extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-23 19:21:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix NFQUEUE parsing and documentation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-05-29 18:19:35 -07:00
parent 29a0c92918
commit f227250959
3 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -475,21 +475,26 @@ sub process_default_action( $$$$ ) {
sub handle_nfqueue( $$ ) { sub handle_nfqueue( $$ ) {
my ($params, $allow_bypass ) = @_; my ($params, $allow_bypass ) = @_;
my $action; my $action;
my ( $queue1, $queue2, $queuenum1, $queuenum2 );
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' ); require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
my ( $queue, $bypass ) = split ',', $params; $params = '' unless defined $params;
my ( $queue, $bypass, $junk ) = split ',', $params;
fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
if ( supplied $queue ) {
if ( $queue eq 'bypass' ) { if ( $queue eq 'bypass' ) {
fatal_error "'bypass' is not allowed in this context" unless $allow_bypass; fatal_error "'bypass' is not allowed in this context" unless $allow_bypass;
fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass; fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass;
return 'NFQUEUE --queue-bypass'; return 'NFQUEUE --queue-bypass';
} }
my ( $queue1, $queue2 ) = split ':', $queue; ( $queue1, $queue2 ) = split ':', $queue;
my $queuenum1 = numeric_value( $queue1 ); $queuenum1 = numeric_value( $queue1 );
my $queuenum2;
fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535; fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
@ -498,6 +503,9 @@ sub handle_nfqueue( $$ ) {
fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2; fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2;
} }
} else {
$queuenum1 = 0;
}
if ( supplied $bypass ) { if ( supplied $bypass ) {
fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass'; fatal_error "Invalid NFQUEUE option ($bypass)" if $bypass ne 'bypass';

2
Shorewall/manpages/shorewall-policy.xml
View File

@ -105,7 +105,7 @@
role="bold">REJECT</emphasis>|<emphasis role="bold">REJECT</emphasis>|<emphasis
role="bold">CONTINUE</emphasis>|<emphasis role="bold">CONTINUE</emphasis>|<emphasis
role="bold">QUEUE</emphasis>|<emphasis role="bold">QUEUE</emphasis>|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NONE</emphasis>}[<emphasis role="bold">NONE</emphasis>}[<emphasis
role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
role="bold">None</emphasis>}]</term> role="bold">None</emphasis>}]</term>

2
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -105,7 +105,7 @@
role="bold">REJECT</emphasis>|<emphasis role="bold">REJECT</emphasis>|<emphasis
role="bold">CONTINUE</emphasis>|<emphasis role="bold">CONTINUE</emphasis>|<emphasis
role="bold">QUEUE</emphasis>|<emphasis role="bold">QUEUE</emphasis>|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NONE</emphasis>}[<emphasis role="bold">NONE</emphasis>}[<emphasis
role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
role="bold">None</emphasis>}]</term> role="bold">None</emphasis>}]</term>