Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

2016-01-02 12:37:43 -08:00 · 2016-01-02 12:37:43 -08:00 · 06dd5dc38f
commit 06dd5dc38f
parent fad41e262a c9f57ad9c9
4 changed files with 25 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -6242,7 +6242,7 @@ sub log_rule_limit( $$$$$$$$ ) {
 		if ( $tag =~ /^,/ ) {
 		    ( $disposition = $tag ) =~ s/,//;
 		} elsif ( $tag =~ /,/ ) {
-		    ( $chain, $disposition ) = split ',', $tag;
+		    ( $chain, $disposition ) = split ',', $tag, 2;
 		} else { 
 		    $chain = $tag;
 		}
@ -6336,7 +6336,7 @@ sub log_irule_limit( $$$$$$$@ ) {
 		if ( $tag =~ /^,/ ) {
 		    ( $disposition = $tag ) =~ s/,//;
 		} elsif ( $tag =~ /,/ ) {
-		    ( $chain, $disposition ) = split ',', $tag;
+		    ( $chain, $disposition ) = split ',', $tag, 2;
 		} else { 
 		    $chain = $tag;
 		}
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -2477,13 +2477,21 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    $actiontype |= HELPER;
 	} elsif ( $actiontype & SET ) {
 	    my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
 	    my ( $setname, $flags, $timeout, $rest ) = split ':', $param, 4;
 	    my ( $setname, $flags, $rest ) = split ':', $param, 3;
 	    fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
 	    $setname =~ s/^\+//;
 	    fatal_error "Expected ipset name ($setname)" unless $setname =~ /^(6_)?[a-zA-Z][-\w]*$/;
 	    fatal_error "Invalid flags ($flags)"         unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
 	    $action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
 	    if ( supplied $timeout ) {
 		fatal_error "A timeout may only be supplied in an ADD rule" unless $basictarget eq 'ADD';
 		fatal_error "Invalid Timeout ($timeout)"                    unless $timeout && $timeout =~ /^\d+$/;
 		$action .= " --timeout $timeout";
 	    }
 	}
    }
    #
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@ -241,7 +241,7 @@
            <varlistentry>
              <term><emphasis
-              role="bold">ADD(<replaceable>ipset</replaceable>:<replaceable>flags</replaceable>)</emphasis></term>
+              role="bold">ADD(<replaceable>ipset</replaceable>:<replaceable>flags</replaceable>[:<replaceable>timeout</replaceable>])</emphasis></term>
              <listitem>
                <para>Added in Shorewall 4.4.12. Causes addresses and/or port
@ -256,6 +256,12 @@
                role="bold">dst</emphasis> respectively (see the -A command in
                ipset (8)).</para>
                <para>Beginning with Shorewall 5.0.3, an optional
                <replaceable>timeout</replaceable> can be specified. This is
                the number of seconds that the new entry in the ipset is to
                remain valid and overrides any timeout specified when the
                ipset was created.</para>
                <para>ADD is non-terminating. Even if a packet matches the
                rule, it is passed on to the next rule.</para>
              </listitem>
--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@ -229,6 +229,12 @@
                role="bold">dst</emphasis> respectively (see the -A command in
                ipset (8)).</para>
                <para>Beginning with Shorewall 5.0.3, an optional
                <replaceable>timeout</replaceable> can be specified. This is
                the number of seconds that the new entry in the ipset is to
                remain valid and overrides any timeout specified when the
                ipset was created.</para>
                <para>ADD is non-terminating. Even if a packet matches the
                rule, it is passed on to the next rule.</para>
              </listitem>