holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Revert "Implement the 'terminating' action option"

Browse Source 
This reverts commit 6851744cb7.
This commit is contained in:
Tom Eastep 2014-09-23 07:39:25 -07:00
parent 4495ed687b
commit 1f5439257a
4 changed files with 14 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -73,7 +73,6 @@ our @EXPORT = ( qw(
allow_optimize
allow_delete
allow_move
make_terminating
set_optflags
reset_optflags
has_return
@ -105,6 +104,7 @@ our @EXPORT = ( qw(
AUDIT
HELPER
INLINE
TERMINATING
STATEMATCH
USERBUILTIN
INLINERULE
@ -793,13 +793,6 @@ sub decr_cmd_level( $ ) {
assert( --$_[0]->{cmdlevel} >= 0, $_[0] );
}
#
# Mark an action as terminating
#
sub make_terminating( $ ) {
$terminating{$_[0]} = 1;
}
#
# Transform the passed iptables rule into an internal-form hash reference.
# Most of the compiler has been converted to use the new form natively.

21
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1748,15 +1748,14 @@ sub process_actions() {
undef, #Columns
1 ); #Allow inline matches
my $type = ( $action eq $config{REJECT_ACTION} ? INLINE : ACTION );
my $noinline = 0;
my $nolog = ( $type == INLINE ) || 0;
my $builtin = 0;
my $raw = 0;
my $mangle = 0;
my $filter = 0;
my $nat = 0;
my $terminating = 0;
my $type = ( $action eq $config{REJECT_ACTION} ? INLINE : ACTION );
my $noinline = 0;
my $nolog = ( $type == INLINE ) || 0;
my $builtin = 0;
my $raw = 0;
my $mangle = 0;
my $filter = 0;
my $nat = 0;
if ( $action =~ /:/ ) {
warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
@ -1775,8 +1774,6 @@ sub process_actions() {
$nolog = 1;
} elsif ( $_ eq 'builtin' ) {
$builtin = 1;
} elsif ( $_ eq 'terminating' ) {
$terminating = 1;
} elsif ( $_ eq 'mangle' ) {
$mangle = 1;
} elsif ( $_ eq 'raw' ) {
@ -1825,8 +1822,6 @@ sub process_actions() {
}
$targets{$action} = $actiontype;
make_terminating( $action ) if $terminating;
} else {
fatal_error "Table names are only allowed for builtin actions" if $mangle || $raw || $nat || $filter;
new_action $action, $type, $noinline, $nolog;

11
Shorewall/manpages/shorewall-actions.xml
View File

@ -71,17 +71,10 @@
role="bold">raw</emphasis>. If no table name(s) are given,
then <emphasis role="bold">filter</emphasis> is assumed. The
table names follow <emphasis role="bold">builtin</emphasis>
and are separated by commas; for example, "FOOBAR
builtin,filter,mangle" would specify FOOBAR as a builtin
and are separated by commas; for example,
"FOOBAR,filter,mangle" would specify FOOBAR as a builtin
target that can be used in the filter and mangle
tables.</para>
<para>Beginning with Shorewall 4.6.4, you may specify the
<emphasis role="bold">terminating</emphasis> option with
<emphasis role="bold">builtin</emphasis> to indicate to the
Shorewall optimizer that the action is terminating (the
current packet will not be passed to the next rule in the
chain).</para>
</listitem>
</varlistentry>

14
Shorewall6/manpages/shorewall6-actions.xml
View File

@ -71,18 +71,10 @@
role="bold">mangle</emphasis> and <emphasis
role="bold">raw</emphasis>. If no table name(s) are given,
then <emphasis role="bold">filter</emphasis> is assumed. The
table names follow <emphasis role="bold">builtin</emphasis>
and are separated by commas; for example, "FOOBAR
builtin,filter,mangle" would specify FOOBAR as a builtin
target that can be used in the filter and mangle
table names follow builtin and are separated by commas; for
example, "FOOBAR,filter,mangle" would specify FOOBAR as a
builtin target that can be used in the filter and mangle
tables.</para>
<para>Beginning with Shorewall 4.6.4, you may specify the
<emphasis role="bold">terminating</emphasis> option with
<emphasis role="bold">builtin</emphasis> to indicate to the
Shorewall optimizer that the action is terminating (the
current packet will not be passed to the next rule in the
chain).</para>
</listitem>
</varlistentry>