Revert "Experimental explicit CONTINUE"

This reverts commit 10056a03d9.
This commit is contained in:
Tom Eastep 2009-11-24 13:14:24 -08:00
parent 10056a03d9
commit 4c40b205f8

View File

@ -156,14 +156,12 @@ sub process_a_policy() {
$connlimit = '' if $connlimit eq '-'; $connlimit = '' if $connlimit eq '-';
my $clientwild = ( "\L$client" eq 'all' ); my $clientwild = ( "\L$client" eq 'all' );
my $clientref = defined_zone( $client );
fatal_error "Undefined zone ($client)" unless $clientwild || $clientref; fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
my $serverwild = ( "\L$server" eq 'all' ); my $serverwild = ( "\L$server" eq 'all' );
my $serverref = defined_zone( $server );
fatal_error "Undefined zone ($server)" unless $serverwild || $serverref; fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server );
my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 ); my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 );
@ -171,7 +169,7 @@ sub process_a_policy() {
fatal_error "Invalid default action ($default:$remainder)" if defined $remainder; fatal_error "Invalid default action ($default:$remainder)" if defined $remainder;
( $policy , my $param ) = get_target_param $policy; ( $policy , my $queue ) = get_target_param $policy;
if ( $default ) { if ( $default ) {
if ( "\L$default" eq 'none' ) { if ( "\L$default" eq 'none' ) {
@ -194,45 +192,12 @@ sub process_a_policy() {
fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy}; fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy};
if ( defined $param ) { if ( defined $queue ) {
if ( $policy eq 'NFQUEUE' ) { fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE';
require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' );
my $queuenum = numeric_value( $param ); my $queuenum = numeric_value( $queue );
fatal_error "Invalid NFQUEUE queue number ($param)" unless defined( $queuenum) && $queuenum <= 65535; fatal_error "Invalid NFQUEUE queue number ($queue)" unless defined( $queuenum) && $queuenum <= 65535;
$policy = "NFQUEUE --queue-num $queuenum"; $policy = "NFQUEUE --queue-num $queuenum";
} elsif ( $policy eq 'CONTINUE' ) {
my ( $source, $dest , $rest ) = split/,/, $param;
fatal_error "Invalid CONTINUE parameter ($param)" if defined $rest || ! ( $source && $dest );
my $sourcewild = ( $source eq 'all' );
my $destwild = ( $dest eq 'all' );
fatal_error "Invalid source zone ($source)" unless $sourcewild || defined_zone $source;
fatal_error "Invalid dest zone ($dest)" unless $destwild || defined_zone $dest;
my $continueref = $filter_table->{$policy = rules_chain( $source, $dest )};
fatal_error "No policy defined for $source to $dest" unless $continueref && $continueref->{policy};
fatal_error "The all to all policy may not be continued" if $clientwild && $serverwild;
if ( $client ne $source ) {
unless ( $clientwild || $sourcewild ) {
my $found = 0;
for ( @{$clientref->{parents}} ) {
$found = 1 if $_ eq $source;
}
fatal_error "$source is not a parent of $client" unless $found;
}
}
if ( $server ne $dest ) {
unless ( $serverwild || $destwild ) {
my $found = 0;
for ( @{$serverref->{parents}} ) {
$found = 1 if $_ eq $dest;
}
fatal_error "$dest is not a parent of $server" unless $found;
}
}
} else {
fatal_error "Invalid policy ($policy($param))";
}
} elsif ( $policy eq 'NONE' ) { } elsif ( $policy eq 'NONE' ) {
fatal_error "NONE policy not allowed with \"all\"" fatal_error "NONE policy not allowed with \"all\""
if $clientwild || $serverwild; if $clientwild || $serverwild;