mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 16:54:10 +01:00
Merge branch '4.4.21'
This commit is contained in:
commit
d99090978d
@ -35,23 +35,29 @@ use strict;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(
|
||||
add_rule
|
||||
add_jump
|
||||
insert_rule
|
||||
new_chain
|
||||
new_manual_chain
|
||||
ensure_manual_chain
|
||||
log_rule_limit
|
||||
dont_optimize
|
||||
dont_delete
|
||||
dont_move
|
||||
add_rule
|
||||
add_jump
|
||||
insert_rule
|
||||
add_commands
|
||||
incr_cmd_level
|
||||
decr_cmd_level
|
||||
new_chain
|
||||
new_manual_chain
|
||||
ensure_manual_chain
|
||||
ensure_audit_chain
|
||||
require_audit
|
||||
log_rule_limit
|
||||
dont_optimize
|
||||
dont_delete
|
||||
dont_move
|
||||
get_action_logging
|
||||
|
||||
%chain_table
|
||||
$raw_table
|
||||
$nat_table
|
||||
$mangle_table
|
||||
$filter_table
|
||||
);
|
||||
%chain_table
|
||||
$raw_table
|
||||
$nat_table
|
||||
$mangle_table
|
||||
$filter_table
|
||||
);
|
||||
|
||||
our %EXPORT_TAGS = (
|
||||
internal => [ qw( STANDARD
|
||||
@ -78,7 +84,6 @@ our %EXPORT_TAGS = (
|
||||
NOT_RESTORE
|
||||
|
||||
initialize_chain_table
|
||||
add_commands
|
||||
copy_rules
|
||||
move_rules
|
||||
insert_rule1
|
||||
@ -90,8 +95,6 @@ our %EXPORT_TAGS = (
|
||||
clear_comment
|
||||
push_comment
|
||||
pop_comment
|
||||
incr_cmd_level
|
||||
decr_cmd_level
|
||||
forward_chain
|
||||
rules_chain
|
||||
zone_forward_chain
|
||||
@ -1559,6 +1562,77 @@ sub ensure_manual_chain($) {
|
||||
$chainref;
|
||||
}
|
||||
|
||||
#
|
||||
# Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
|
||||
#
|
||||
|
||||
sub ensure_audit_chain( $;$$ ) {
|
||||
my ( $target, $action, $tgt ) = @_;
|
||||
|
||||
push_comment( '' );
|
||||
|
||||
my $ref = $filter_table->{$target};
|
||||
|
||||
unless ( $ref ) {
|
||||
$ref = new_chain 'filter', $target;
|
||||
|
||||
unless ( $action ) {
|
||||
$action = $target;
|
||||
$action =~ s/^A_//;
|
||||
}
|
||||
|
||||
$tgt ||= $action;
|
||||
|
||||
if ( $config{FAKE_AUDIT} ) {
|
||||
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
|
||||
} else {
|
||||
add_rule $ref, '-j AUDIT --type ' . lc $action;
|
||||
}
|
||||
|
||||
|
||||
if ( $tgt eq 'REJECT' ) {
|
||||
add_jump $ref , 'reject', 1;
|
||||
} else {
|
||||
add_jump $ref , $tgt, 0;
|
||||
}
|
||||
}
|
||||
|
||||
pop_comment;
|
||||
|
||||
return $target;
|
||||
}
|
||||
|
||||
#
|
||||
# Return the appropriate target based on whether the second argument is 'audit'
|
||||
#
|
||||
|
||||
sub require_audit($$;$) {
|
||||
my ($action, $audit, $tgt ) = @_;
|
||||
|
||||
return $action unless supplied $audit;
|
||||
|
||||
my $target = 'A_' . $action;
|
||||
|
||||
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
|
||||
|
||||
require_capability 'AUDIT_TARGET', 'audit', 's';
|
||||
|
||||
return ensure_audit_chain $target, $action, $tgt;
|
||||
}
|
||||
|
||||
#
|
||||
# Returns the Level and Tag for the current action chain
|
||||
#
|
||||
sub get_action_logging() {
|
||||
my $chainref = get_action_chain;
|
||||
my $wholeaction = $chainref->{action};
|
||||
my ( undef, $level, $tag, undef ) = split ':', $wholeaction;
|
||||
|
||||
$level = '' if $level =~ /^none/;
|
||||
|
||||
( $level, $tag );
|
||||
}
|
||||
|
||||
#
|
||||
# Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
|
||||
# The function also initializes the target table with the pre-defined targets available for the specfied address family.
|
||||
|
@ -47,14 +47,20 @@ our @EXPORT = qw(
|
||||
warning_message
|
||||
fatal_error
|
||||
assert
|
||||
|
||||
progress_message
|
||||
progress_message_nocompress
|
||||
progress_message2
|
||||
progress_message3
|
||||
|
||||
supplied
|
||||
|
||||
get_action_params
|
||||
get_action_chain
|
||||
set_action_param
|
||||
|
||||
have_capability
|
||||
require_capability
|
||||
);
|
||||
|
||||
our @EXPORT_OK = qw( $shorewall_dir initialize set_config_path shorewall);
|
||||
@ -113,8 +119,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
||||
add_param
|
||||
export_params
|
||||
get_configuration
|
||||
require_capability
|
||||
have_capability
|
||||
report_capabilities
|
||||
propagateconfig
|
||||
append_file
|
||||
@ -1804,7 +1808,7 @@ sub embedded_perl( $ ) {
|
||||
#
|
||||
sub push_action_params( $$ ) {
|
||||
my @params = split /,/, $_[1];
|
||||
my $oldparams = \@actparms;
|
||||
my @oldparams = @actparms;
|
||||
|
||||
@actparms = ();
|
||||
|
||||
@ -1816,7 +1820,7 @@ sub push_action_params( $$ ) {
|
||||
$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
|
||||
}
|
||||
|
||||
$oldparams;
|
||||
\@oldparams;
|
||||
}
|
||||
|
||||
sub pop_action_params( $ ) {
|
||||
|
@ -1470,6 +1470,8 @@ sub process_action( $) {
|
||||
$active{$wholeaction}++;
|
||||
push @actionstack, $wholeaction;
|
||||
|
||||
push_comment( '' );
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers );
|
||||
@ -1516,7 +1518,7 @@ sub process_action( $) {
|
||||
0 );
|
||||
}
|
||||
|
||||
clear_comment;
|
||||
pop_comment;
|
||||
|
||||
$active{$wholeaction}--;
|
||||
pop @actionstack;
|
||||
|
Loading…
Reference in New Issue
Block a user