From 502a00cc264a84fbb18bbffa82c8b382eb760915 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 30 Jul 2004 22:33:46 +0000 Subject: [PATCH] Remove dead code from process_actions2() and make user/group actions work git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1518 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE2/changelog.txt | 6 ++++++ STABLE2/firewall | 46 +++------------------------------------- STABLE2/releasenotes.txt | 7 +++++- 3 files changed, 15 insertions(+), 44 deletions(-) diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index df3b929a9..166a0594e 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -44,3 +44,9 @@ Changes in 2.0.7 4) Correct handling of multiple 'blacklist' interfaces. 5) Add "0.0.0.0 RETURN" to nobogons. + +Changes in 2.0.8 + +1) Removed dead code from process_actions2() + +2) Corrected read command in process_actions2() (userspec) diff --git a/STABLE2/firewall b/STABLE2/firewall index 8ba1ba90b..28fd28713 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -2863,47 +2863,6 @@ process_actions1() { # process the associated action files. # process_actions2() { - # - # Process a rule where the source or destination is "all" - # - process_wildcard_rule() { - local yclients yservers ysourcezone ydestzone ypolicy - - for yclients in $xclients; do - for yservers in $xservers; do - ysourcezone=${yclients%%:*} - ydestzone=${yservers%%:*} - if [ "${ysourcezone}" != "${ydestzone}" ] ; then - eval ypolicy=\$${ysourcezone}2${ydestzone}_policy - if [ "$ypolicy" != NONE ] ; then - process_action $xaction $xtarget $yclients $yservers $xprotocol $xports $xcports $xratelimit $xuserspec - fi - fi - done - done - } - - do_it() { - expandv xclients xservers xprotocol xports xcports xratelimit xuserspec - - if [ "x$xclients" = xall ]; then - xclients="$zones $FW" - if [ "x$xservers" = xall ]; then - xservers="$zones $FW" - fi - process_wildcard_rule - continue - fi - - if [ "x$xservers" = xall ]; then - xservers="$zones $FW" - process_wildcard_rule - continue - fi - - process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec - - } log_action() { [ "$COMMAND" != check ] && log_rule ${LOGNEWNOTSYN:-info} $1 $2 "" "" -p tcp ! --syn @@ -2981,8 +2940,9 @@ process_actions2() { fn=$(find_file $f) echo "Processing $fn..." - while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do - do_it + while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec ; do + expandv xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec + process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec done < $TMP_DIR/$f ;; esac diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index f50e0c150..ae1c01762 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.0.7 +Shorewall 2.0.8 ---------------------------------------------------------------------- Problems Corrected in version 2.0.4 @@ -114,6 +114,11 @@ New Features in version 2.0.7 default via 192.168.1.254 dev br0 Table default: +----------------------------------------------------------------------- +Problems Corrected in version 2.0.8 + +1) User/group restricted rules now work in actions. +