From fe29adbd66a3f2a9fbf35d12a308c60071f307bd Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 13 Mar 2017 16:52:16 -0700 Subject: [PATCH] Correct use of $family in combined actions Signed-off-by: Tom Eastep --- Shorewall/Actions/action.Broadcast | 14 ++++++++++---- Shorewall/Actions/action.Multicast | 17 +++++++---------- Shorewall/Perl/Shorewall/Config.pm | 8 ++++---- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/Shorewall/Actions/action.Broadcast b/Shorewall/Actions/action.Broadcast index d6fd7e16c..555228395 100644 --- a/Shorewall/Actions/action.Broadcast +++ b/Shorewall/Actions/action.Broadcast @@ -31,22 +31,28 @@ DEFAULTS DROP,- ?if __ADDRTYPE @1 - - - ;; -m addrtype --dst-type BROADCAST @1 - - - ;; -m addrtype --dst-type ANYCAST -?elseif __IPV4 +?else ?begin perl; + use strict; use Shorewall::IPAddrs; use Shorewall::Config; use Shorewall::Chains; - my ( $action ) = get_action_params( 1 ); + my ( $action, $audit ) = get_action_params( 2 ); my $chainref = get_action_chain; my ( $level, $tag ) = get_action_logging; + + fatal_error "Invalid parameter to action Broadcast" if supplied $audit && $audit ne 'audit'; + my $target = require_audit ( $action , $audit ); - if ( $family == F_IPv4 ) { + if ( $family == F_IPV4 ) { add_commands $chainref, 'for address in $ALL_BCASTS; do'; - } else { + } elsif ($family == F_IPV6 ) { add_commands $chainref, 'for address in $ALL_ACASTS; do'; + } else { + fatal_error "Internal error - \$family == $family"; } incr_cmd_level $chainref; diff --git a/Shorewall/Actions/action.Multicast b/Shorewall/Actions/action.Multicast index 545744c89..559172c25 100644 --- a/Shorewall/Actions/action.Multicast +++ b/Shorewall/Actions/action.Multicast @@ -33,25 +33,22 @@ DEFAULTS DROP,- ?else ?begin perl; + use strict; use Shorewall::IPAddrs; use Shorewall::Config; use Shorewall::Chains; - my ( $action ) = get_action_params( 1 ); + my ( $action, $audit ) = get_action_params( 2 ); my $chainref = get_action_chain; my ( $level, $tag ) = get_action_logging; - fatal_error "Invalid parameter to action Broadcast" if supplied $audit && $audit ne 'audit'; + fatal_error "Invalid parameter to action Multicast" if supplied $audit && $audit ne 'audit'; - my $target = require_audit ( $action , $audit ); + my $target = require_audit ( $action , $audit ); + my $dest = ( $family == F_IPV4 ) ? join( ' ', '-d', IPv4_MULTICAST . ' ' ) : join( ' ', '-d', IPv6_MULTICAST . ' ' ); - if ( $family == F_IPv4 ) { - log_rule_limit $level, $chainref, 'Multicast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne ''; - add_jump $chainref, $action, 0, '-d 224.0.0.0/4 '; - } else { - log_rule_limit( $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', join( ' ', '-d', IPv6_MULTICAST . ' ' ) ) if $level ne ''; - add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' ); - } + log_rule_limit( $level, $chainref, 'Multicast' , $action, '', $tag, 'add', $dest ) if $level ne ''; + add_jump $chainref, $target, 0, $dest; 1; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index c8e09b323..7496d2d5a 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -86,6 +86,9 @@ our @EXPORT = qw( kernel_version compiletime + + F_IPV4 + F_IPV6 ); our @EXPORT_OK = qw( $shorewall_dir initialize shorewall); @@ -196,9 +199,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script PARMSMODIFIED USEDCALLER - - F_IPV4 - F_IPV6 TCP UDP @@ -748,7 +748,7 @@ sub initialize( $;$$) { TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => "5.1.1-RC1", + VERSION => "5.1.4-Beta1", CAPVERSION => 50100 , BLACKLIST_LOG_TAG => '', RELATED_LOG_TAG => '',