Add %section_states that maps sections to their related state(s).

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-11 14:59:48 -08:00 · 2013-02-11 14:59:48 -08:00 · b4977db5b2
commit b4977db5b2
parent f23f7400d8
1 changed files with 13 additions and 17 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -84,6 +84,11 @@ our %section_functions = ( ALL_SECTION ,        \&rules_chain,
 			   INVALID_SECTION,     \&invalid_chain,
 			   UNTRACKED_SECTION,   \&untracked_chain,
 			   NEW_SECTION,         \&rules_chain );
+
+#
+# Section => STATE map
+#
+our %section_states;
 #
 # These are the sections that may appear in a section header
 #
@ -2356,31 +2361,17 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	    #
 	    $chainref = ensure_rules_chain $chain;
 	    #
-	    # Handle rules in the BLACKLIST, ESTABLISHED, RELATED and INVALID sections
+	    # Handle rules in the BLACKLIST, ESTABLISHED, RELATED, INVALID and UNTRACKED sections
 	    #
 	    if ( $section & ( BLACKLIST_SECTION | ESTABLISHED_SECTION | RELATED_SECTION | INVALID_SECTION | UNTRACKED_SECTION ) ) {
 		my $auxchain = $section_functions{$section}->( $sourcezone, $destzone );
 		my $auxref   = $filter_table->{$auxchain};

 		unless ( $auxref ) {
-		    my @state;
-
 		    $auxref = new_chain 'filter', $auxchain;
-			
-		    if ( $blacklist ) {
-			@state = state_imatch( $globals{BLACKLIST_STATES} );
-			$auxref->{blacklistsection} = 1;
-		    } elsif ( $section == INVALID_SECTION ) {
-			@state = state_imatch( 'INVALID' );
-		    } elsif ( $section == UNTRACKED_SECTION ) {
-			@state = state_imatch( 'UNTRACKED' );
-		    } elsif ( $section == RELATED_SECTION ) {
-			@state = state_imatch 'RELATED';
-		    } else {
-			@state = state_imatch 'ESTABLISHED';
-		    }
+		    $auxref->{blacklistsection} = 1 if $blacklist;

-		    add_ijump( $chainref, j => $auxref, @state );
+		    add_ijump( $chainref, j => $auxref, state_imatch( $section_states{$section} ) );
 		}

 		$chain    = $auxchain;
@ -3134,6 +3125,11 @@ sub process_rules( $ ) {
 			     INVALID     => [ '_', $config{INVALID_LOG_LEVEL},   $globals{INVALID_TARGET} ] ,
 			     UNTRACKED   => [ '&', $config{UNTRACKED_LOG_LEVEL}, $globals{UNTRACKED_TARGET} ] ,
 			   );
+    %section_states = ( BLACKLIST_SECTION ,  $globals{BLACKLIST_STATES},
+			ESTABLISHED_SECTION, 'ESTABLISHED',
+			RELATED_SECTION,     'RELATED',
+			INVALID_SECTION,     'INVALID',
+			UNTRACKED_SECTION,   'UNTRACKED' );
    #
    # Generate jumps to the classic blacklist chains
    #