holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow both 'to' and 'from' in blacklist

Browse Source
This commit is contained in:
Tom Eastep 2010-09-13 12:51:10 -07:00
parent 9b4c3e22dd
commit 1729da87f1
1 changed files with 40 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -260,17 +260,16 @@ sub setup_blacklist() {
my ( $networks, $protocol, $ports, $options ) = split_line 1, 4, 'blacklist file'; my ( $networks, $protocol, $ports, $options ) = split_line 1, 4, 'blacklist file';
my $direction = 'from';
$options = 'from' if $options eq '-'; $options = 'from' if $options eq '-';
warning_message "'$options' entry ignored because there are no matching interfaces", next unless @$hosts || $options eq 'to'; my ( $to, $from ) = ( 0, 0 );
for ( split /,/, $options ) { for ( split /,/, $options ) {
fatal_error "Invalid OPTION ($_)" unless /^(from|to)$/; if ( $_ eq 'from' ) {
$direction = $_; if ( $from++ ) {
} warning_message "Duplicate 'from' ignored";
} else {
if ( @$hosts ) {
expand_rule( expand_rule(
$chainref , $chainref ,
NO_RESTRICT , NO_RESTRICT ,
@ -281,8 +280,15 @@ sub setup_blacklist() {
$target , $target ,
'' , '' ,
$target , $target ,
'' ) if $chainref && $options eq 'from'; '' );
} else {
warning_message 'Blacklist entry ignored because there are no "blacklist=1" interfaces';
}
}
} elsif ( $_ eq 'to' ) {
if ( $to++ ) {
warning_message "Duplicate 'to' ignored";
} else {
expand_rule( expand_rule(
$chainref1 , $chainref1 ,
NO_RESTRICT , NO_RESTRICT ,
@ -293,7 +299,12 @@ sub setup_blacklist() {
$target , $target ,
'' , '' ,
$target , $target ,
'' ) if $chainref1 && $options eq 'to'; '' );
}
} else {
fatal_error "Invalid blacklist option($_)";
}
}
progress_message " \"$currentline\" added to blacklist"; progress_message " \"$currentline\" added to blacklist";
} }