diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm
index 6e6d2d178..2025b1c27 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -138,10 +138,10 @@ sub process_section ($) {
$asection = $newsect;
}
-sub split_nfacct_list( $$;$ ) {
- my ($list, $type, $origlist ) = @_;
+sub split_nfacct_list( $;$ ) {
+ my ($list, $origlist ) = @_;
- fatal_error( "Invalid $type list (" . ( $origlist ? $origlist : $list ) . ')' ) if $list =~ /^,|,$|,,$/;
+ fatal_error( "Invalid nfacct list (" . ( $origlist ? $origlist : $list ) . ')' ) if $list =~ /^,|,$|,,$/;
split /,/, $list;
}
@@ -234,16 +234,16 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
} elsif ( $action =~ /^NFACCT\(([\w,!]+)\)$/ ) {
require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
$target = '';
- my @objects = split_nfacct_list $1, 'nfacct';
+ my @objects = split_nfacct_list $1;
for ( @objects ) {
if ( $_ =~ /^([\w]+)(!)?$/ ) {
- if ( $2 ) {
- $prerule .= "-m nfacct --nfacct-name $1 ";
- } else {
- $rule .= "-m nfacct --nfacct-name $1 ";
- }
+ if ( $2 ) {
+ $prerule .= "-m nfacct --nfacct-name $1 ";
+ } else {
+ $rule .= "-m nfacct --nfacct-name $1 ";
+ }
} else {
- accounting_error;
+ accounting_error;
}
}
} elsif ( $action eq 'INLINE' ) {
diff --git a/Shorewall/manpages/shorewall-accounting.xml b/Shorewall/manpages/shorewall-accounting.xml
index b487c12b4..368114ace 100644
--- a/Shorewall/manpages/shorewall-accounting.xml
+++ b/Shorewall/manpages/shorewall-accounting.xml
@@ -309,7 +309,7 @@
NFACCT(object[,...])[!]
+ role="bold">NFACCT({object[!]}[,...])
Added in Shorewall 4.5.7. Provides a form of accounting
@@ -327,12 +327,14 @@
Beginning with Shorewall 4.5.16, an arbitrary number of
objects may be given.
- With Shorewall 4.5.16 or later, ! may be specified to indicate that the
- nfacct object(s) will be
- incremented unconditionally. When omitted, the
- object(s) will be incremented only
- if all of the matches in the rule succeed.
+ With Shorewall 4.5.16 or later, an nfacct
+ object in the list may optionally
+ be followed by ! to indicate
+ that the nfacct object will be
+ incremented unconditionally for each packet. When ! is omitted, the
+ object will be incremented only if
+ all of the matches in the rule succeed.
diff --git a/Shorewall6/manpages/shorewall6-accounting.xml b/Shorewall6/manpages/shorewall6-accounting.xml
index ff54e253e..52c0852f7 100644
--- a/Shorewall6/manpages/shorewall6-accounting.xml
+++ b/Shorewall6/manpages/shorewall6-accounting.xml
@@ -251,7 +251,7 @@
NFACCT(object[,...])[!]
+ role="bold">NFACCT({object[!]}[,...])
Added in Shorewall 4.5.7. Provides a form of accounting
@@ -269,12 +269,14 @@
Beginning with Shorewall 4.5.16, an arbitrary number of
objects may be given.
- With Shorewall 4.5.16 or later, ! may be specified to indicate that the
- nfacct object(s) will be
- incremented unconditionally. When omitted, the
- object(s) will be incremented only
- if all of the matches in the rule succeed.
+ With Shorewall 4.5.16 or later, an nfacct
+ object in the list may optionally
+ be followed by ! to indicate
+ that the nfacct object will be
+ incremented unconditionally for each packet. When ! is omitted, the
+ object will be incremented only if
+ all of the matches in the rule succeed.