forked from extern/shorewall_code
Accurately determine if an inline action generates a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
49166efdca
commit
42f46ea5e7
@ -158,6 +158,7 @@ our %auditpolicies = ( ACCEPT => 1,
|
|||||||
|
|
||||||
our @columns;
|
our @columns;
|
||||||
our @columnstack;
|
our @columnstack;
|
||||||
|
our $actionresult;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Rather than initializing globals in an INIT block or during declaration,
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
@ -2469,7 +2470,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
|
|
||||||
$macro_nest_level--;
|
$macro_nest_level--;
|
||||||
|
|
||||||
return $generated;
|
return $generated || $actionresult;
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
# Generate Fixed part of the rule
|
# Generate Fixed part of the rule
|
||||||
@ -2651,6 +2652,7 @@ sub perl_action_helper($$) {
|
|||||||
my ( $target, $matches ) = @_;
|
my ( $target, $matches ) = @_;
|
||||||
my $action = $actparms{action};
|
my $action = $actparms{action};
|
||||||
my $chainref = $actparms{0};
|
my $chainref = $actparms{0};
|
||||||
|
my $result;
|
||||||
|
|
||||||
assert( $chainref );
|
assert( $chainref );
|
||||||
|
|
||||||
@ -2661,7 +2663,7 @@ sub perl_action_helper($$) {
|
|||||||
'',
|
'',
|
||||||
@columns );
|
@columns );
|
||||||
} else {
|
} else {
|
||||||
process_rule1( $chainref,
|
$result = process_rule1( $chainref,
|
||||||
$matches,
|
$matches,
|
||||||
$target,
|
$target,
|
||||||
'', # Current Param
|
'', # Current Param
|
||||||
@ -2682,6 +2684,8 @@ sub perl_action_helper($$) {
|
|||||||
0, # Wildcard
|
0, # Wildcard
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$actionresult ||= $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -2691,11 +2695,12 @@ sub perl_action_tcp_helper($$) {
|
|||||||
my ( $target, $proto ) = @_;
|
my ( $target, $proto ) = @_;
|
||||||
my $action = $actparms{action};
|
my $action = $actparms{action};
|
||||||
my $chainref = $actparms{0};
|
my $chainref = $actparms{0};
|
||||||
|
my $result;
|
||||||
|
|
||||||
assert( $chainref );
|
assert( $chainref );
|
||||||
|
|
||||||
if ( $inlines{$action} ) {
|
if ( $inlines{$action} ) {
|
||||||
&process_rule1( $chainref,
|
$result = &process_rule1( $chainref,
|
||||||
$proto,
|
$proto,
|
||||||
$target,
|
$target,
|
||||||
'',
|
'',
|
||||||
@ -2704,7 +2709,7 @@ sub perl_action_tcp_helper($$) {
|
|||||||
@columns[3..14]
|
@columns[3..14]
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
process_rule1( $chainref,
|
$result = process_rule1( $chainref,
|
||||||
$proto,
|
$proto,
|
||||||
$target,
|
$target,
|
||||||
'', # Current Param
|
'', # Current Param
|
||||||
@ -2725,6 +2730,8 @@ sub perl_action_tcp_helper($$) {
|
|||||||
0, # Wildcard
|
0, # Wildcard
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$actionresult ||= $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -2872,7 +2879,7 @@ sub process_rule ( ) {
|
|||||||
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
|
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
|
||||||
for my $proto ( @protos ) {
|
for my $proto ( @protos ) {
|
||||||
for my $user ( @users ) {
|
for my $user ( @users ) {
|
||||||
$generated |= process_rule1( undef,
|
if ( process_rule1( undef,
|
||||||
'',
|
'',
|
||||||
$target,
|
$target,
|
||||||
'',
|
'',
|
||||||
@ -2890,7 +2897,9 @@ sub process_rule ( ) {
|
|||||||
$headers,
|
$headers,
|
||||||
$condition,
|
$condition,
|
||||||
$helper,
|
$helper,
|
||||||
$wild );
|
$wild ) ) {
|
||||||
|
$generated = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user