Merge branch '4.4.21'

This commit is contained in:
Tom Eastep 2011-07-03 06:40:08 -07:00
commit d99090978d
3 changed files with 104 additions and 24 deletions

View File

@ -38,13 +38,19 @@ our @EXPORT = qw(
add_rule add_rule
add_jump add_jump
insert_rule insert_rule
add_commands
incr_cmd_level
decr_cmd_level
new_chain new_chain
new_manual_chain new_manual_chain
ensure_manual_chain ensure_manual_chain
ensure_audit_chain
require_audit
log_rule_limit log_rule_limit
dont_optimize dont_optimize
dont_delete dont_delete
dont_move dont_move
get_action_logging
%chain_table %chain_table
$raw_table $raw_table
@ -78,7 +84,6 @@ our %EXPORT_TAGS = (
NOT_RESTORE NOT_RESTORE
initialize_chain_table initialize_chain_table
add_commands
copy_rules copy_rules
move_rules move_rules
insert_rule1 insert_rule1
@ -90,8 +95,6 @@ our %EXPORT_TAGS = (
clear_comment clear_comment
push_comment push_comment
pop_comment pop_comment
incr_cmd_level
decr_cmd_level
forward_chain forward_chain
rules_chain rules_chain
zone_forward_chain zone_forward_chain
@ -1559,6 +1562,77 @@ sub ensure_manual_chain($) {
$chainref; $chainref;
} }
#
# Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
#
sub ensure_audit_chain( $;$$ ) {
my ( $target, $action, $tgt ) = @_;
push_comment( '' );
my $ref = $filter_table->{$target};
unless ( $ref ) {
$ref = new_chain 'filter', $target;
unless ( $action ) {
$action = $target;
$action =~ s/^A_//;
}
$tgt ||= $action;
if ( $config{FAKE_AUDIT} ) {
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
} else {
add_rule $ref, '-j AUDIT --type ' . lc $action;
}
if ( $tgt eq 'REJECT' ) {
add_jump $ref , 'reject', 1;
} else {
add_jump $ref , $tgt, 0;
}
}
pop_comment;
return $target;
}
#
# Return the appropriate target based on whether the second argument is 'audit'
#
sub require_audit($$;$) {
my ($action, $audit, $tgt ) = @_;
return $action unless supplied $audit;
my $target = 'A_' . $action;
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
return ensure_audit_chain $target, $action, $tgt;
}
#
# Returns the Level and Tag for the current action chain
#
sub get_action_logging() {
my $chainref = get_action_chain;
my $wholeaction = $chainref->{action};
my ( undef, $level, $tag, undef ) = split ':', $wholeaction;
$level = '' if $level =~ /^none/;
( $level, $tag );
}
# #
# Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration. # Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
# The function also initializes the target table with the pre-defined targets available for the specfied address family. # The function also initializes the target table with the pre-defined targets available for the specfied address family.

View File

@ -47,14 +47,20 @@ our @EXPORT = qw(
warning_message warning_message
fatal_error fatal_error
assert assert
progress_message progress_message
progress_message_nocompress progress_message_nocompress
progress_message2 progress_message2
progress_message3 progress_message3
supplied supplied
get_action_params get_action_params
get_action_chain get_action_chain
set_action_param set_action_param
have_capability
require_capability
); );
our @EXPORT_OK = qw( $shorewall_dir initialize set_config_path shorewall); our @EXPORT_OK = qw( $shorewall_dir initialize set_config_path shorewall);
@ -113,8 +119,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
add_param add_param
export_params export_params
get_configuration get_configuration
require_capability
have_capability
report_capabilities report_capabilities
propagateconfig propagateconfig
append_file append_file
@ -1804,7 +1808,7 @@ sub embedded_perl( $ ) {
# #
sub push_action_params( $$ ) { sub push_action_params( $$ ) {
my @params = split /,/, $_[1]; my @params = split /,/, $_[1];
my $oldparams = \@actparms; my @oldparams = @actparms;
@actparms = (); @actparms = ();
@ -1816,7 +1820,7 @@ sub push_action_params( $$ ) {
$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val; $actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
} }
$oldparams; \@oldparams;
} }
sub pop_action_params( $ ) { sub pop_action_params( $ ) {

View File

@ -1470,6 +1470,8 @@ sub process_action( $) {
$active{$wholeaction}++; $active{$wholeaction}++;
push @actionstack, $wholeaction; push @actionstack, $wholeaction;
push_comment( '' );
while ( read_a_line ) { while ( read_a_line ) {
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers ); my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers );
@ -1516,7 +1518,7 @@ sub process_action( $) {
0 ); 0 );
} }
clear_comment; pop_comment;
$active{$wholeaction}--; $active{$wholeaction}--;
pop @actionstack; pop @actionstack;