forked from extern/shorewall_code
Move IPSEC option constants to the Zones module; Add Rules module
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5528 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
299d15d992
commit
5ec37963d8
@ -416,7 +416,7 @@ sub finish_section ( $ ) {
|
||||
|
||||
for my $zone ( @zones ) {
|
||||
for my $zone1 ( @zones ) {
|
||||
my $chainref = $chain_table{'filter'}{"${zone}2${zone1}"};
|
||||
my $chainref = $chain_table{'filter'}{"$zone}2${zone1}"};
|
||||
if ( $chainref->{referenced} ) {
|
||||
finish_chain_section $chainref, $sections;
|
||||
}
|
||||
|
||||
64
New/Shorewall/Rules.pm
Normal file
64
New/Shorewall/Rules.pm
Normal file
@ -0,0 +1,64 @@
|
||||
package Shorewall::Rules;
|
||||
require Exporter;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( STANDARD
|
||||
NATRULE
|
||||
BUILTIN
|
||||
NONAT
|
||||
NATONLY
|
||||
REDIRECT
|
||||
ACTION
|
||||
MACRO
|
||||
LOGRULE
|
||||
|
||||
%targets
|
||||
);
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
|
||||
#
|
||||
# Target Table. Each entry maps a target to a set of flags defined as follows.
|
||||
#
|
||||
use constant { STANDARD => 1, #defined by Netfilter
|
||||
NATRULE => 2, #Involved NAT
|
||||
BUILTIN => 4, #A built-in action
|
||||
NONAT => 8, #'NONAT' or 'ACCEPT+'
|
||||
NATONLY => 16, #'DNAT-' or 'REDIRECT-'
|
||||
REDIRECT => 32, #'REDIRECT'
|
||||
ACTION => 64, #An action
|
||||
MACRO => 128, #A Macro
|
||||
LOGRULE => 256, #'LOG'
|
||||
};
|
||||
#
|
||||
# As new targets (Actions and Macros) are discovered, they are added to the table
|
||||
#
|
||||
our %targets = ('ACCEPT' => STANDARD,
|
||||
'ACCEPT+' => STANDARD + NONAT,
|
||||
'ACCEPT!' => STANDARD,
|
||||
'NONAT' => STANDARD + NONAT,
|
||||
'DROP' => STANDARD,
|
||||
'DROP!' => STANDARD,
|
||||
'REJECT' => STANDARD,
|
||||
'REJECT!' => STANDARD,
|
||||
'DNAT' => NATRULE,
|
||||
'DNAT-' => NATRULE + NATONLY,
|
||||
'REDIRECT' => NATRULE + REDIRECT,
|
||||
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
|
||||
'LOG' => STANDARD + LOGRULE,
|
||||
'CONTINUE' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'SAME' => NATRULE,
|
||||
'SAME-' => NATRULE + NATONLY,
|
||||
'dropBcast' => BUILTIN + ACTION,
|
||||
'allowBcast' => BUILTIN + ACTION,
|
||||
'dropNotSyn' => BUILTIN + ACTION,
|
||||
'rejNotSyn' => BUILTIN + ACTION,
|
||||
'dropInvalid' => BUILTIN + ACTION,
|
||||
'allowInvalid' => BUILTIN + ACTION,
|
||||
'allowinUPnP' => BUILTIN + ACTION,
|
||||
'forwardUPnP' => BUILTIN + ACTION,
|
||||
'Limit' => BUILTIN + ACTION,
|
||||
);
|
||||
|
||||
1;
|
||||
@ -4,10 +4,33 @@ use Shorewall::Common;
|
||||
use Shorewall::Config;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( determine_zones add_group_to_zone dump_zone_info zone_report @zones %zones $firewall_zone );
|
||||
our @EXPORT = qw( NOTHING
|
||||
NUMERIC
|
||||
NETWORK
|
||||
IPSECPROTO
|
||||
IPSECMODE
|
||||
|
||||
determine_zones
|
||||
add_group_to_zone
|
||||
dump_zone_info
|
||||
zone_report
|
||||
|
||||
@zones
|
||||
%zones
|
||||
$firewall_zone );
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
|
||||
#
|
||||
# IPSEC Option types
|
||||
#
|
||||
use constant { NOTHING => 'NOTHING',
|
||||
NUMERIC => '0x[\da-fA-F]+|\d+',
|
||||
NETWORK => '\d+.\d+.\d+.\d+(\/\d+)?',
|
||||
IPSECPROTO => 'ah|esp|ipcomp',
|
||||
IPSECMODE => 'tunnel|transport'
|
||||
};
|
||||
|
||||
#
|
||||
# Zone Table.
|
||||
#
|
||||
|
||||
@ -10,16 +10,8 @@ use Shorewall::Chains;
|
||||
use Shorewall::Zones;
|
||||
use Shorewall::Interfaces;
|
||||
use Shorewall::Hosts;
|
||||
use Shorewall::Rules;
|
||||
|
||||
#
|
||||
# IPSEC Option types
|
||||
#
|
||||
use constant { NOTHING => 'NOTHING',
|
||||
NUMERIC => '0x[\da-fA-F]+|\d+',
|
||||
NETWORK => '\d+.\d+.\d+.\d+(\/\d+)?',
|
||||
IPSECPROTO => 'ah|esp|ipcomp',
|
||||
IPSECMODE => 'tunnel|transport'
|
||||
};
|
||||
|
||||
my ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion.
|
||||
|
||||
@ -57,50 +49,7 @@ my @allipv4 = ( '0.0.0.0/0' );
|
||||
use constant { ALLIPv4 => '0.0.0.0/0' };
|
||||
|
||||
my @rfc1918_networks = ( "10.0.0.0/24", "172.16.0.0/12", "192.168.0.0/16" );
|
||||
#
|
||||
# Target Table. Each entry maps a target to a set of flags defined as follows.
|
||||
#
|
||||
use constant { STANDARD => 1, #defined by Netfilter
|
||||
NATRULE => 2, #Involved NAT
|
||||
BUILTIN => 4, #A built-in action
|
||||
NONAT => 8, #'NONAT' or 'ACCEPT+'
|
||||
NATONLY => 16, #'DNAT-' or 'REDIRECT-'
|
||||
REDIRECT => 32, #'REDIRECT'
|
||||
ACTION => 64, #An action
|
||||
MACRO => 128, #A Macro
|
||||
LOGRULE => 256, #'LOG'
|
||||
};
|
||||
#
|
||||
# As new targets (Actions and Macros) are discovered, they are added to the table
|
||||
#
|
||||
my %targets = ('ACCEPT' => STANDARD,
|
||||
'ACCEPT+' => STANDARD + NONAT,
|
||||
'ACCEPT!' => STANDARD,
|
||||
'NONAT' => STANDARD + NONAT,
|
||||
'DROP' => STANDARD,
|
||||
'DROP!' => STANDARD,
|
||||
'REJECT' => STANDARD,
|
||||
'REJECT!' => STANDARD,
|
||||
'DNAT' => NATRULE,
|
||||
'DNAT-' => NATRULE + NATONLY,
|
||||
'REDIRECT' => NATRULE + REDIRECT,
|
||||
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
|
||||
'LOG' => STANDARD + LOGRULE,
|
||||
'CONTINUE' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'SAME' => NATRULE,
|
||||
'SAME-' => NATRULE + NATONLY,
|
||||
'dropBcast' => BUILTIN + ACTION,
|
||||
'allowBcast' => BUILTIN + ACTION,
|
||||
'dropNotSyn' => BUILTIN + ACTION,
|
||||
'rejNotSyn' => BUILTIN + ACTION,
|
||||
'dropInvalid' => BUILTIN + ACTION,
|
||||
'allowInvalid' => BUILTIN + ACTION,
|
||||
'allowinUPnP' => BUILTIN + ACTION,
|
||||
'forwardUPnP' => BUILTIN + ACTION,
|
||||
'Limit' => BUILTIN + ACTION,
|
||||
);
|
||||
#
|
||||
|
||||
# Action Table
|
||||
#
|
||||
# %actions{ <action1> => { requires => { <requisite1> = 1,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user