forked from extern/shorewall_code
Replace '/' by '+' in cmd-owner implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2079 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
9fc88cfbd5
commit
181af2cc85
@ -69,7 +69,7 @@
|
|||||||
#
|
#
|
||||||
# The column may contain:
|
# The column may contain:
|
||||||
#
|
#
|
||||||
# [!][<user name or number>][:<group name or number>][/<program name>]
|
# [!][<user name or number>][:<group name or number>][+<program name>]
|
||||||
#
|
#
|
||||||
# When this column is non-empty, the rule applies only
|
# When this column is non-empty, the rule applies only
|
||||||
# if the program generating the output is running under
|
# if the program generating the output is running under
|
||||||
@ -83,7 +83,7 @@
|
|||||||
# #the 'kids' group
|
# #the 'kids' group
|
||||||
# !:kids #program must not be run by a member
|
# !:kids #program must not be run by a member
|
||||||
# #of the 'kids' group
|
# #of the 'kids' group
|
||||||
# /upnpd #program named upnpd
|
# +upnpd #program named upnpd
|
||||||
#
|
#
|
||||||
# In all of the above columns except ACTION and CHAIN, the values "-",
|
# In all of the above columns except ACTION and CHAIN, the values "-",
|
||||||
# "any" and "all" may be used as wildcards
|
# "any" and "all" may be used as wildcards
|
||||||
|
|||||||
@ -146,7 +146,7 @@
|
|||||||
#
|
#
|
||||||
# The column may contain:
|
# The column may contain:
|
||||||
#
|
#
|
||||||
# [!][<user name or number>][:<group name or number>][/<program name>]
|
# [!][<user name or number>][:<group name or number>][+<program name>]
|
||||||
#
|
#
|
||||||
# When this column is non-empty, the rule applies only
|
# When this column is non-empty, the rule applies only
|
||||||
# if the program generating the output is running under
|
# if the program generating the output is running under
|
||||||
@ -160,7 +160,7 @@
|
|||||||
# #the 'kids' group
|
# #the 'kids' group
|
||||||
# !:kids #program must not be run by a member
|
# !:kids #program must not be run by a member
|
||||||
# #of the 'kids' group
|
# #of the 'kids' group
|
||||||
# /upnpd #program named upnpd
|
# +upnpd #program named upnpd
|
||||||
#
|
#
|
||||||
######################################################################################
|
######################################################################################
|
||||||
#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
|
#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/
|
||||||
|
|||||||
@ -2408,9 +2408,9 @@ process_tc_rule()
|
|||||||
r="$r-m owner"
|
r="$r-m owner"
|
||||||
|
|
||||||
case "$user" in
|
case "$user" in
|
||||||
*/*)
|
*+*)
|
||||||
r="$r --cmd-owner ${user#*/}"
|
r="$r --cmd-owner ${user#*/}"
|
||||||
user=${user%/*}
|
user=${user%+*}
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -2752,15 +2752,17 @@ process_accounting_rule() {
|
|||||||
user1="$user"
|
user1="$user"
|
||||||
|
|
||||||
case "$user" in
|
case "$user" in
|
||||||
!*/*)
|
!*+*)
|
||||||
if [ "$user" != "!/" ]; then
|
if [ -n "${user#*+}" ]; then
|
||||||
rule="$rule ! --cmd-owner ${user#*/} "
|
rule="$rule ! --cmd-owner ${user#*+} "
|
||||||
user1=${user%/*}
|
|
||||||
fi
|
fi
|
||||||
|
user1=${user%/+}
|
||||||
;;
|
;;
|
||||||
*/*)
|
*+*)
|
||||||
rule="$rule --cmd-owner ${user#*/} "
|
if [ -n "${user#*+}" ]; then
|
||||||
user1=${user%/*}
|
rule="$rule --cmd-owner ${user#*+} "
|
||||||
|
fi
|
||||||
|
user1=${user%+*}
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -3180,17 +3182,17 @@ process_action() # $1 = chain (Chain to add the rules to)
|
|||||||
userandgroup="-m owner"
|
userandgroup="-m owner"
|
||||||
|
|
||||||
case "$userspec" in
|
case "$userspec" in
|
||||||
!*/*)
|
!*+*)
|
||||||
if [ "$userspec" != "!/" ]; then
|
if [ -n "${userspec#*+}" ]; then
|
||||||
userandgroup="$userandgroup ! --cmd-owner ${userspec#*/}"
|
userandgroup="$userandgroup ! --cmd-owner ${userspec#*+}"
|
||||||
userspec=${userspec%/*}
|
|
||||||
fi
|
fi
|
||||||
|
userspec=${userspec%+*}
|
||||||
;;
|
;;
|
||||||
*/*)
|
*/*)
|
||||||
if [ "$userspec" != "/" ]; then
|
if [ -n "${userspec#*+}" ]; then
|
||||||
userandgroup="$userandgroup --cmd-owner ${userspec#*/}"
|
userandgroup="$userandgroup --cmd-owner ${userspec#*+}"
|
||||||
userspec=${userspec%/*}
|
|
||||||
fi
|
fi
|
||||||
|
userspec=${userspec%+*}
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -4357,16 +4359,16 @@ process_rule() # $1 = target
|
|||||||
userandgroup="-m owner"
|
userandgroup="-m owner"
|
||||||
|
|
||||||
case "$userspec" in
|
case "$userspec" in
|
||||||
!*/*)
|
!*+*)
|
||||||
if [ "$userspec" != "!/" ]; then
|
if [ "$userspec" != "!+" ]; then
|
||||||
userandgroup="$userandgroup ! --cmd-owner ${userspec#*/}"
|
userandgroup="$userandgroup ! --cmd-owner ${userspec#*+}"
|
||||||
userspec=${userspec%/*}
|
userspec=${userspec%+*}
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*/*)
|
*/*)
|
||||||
if [ "$userspec" != "/" ]; then
|
if [ "$userspec" != "+" ]; then
|
||||||
userandgroup="$userandgroup --cmd-owner ${userspec#*/}"
|
userandgroup="$userandgroup --cmd-owner ${userspec#*+}"
|
||||||
userspec=${userspec%/*}
|
userspec=${userspec%+*}
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
@ -20,14 +20,14 @@ New Features in version 2.3.0
|
|||||||
/etc/shorewall/tcrules
|
/etc/shorewall/tcrules
|
||||||
/usr/share/shorewall/action.template
|
/usr/share/shorewall/action.template
|
||||||
|
|
||||||
To specify a command, prefix the command name with "/".
|
To specify a command, prefix the command name with "+".
|
||||||
|
|
||||||
Examples:
|
Examples:
|
||||||
|
|
||||||
/mozilla-bin #The program is named "mozilla-bin"
|
+mozilla-bin #The program is named "mozilla-bin"
|
||||||
joe/mozilla-bin #The program is named "mozilla-bin" and
|
joe+mozilla-bin #The program is named "mozilla-bin" and
|
||||||
#is being run by user "joe"
|
#is being run by user "joe"
|
||||||
joe:users/mozilla-bin #The program is named "mozilla-bin" and
|
joe:users+mozilla-bin #The program is named "mozilla-bin" and
|
||||||
#is being run by user "joe" with
|
#is being run by user "joe" with
|
||||||
#effective group "users".
|
#effective group "users".
|
||||||
|
|
||||||
|
|||||||
@ -285,7 +285,7 @@
|
|||||||
#
|
#
|
||||||
# The column may contain:
|
# The column may contain:
|
||||||
#
|
#
|
||||||
# [!][<user name or number>][:<group name or number>][/<program name>]
|
# [!][<user name or number>][:<group name or number>][+<program name>]
|
||||||
#
|
#
|
||||||
# When this column is non-empty, the rule applies only
|
# When this column is non-empty, the rule applies only
|
||||||
# if the program generating the output is running under
|
# if the program generating the output is running under
|
||||||
@ -299,7 +299,7 @@
|
|||||||
# #the 'kids' group
|
# #the 'kids' group
|
||||||
# !:kids #program must not be run by a member
|
# !:kids #program must not be run by a member
|
||||||
# #of the 'kids' group
|
# #of the 'kids' group
|
||||||
# /upnpd #program named 'upnpd'
|
# +upnpd #program named 'upnpd'
|
||||||
#
|
#
|
||||||
# Example: Accept SMTP requests from the DMZ to the internet
|
# Example: Accept SMTP requests from the DMZ to the internet
|
||||||
#
|
#
|
||||||
|
|||||||
@ -130,10 +130,11 @@
|
|||||||
#
|
#
|
||||||
# It may contain :
|
# It may contain :
|
||||||
#
|
#
|
||||||
# [<user name or number>]:[<group name or number>]
|
# [<user name or number>]:[<group name or number>][+<program name>]
|
||||||
#
|
#
|
||||||
# The colon is optionnal when specifying only a user.
|
# The colon is optionnal when specifying only a user
|
||||||
# Examples : john: / john / :users / john:users
|
# or a program name.
|
||||||
|
# Examples : john: , john , :users , john:users , +mozilla-bin
|
||||||
#
|
#
|
||||||
# TEST Defines a test on the existing packet or connection mark.
|
# TEST Defines a test on the existing packet or connection mark.
|
||||||
# The rule will match only if the test returns true. Tests
|
# The rule will match only if the test returns true. Tests
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user