Remove requirement that matches and proto end with a space in perl helper API.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Rules.pm

@@ -2662,6 +2662,8 @@ sub perl_action_helper($$) {
 
     assert( $chainref );
 
+    $matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
+
     if ( $inlines{$action} ) {
 	$result = &process_rule( $chainref,
 				 $matches,
@@ -2708,6 +2710,8 @@ sub perl_action_tcp_helper($$) {
 
     assert( $chainref );
 
+    $proto .= ' ' unless $proto =~ /^(?:.+\s)?$/;
+
     if ( $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6' ) {
 	#
 	# For other protos, a 'no rule generated' warning will be issued

Shorewall/action.Established

@@ -24,12 +24,12 @@
 #
 #   Established[([<action>])]
 #
-#       Default action is DROP
+#       Default action is ACCEPT
 #
 ##########################################################################################
 ?FORMAT 2
 
-DEFAULTS DROP
+DEFAULTS ACCEPT
 
 ?BEGIN PERL;
 
@@ -45,8 +45,8 @@ my ( $level, $tag ) = get_action_logging;
 $action = join( ':', $action, $level, $tag ) if "${level}${tag}";
 
 perl_action_helper(
-		   $action,                          # Target
+		   $action,                             # Target
-		   "$globals{STATEMATCH} INVALID ",  # Matches
+		   "$globals{STATEMATCH} ESTABLISHED",  # Matches
 		  );
 
 allow_optimize( get_action_chain );

Shorewall/action.Invalid

@@ -50,8 +50,8 @@ my ( $level, $tag ) = get_action_logging;
 $action = join( ':', $action, $level, $tag ) if "${level}${tag}";
 
 perl_action_helper(
-		   $action,                          # Target
+		   $action,                         # Target
-		   "$globals{STATEMATCH} INVALID ",  # Matches
+		   "$globals{STATEMATCH} INVALID",  # Matches
 		  );
 
 allow_optimize( get_action_chain);

Shorewall/action.NotSyn

@@ -51,7 +51,7 @@ $action = join( ':', $action, $level, $tag ) if "${level}${tag}";
 
 perl_action_tcp_helper(
 		       $action,
-		       '-p 6 ! --syn '
+		       '-p 6 ! --syn'
 		      );
 
 allow_optimize( get_action_chain );

Shorewall/action.RST

@@ -50,7 +50,7 @@ $action = join( ':', $action, $level, $tag ) if "${level}${tag}";
 
 perl_action_tcp_helper(
 		       $action,
-		       '-p 6 --tcp-flags RST RST '
+		       '-p 6 --tcp-flags RST RST'
 		      );
 
 allow_optimize( get_action_chain );

Shorewall/action.Related

@@ -46,8 +46,8 @@ my ( $level, $tag ) = get_action_logging;
 $action = join( ':', $action, $level, $tag ) if "${level}${tag}";
 
 perl_action_helper( 
-		   $action,                          # Target
+		   $action,                         # Target
-		   "$globals{STATEMATCH} RELATED ",  # Matches
+		   "$globals{STATEMATCH} RELATED",  # Matches
 		  );
 
 allow_optimize( get_action_chain );

docs/Actions.xml

@@ -930,10 +930,6 @@ bar:debug</programlisting>
                 <para>ip[6]tables matches to be included in the rule. When
                 called in an inline action, these matches are augmented by
                 matches generated by the invoking rule.</para>
-
-                <important>
-                  <para>The matches must end with a space character.</para>
-                </important>
               </listitem>
             </varlistentry>
           </variablelist>