mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-25 09:03:30 +01:00
Factor out ipset match rule generateion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
8d0dba349c
commit
dfd40ee208
@ -710,6 +710,12 @@ sub create_docker_rules() {
|
|||||||
|
|
||||||
sub setup_mss();
|
sub setup_mss();
|
||||||
|
|
||||||
|
sub add_ipset_dbl_jump( $$$@) {
|
||||||
|
my ( $chainref, $target, $ipset_dir ) = ( shift, shift, shift );
|
||||||
|
|
||||||
|
add_ijump_extended( $chainref, j => $target, $origin{DYNAMIC_BLACKLIST}, @_, "--match-set $ipset_dir" );
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Add rules generated by .conf options and interface options
|
# Add rules generated by .conf options and interface options
|
||||||
#
|
#
|
||||||
@ -1027,16 +1033,16 @@ sub add_common_rules ( $ ) {
|
|||||||
#
|
#
|
||||||
# src or src-dst
|
# src or src-dst
|
||||||
#
|
#
|
||||||
add_ijump_extended( $filter_table->{input_option_chain($interface)}, j => $src_target, $origin{DYNAMIC_BLACKLIST}, @src_exclude, @state, set => "--match-set $dbl_ipset src" );
|
add_ipset_dbl_ijump( $filter_table->{input_option_chain($interface)}, $src_target, "$dbl_ipset src", @state );
|
||||||
add_ijump_extended( $filter_table->{forward_option_chain($interface)}, j => $src_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset src" );
|
add_ipset_dbl_ijump( $filter_table->{forward_option_chain($interface)}, $src_target, "$dbl_ipset src", @state );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $setting & DBL_DST ) {
|
if ( $setting & DBL_DST ) {
|
||||||
#
|
#
|
||||||
# src-dst
|
# src-dst
|
||||||
#
|
#
|
||||||
add_ijump_extended( $filter_table->{forward_option_chain($interface)}, j => $dst_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset dst" );
|
add_ipset_dbl_ijump( $filter_table->{forward_option_chain($interface)}, $dst_target, "$dbl_ipset dst", @state );
|
||||||
add_ijump_extended( $filter_table->{output_option_chain($interface)}, j => $dbl_dst_target, $origin{DYNAMIC_BLACKLIST}, @dst_exclude, @state, set => "--match-set $dbl_ipset dst" );
|
add_ipset_dbl_ijump( $filter_table->{output_option_chain($interface)}, $dst_target, "$dbl_ipset dst", @state );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user