Implement INLINE action

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Config.pm

@@ -63,6 +63,7 @@ our @EXPORT = qw(
 		 get_action_logging
 		 get_action_disposition
 		 set_action_param
+		 get_inline_matches
 
 		 have_capability
 		 require_capability
@@ -154,6 +155,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       $debug
 				       $file_format
 				       $comment
+
 				       %config
 				       %globals
 				       %config_files
@@ -495,6 +497,7 @@ our %compiler_params;
 #
 our %actparms;
 our $parmsmodified;
+our $inline_matches;
 
 our $currentline;            # Current config file line image
 our $currentfile;            # File handle reference
@@ -1948,18 +1951,22 @@ sub split_line1( $$;$$ ) {
 	$pairs =~ s/^\s*//;
 	$pairs =~ s/\s*$//;
 
-	my @pairs = split( /,?\s+/, $pairs );
+	if ( $first eq 'INLINE') {
+	    $inline_matches = $pairs;
+	} else {
+	    my @pairs = split( /,?\s+/, $pairs );
 
-	for ( @pairs ) {
-	    fatal_error "Invalid column/value pair ($_)" unless /^(\w+)(?:=>?|:)(.+)$/;
-	    my ( $column, $value ) = ( lc $1, $2 );
-	    fatal_error "Unknown column ($1)" unless exists $columnsref->{$column};
-	    $column = $columnsref->{$column};
-	    fatal_error "Non-ASCII gunk in file" if $columns =~ /[^\s[:print:]]/;
-	    $value = $1 if $value =~ /^"([^"]+)"$/;
-	    fatal_error "Column values may not contain embedded double quotes, single back quotes or backslashes" if $columns =~ /["`\\]/;
-	    fatal_error "Non-ASCII gunk in the value of the $column column" if $columns =~ /[^\s[:print:]]/;
-	    $line[$column] = $value;
+	    for ( @pairs ) {
+		fatal_error "Invalid column/value pair ($_)" unless /^(\w+)(?:=>?|:)(.+)$/;
+		my ( $column, $value ) = ( lc $1, $2 );
+		fatal_error "Unknown column ($1)" unless exists $columnsref->{$column};
+		$column = $columnsref->{$column};
+		fatal_error "Non-ASCII gunk in file" if $columns =~ /[^\s[:print:]]/;
+		$value = $1 if $value =~ /^"([^"]+)"$/;
+		fatal_error "Column values may not contain embedded double quotes, single back quotes or backslashes" if $columns =~ /["`\\]/;
+		fatal_error "Non-ASCII gunk in the value of the $column column" if $columns =~ /[^\s[:print:]]/;
+		$line[$column] = $value;
+	    }
 	}
     }
 
@@ -2827,6 +2834,13 @@ sub embedded_perl( $ ) {
     }
 }
 
+#
+# Return inline matches
+#
+sub get_inline_matches() {
+    $inline_matches;
+}
+
 #
 # Push/pop acton params
 #

Shorewall/action.INLINE

@@ -0,0 +1,28 @@
+#
+# Shorewall version 4 - INLINE Action
+#
+# /usr/share/shorewall/action.INLINE
+#
+#################################################################################
+?FORMAT 2
+
+DEFAULTS -
+
+?BEGIN PERL;
+use strict;
+use Shorewall::Chains;
+use Shorewall::Rules;
+
+my $chainref = get_action_chain;
+my $rule     = get_inline_matches;
+
+add_rule( $chainref, $rule, '' );
+
+allow_optimize( $chainref );
+
+?END PERL;
+
+
+
+
+

Shorewall/actions.std

@@ -33,6 +33,7 @@ Drop		                # Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
 DropSmurfs   noinline           # Drop smurf packets
 Established  inline		# Handles packets in the ESTABLISHED state
+INLINE       nolog		# Handles in-line rules
 Invalid      inline             # Handles packets in the INVALID conntrack state
 New	     inline             # Handles packets in the NEW conntrack state
 NotSyn       inline             # Handles TCP packets which do not have SYN=1 and ACK=0

Shorewall6/actions.std

@@ -25,6 +25,7 @@ Drop		        	# Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
 DropSmurfs   noinline     	# Handles packets with a broadcast source address
 Established  inline		# Handles packets in the ESTABLISHED state
+INLINE       nolog		# Handles in-line rules
 Invalid	     inline		# Handles packets in the INVALID conntrack state
 New	     inline             # Handles packets in the NEW conntrack state
 NotSyn	     inline 		# Handles TCP packets that do not have SYN=1 and ACK=0