Send non-port traffic through 'accountout'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6509 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-06-10 23:41:30 +00:00 · 2007-06-10 23:41:30 +00:00 · 3960e7b105
commit 3960e7b105
parent 3f9e837991
1 changed files with 29 additions and 12 deletions
--- a/Shorewall-perl/Shorewall/Accounting.pm
+++ b/Shorewall-perl/Shorewall/Accounting.pm
@ -59,17 +59,6 @@ sub process_accounting_rule( $$$$$$$$$ ) {
 	"-j $jumpchain";
    }

-    my $restriction = NO_RESTRICT;
-
-    if ( @bridges && $source =~ /^$firewall_zone:?/ ) {
-	$restriction = OUTPUT_RESTRICT;
-	$chain = 'accountout' unless $chain and $chain ne '-';
-    } else {
-	$chain = 'accounting' unless $chain and $chain ne '-';
-    }
-
-    my $chainref = ensure_filter_chain $chain , 0;
-
    my $target = '';

    $proto  = ''    if $proto  eq 'any';
@ -97,8 +86,36 @@ sub process_accounting_rule( $$$$$$$$$ ) {
 	}
    }

+    my $restriction = NO_RESTRICT;
+
    $source = ALLIPv4 if $source eq 'any' || $source eq 'all';
-    $dest   = ALLIPv4 if $dest   eq 'any' || $dest   eq 'all';
+
+    if ( @bridges ) {
+	if ( $source =~ /^$firewall_zone:?/ ) {
+	    $restriction = OUTPUT_RESTRICT;
+	    $chain = 'accountout' unless $chain and $chain ne '-';
+	} else {
+	    $chain = 'accounting' unless $chain and $chain ne '-';
+	    if ( $dest eq 'any' || $dest eq 'all' || $dest eq ALLIPv4 ) {
+		expand_rule(
+			    ensure_filter_chain( 'accountout' , 0 ) ,
+			    OUTPUT_RESTRICT ,
+			    $rule ,
+			    $source ,
+			    $dest = ALLIPv4 ,
+			    '' ,
+			    $target ,
+			    '' ,
+			    '' ,
+			    ''  );
+	    }
+	}
+    } else {
+	$chain = 'accounting';
+	$dest = ALLIPv4 if $dest   eq 'any' || $dest   eq 'all';
+    }
+
+    my $chainref = ensure_filter_chain $chain , 0;

    expand_rule
 	$chainref ,