mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
f85d548d40
commit
beec4a188f
@ -97,6 +97,7 @@ our @EXPORT = ( qw(
|
|||||||
TERMINATING
|
TERMINATING
|
||||||
STATEMATCH
|
STATEMATCH
|
||||||
USERBUILTIN
|
USERBUILTIN
|
||||||
|
INLINERULE
|
||||||
|
|
||||||
%chain_table
|
%chain_table
|
||||||
%targets
|
%targets
|
||||||
@ -404,6 +405,7 @@ use constant { STANDARD => 0x1, #defined by Netfilter
|
|||||||
INLINE => 0x8000, #Inline action
|
INLINE => 0x8000, #Inline action
|
||||||
STATEMATCH => 0x10000, #action.Invalid, action.Related, etc.
|
STATEMATCH => 0x10000, #action.Invalid, action.Related, etc.
|
||||||
USERBUILTIN => 0x20000, #Builtin action from user's actions file.
|
USERBUILTIN => 0x20000, #Builtin action from user's actions file.
|
||||||
|
INLINERULE => 0x40000, #INLINE
|
||||||
};
|
};
|
||||||
#
|
#
|
||||||
# Valid Targets -- value is a combination of one or more of the above
|
# Valid Targets -- value is a combination of one or more of the above
|
||||||
@ -2624,6 +2626,7 @@ sub initialize_chain_table($) {
|
|||||||
'DEL' => STANDARD + SET,
|
'DEL' => STANDARD + SET,
|
||||||
'WHITELIST' => STANDARD,
|
'WHITELIST' => STANDARD,
|
||||||
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
||||||
|
'INLINE' => INLINERULE,
|
||||||
);
|
);
|
||||||
|
|
||||||
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
||||||
@ -2686,6 +2689,7 @@ sub initialize_chain_table($) {
|
|||||||
'DEL' => STANDARD + SET,
|
'DEL' => STANDARD + SET,
|
||||||
'WHITELIST' => STANDARD,
|
'WHITELIST' => STANDARD,
|
||||||
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
||||||
|
'INLINE' => INLINERULE,
|
||||||
);
|
);
|
||||||
|
|
||||||
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
||||||
|
@ -2238,6 +2238,20 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
fatal_error "HELPER requires require that the helper be specified in the HELPER column" if $helper eq '-';
|
fatal_error "HELPER requires require that the helper be specified in the HELPER column" if $helper eq '-';
|
||||||
fatal_error "HELPER rules may only appear in the NEW section" unless $section == NEW_SECTION;
|
fatal_error "HELPER rules may only appear in the NEW section" unless $section == NEW_SECTION;
|
||||||
$action = ''; } ,
|
$action = ''; } ,
|
||||||
|
|
||||||
|
INLINE => sub {
|
||||||
|
my $inline_matches = get_inline_matches;
|
||||||
|
|
||||||
|
if ( $inline_matches =~ /^(.*\s+)-j\s+(.+)$/ ) {
|
||||||
|
$matches .= $1;
|
||||||
|
$action = $2;
|
||||||
|
} else {
|
||||||
|
$matches .= "$inline_matches ";
|
||||||
|
$action = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
$rule = $matches;
|
||||||
|
} ,
|
||||||
);
|
);
|
||||||
|
|
||||||
my $function = $functions{ $bt };
|
my $function = $functions{ $bt };
|
||||||
|
@ -1,28 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 4 - INLINE Action
|
|
||||||
#
|
|
||||||
# /usr/share/shorewall/action.INLINE
|
|
||||||
#
|
|
||||||
#################################################################################
|
|
||||||
?FORMAT 2
|
|
||||||
|
|
||||||
DEFAULTS -
|
|
||||||
|
|
||||||
?BEGIN PERL;
|
|
||||||
use strict;
|
|
||||||
use Shorewall::Chains;
|
|
||||||
use Shorewall::Rules;
|
|
||||||
|
|
||||||
my $chainref = get_action_chain;
|
|
||||||
my $rule = get_inline_matches;
|
|
||||||
|
|
||||||
add_rule( $chainref, $rule, '' );
|
|
||||||
|
|
||||||
allow_optimize( $chainref );
|
|
||||||
|
|
||||||
?END PERL;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -33,7 +33,6 @@ Drop # Default Action for DROP policy
|
|||||||
dropInvalid inline # Drops packets in the INVALID conntrack state
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
||||||
DropSmurfs noinline # Drop smurf packets
|
DropSmurfs noinline # Drop smurf packets
|
||||||
Established inline # Handles packets in the ESTABLISHED state
|
Established inline # Handles packets in the ESTABLISHED state
|
||||||
INLINE nolog # Handles in-line rules
|
|
||||||
Invalid inline # Handles packets in the INVALID conntrack state
|
Invalid inline # Handles packets in the INVALID conntrack state
|
||||||
New inline # Handles packets in the NEW conntrack state
|
New inline # Handles packets in the NEW conntrack state
|
||||||
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
|
NotSyn inline # Handles TCP packets which do not have SYN=1 and ACK=0
|
||||||
|
@ -25,7 +25,6 @@ Drop # Default Action for DROP policy
|
|||||||
dropInvalid inline # Drops packets in the INVALID conntrack state
|
dropInvalid inline # Drops packets in the INVALID conntrack state
|
||||||
DropSmurfs noinline # Handles packets with a broadcast source address
|
DropSmurfs noinline # Handles packets with a broadcast source address
|
||||||
Established inline # Handles packets in the ESTABLISHED state
|
Established inline # Handles packets in the ESTABLISHED state
|
||||||
INLINE nolog # Handles in-line rules
|
|
||||||
Invalid inline # Handles packets in the INVALID conntrack state
|
Invalid inline # Handles packets in the INVALID conntrack state
|
||||||
New inline # Handles packets in the NEW conntrack state
|
New inline # Handles packets in the NEW conntrack state
|
||||||
NotSyn inline # Handles TCP packets that do not have SYN=1 and ACK=0
|
NotSyn inline # Handles TCP packets that do not have SYN=1 and ACK=0
|
||||||
|
Loading…
Reference in New Issue
Block a user