diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index d50b37243..16344a197 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -3488,7 +3488,7 @@ sub expand_rule( $$$$$$$$$$;$ ) # # We have non-trivial exclusion -- need to create an exclusion chain # - fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN'; + fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN' || $disposition eq 'CONTINUE'; # # Create the Exclusion Chain @@ -3521,7 +3521,15 @@ sub expand_rule( $$$$$$$$$$;$ ) # # Log rule # - log_rule_limit $loglevel , $echainref , $chain, $disposition , '', $logtag , 'add' , '' if $loglevel; + log_rule_limit( $loglevel , + $echainref , + $chain, + $disposition eq 'reject' ? 'REJECT' : $disposition , + '' , + $logtag , + 'add' , + '' ) + if $loglevel; # # Generate Final Rule # @@ -3559,7 +3567,7 @@ sub expand_rule( $$$$$$$$$$;$ ) $loglevel , $chainref , $logname || $chain, - $disposition , + $disposition eq 'reject' ? 'REJECT' : $disposition , '', $logtag, 'add', @@ -3575,7 +3583,7 @@ sub expand_rule( $$$$$$$$$$;$ ) $loglevel , $chainref , $chain, - $disposition , + $disposition eq 'reject' ? 'REJECT' : $disposition , '' , $logtag , 'add' , @@ -3595,8 +3603,8 @@ sub expand_rule( $$$$$$$$$$;$ ) # # Mark Target as referenced, if it's a chain # - if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) { - my $targetref = $chain_table{$chainref->{table}}{$1}; + if ( $fromref && $disposition ) { + my $targetref = $chain_table{$chainref->{table}}{$disposition}; if ( $targetref ) { $targetref->{referenced} = 1; add_reference $fromref, $targetref; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 1f9aee111..4f6aeccde 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -150,7 +150,7 @@ sub process_tos() { '' , "-j TOS --set-tos $tos" , '' , - '' , + 'TOS' , ''; } @@ -279,7 +279,7 @@ sub setup_blacklist() { '' , "-j $target" , '' , - $disposition , + $target , '' ); progress_message " \"$currentline\" added to blacklist"; diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 39416844a..dc65b30b2 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -40,7 +40,7 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_tc ); our @EXPORT_OK = qw( process_tc_rule initialize ); -our $VERSION = '4.4_11'; +our $VERSION = '4.4_13'; our %tcs = ( T => { chain => 'tcpost', connmark => 0, @@ -393,7 +393,7 @@ sub process_tc_rule( ) { '' , "-j $target $mark" , '' , - '' , + $target , '' ) ) && $device ) { #