forked from extern/shorewall_code
Apply Mr-4's 4a patch (modified)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
20d38e8b52
commit
1012251957
@ -237,9 +237,9 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
|
||||
for ( my @objects = split_nfacct_list $1 ) {
|
||||
validate_nfobject( $_, 1 );
|
||||
if ( s/!$// ) {
|
||||
$prerule .= "-m nfacct --nfacct-name $_ ";
|
||||
$prerule .= do_nfacct( $_ );
|
||||
} else {
|
||||
$rule .= "-m nfacct --nfacct-name $_ ";
|
||||
$rule .= do_nfacct( $_ );
|
||||
}
|
||||
}
|
||||
} elsif ( $action eq 'INLINE' ) {
|
||||
|
@ -211,6 +211,7 @@ our %EXPORT_TAGS = (
|
||||
do_probability
|
||||
do_condition
|
||||
do_dscp
|
||||
do_nfacct
|
||||
have_ipset_rules
|
||||
record_runtime_address
|
||||
verify_address_variables
|
||||
@ -5175,6 +5176,13 @@ sub do_dscp( $ ) {
|
||||
"-m dscp ${invert}--dscp $value ";
|
||||
}
|
||||
|
||||
#
|
||||
# Return nfacct match
|
||||
#
|
||||
sub do_nfacct( $ ) {
|
||||
"-m nfacct --nfacct-name @_ ";
|
||||
}
|
||||
|
||||
#
|
||||
# Match Source Interface
|
||||
#
|
||||
@ -5453,7 +5461,7 @@ sub match_source_net( $;$\$ ) {
|
||||
require_capability 'NFACCT_MATCH', "An nfacct object list ($3)", 's';
|
||||
for ( my @objects = split_list $3, 'nfacct' ) {
|
||||
validate_nfobject( $_ );
|
||||
$result .= "-m nfacct --nfacct-name $_ ";
|
||||
$result .= do_nfacct( $_ );
|
||||
}
|
||||
}
|
||||
|
||||
@ -5473,7 +5481,7 @@ sub match_source_net( $;$\$ ) {
|
||||
require_capability 'NFACCT_MATCH', "An nfacct object list ($3)", 's';
|
||||
for ( my @objects = split_list $3, 'nfacct' ) {
|
||||
validate_nfobject( $_ );
|
||||
$result .= "-m nfacct --nfacct-name $_ ";
|
||||
$result .= do_nfacct( $_ );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -5627,7 +5635,7 @@ sub match_dest_net( $;$ ) {
|
||||
require_capability 'NFACCT_MATCH', "An nfacct object list ($3)", 's';
|
||||
for ( my @objects = split_list $3, 'nfacct' ) {
|
||||
validate_nfobject( $_ );
|
||||
$result .= "-m nfacct --nfacct-name $_ ";
|
||||
$result .= do_nfacct( $_ );
|
||||
}
|
||||
}
|
||||
|
||||
@ -5649,7 +5657,7 @@ sub match_dest_net( $;$ ) {
|
||||
require_capability 'NFACCT_MATCH', "An nfacct object list ($3)", 's';
|
||||
for ( my @objects = split_list $3, 'nfacct' ) {
|
||||
validate_nfobject( $_ );
|
||||
$result .= "-m nfacct --nfacct-name $_ ";
|
||||
$result .= do_nfacct( $_ );
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user