holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix duplicate log rate and add tests for illegal ESTABLISHED,RELATED rules

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6283 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-08 14:16:20 +00:00
parent 6d6edff079
commit 18a7ce4f1d
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall-perl/Shorewall/Chains.pm
View File

@ -1154,9 +1154,10 @@ sub log_rule_limit( $$$$$$$$ ) {
my $prefix;
$limit = $globals{LOGLIMIT} unless $limit && $limit ne '-';
$predicates .= $limit;
unless ( $predicates =~ /-m limit / ) {
$limit = $globals{LOGLIMIT} unless $limit && $limit ne '-';
$predicates .= $limit;
}
if ( $tag ) {
if ( $config{LOGTAGONLY} ) {

7
Shorewall-perl/Shorewall/Rules.pm
View File

@ -977,7 +977,12 @@ sub process_rule1 ( $$$$$$$$$$ ) {
#
$rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) );
$rule .= "-m state --state $section " if $section eq 'ESTABLISHED' || $section eq 'RELATED';
if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) {
fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT;
$rule .= "-m state --state $section "
}
#
# Generate NAT rule(s), if any
#