extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-29 14:11:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Purely cosmetic change in the Actions module

Browse Source
This commit is contained in:
Tom Eastep 2009-06-10 14:31:22 -07:00
parent d079e69a1b
commit a1330cbfdf
1 changed files with 126 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -725,11 +725,10 @@ sub process_action3( $$$$$ ) {
clear_comment; clear_comment;
} }
sub process_actions3 () { #
# # The following small functions generate rules for the builtin actions of the same name
# The following small functions generate rules for the builtin actions of the same name #
# sub dropBcast( $$$ ) {
sub dropBcast( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
if ( $capabilities{ADDRTYPE} ) { if ( $capabilities{ADDRTYPE} ) {
@ -761,9 +760,9 @@ sub process_actions3 () {
} else { } else {
add_rule $chainref, '-d ff00::/10 -j DROP'; add_rule $chainref, '-d ff00::/10 -j DROP';
} }
} }
sub allowBcast( $$$ ) { sub allowBcast( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
if ( $family == F_IPV4 && $capabilities{ADDRTYPE} ) { if ( $family == F_IPV4 && $capabilities{ADDRTYPE} ) {
@ -795,40 +794,40 @@ sub process_actions3 () {
add_rule $chainref, '-d ff00:/10 -j ACCEPT'; add_rule $chainref, '-d ff00:/10 -j ACCEPT';
} }
} }
} }
sub dropNotSyn ( $$$ ) { sub dropNotSyn ( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p tcp ! --syn ' if $level ne ''; log_rule_limit $level, $chainref, 'dropNotSyn' , 'DROP', '', $tag, 'add', '-p tcp ! --syn ' if $level ne '';
add_rule $chainref , '-p tcp ! --syn -j DROP'; add_rule $chainref , '-p tcp ! --syn -j DROP';
} }
sub rejNotSyn ( $$$ ) { sub rejNotSyn ( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p tcp ! --syn ' if $level ne ''; log_rule_limit $level, $chainref, 'rejNotSyn' , 'REJECT', '', $tag, 'add', '-p tcp ! --syn ' if $level ne '';
add_rule $chainref , '-p tcp ! --syn -j REJECT --reject-with tcp-reset'; add_rule $chainref , '-p tcp ! --syn -j REJECT --reject-with tcp-reset';
} }
sub dropInvalid ( $$$ ) { sub dropInvalid ( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', '-m state --state INVALID ' if $level ne ''; log_rule_limit $level, $chainref, 'dropInvalid' , 'DROP', '', $tag, 'add', '-m state --state INVALID ' if $level ne '';
add_rule $chainref , '-m state --state INVALID -j DROP'; add_rule $chainref , '-m state --state INVALID -j DROP';
} }
sub allowInvalid ( $$$ ) { sub allowInvalid ( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', '-m state --state INVALID ' if $level ne ''; log_rule_limit $level, $chainref, 'allowInvalid' , 'ACCEPT', '', $tag, 'add', '-m state --state INVALID ' if $level ne '';
add_rule $chainref , '-m state --state INVALID -j ACCEPT'; add_rule $chainref , '-m state --state INVALID -j ACCEPT';
} }
sub forwardUPnP ( $$$ ) { sub forwardUPnP ( $$$ ) {
} }
sub allowinUPnP ( $$$ ) { sub allowinUPnP ( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
if ( $level ne '' ) { if ( $level ne '' ) {
@ -838,9 +837,9 @@ sub process_actions3 () {
add_rule $chainref, '-p udp --dport 1900 -j ACCEPT'; add_rule $chainref, '-p udp --dport 1900 -j ACCEPT';
add_rule $chainref, '-p tcp --dport 49152 -j ACCEPT'; add_rule $chainref, '-p tcp --dport 49152 -j ACCEPT';
} }
sub Limit( $$$ ) { sub Limit( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
my @tag = split /,/, $tag; my @tag = split /,/, $tag;
@ -869,8 +868,9 @@ sub process_actions3 () {
} }
add_rule $chainref, '-j ACCEPT'; add_rule $chainref, '-j ACCEPT';
} }
sub process_actions3 () {
my %builtinops = ( 'dropBcast' => \&dropBcast, my %builtinops = ( 'dropBcast' => \&dropBcast,
'allowBcast' => \&allowBcast, 'allowBcast' => \&allowBcast,
'dropNotSyn' => \&dropNotSyn, 'dropNotSyn' => \&dropNotSyn,