From cd50bf9396cfc2b2aad496df24d9c944fb95d61a Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 29 Nov 2006 00:53:39 +0000 Subject: [PATCH] Move 'allow' processing to lib.cli git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5019 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/shorewall-lite | 37 +----------------------------- Shorewall/lib.cli | 42 +++++++++++++++++++++++++++++++++++ Shorewall/shorewall | 37 +----------------------------- 3 files changed, 44 insertions(+), 72 deletions(-) diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 4841b2f25..178aa7602 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -730,42 +730,7 @@ case "$COMMAND" in fi ;; allow) - [ -n "$debugging" ] && set -x - [ $# -eq 1 ] && usage 1 - if shorewall_is_started ; then - mutex_on - while [ $# -gt 1 ]; do - shift - case $1 in - *-*) - if qt $IPTABLES -D dynamic -m iprange --src-range $1 -j reject ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j DROP ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logdrop ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logreject - then - echo "$1 Allowed" - else - echo "$1 Not Dropped or Rejected" - fi - ;; - *) - if qt $IPTABLES -D dynamic -s $1 -j reject ||\ - qt $IPTABLES -D dynamic -s $1 -j DROP ||\ - qt $IPTABLES -D dynamic -s $1 -j logdrop ||\ - qt $IPTABLES -D dynamic -s $1 -j logreject - then - echo "$1 Allowed" - else - echo "$1 Not Dropped or Rejected" - fi - ;; - esac - done - mutex_off - else - error_message "ERROR: Shorewall Lite is not started" - exit 2 - fi + allow_command $@ ;; save) [ -n "$debugging" ] && set -x diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index c0b744508..f12e78657 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -888,3 +888,45 @@ hits_command() { done fi } + +# +# 'allow' command executor +# +allow_command() { + [ -n "$debugging" ] && set -x + [ $# -eq 1 ] && usage 1 + if shorewall_is_started ; then + mutex_on + while [ $# -gt 1 ]; do + shift + case $1 in + *-*) + if qt $IPTABLES -D dynamic -m iprange --src-range $1 -j reject ||\ + qt $IPTABLES -D dynamic -m iprange --src-range $1 -j DROP ||\ + qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logdrop ||\ + qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logreject + then + echo "$1 Allowed" + else + echo "$1 Not Dropped or Rejected" + fi + ;; + *) + if qt $IPTABLES -D dynamic -s $1 -j reject ||\ + qt $IPTABLES -D dynamic -s $1 -j DROP ||\ + qt $IPTABLES -D dynamic -s $1 -j logdrop ||\ + qt $IPTABLES -D dynamic -s $1 -j logreject + then + echo "$1 Allowed" + else + echo "$1 Not Dropped or Rejected" + fi + ;; + esac + done + mutex_off + else + error_message "ERROR: $PRODUCT is not started" + exit 2 + fi +} diff --git a/Shorewall/shorewall b/Shorewall/shorewall index e610b9a50..53ef99df8 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1305,42 +1305,7 @@ case "$COMMAND" in fi ;; allow) - [ -n "$debugging" ] && set -x - [ $# -eq 1 ] && usage 1 - if shorewall_is_started ; then - mutex_on - while [ $# -gt 1 ]; do - shift - case $1 in - *-*) - if qt $IPTABLES -D dynamic -m iprange --src-range $1 -j reject ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j DROP ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logdrop ||\ - qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logreject - then - echo "$1 Allowed" - else - echo "$1 Not Dropped or Rejected" - fi - ;; - *) - if qt $IPTABLES -D dynamic -s $1 -j reject ||\ - qt $IPTABLES -D dynamic -s $1 -j DROP ||\ - qt $IPTABLES -D dynamic -s $1 -j logdrop ||\ - qt $IPTABLES -D dynamic -s $1 -j logreject - then - echo "$1 Allowed" - else - echo "$1 Not Dropped or Rejected" - fi - ;; - esac - done - mutex_off - else - error_message "ERROR: Shorewall is not started" - exit 2 - fi + allow_command $@ ;; save) [ -n "$debugging" ] && set -x