From 4a4bfe77ce9137c8009625d7ee0e2e6579151e84 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 2 Jan 2015 09:05:06 -0800 Subject: [PATCH] Implement IFACE_MATCH capability Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 7 ++++++- Shorewall/Perl/Shorewall/Config.pm | 12 +++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 7f491a571..3165bd61f 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -25,7 +25,7 @@ # loaded after this one and replaces some of the functions declared here. # -SHOREWALL_CAPVERSION=40600 +SHOREWALL_CAPVERSION=40606 [ -n "${g_program:=shorewall}" ] @@ -2393,6 +2393,7 @@ determine_capabilities() { UDPLITEREDIRECT= NEW_TOS_MATCH= TARPIT_TARGET= + IFACE_MATCH= AMANDA_HELPER= FTP_HELPER= @@ -2548,6 +2549,8 @@ determine_capabilities() { qt $g_tool -A $chain -p tcp -j TARPIT && TARPIT_TARGET=Yes + qt $g_tool -A $chain -m iface --iface lo --loopback && IFACE_MATCH=Yes + if [ -n "$MANGLE_ENABLED" ]; then qt $g_tool -t mangle -N $chain @@ -2826,6 +2829,7 @@ report_capabilities_unsorted() { report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT report_capability "New tos Match" $NEW_TOS_MATCH report_capability "TARPIT Target" $TARPIT_TARGET + report_capability "Iface Match" $IFACE_MATCH report_capability "Amanda Helper" $AMANDA_HELPER report_capability "FTP Helper" $FTP_HELPER @@ -2954,6 +2958,7 @@ report_capabilities_unsorted1() { report_capability1 UDPLITEREDIRECT report_capability1 NEW_TOS_MATCH report_capability1 TARPIT_TARGET + report_capability1 IFACE_MATCH report_capability1 AMANDA_HELPER report_capability1 FTP_HELPER diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index d04d4c2c6..e9c375c49 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -395,6 +395,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT', UDPLITEREDIRECT => 'UDPLITE Port Redirection', NEW_TOS_MATCH => 'New tos Match', TARPIT_TARGET => 'TARPIT Target', + IFACE_MATCH => 'Iface Match', AMANDA_HELPER => 'Amanda Helper', FTP_HELPER => 'FTP Helper', @@ -713,7 +714,7 @@ sub initialize( $;$$) { EXPORT => 0, KLUDGEFREE => '', VERSION => "4.5.19-Beta1", - CAPVERSION => 40600 , + CAPVERSION => 40606 , ); # # From shorewall.conf file @@ -981,6 +982,7 @@ sub initialize( $;$$) { NEW_TOS_MATCH => undef, REAP_OPTION => undef, TARPIT_TARGET => undef, + IFACE_MATCH => undef, AMANDA_HELPER => undef, FTP_HELPER => undef, @@ -4462,6 +4464,12 @@ sub Arptables_JF() { } } +sub Iface_Match() { + qt1( "$iptables $iptablesw -A $sillyname -m iface --iface lo --loopback" ); +} + + + our %detect_capability = ( ACCOUNT_TARGET =>\&Account_Target, AMANDA_HELPER => \&Amanda_Helper, @@ -4494,6 +4502,7 @@ our %detect_capability = HASHLIMIT_MATCH => \&Hashlimit_Match, HEADER_MATCH => \&Header_Match, HELPER_MATCH => \&Helper_Match, + IFACE_MATCH => \&Iface_Match, IMQ_TARGET => \&Imq_Target, IPMARK_TARGET => \&IPMark_Target, IPP2P_MATCH => \&Ipp2p_Match, @@ -4700,6 +4709,7 @@ sub determine_capabilities() { $capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' ); $capabilities{NEW_TOS_MATCH} = detect_capability( 'NEW_TOS_MATCH' ); $capabilities{TARPIT_TARGET} = detect_capability( 'TARPIT_TARGET' ); + $capabilities{IFACE_MATCH} = detect_capability( 'IFACE_MATCH' ); unless ( have_capability 'CT_TARGET' ) { $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';