Use the 'disposition' argument to expand_rule() to specify the target chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-15 10:08:43 +01:00 · 2010-08-26 08:40:24 -07:00 · 2010-08-26 08:40:24 -07:00 · bd8bcabdf0
commit bd8bcabdf0
parent dc74b88445
3 changed files with 18 additions and 10 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -3488,7 +3488,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 	#
 	# We have non-trivial exclusion -- need to create an exclusion chain
 	#
-	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN';
+	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN' || $disposition eq 'CONTINUE';

 	#
 	# Create the Exclusion Chain
@ -3521,7 +3521,15 @@ sub expand_rule( $$$$$$$$$$;$ )
 	#
 	# Log rule
 	#
-	log_rule_limit $loglevel , $echainref , $chain, $disposition , '',  $logtag , 'add' , '' if $loglevel;
+	log_rule_limit( $loglevel , 
+			$echainref , 
+			$chain, 
+			$disposition eq 'reject' ? 'REJECT' : $disposition ,
+			'' ,  
+			$logtag , 
+			'add' ,
+			'' ) 
+	    if $loglevel;
 	#
 	# Generate Final Rule
 	#
@ -3559,7 +3567,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 					       $loglevel ,
 					       $chainref ,
 					       $logname || $chain,
-					       $disposition ,
+					       $disposition eq 'reject' ? 'REJECT' : $disposition ,
 					       '',
 					       $logtag,
 					       'add',
@ -3575,7 +3583,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 					   $loglevel ,
 					   $chainref ,
 					   $chain,
-					   $disposition ,
+					   $disposition eq 'reject' ? 'REJECT' : $disposition ,
 					   '' ,
 					   $logtag ,
 					   'add' ,
@ -3595,8 +3603,8 @@ sub expand_rule( $$$$$$$$$$;$ )
    #
    # Mark Target as referenced, if it's a chain
    #
-    if ( $fromref && $target =~ /-[jg]\s+([^\s]+)/ ) {
-	my $targetref = $chain_table{$chainref->{table}}{$1};
+    if ( $fromref && $disposition ) {
+	my $targetref = $chain_table{$chainref->{table}}{$disposition};
 	if ( $targetref ) {
 	    $targetref->{referenced} = 1;
 	    add_reference $fromref, $targetref;
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -150,7 +150,7 @@ sub process_tos() {
 		'' ,
 		"-j TOS --set-tos $tos" ,
 		'' ,
-		'' ,
+		'TOS' ,
 		'';
 	}

@ -279,7 +279,7 @@ sub setup_blacklist() {
 			    '' ,
 			    "-j $target" ,
 			    '' ,
-			    $disposition ,
+			    $target ,
 			    '' );

 		progress_message "  \"$currentline\" added to blacklist";
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -40,7 +40,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_tc );
 our @EXPORT_OK = qw( process_tc_rule initialize );
-our $VERSION = '4.4_11';
+our $VERSION = '4.4_13';

 our %tcs = ( T => { chain  => 'tcpost',
 		    connmark => 0,
@ -393,7 +393,7 @@ sub process_tc_rule( ) {
 				     '' ,
 				     "-j $target $mark" ,
 				     '' ,
-				     '' ,
+				     $target ,
 				     '' ) )
 	  && $device ) {
 	#