holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct error messages that include the section name.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-28 07:41:09 -08:00
parent 2217f89902
commit 2e8eeff416
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -82,6 +82,16 @@ our %section_map = ( ALL => ALL_SECTION,
INVALID => INVALID_SECTION, INVALID => INVALID_SECTION,
UNTRACKED => UNTRACKED_SECTION, UNTRACKED => UNTRACKED_SECTION,
NEW => NEW_SECTION ); NEW => NEW_SECTION );
#
# Reverse map
#
our %section_rmap = ( ALL_SECTION , 'ALL',
BLACKLIST_SECTION , 'BLACKLIST',
ESTABLISHED_SECTION, 'ESTABLISHED',
RELATED_SECTION, 'RELATED',
INVALID_SECTION, 'INVALID',
UNTRACKED_SECTION, 'UNTRACKED',
NEW_SECTION, 'NEW' );
our @policy_chains; our @policy_chains;
@ -860,7 +870,7 @@ sub optimize_policy_chains() {
################################################################################ ################################################################################
# #
# Add ESTABLISHED,RELATED,INVALID rules and synparam jumps to the passed chain # Add ESTABLISHED,RELATED,INVALID,UNTRACKED rules and synparam jumps to the passed chain
# #
sub finish_chain_section ($$$) { sub finish_chain_section ($$$) {
my ($chainref, my ($chainref,
@ -2518,11 +2528,12 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$$ ) {
$blacklist || $blacklist ||
$basictarget eq 'dropInvalid' ) { $basictarget eq 'dropInvalid' ) {
if ( $config{FASTACCEPT} ) { if ( $config{FASTACCEPT} ) {
fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" unless fatal_error "Entries in the $section_rmap{$section} SECTION of the rules file not permitted with FASTACCEPT=Yes" unless
( $section & ( RELATED_SECTION | INVALID_SECTION ) ) && ( $config{RELATED_DISPOSITION} ne 'ACCEPT' || $config{RELATED_LOG_LEVEL} ) ( ( $section & ( UNTRACKED_SECTION | INVALID_SECTION | ALL_SECTION ) ) ||
( $section & ( RELATED_SECTION ) ) && ( $config{RELATED_DISPOSITION} ne 'ACCEPT' || $config{RELATED_LOG_LEVEL} ) )
} }
fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & ( NATRULE | NONAT ); fatal_error "$basictarget rules are not allowed in the $section_rmap{$section} SECTION" if $actiontype & ( NATRULE | NONAT );
$rule .= "$globals{STATEMATCH} ESTABLISHED " if $section == ESTABLISHED_SECTION; $rule .= "$globals{STATEMATCH} ESTABLISHED " if $section == ESTABLISHED_SECTION;
} }
# #