From a5d3b1f47088fa3b9ad59ca89c210a41afe614be Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 1 Feb 2013 12:29:30 -0800 Subject: [PATCH] Remove requirement that matches and proto end with a space in perl helper API. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 4 ++++ Shorewall/action.Established | 8 ++++---- Shorewall/action.Invalid | 4 ++-- Shorewall/action.NotSyn | 2 +- Shorewall/action.RST | 2 +- Shorewall/action.Related | 4 ++-- docs/Actions.xml | 4 ---- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 2f09c565c..eb0ffd098 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -2662,6 +2662,8 @@ sub perl_action_helper($$) { assert( $chainref ); + $matches .= ' ' unless $matches =~ /^(?:.+\s)?$/; + if ( $inlines{$action} ) { $result = &process_rule( $chainref, $matches, @@ -2708,6 +2710,8 @@ sub perl_action_tcp_helper($$) { assert( $chainref ); + $proto .= ' ' unless $proto =~ /^(?:.+\s)?$/; + if ( $passedproto eq '-' || $passedproto eq 'tcp' || $passedproto eq '6' ) { # # For other protos, a 'no rule generated' warning will be issued diff --git a/Shorewall/action.Established b/Shorewall/action.Established index 4d47cab17..f35798318 100644 --- a/Shorewall/action.Established +++ b/Shorewall/action.Established @@ -24,12 +24,12 @@ # # Established[([])] # -# Default action is DROP +# Default action is ACCEPT # ########################################################################################## ?FORMAT 2 -DEFAULTS DROP +DEFAULTS ACCEPT ?BEGIN PERL; @@ -45,8 +45,8 @@ my ( $level, $tag ) = get_action_logging; $action = join( ':', $action, $level, $tag ) if "${level}${tag}"; perl_action_helper( - $action, # Target - "$globals{STATEMATCH} INVALID ", # Matches + $action, # Target + "$globals{STATEMATCH} ESTABLISHED", # Matches ); allow_optimize( get_action_chain ); diff --git a/Shorewall/action.Invalid b/Shorewall/action.Invalid index 6386df9e2..8e0093398 100644 --- a/Shorewall/action.Invalid +++ b/Shorewall/action.Invalid @@ -50,8 +50,8 @@ my ( $level, $tag ) = get_action_logging; $action = join( ':', $action, $level, $tag ) if "${level}${tag}"; perl_action_helper( - $action, # Target - "$globals{STATEMATCH} INVALID ", # Matches + $action, # Target + "$globals{STATEMATCH} INVALID", # Matches ); allow_optimize( get_action_chain); diff --git a/Shorewall/action.NotSyn b/Shorewall/action.NotSyn index fbb67104e..6a1b64fc0 100644 --- a/Shorewall/action.NotSyn +++ b/Shorewall/action.NotSyn @@ -51,7 +51,7 @@ $action = join( ':', $action, $level, $tag ) if "${level}${tag}"; perl_action_tcp_helper( $action, - '-p 6 ! --syn ' + '-p 6 ! --syn' ); allow_optimize( get_action_chain ); diff --git a/Shorewall/action.RST b/Shorewall/action.RST index eb26c8ef7..366943e9f 100644 --- a/Shorewall/action.RST +++ b/Shorewall/action.RST @@ -50,7 +50,7 @@ $action = join( ':', $action, $level, $tag ) if "${level}${tag}"; perl_action_tcp_helper( $action, - '-p 6 --tcp-flags RST RST ' + '-p 6 --tcp-flags RST RST' ); allow_optimize( get_action_chain ); diff --git a/Shorewall/action.Related b/Shorewall/action.Related index 98439f535..b5683dee3 100644 --- a/Shorewall/action.Related +++ b/Shorewall/action.Related @@ -46,8 +46,8 @@ my ( $level, $tag ) = get_action_logging; $action = join( ':', $action, $level, $tag ) if "${level}${tag}"; perl_action_helper( - $action, # Target - "$globals{STATEMATCH} RELATED ", # Matches + $action, # Target + "$globals{STATEMATCH} RELATED", # Matches ); allow_optimize( get_action_chain ); diff --git a/docs/Actions.xml b/docs/Actions.xml index dea6b284e..0860eca37 100644 --- a/docs/Actions.xml +++ b/docs/Actions.xml @@ -930,10 +930,6 @@ bar:debug ip[6]tables matches to be included in the rule. When called in an inline action, these matches are augmented by matches generated by the invoking rule. - - - The matches must end with a space character. -