holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix action processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5475 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-09 19:37:04 +00:00
parent cafff1fc30
commit 7064feb0ab
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
New/compiler.pl
View File

@ -1224,7 +1224,7 @@ sub new_action( $ ) {
my %h; my %h;
$h{actchain} = 0; $h{actchain} = '';
$h{requires} = {}; $h{requires} = {};
$actions{$action} = \%h; $actions{$action} = \%h;
} }
@ -1265,16 +1265,14 @@ sub createlogactionchain( $$ ) {
$chain = substr $chain, 0, 28 if ( length $chain ) > 28; $chain = substr $chain, 0, 28 if ( length $chain ) > 28;
while ( $chain_table{'%' . $chain . $actionref->{actchain}} ) { while ( $chain_table{'%' . $chain . $actionref->{actchain}} ) {
$chain = substr $chain, 0, 27 if ++($actionref->{actchain}) == 10 and length $chain == 28; $chain = substr $chain, 0, 27 if $actionref->{actchain} == 10 and length $chain == 28;
} }
$actionref = new_action $action unless $actionref; $actionref = new_action $action unless $actionref;
$actionref->{actchain}++;
$level = 'none' unless $level; $level = 'none' unless $level;
$logactionchains{"$action:$level"} = new_chain 'filter', '%' . $chain . $actionref->{actchain}; $logactionchains{"$action:$level"} = new_chain 'filter', '%' . $chain . $actionref->{actchain}++;
# #
# Fixme -- action file # Fixme -- action file
@ -3527,8 +3525,8 @@ sub process_rule1 ( $$$$$$$$$ ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_;
my ( $action, $loglevel) = split_action $target; my ( $action, $loglevel) = split_action $target;
my $rule = ''; my $rule = '';
my $actionchainref;
$proto = '' unless defined $proto;
$ports = '' unless defined $ports; $ports = '' unless defined $ports;
$sports = '' unless defined $sports; $sports = '' unless defined $sports;
$origdest = '' unless defined $origdest; $origdest = '' unless defined $origdest;
@ -3565,7 +3563,7 @@ sub process_rule1 ( $$$$$$$$$ ) {
# Mark target as used # Mark target as used
# #
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
unless ( $usedactions{target} ) { unless ( $usedactions{$target} ) {
$usedactions{$target} = 1; $usedactions{$target} = 1;
createactionchain $target; createactionchain $target;
} }
@ -3711,6 +3709,12 @@ sub process_rule1 ( $$$$$$$$$ ) {
# Add filter table rule, unless this is a NATONLY rule type # Add filter table rule, unless this is a NATONLY rule type
# #
unless ( $actiontype & NATONLY ) { unless ( $actiontype & NATONLY ) {
if ( $actiontype & ACTION ) {
$action = (find_logactionchain $target)->{name};
$loglevel = '';
}
finish_rule finish_rule
ensure_chain ('filter', $chain ) , ensure_chain ('filter', $chain ) ,
$rule , $rule ,
@ -4148,7 +4152,7 @@ sub allowinUPnP ( $$$ ) {
sub Limit( $$$ ) { sub Limit( $$$ ) {
my ($chainref, $level, $tag) = @_; my ($chainref, $level, $tag) = @_;
my @tag = split $tag; my @tag = split /,/, $tag;
fatal_error 'Limit rules must include <set name>,<max connections>,<interval> as the log tag' unless @tag == 3; fatal_error 'Limit rules must include <set name>,<max connections>,<interval> as the log tag' unless @tag == 3;