forked from extern/shorewall_code
Add QUOTA_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
35457f4e95
commit
4824c9b8ff
@ -435,7 +435,7 @@ sub initialize( $ ) {
|
||||
KLUDGEFREE => '',
|
||||
STATEMATCH => '-m state --state',
|
||||
UNTRACKED => 0,
|
||||
VERSION => "4.4.22-Beta1",
|
||||
VERSION => "4.4.22.1",
|
||||
CAPVERSION => 40421 ,
|
||||
);
|
||||
#
|
||||
@ -1442,7 +1442,7 @@ sub close_file() {
|
||||
#
|
||||
# Functions for copying a file into the script
|
||||
#
|
||||
sub copy( $;$ ) {
|
||||
sub copy( $ ) {
|
||||
assert( $script_enabled );
|
||||
|
||||
if ( $script ) {
|
||||
@ -3376,8 +3376,6 @@ sub get_configuration( $$$ ) {
|
||||
|
||||
my ( $export, $update, $annotate ) = @_;
|
||||
|
||||
my $val;
|
||||
|
||||
$globals{EXPORT} = $export;
|
||||
|
||||
our ( $once, @originalinc );
|
||||
@ -3405,18 +3403,6 @@ sub get_configuration( $$$ ) {
|
||||
|
||||
get_capabilities( $export );
|
||||
|
||||
if ( supplied( $val = $config{SHOREWALL_SHELL} ) ) {
|
||||
unless ( $val =~ /^\// ) {
|
||||
if ( $export ) {
|
||||
$val = $config{SHOREWALL_SHELL} = "/bin/$val";
|
||||
warning_message "Assuming SHOREWALL_SHELL=$val";
|
||||
} else {
|
||||
warning_message "Can't find SHOREWALL_SHELL ($val)" unless $config{SHOREWALL_SHELL} = which $val;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$config{SHOREWALL_SHELL} = '/bin/sh';
|
||||
}
|
||||
|
||||
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
|
||||
|
||||
@ -3491,6 +3477,8 @@ sub get_configuration( $$$ ) {
|
||||
|
||||
check_trivalue ( 'IP_FORWARDING', 'on' );
|
||||
|
||||
my $val;
|
||||
|
||||
if ( have_capability( 'KERNELVERSION' ) < 20631 ) {
|
||||
check_trivalue ( 'ROUTE_FILTER', '' );
|
||||
} else {
|
||||
|
||||
@ -1922,7 +1922,9 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
|
||||
do_user( $user ) ,
|
||||
do_test( $mark , $globals{TC_MASK} ) ,
|
||||
do_connlimit( $connlimit ),
|
||||
do_time( $time ) );
|
||||
do_time( $time ) ,
|
||||
do_headers( $headers ) ,
|
||||
);
|
||||
} else {
|
||||
$rule = join( '',
|
||||
do_proto($proto, $ports, $sports),
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
#
|
||||
|
||||
SHOREWALL_LIBVERSION=40407
|
||||
SHOREWALL_CAPVERSION=40421
|
||||
SHOREWALL_CAPVERSION=40423
|
||||
|
||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||
|
||||
@ -1722,6 +1722,7 @@ determine_capabilities() {
|
||||
HEADER_MATCH=
|
||||
ACCOUNT_TARGET=
|
||||
AUDIT_TARGET=
|
||||
QUOTA_MATCH=
|
||||
|
||||
chain=fooX$$
|
||||
|
||||
@ -1871,7 +1872,7 @@ determine_capabilities() {
|
||||
qt $IPTABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
|
||||
qt $IPTABLES -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
|
||||
qt $IPTABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
||||
|
||||
qt $IPTABLES -A $chain -m quota --quota 1000 & QUOTA_MATCH=Yes
|
||||
qt $IPTABLES -F $chain
|
||||
qt $IPTABLES -X $chain
|
||||
qt $IPTABLES -F $chain1
|
||||
@ -1964,6 +1965,7 @@ report_capabilities() {
|
||||
report_capability "Header Match" $HEADER_MATCH
|
||||
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
||||
report_capability "AUDIT Target" $AUDIT_TARGET
|
||||
report_capability "Quota Match" $QUOTA_MATCH
|
||||
report_capability "ipset V5" $IPSET_V5
|
||||
fi
|
||||
|
||||
@ -2033,6 +2035,7 @@ report_capabilities1() {
|
||||
report_capability1 HEADER_MATCH
|
||||
report_capability1 ACCOUNT_TARGET
|
||||
report_capability1 AUDIT_TARGET
|
||||
report_capability1 QUOTA_MATCH
|
||||
report_capability1 IPSET_V5
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
#
|
||||
|
||||
SHOREWALL_LIBVERSION=40407
|
||||
SHOREWALL_CAPVERSION=40421
|
||||
SHOREWALL_CAPVERSION=40423
|
||||
|
||||
[ -n "${VARDIR:=/var/lib/shorewall6}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
|
||||
|
||||
@ -1549,6 +1549,7 @@ determine_capabilities() {
|
||||
HEADER_MATCH=
|
||||
ACCOUNT_TARGET=
|
||||
AUDIT_TARGET=
|
||||
QUOTA_MATCH=
|
||||
IPSET_V5=
|
||||
|
||||
chain=fooX$$
|
||||
@ -1700,6 +1701,7 @@ determine_capabilities() {
|
||||
qt $IP6TABLES -A $chain -m ipv6header --header 255 && HEADER_MATCH=Yes
|
||||
qt $IP6TABLES -A $chain -j ACCOUNT --addr 1::/122 --tname $chain && ACCOUNT_TARGET=Yes
|
||||
qt $IP6TABLES -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
|
||||
qt $IP6TABLES -A $chain -m quota --quota 1000 && QUOTA_MATCH=Yes
|
||||
|
||||
|
||||
qt $IP6TABLES -F $chain
|
||||
@ -1791,6 +1793,7 @@ report_capabilities() {
|
||||
report_capability "Header Match" $HEADER_MATCH
|
||||
report_capability "ACCOUNT Target" $ACCOUNT_TARGET
|
||||
report_capability "AUDIT Target" $AUDIT_TARGET
|
||||
report_capability "Quota Match" $QUOTA_MATCH
|
||||
report_capability "ipset V5" $IPSET_V5
|
||||
fi
|
||||
|
||||
@ -1857,6 +1860,7 @@ report_capabilities1() {
|
||||
report_capability1 HEADER_MATCH
|
||||
report_capability1 ACCOUNT_TARGET
|
||||
report_capability1 AUDIT_TARGET
|
||||
report_capability1 QUOTA_MATCH
|
||||
report_capability1 IPSET_V5
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
|
||||
Loading…
Reference in New Issue
Block a user