holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add a chain reference argument to process_rule_common()

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-12-12 12:22:12 -08:00
parent dfa47cc300
commit 444a38ae2e
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -624,6 +624,8 @@ sub process_actions2 () {
} }
} }
sub process_rule_common ( $$$$$$$$$$$$$$$$ );
# #
# This function is called to process each rule generated from an action file. # This function is called to process each rule generated from an action file.
# #
@ -1005,8 +1007,6 @@ sub process_actions3 () {
} }
} }
sub process_rule_common ( $$$$$$$$$$$$$$$ );
# #
# Expand a macro rule from the rules file # Expand a macro rule from the rules file
# #
@ -1091,6 +1091,7 @@ sub process_macro ( $$$$$$$$$$$$$$$$ ) {
} }
$generated |= process_rule_common( $generated |= process_rule_common(
undef, # $chainref
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
@ -1124,8 +1125,8 @@ sub process_macro ( $$$$$$$$$$$$$$$$ ) {
# Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If # Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If
# the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion. # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion.
# #
sub process_rule_common ( $$$$$$$$$$$$$$$ ) { sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
my ( $target, $current_param, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wildcard ) = @_; my ( $chainref, $target, $current_param, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wildcard ) = @_;
my ( $action, $loglevel) = split_action $target; my ( $action, $loglevel) = split_action $target;
my ( $basictarget, $param ) = get_target_param $action; my ( $basictarget, $param ) = get_target_param $action;
my $rule = ''; my $rule = '';
@ -1288,7 +1289,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$ ) {
$restriction = INPUT_RESTRICT if $destref && ( $destref->{type} == FIREWALL || $destref->{type} == VSERVER ); $restriction = INPUT_RESTRICT if $destref && ( $destref->{type} == FIREWALL || $destref->{type} == VSERVER );
} }
my ( $chain, $chainref, $policy ); my ( $chain, $policy );
# #
# For compatibility with older Shorewall versions # For compatibility with older Shorewall versions
# #

17
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1008,7 +1008,22 @@ sub process_rule ( ) {
my $destzone = (split( /:/, $dest, 2 ) )[0]; my $destzone = (split( /:/, $dest, 2 ) )[0];
$destzone = $action =~ /^REDIRECT/ ? $fw : '' unless defined_zone $destzone; $destzone = $action =~ /^REDIRECT/ ? $fw : '' unless defined_zone $destzone;
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) { if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
$generated |= process_rule_common $target, '', $source, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wild; $generated |= process_rule_common( undef,
$target,
'',
$source,
$dest,
$proto,
$ports,
$sports,
$origdest,
$ratelimit,
$user,
$mark,
$connlimit,
$time,
$headers,
$wild );
} }
} }
} }