From 4c40b205f85b77d43b4bd12888b491cdc0f973fb Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 24 Nov 2009 13:14:24 -0800 Subject: [PATCH] Revert "Experimental explicit CONTINUE" This reverts commit 10056a03d94da0be204da21d7a86b95b83dc9b30. --- Shorewall/Perl/Shorewall/Policy.pm | 53 +++++------------------------- 1 file changed, 9 insertions(+), 44 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm index e0114d67e..99d34da14 100644 --- a/Shorewall/Perl/Shorewall/Policy.pm +++ b/Shorewall/Perl/Shorewall/Policy.pm @@ -156,14 +156,12 @@ sub process_a_policy() { $connlimit = '' if $connlimit eq '-'; my $clientwild = ( "\L$client" eq 'all' ); - my $clientref = defined_zone( $client ); - fatal_error "Undefined zone ($client)" unless $clientwild || $clientref; + fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client ); my $serverwild = ( "\L$server" eq 'all' ); - my $serverref = defined_zone( $server ); - fatal_error "Undefined zone ($server)" unless $serverwild || $serverref; + fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server ); my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 ); @@ -171,7 +169,7 @@ sub process_a_policy() { fatal_error "Invalid default action ($default:$remainder)" if defined $remainder; - ( $policy , my $param ) = get_target_param $policy; + ( $policy , my $queue ) = get_target_param $policy; if ( $default ) { if ( "\L$default" eq 'none' ) { @@ -194,45 +192,12 @@ sub process_a_policy() { fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy}; - if ( defined $param ) { - if ( $policy eq 'NFQUEUE' ) { - require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); - my $queuenum = numeric_value( $param ); - fatal_error "Invalid NFQUEUE queue number ($param)" unless defined( $queuenum) && $queuenum <= 65535; - $policy = "NFQUEUE --queue-num $queuenum"; - } elsif ( $policy eq 'CONTINUE' ) { - my ( $source, $dest , $rest ) = split/,/, $param; - fatal_error "Invalid CONTINUE parameter ($param)" if defined $rest || ! ( $source && $dest ); - my $sourcewild = ( $source eq 'all' ); - my $destwild = ( $dest eq 'all' ); - fatal_error "Invalid source zone ($source)" unless $sourcewild || defined_zone $source; - fatal_error "Invalid dest zone ($dest)" unless $destwild || defined_zone $dest; - my $continueref = $filter_table->{$policy = rules_chain( $source, $dest )}; - fatal_error "No policy defined for $source to $dest" unless $continueref && $continueref->{policy}; - fatal_error "The all to all policy may not be continued" if $clientwild && $serverwild; - - if ( $client ne $source ) { - unless ( $clientwild || $sourcewild ) { - my $found = 0; - for ( @{$clientref->{parents}} ) { - $found = 1 if $_ eq $source; - } - fatal_error "$source is not a parent of $client" unless $found; - } - } - - if ( $server ne $dest ) { - unless ( $serverwild || $destwild ) { - my $found = 0; - for ( @{$serverref->{parents}} ) { - $found = 1 if $_ eq $dest; - } - fatal_error "$dest is not a parent of $server" unless $found; - } - } - } else { - fatal_error "Invalid policy ($policy($param))"; - } + if ( defined $queue ) { + fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE'; + require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); + my $queuenum = numeric_value( $queue ); + fatal_error "Invalid NFQUEUE queue number ($queue)" unless defined( $queuenum) && $queuenum <= 65535; + $policy = "NFQUEUE --queue-num $queuenum"; } elsif ( $policy eq 'NONE' ) { fatal_error "NONE policy not allowed with \"all\"" if $clientwild || $serverwild;