Add lookup hash for standard targets

Shorewall/Perl/Shorewall/Chains.pm

@@ -77,6 +77,7 @@ our %EXPORT_TAGS = (
 				       NOT_RESTORE
 
 				       initialize_chain_table
+				       lookup_shorewall_action
 				       add_commands
 				       move_rules
 				       insert_rule1
@@ -179,6 +180,19 @@ our %EXPORT_TAGS = (
 				       $section
 				       %sections
 				       %targets
+				       %shorewall_targets
+                                       TGT_ACCEPT
+	                               TGT_REJECT
+	                               TGT_DROP
+	                               TGT_NONAT
+	                               TGT_LOG
+	                               TGT_CONTINUE
+	                               TGT_COUNT
+                                       TGT_QUEUE
+	                               TGT_NFQUEUE
+                                       TGT_ADD
+	                               TGT_DEL
+	                               TGT_REDIRECT
 				     ) ],
 		   );
 
@@ -266,6 +280,38 @@ use constant { STANDARD => 1,              #defined by Netfilter
 # Valid Targets -- value is a combination of one or more of the above
 #
 our %targets;
+
+#
+# Shorewall-defined targets
+#
+
+use constant { TGT_ACCEPT   => 1,
+	       TGT_REJECT   => 2,
+	       TGT_DROP     => 3,
+	       TGT_NONAT    => 4,
+	       TGT_LOG      => 5,
+	       TGT_CONTINUE => 6,
+	       TGT_COUNT    => 7,
+               TGT_QUEUE    => 8,
+	       TGT_NFQUEUE  => 9,
+               TGT_ADD      => 10,
+	       TGT_DEL      => 11,
+	       TGT_REDIRECT => 12,
+	   };
+
+our %shorewall_targets = ( ACCEPT     => TGT_ACCEPT,
+			   REJECT     => TGT_REJECT,
+			   DROP       => TGT_DROP,
+			   NONAT      => TGT_NONAT,
+			   LOG        => TGT_LOG,
+			   CONTINUE   => TGT_CONTINUE,
+			   COUNT      => TGT_COUNT,
+			   QUEUE      => TGT_QUEUE,
+			   NFQUEUE    => TGT_NFQUEUE,
+			   ADD        => TGT_ADD,
+			   DEL        => TGT_DEL,
+			   REDIRECT   => TGT_REDIRECT,
+			 );
 #
 # expand_rule() restrictions
 #
@@ -404,6 +450,17 @@ sub initialize( $ ) {
     #
 }
 
+#
+# Lookup a standard action
+#
+sub lookup_shorewall_action( $ ) {
+    my $target = shift;
+
+    $target =~ s/[-+!]$//;
+
+    $shorewall_targets{ $target };
+}
+
 #
 # Process a COMMENT line (in $currentline)
 #

Shorewall/Perl/Shorewall/Rules.pm

@@ -1020,7 +1020,8 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
     #
     my $log_action = $action;
 
-    if ( $actiontype & REDIRECT ) {
+    if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
+	if ( $shorewall_target == TGT_REDIRECT ) {
 	    my $z = $actiontype & NATONLY ? '' : firewall_zone;
 	    if ( $dest eq '-' ) {
 		$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
@@ -1029,13 +1030,13 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
 	    } else {
 		$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
 	    }
-    } elsif ( $action eq 'REJECT' ) {
+	} elsif ( $shorewall_target == TGT_REJECT ) {
 	    $action = 'reject';
-    } elsif ( $action eq 'CONTINUE' ) {
+	} elsif ( $shorewall_target == TGT_CONTINUE ) {
 	    $action = 'RETURN';
-    } elsif ( $action eq 'COUNT' ) {
+	} elsif ( $shorewall_target == TGT_COUNT ) {
 	    $action = '';
-    } elsif ( $actiontype & LOGRULE ) {
+	} elsif ( $shorewall_target == TGT_LOG ) {
 	    fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
 	} elsif ( $actiontype & SET ) {
 	    my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
@@ -1046,6 +1047,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
 	    fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
 	    $action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
 	}
+    }
     #
     # Isolate and validate source and destination zones
     #