extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

More tweaks to switch implementation.

Browse Source 
1) Switch names may be 30 characters long.
2) Switch settings are retained over restart.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-09-24 07:34:58 -07:00
parent 40bc6df07a
commit dbf5f17b41
4 changed files with 50 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3748,7 +3748,7 @@ sub do_condition( $ ) {
my $invert = $condition =~ s/^!// ? '! ' : ''; my $invert = $condition =~ s/^!// ? '! ' : '';
require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's'; require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's';
fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/; fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30;
"-m condition ${invert}--condition $condition " "-m condition ${invert}--condition $condition "
} }

23
docs/configuration_file_basics.xml
View File

@ -1660,16 +1660,23 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
rule is enabled only when the switch is <emphasis rule is enabled only when the switch is <emphasis
role="bold">on</emphasis>. If you precede the switch name with ! (e.g., role="bold">on</emphasis>. If you precede the switch name with ! (e.g.,
!switch1), then the rule is enabled only when the switch is <emphasis !switch1), then the rule is enabled only when the switch is <emphasis
role="bold">off</emphasis>. </para> role="bold">off</emphasis>. Switch settings are retained over
<command>shorewall restart</command>.</para>
<warning> <para>Shorewall requires that switch names:</para>
<para>The <command>shorewall restart</command> command resets all
switches to off.</para>
</warning>
<para>Shorewall requires that switch names begin with a letter and be <itemizedlist>
composed of letters, digits, underscore ('_') or hyphen ('-'). Multiple <listitem>
rules can be controlled by the same switch.</para> <para>begin with a letter and be composed of letters, digits,
underscore ('_') or hyphen ('-'); and</para>
</listitem>
<listitem>
<para>be 30 characters or less in length.</para>
</listitem>
</itemizedlist>
<para>Multiple rules can be controlled by the same switch.</para>
<para>Example:</para> <para>Example:</para>

27
manpages/shorewall-rules.xml
View File

@ -1283,29 +1283,36 @@
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable></emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.24. Matches if the value stored in <para>Added in Shorewall 4.4.24 and allows enabling and disabling
<filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename> the rule without requiring <command>shorewall
is 1. Does not match if that file contains 0 (the default). If '!' restart</command>.</para>
is supplied, the test is inverted such that there is a match if the
file contains 0. The switch-name must begin with a letter and be
composed of letters, decimal digits, underscores or hyphens.</para>
<para>Switches are normally off. To turn on a switch:</para> <para>The rule is enabled if the value stored in
<filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
is 1. The rule is disabled if that file contains 0 (the default). If
'!' is supplied, the test is inverted such that the rule is enabled
if the file contains 0. <replaceable>switch-name</replaceable> must
begin with a letter and be composed of letters, decimal digits,
underscores or hyphens. Switch names must be 30 characters or less
in length.</para>
<para>Switches are normally <emphasis role="bold">off</emphasis>. To
turn a switch <emphasis role="bold">on</emphasis>:</para>
<simplelist> <simplelist>
<member><command>echo 1 &gt; <member><command>echo 1 &gt;
/proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member> /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
</simplelist> </simplelist>
<para>To turn it off again:</para> <para>To turn it <emphasis role="bold">off</emphasis> again:</para>
<simplelist> <simplelist>
<member><command>echo 0 &gt; <member><command>echo 0 &gt;
/proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member> /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
</simplelist> </simplelist>
<para>The <command>shorewall restart</command> command turns all <para>Switch settings are retained over <command>shorewall
switches off.</para> restart</command>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

27
manpages6/shorewall6-rules.xml
View File

@ -1108,29 +1108,36 @@
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable></emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall6 4.4.24. Matches if the value stored in <para>Added in Shorewall6 4.4.24 and allows enabling and disabling
<filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename> the rule without requiring <command>shorewall6
is 1. Does not match if that file contains 0 (the default). If '!' restart</command>.</para>
is supplied, the test is inverted such that there is a match if the
file contains 0. The switch-name must begin with a letter and be
composed of letters, decimal digits, underscores or hyphens.</para>
<para>Switches are normally off. To turn on a switch:</para> <para>Enables the rule if the value stored in
<filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
is 1. Disables the rule if that file contains 0 (the default). If
'!' is supplied, the test is inverted such that the rule is enabled
if the file contains 0. The <replaceable>switch-name</replaceable>
must begin with a letter and be composed of letters, decimal digits,
underscores or hyphens. Switch names must be 30 characters or less
in length.</para>
<para>Switches are normally <emphasis role="bold">off</emphasis>. To
turn a switch <emphasis role="bold">on</emphasis>:</para>
<simplelist> <simplelist>
<member><command>echo 1 &gt; <member><command>echo 1 &gt;
/proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member> /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
</simplelist> </simplelist>
<para>To turn it off again:</para> <para>To turn it <emphasis role="bold">off</emphasis> again:</para>
<simplelist> <simplelist>
<member><command>echo 0 &gt; <member><command>echo 0 &gt;
/proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member> /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
</simplelist> </simplelist>
<para>The <command>shorewall6 restart</command> command turns all <para>Switch settings are retained over <command>shorewall6
switches off.</para> restart</command>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>