From 4dbd06792c0e729755580541121feb5692a5ad67 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 28 Jan 2009 19:35:21 +0000 Subject: [PATCH] Apply COUNT change to trunk git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Actions.pm | 4 +++- Shorewall-perl/Shorewall/Chains.pm | 3 +++ Shorewall-perl/Shorewall/Rules.pm | 4 +++- Shorewall-shell/compiler | 2 +- Shorewall-shell/lib.actions | 11 +++++++---- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl/Shorewall/Actions.pm index 1d6ba2778..0ee94b0d9 100644 --- a/Shorewall-perl/Shorewall/Actions.pm +++ b/Shorewall-perl/Shorewall/Actions.pm @@ -565,6 +565,8 @@ sub process_action( $$$$$$$$$$ ) { ( $action, my $param ) = get_target_param $action; $param = 1 unless defined $param; $action = "NFQUEUE --queue-num $param"; + } elsif ( $action eq 'COUNT' ) { + $action = ''; } expand_rule ( $chainref , @@ -574,7 +576,7 @@ sub process_action( $$$$$$$$$$ ) { $dest , '', #Original Dest '', #Original Dest port - "-j $action" , + $action ? "-j $action" : '', $level , $action , '' ); diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 486006e94..ab4cce768 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -263,6 +263,7 @@ our %builtin_target = ( ACCEPT => 1, REJECT => 1, DROP => 1, RETURN => 1, + COUNT => 1, DNAT => 1, SAME => 1, LOG => 1, @@ -945,6 +946,7 @@ sub initialize_chain_table() 'LOG' => STANDARD + LOGRULE, 'CONTINUE' => STANDARD, 'CONTINUE!' => STANDARD, + 'COUNT' => STANDARD, 'QUEUE' => STANDARD, 'QUEUE!' => STANDARD, 'NFQUEUE' => STANDARD + NFQ, @@ -996,6 +998,7 @@ sub initialize_chain_table() 'LOG' => STANDARD + LOGRULE, 'CONTINUE' => STANDARD, 'CONTINUE!' => STANDARD, + 'COUNT' => STANDARD, 'QUEUE' => STANDARD, 'QUEUE!' => STANDARD, 'NFQUEUE' => STANDARD + NFQ, diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index b09aee4e6..1a6ba8541 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1096,6 +1096,8 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $action = 'reject'; } elsif ( $action eq 'CONTINUE' ) { $action = 'RETURN'; + } elsif ( $action eq 'COUNT' ) { + $action = ''; } elsif ( $actiontype & LOGRULE ) { fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne ''; } @@ -1384,7 +1386,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $dest , $origdest , $origdstports , - "-j $action " , + $action ? "-j $action " : '' , $loglevel , $action , '' ); diff --git a/Shorewall-shell/compiler b/Shorewall-shell/compiler index e22a4abd9..77323c422 100755 --- a/Shorewall-shell/compiler +++ b/Shorewall-shell/compiler @@ -2613,7 +2613,7 @@ process_macro() # $1 = target while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - [ $mtarget = COMMENT ] && continue + [ $mtarget = COMMENT -o $mtarget = COUNT ] && continue mtarget=$(merge_levels $itarget $mtarget) diff --git a/Shorewall-shell/lib.actions b/Shorewall-shell/lib.actions index 24a31b3e6..e8528bc8d 100644 --- a/Shorewall-shell/lib.actions +++ b/Shorewall-shell/lib.actions @@ -383,6 +383,9 @@ process_action() # $1 = chain (Chain to add the rules to) CONTINUE) target=RETURN ;; + COUNT) + return; + ;; *) ;; esac @@ -615,7 +618,7 @@ process_actions1() { while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec $xmark; do temp="${xtarget%%:*}" case "$temp" in - ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE) + ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|COUNT) ;; COMMENT) if [ "$temp" != "$xtarget" ]; then @@ -659,7 +662,7 @@ process_actions1() { while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - [ $mtarget = COMMENT ] && continue + [ $mtarget = COMMENT -o $mtarget = COUNT ] && continue temp="${mtarget%%:*}" case "$temp" in @@ -771,7 +774,7 @@ process_action3() { xtarget1=${xaction2%%:*} case $xtarget1 in - ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE) + ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|COUNT) # # Builtin target -- Nothing to do # @@ -816,7 +819,7 @@ process_action3() { while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - [ $mtarget = COMMENT ] && continue + [ $mtarget = COMMENT -o $mtarget = COUNT ] && continue mtarget=$(merge_levels $xaction2 $mtarget)