Handle '+' in inline matches the mangle and masq files

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 17:14:15 -08:00 · 2016-03-12 17:14:15 -08:00 · 0e59b82503
commit 0e59b82503
parent 33343aaf17
2 changed files with 19 additions and 3 deletions
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@ -69,6 +69,7 @@ sub process_one_masq1( $$$$$$$$$$$ )
    my $destnets = '';
    my $baserule = '';
    my $inlinematches = '';
+    my $prerule       = '';
    #
    # Leading '+'
    #
@ -83,6 +84,13 @@ sub process_one_masq1( $$$$$$$$$$$ )
 	$inlinematches = get_inline_matches(0);
    }	
    #
+    # Handle early matches
+    #
+    if ( $inlinematches =~ s/s*\+// ) {
+	$prerule = $inlinematches;
+	$inlinematches = '';
+    }
+    #
    # Parse the remaining part of the INTERFACE column
    #
    if ( $family == F_IPV4 ) {
@ -336,7 +344,7 @@ sub process_one_masq1( $$$$$$$$$$$ )
 	#
 	expand_rule( $chainref ,
 		     POSTROUTE_RESTRICT ,
-		     '' ,
+		     $prerule ,
 		     $baserule . $inlinematches . $rule ,
 		     $networks ,
 		     $destnets ,
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -3880,6 +3880,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
    my $usergenerated;
    my $actiontype;
    my $commandref;
+    my $prerule        = '';
    #
    # Subroutine for handling MARK and CONNMARK. We use an enclosure so as to keep visibility of the
    # function's local variables without making them static. process_mangle_rule1() is called
@ -3928,7 +3929,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {

 		expand_rule( $chainref,
 			     $restrictions{$chain} | $restriction,
-			     '' ,
+			     $prerule ,
 			     $match .
 			     do_user( $user ) .
 			     do_test( $testval, $globals{TC_MASK} ) .
@ -4566,6 +4567,13 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
    } else {
 	$raw_matches = get_inline_matches(0);
    }
+    #
+    # Handle early matches
+    #
+    if ( $raw_matches =~ s/s*\+// ) {
+	$prerule = $raw_matches;
+	$raw_matches = '';
+    }

    if ( $source ne '-' ) {
 	if ( $source eq $fw ) {
@ -4645,7 +4653,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {

 	if ( ( my $result = expand_rule( $chainref ,
 					 ( $restrictions{$chain} || 0 ) | $restriction,
-					 '',
+					 $prerule,
 					 do_proto( $proto, $ports, $sports) . $matches .
 					 do_user( $user ) .
 					 do_test( $testval, $globals{TC_MASK} ) .