extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-02 07:56:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Stop Accounting rule violations

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8418 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-04-11 01:01:12 +00:00
parent b46bcd39a1
commit adf068c510
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall-perl/Shorewall/Accounting.pm
View File

@ -69,6 +69,7 @@ sub process_accounting_rule( $$$$$$$$$ ) {
sub check_for_builtin( $ ) { sub check_for_builtin( $ ) {
my $chainref = shift; my $chainref = shift;
fatal_error "A builtin Chain ($chainref->{name}) may not appear in the accounting file" if $chainref->{builtin}; fatal_error "A builtin Chain ($chainref->{name}) may not appear in the accounting file" if $chainref->{builtin};
fatal_error "A Shorewall-generated chain ($chainref->{name}) may not appear in the accounting file" if $chainref->{policy};
} }
sub accounting_error() { sub accounting_error() {
@ -77,7 +78,7 @@ sub process_accounting_rule( $$$$$$$$$ ) {
sub jump_to_chain( $ ) { sub jump_to_chain( $ ) {
my $jumpchain = $_[0]; my $jumpchain = $_[0];
$jumpchainref = ensure_chain( 'filter', $jumpchain ); $jumpchainref = ensure_accounting_chain( $jumpchain );
check_for_builtin( $jumpchainref ); check_for_builtin( $jumpchainref );
$disposition = $jumpchain; $disposition = $jumpchain;
"-j $jumpchain"; "-j $jumpchain";

21
Shorewall-perl/Shorewall/Chains.pm
View File

@ -101,6 +101,7 @@ our %EXPORT_TAGS = (
ecn_chain ecn_chain
first_chains first_chains
ensure_chain ensure_chain
ensure_accounting_chain
ensure_mangle_chain ensure_mangle_chain
ensure_nat_chain ensure_nat_chain
new_standard_chain new_standard_chain
@ -161,6 +162,7 @@ our $VERSION = 4.1.5;
# referenced => undef|1 -- If 1, will be written to the iptables-restore-input. # referenced => undef|1 -- If 1, will be written to the iptables-restore-input.
# builtin => undef|1 -- If 1, one of Netfilter's built-in chains. # builtin => undef|1 -- If 1, one of Netfilter's built-in chains.
# manual => undef|1 -- If 1, a manual chain. # manual => undef|1 -- If 1, a manual chain.
# accounting => undef|1 -- If 1, an accounting chain
# log => <logging rule number for use when LOGRULENUMBERS> # log => <logging rule number for use when LOGRULENUMBERS>
# policy => <policy> # policy => <policy>
# policychain => <name of policy chain> -- self-reference if this is a policy chain # policychain => <name of policy chain> -- self-reference if this is a policy chain
@ -854,6 +856,25 @@ sub ensure_filter_chain( $$ )
$chainref; $chainref;
} }
#
# Create an accounting chain if necessary.
#
sub ensure_accounting_chain( $ )
{
my ($chain) = @_;
my $chainref = $filter_table->{$chain};
if ( $chainref ) {
fatal_error "Non-accounting chain ($chain) used in accounting rule" if ! $chainref->{accounting};
} else {
$chainref = new_chain 'filter' , $chain unless $chainref;
$chainref->{accounting} = 1;
}
$chainref;
}
sub ensure_mangle_chain($) { sub ensure_mangle_chain($) {
my $chain = $_[0]; my $chain = $_[0];