mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 10:18:58 +02:00
Implement tcp:!syn in PROTO column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
cd103bb715
commit
f1d1ab6411
@ -4556,7 +4556,8 @@ sub do_proto( $$$;$ )
|
|||||||
|
|
||||||
if ( $proto ne '' ) {
|
if ( $proto ne '' ) {
|
||||||
|
|
||||||
my $synonly = ( $proto =~ s/:syn$//i );
|
my $synonly = ( $proto =~ s/:(!)?syn$//i );
|
||||||
|
my $notsyn = $1;
|
||||||
my $invert = ( $proto =~ s/^!// ? '! ' : '' );
|
my $invert = ( $proto =~ s/^!// ? '! ' : '' );
|
||||||
my $protonum = resolve_proto $proto;
|
my $protonum = resolve_proto $proto;
|
||||||
|
|
||||||
@ -4574,7 +4575,7 @@ sub do_proto( $$$;$ )
|
|||||||
$output = "${invert}-p ${proto} ";
|
$output = "${invert}-p ${proto} ";
|
||||||
} else {
|
} else {
|
||||||
fatal_error '":syn" is only allowed with tcp' unless $proto == TCP && ! $invert;
|
fatal_error '":syn" is only allowed with tcp' unless $proto == TCP && ! $invert;
|
||||||
$output = "-p $proto --syn ";
|
$output = $notsyn ? "-p $proto ! --syn" : "-p $proto --syn ";
|
||||||
}
|
}
|
||||||
|
|
||||||
fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO !$pname" if $invert && ($ports ne '' || $sports ne '');
|
fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO !$pname" if $invert && ($ports ne '' || $sports ne '');
|
||||||
|
|||||||
@ -389,6 +389,8 @@ sub resolve_proto( $ ) {
|
|||||||
my $proto = $_[0];
|
my $proto = $_[0];
|
||||||
my $number;
|
my $number;
|
||||||
|
|
||||||
|
$proto =~ s/:.*//;
|
||||||
|
|
||||||
if ( $proto =~ /^\d+$/ || $proto =~ /^0x/ ) {
|
if ( $proto =~ /^\d+$/ || $proto =~ /^0x/ ) {
|
||||||
$number = numeric_value ( $proto );
|
$number = numeric_value ( $proto );
|
||||||
defined $number && $number <= 255 ? $number : undef;
|
defined $number && $number <= 255 ? $number : undef;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user