};
our %shorewall_targets = ( ACCEPT => TGT_ACCEPT,
REJECT => TGT_REJECT,
DROP => TGT_DROP,
NONAT => TGT_NONAT,
LOG => TGT_LOG,
CONTINUE => TGT_CONTINUE,
COUNT => TGT_COUNT,
QUEUE => TGT_QUEUE,
NFQUEUE => TGT_NFQUEUE,
ADD => TGT_ADD,
DEL => TGT_DEL,
REDIRECT => TGT_REDIRECT,
);
# #
# expand_rule() restrictions # expand_rule() restrictions
# #
@ -450,17 +418,6 @@ sub initialize( $ ) {
# #
} }
#
# Lookup a standard action
#
sub lookup_shorewall_action( $ ) {
my $target = shift;
$target =~ s/[-+!]$//;
$shorewall_targets{ $target };
}
# #
# Process a COMMENT line (in $currentline) # Process a COMMENT line (in $currentline)
# #

27
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1021,8 +1021,11 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
my $log_action = $action; my $log_action = $action;
unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) { unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) { my $bt = $basictarget;
if ( $shorewall_target == TGT_REDIRECT ) {
$bt =~ s/[-+!]$//;
my %functions = ( REDIRECT => sub () {
my $z = $actiontype & NATONLY ? '' : firewall_zone; my $z = $actiontype & NATONLY ? '' : firewall_zone;
if ( $dest eq '-' ) { if ( $dest eq '-' ) {
$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports ); $dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
@ -1031,14 +1034,17 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
} else { } else {
$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/; $dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
} }
} elsif ( $shorewall_target == TGT_REJECT ) { } ,
$action = 'reject'; REJECT => sub { $action = 'reject'; } ,
} elsif ( $shorewall_target == TGT_CONTINUE ) { CONTINUE => sub { $action = 'RETURN'; } ,
$action = 'RETURN'; COUNT => sub { $action = ''; } ,
} elsif ( $shorewall_target == TGT_COUNT ) { LOG => sub { fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne ''; } ,
$action = ''; );
} elsif ( $shorewall_target == TGT_LOG ) {
fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne ''; my $function = $functions{ $bt };
if ( $function ) {
$function->();
} elsif ( $actiontype & SET ) { } elsif ( $actiontype & SET ) {
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' ); my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
@ -1049,7 +1055,6 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags ); $action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
} }
} }
}
# #
# Isolate and validate source and destination zones # Isolate and validate source and destination zones
# #