holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Enforce a couple of accounting restrictions

Browse Source
This commit is contained in:
Tom Eastep 2011-02-18 16:47:12 -08:00
parent e47cb61c33
commit b4946dcf65
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -159,6 +159,10 @@ sub process_accounting_rule( ) {
$ports = '' if $ports eq 'any' || $ports eq 'all';
$sports = '' if $sports eq 'any' || $sports eq 'all';
if ( $asection ) {
fatal_error "USER/GROUP may only be specified in the OUTPUT section" unless $user eq '-' || $asection == OUTPUT;
}
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark, $globals{TC_MASK} ) . do_headers( $headers );
my $rule2 = 0;
my $jump = 0;
@ -209,6 +213,8 @@ sub process_accounting_rule( ) {
if ( $source eq 'any' || $source eq 'all' ) {
$source = ALLIP;
} else {
fatal_error "MAC addresses only allowed in the INPUT and FORWARD sections" if $source =~ /~/ && ( $asection == OUTPUT || ! $asection );
}
if ( have_bridges && ! $asection ) {