Allow parameters to be omitted in action invocations.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-09 07:07:01 -08:00
parent e664b6bafb
commit eaa6d72a4f
3 changed files with 14 additions and 9 deletions

View File

@ -1812,8 +1812,12 @@ sub split_list2( $$ ) {
sub split_list3( $$ ) { sub split_list3( $$ ) {
my ($list, $type ) = @_; my ($list, $type ) = @_;
#
fatal_error "Invalid $type ($list)" if $list =~ /^,|,,/; # We allow omitted arguments in action invocations.
#
$list =~ s/^,/-,/;
$list =~ s/,$/,-/;
$list =~ s/,,/,-,/g;
my @list1 = split /,/, $list; my @list1 = split /,/, $list;
my @list2; my @list2;

View File

@ -2121,8 +2121,6 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
return $generated; return $generated;
} elsif ( $actiontype & ( ACTION | INLINE ) ) {
split_list1 $param, 'Action parameter';
} elsif ( $actiontype & NFQ ) { } elsif ( $actiontype & NFQ ) {
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules', '' ); require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules', '' );
my $paramval = $param eq '' ? 0 : numeric_value( $param ); my $paramval = $param eq '' ? 0 : numeric_value( $param );
@ -2140,7 +2138,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
validate_level( $action ); validate_level( $action );
$loglevel = supplied $loglevel ? join( ':', $action, $loglevel ) : $action; $loglevel = supplied $loglevel ? join( ':', $action, $loglevel ) : $action;
$action = 'LOG'; $action = 'LOG';
} else { } elsif ( ! ( $actiontype & (ACTION | INLINE) ) ) {
fatal_error "The $basictarget TARGET does not accept a parameter" unless $param eq ''; fatal_error "The $basictarget TARGET does not accept a parameter" unless $param eq '';
} }

View File

@ -394,6 +394,13 @@ REDIRECT net - tcp 80 - 1.2.3.4</programlisting>
<para>In the above example, $2 would expand to nothing.</para> <para>In the above example, $2 would expand to nothing.</para>
<para>Beginning with Shorewall 4.5.13, completely omitting a arameter is
equivalent to passing '-'.</para>
<para>Example: ACTION(REDIRECT,,info)</para>
<para>This example behaves the same as the one shown above.</para>
<para>If you want to make '-' a parameter value, use '--' (e.g., <para>If you want to make '-' a parameter value, use '--' (e.g.,
ACTION(REDIRECT,--.info)).</para> ACTION(REDIRECT,--.info)).</para>
@ -407,10 +414,6 @@ REDIRECT net - tcp 80 - 1.2.3.4</programlisting>
for the second parameter and so on. You can specify an empty default for the second parameter and so on. You can specify an empty default
using '-' (e.g. DEFAULTS DROP,-,audit).</para> using '-' (e.g. DEFAULTS DROP,-,audit).</para>
<para>The DEFAULTS directive also determines the maximum number of
parameters that an action may have. If more parameters are passed than
have default values, an error message is issued.</para>
<para>For additional information about actions, see the <ulink <para>For additional information about actions, see the <ulink
url="configuration_file_basics.htm#ActionVariables">Action Variables url="configuration_file_basics.htm#ActionVariables">Action Variables
section</ulink> of the Configuration Basics article.</para> section</ulink> of the Configuration Basics article.</para>