holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Return to zone-based handling of 'all'.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-25 16:31:05 -08:00
parent 642f192b3d
commit 697fc001c3
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -255,8 +255,18 @@ sub setup_conntrack() {
if ( $format < 3 ) { if ( $format < 3 ) {
if ( $source =~ /^all(-)?(:(.+))?$/ ) { if ( $source =~ /^all(-)?(:(.+))?$/ ) {
fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-'; fatal_error 'USER/GROUP is not allowed unless the SOURCE zone is $FW or a Vserver zone' if $user ne '-';
process_conntrack_rule( $raw_table->{OUTPUT}, undef, $action, $3 || '-', $dest, $proto, $ports, $sports, $user , $switch ) unless $1; for my $zone ( $1 ? off_firewall_zones : all_zones ) {
process_conntrack_rule( $raw_table->{PREROUTING}, undef, $action, $3 || '-', $dest, $proto, $ports, $sports, $user , $switch ); process_conntrack_rule( undef ,
undef,
$action,
$zone . ( $2 || ''),
$dest,
$proto,
$ports,
$sports,
$user ,
$switch );
}
} else { } else {
process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch ); process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user, $switch );
} }