extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-16 04:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cleaner handling of DEFAULTS in a non-action context

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-22 06:11:20 -07:00
parent ece598288f
commit bbf853bd1d
1 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -73,7 +73,8 @@ my @builtins;
# #
# Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited). # Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited).
# #
my $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULTS => 2 }; my $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 };
my $action_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULTS => 2 };
use constant { MAX_MACRO_NEST_LEVEL => 5 }; use constant { MAX_MACRO_NEST_LEVEL => 5 };
@ -1476,7 +1477,8 @@ sub process_action( $) {
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) = split_line1 1, 9, 'action file', $rule_commands; ($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) = split_line1 1, 9, 'action file', $rule_commands;
$origdest = $connlimit = $time = $headers = '-'; $origdest = $connlimit = $time = $headers = '-';
} else { } else {
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'action file', $rule_commands; ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers )
= split_line1 1, 13, 'action file', $action_commands;
} }
if ( $target eq 'COMMENT' ) { if ( $target eq 'COMMENT' ) {
@ -1490,9 +1492,9 @@ sub process_action( $) {
next; next;
} }
if ( $format == 2 && $target eq 'DEFAULTS' ) { if ( $target eq 'DEFAULTS' ) {
default_action_params( split_list $source, 'defaults' ); default_action_params( split_list $source, 'defaults' ), next if $format == 2;
next; fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
} }
process_rule1( $chainref, process_rule1( $chainref,
@ -1578,11 +1580,6 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
next; next;
} }
if ( $format == 2 && $target eq 'DEFAULTS' ) {
default_action_params( split_list $source, 'defaults' );
next;
}
$mtarget = merge_levels $target, $mtarget; $mtarget = merge_levels $target, $mtarget;
if ( $mtarget =~ /^PARAM(:.*)?$/ ) { if ( $mtarget =~ /^PARAM(:.*)?$/ ) {
@ -2363,7 +2360,8 @@ sub build_zone_list( $$$\$\$ ) {
# Process a Record in the rules file # Process a Record in the rules file
# #
sub process_rule ( ) { sub process_rule ( ) {
my ( $target, $source, $dest, $protos, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'rules file', $rule_commands; my ( $target, $source, $dest, $protos, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers )
= split_line1 1, 13, 'rules file', $rule_commands;
process_comment, return 1 if $target eq 'COMMENT'; process_comment, return 1 if $target eq 'COMMENT';
process_section( $source ), return 1 if $target eq 'SECTION'; process_section( $source ), return 1 if $target eq 'SECTION';
@ -2373,15 +2371,6 @@ sub process_rule ( ) {
# #
process_section( 'NEW' ) unless $section; process_section( 'NEW' ) unless $section;
if ( $target eq 'DEFAULTS' ) {
if ( @actionstack ) {
default_action_params( split_list $source, 'defaults' );
next;
}
fatal_error "DEFAULTS is only allowed in an ACTION file";
}
if ( $source =~ /^none(:.*)?$/i || $dest =~ /^none(:.*)?$/i ) { if ( $source =~ /^none(:.*)?$/i || $dest =~ /^none(:.*)?$/i ) {
progress_message "Rule \"$currentline\" ignored."; progress_message "Rule \"$currentline\" ignored.";
return 1; return 1;