From 18a7ce4f1d2a1a6639e442ae909b4d2a5dc7e787 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 8 May 2007 14:16:20 +0000 Subject: [PATCH] Fix duplicate log rate and add tests for illegal ESTABLISHED,RELATED rules git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6283 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 7 ++++--- Shorewall-perl/Shorewall/Rules.pm | 7 ++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index fe7805390..6a167b2f8 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -1154,9 +1154,10 @@ sub log_rule_limit( $$$$$$$$ ) { my $prefix; - $limit = $globals{LOGLIMIT} unless $limit && $limit ne '-'; - - $predicates .= $limit; + unless ( $predicates =~ /-m limit / ) { + $limit = $globals{LOGLIMIT} unless $limit && $limit ne '-'; + $predicates .= $limit; + } if ( $tag ) { if ( $config{LOGTAGONLY} ) { diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 3127078f7..10e52e138 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -977,7 +977,12 @@ sub process_rule1 ( $$$$$$$$$$ ) { # $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) ); - $rule .= "-m state --state $section " if $section eq 'ESTABLISHED' || $section eq 'RELATED'; + if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) { + fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT}; + fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT; + $rule .= "-m state --state $section " + } + # # Generate NAT rule(s), if any #