diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 29ff0f928..0c665cb0c 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -472,7 +472,7 @@ my %compiler_params; # # Action parameters # -my @actparms; +my %actparms; our $currentline; # Current config file line image my $currentfile; # File handle reference @@ -901,7 +901,7 @@ sub initialize( $;$$) { %compiler_params = (); - @actparms = (); + %actparms = ( ); %helpers_enabled = ( amanda => 1, @@ -1922,15 +1922,16 @@ sub evaluate_expression( $$$ ) { my $val; my $count = 0; - # $1 $2 $3 - $4 - while ( $expression =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) { + # $1 $2 $3 - $4 + while ( $expression =~ m( ^(.*?) \$({)? (\d+|[a-zA-Z]\w*) (?(2)}) (.*)$ )x ) { my ( $first, $var, $rest ) = ( $1, $3, $4); - $val = ( exists $ENV{$var} ? $ENV{$var} : - exists $params{$var} ? $params{$var} : - exists $config{$var} ? $config{$var} : - exists $renamed{$var} ? $config{$renamed{$var}} : - exists $capdesc{$var} ? have_capability( $var ) : 0 ); + $val = ( exists $ENV{$var} ? $ENV{$var} : + exists $params{$var} ? $params{$var} : + exists $config{$var} ? $config{$var} : + exists $renamed{$var} ? $config{$renamed{$var}} : + exists $actparms{$var} ? ( $var ? $actparms{$var} : $actparms{0}->{name} ) : + exists $capdesc{$var} ? have_capability( $var ) : 0 ); $val = 0 unless defined $val; $val = "'$val'" unless $val =~ /^-?\d+$/; $expression = join( '', $first, $val || 0, $rest ); @@ -2469,26 +2470,28 @@ sub embedded_perl( $ ) { # # Push/pop action params # -sub push_action_params( $$ ) { - my @params = split /,/, $_[1]; - my @oldparams = @actparms; +sub push_action_params( $$$$ ) { + my @params = ( undef , split /,/, $_[1] ); + my %oldparams = %actparms; - @actparms = (); + %actparms = (); - $actparms[0] = $_[0]; + for ( my $i = 1; $i < @params; $i++ ) { + my $val = $params[$i]; - for ( my $i = 1; $i <= @params; $i++ ) { - my $val = $params[$i - 1]; - - $actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val; + $actparms{$i} = $val eq '-' ? '' : $val eq '--' ? '-' : $val; } - \@oldparams; + $actparms{0} = $_[0]; + $actparms{loglevel} = $_[2]; + $actparms{logtag} = $_[3]; + + \%oldparams; } sub pop_action_params( $ ) { my $oldparms = shift; - @actparms = @$oldparms; + %actparms = %$oldparms; } sub default_action_params { @@ -2497,11 +2500,11 @@ sub default_action_params { for ( $i = 1; 1; $i++ ) { last unless defined ( $val = shift ); - my $curval = $actparms[$i]; - $actparms[$i] = $val unless supplied( $curval ); + my $curval = $actparms{$i}; + $actparms{$i} = $val unless supplied( $curval ); } - fatal_error "Too Many arguments to action $action" if defined $actparms[$i]; + fatal_error "Too Many arguments to action $action" if defined $actparms{$i}; } sub get_action_params( $ ) { @@ -2512,7 +2515,7 @@ sub get_action_params( $ ) { my @return; for ( my $i = 1; $i <= $num; $i++ ) { - my $val = $actparms[$i]; + my $val = $actparms{$i}; push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val; } @@ -2520,18 +2523,18 @@ sub get_action_params( $ ) { } sub get_action_chain() { - $actparms[0]; + $actparms{0}; } sub set_action_param( $$ ) { my $i = shift; fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0; - $actparms[$i] = shift; + $actparms{$i} = shift; } # -# Expand Shell Variables in the passed buffer using @actparms, %params, %shorewallrc and %config, +# Expand Shell Variables in the passed buffer using %actparms, %params, %shorewallrc and %config, # sub expand_variables( \$ ) { my ( $lineref, $count ) = ( $_[0], 0 ); @@ -2543,12 +2546,14 @@ sub expand_variables( \$ ) { my $val; if ( $var =~ /^\d+$/ ) { - fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms[$var] ) || ( length( $var ) > 1 && $var =~ /^0/ ); - $val = $var ? $actparms[$var] : $actparms[0]->{name}; + fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms{$var} ) || ( length( $var ) > 1 && $var =~ /^0/ ); + $val = $var ? $actparms{$var} : $actparms{0}->{name}; } elsif ( exists $params{$var} ) { $val = $params{$var}; } elsif ( exists $shorewallrc{$var} ) { $val = $shorewallrc{$var} + } elsif ( exists $actparms{$var} ) { + $val = $actparms{$var}; } else { fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var}; $val = $config{$var}; @@ -2657,7 +2662,7 @@ sub read_a_line($) { # handle_first_entry if $first_entry; # - # Expand Shell Variables using %params and @actparms + # Expand Shell Variables using %params and %actparms # expand_variables( $currentline ) if $options & EXPAND_VARIABLES; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 45126b58a..ed08c8546 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -579,7 +579,7 @@ sub process_policies() # # Policy Rule application # -sub process_inline ($$$$$$$$$$$$$$$$$$$); +sub process_inline ($$$$$$$$$$$$$$$$$$$$); sub policy_rules( $$$$$ ) { my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_; @@ -598,6 +598,7 @@ sub policy_rules( $$$$$ ) { # process_inline( $inline, #Inline $chainref, #Chain + $loglevel, #Log Level and Tag $default, #Target $param || '', #Param '-', #Source @@ -971,13 +972,13 @@ sub externalize( $ ) { # # Define an Action # -sub new_action( $$$ ) { +sub new_action( $$$$ ) { - my ( $action , $type, $noinline ) = @_; + my ( $action , $type, $noinline, $nolog ) = @_; fatal_error "Invalid action name($action)" if reserved_name( $action ); - $actions{$action} = { actchain => '' , noinline => $noinline } if $type & ACTION; + $actions{$action} = { actchain => '' , noinline => $noinline, nolog => $nolog } if $type & ACTION; $targets{$action} = $type; } @@ -1460,7 +1461,7 @@ sub process_actions() { # # Add built-in actions to the target table and create those actions # - $targets{$_} = new_action( $_ , ACTION + BUILTIN, 1 ) for @builtins; + $targets{$_} = new_action( $_ , ACTION + BUILTIN, 1, 0 ) for @builtins; for my $file ( qw/actions.std actions/ ) { open_file $file; @@ -1470,6 +1471,7 @@ sub process_actions() { my $type = ACTION; my $noinline = 0; + my $nolog = 0; if ( $action =~ /:/ ) { warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf'; @@ -1484,6 +1486,8 @@ sub process_actions() { $type = INLINE; } elsif ( $_ eq 'noinline' ) { $noinline = 1; + } elsif ( $_ eq 'nolog' ) { + $nolog = 1; } else { fatal_error "Invalid option ($_)"; } @@ -1507,13 +1511,13 @@ sub process_actions() { } } - new_action $action, $type, $noinline; + new_action $action, $type, $noinline, $nolog; my $actionfile = find_file( "action.$action" ); fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; - $inlines{$action} = $actionfile if $type == INLINE; + $inlines{$action} = { file => $actionfile, nolog => $nolog } if $type == INLINE; } } @@ -1525,7 +1529,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ); # Populate an action invocation chain. As new action tuples are encountered, # the function will be called recursively by process_rule1(). # -sub process_action( $) { +sub process_action($) { my $chainref = shift; my $wholeaction = $chainref->{action}; my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4; @@ -1543,7 +1547,9 @@ sub process_action( $) { push_open $actionfile; - my $oldparms = push_action_params( $chainref, $param ); + my $oldparms = push_action_params( $chainref, $param, $level, $tag ); + + my $nolog = $actions{$action}{nolog}; $active{$action}++; push @actionstack, $wholeaction; @@ -1582,7 +1588,7 @@ sub process_action( $) { } process_rule1( $chainref, - merge_levels( "$action:$level:$tag", $target ), + $nolog ? $target : merge_levels( "$action:$level:$tag", $target ), '', $source, $dest, @@ -1764,8 +1770,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) { # # Expand an inline action rule from the rules file # -sub process_inline ($$$$$$$$$$$$$$$$$$$) { - my ($inline, $chainref, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_; +sub process_inline ($$$$$$$$$$$$$$$$$$$$) { + my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_; my $nocomment = no_comment; @@ -1773,9 +1779,15 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) { macro_comment $inline; - my $oldparms = push_action_params( $chainref, $param ); + my ( $level, $tag ) = split( ':', $loglevel, 2 ); - my $inlinefile = $inlines{$inline}; + my $oldparms = push_action_params( $chainref, + $param, + supplied $level ? $level : 'none', + defined $tag ? $tag : ''); + + my $inlinefile = $inlines{$inline}{file}; + my $nolog = $inlines{$inline}{nolog}; progress_message "..Expanding inline action $inlinefile..."; @@ -1815,7 +1827,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) { next; } - $mtarget = merge_levels $target, $mtarget; + $mtarget = merge_levels( $target, $mtarget ) unless $nolog; my $action = isolate_basic_target $mtarget; @@ -2277,6 +2289,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) { my $generated = process_inline( $basictarget, $chainref, + $loglevel, $target, $current_param, $source,