holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Handle '+' in inline matches the mangle and masq files

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-03-12 17:14:15 -08:00
parent 33343aaf17
commit 0e59b82503
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -69,6 +69,7 @@ sub process_one_masq1( $$$$$$$$$$$ )
my $destnets = ''; my $destnets = '';
my $baserule = ''; my $baserule = '';
my $inlinematches = ''; my $inlinematches = '';
my $prerule = '';
# #
# Leading '+' # Leading '+'
# #
@ -83,6 +84,13 @@ sub process_one_masq1( $$$$$$$$$$$ )
$inlinematches = get_inline_matches(0); $inlinematches = get_inline_matches(0);
} }
# #
# Handle early matches
#
if ( $inlinematches =~ s/s*\+// ) {
$prerule = $inlinematches;
$inlinematches = '';
}
#
# Parse the remaining part of the INTERFACE column # Parse the remaining part of the INTERFACE column
# #
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
@ -336,7 +344,7 @@ sub process_one_masq1( $$$$$$$$$$$ )
# #
expand_rule( $chainref , expand_rule( $chainref ,
POSTROUTE_RESTRICT , POSTROUTE_RESTRICT ,
'' , $prerule ,
$baserule . $inlinematches . $rule , $baserule . $inlinematches . $rule ,
$networks , $networks ,
$destnets , $destnets ,

12
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -3880,6 +3880,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
my $usergenerated; my $usergenerated;
my $actiontype; my $actiontype;
my $commandref; my $commandref;
my $prerule = '';
# #
# Subroutine for handling MARK and CONNMARK. We use an enclosure so as to keep visibility of the # Subroutine for handling MARK and CONNMARK. We use an enclosure so as to keep visibility of the
# function's local variables without making them static. process_mangle_rule1() is called # function's local variables without making them static. process_mangle_rule1() is called
@ -3928,7 +3929,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
expand_rule( $chainref, expand_rule( $chainref,
$restrictions{$chain} | $restriction, $restrictions{$chain} | $restriction,
'' , $prerule ,
$match . $match .
do_user( $user ) . do_user( $user ) .
do_test( $testval, $globals{TC_MASK} ) . do_test( $testval, $globals{TC_MASK} ) .
@ -4566,6 +4567,13 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
} else { } else {
$raw_matches = get_inline_matches(0); $raw_matches = get_inline_matches(0);
} }
#
# Handle early matches
#
if ( $raw_matches =~ s/s*\+// ) {
$prerule = $raw_matches;
$raw_matches = '';
}
if ( $source ne '-' ) { if ( $source ne '-' ) {
if ( $source eq $fw ) { if ( $source eq $fw ) {
@ -4645,7 +4653,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
if ( ( my $result = expand_rule( $chainref , if ( ( my $result = expand_rule( $chainref ,
( $restrictions{$chain} || 0 ) | $restriction, ( $restrictions{$chain} || 0 ) | $restriction,
'', $prerule,
do_proto( $proto, $ports, $sports) . $matches . do_proto( $proto, $ports, $sports) . $matches .
do_user( $user ) . do_user( $user ) .
do_test( $testval, $globals{TC_MASK} ) . do_test( $testval, $globals{TC_MASK} ) .