forked from extern/shorewall_code
Make NFLOG and ULOG built-ins.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
30de211bda
commit
b6a1a7d538
@ -1,13 +0,0 @@
|
||||
#
|
||||
# Shorewall version 4 - NFLOG Macro
|
||||
#
|
||||
# /usr/share/shorewall/macro.NFLOG
|
||||
#
|
||||
# This macro handles the NFLOG Target.
|
||||
#
|
||||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
|
||||
# PORT(S) PORT(S) LIMIT GROUP
|
||||
|
||||
FORMAT 2
|
||||
LOG:&
|
||||
@ -1,13 +0,0 @@
|
||||
#
|
||||
# Shorewall version 4 - ULOG Macro
|
||||
#
|
||||
# /usr/share/shorewall/macro.ULOG
|
||||
#
|
||||
# This macro handles the ULOG Target.
|
||||
#
|
||||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
|
||||
# PORT(S) PORT(S) LIMIT GROUP
|
||||
|
||||
FORMAT 2
|
||||
LOG:&
|
||||
@ -98,6 +98,7 @@ our %EXPORT_TAGS = (
|
||||
ACTION
|
||||
MACRO
|
||||
LOGRULE
|
||||
NFLOG
|
||||
NFQ
|
||||
CHAIN
|
||||
SET
|
||||
@ -357,6 +358,7 @@ use constant { STANDARD => 1, #defined by Netfilter
|
||||
SET => 2048, #SET
|
||||
AUDIT => 4096, #A_ACCEPT, etc
|
||||
HELPER => 8192, #CT:helper
|
||||
NFLOG => 16384, #NFLOG or ULOG
|
||||
};
|
||||
#
|
||||
# Valid Targets -- value is a combination of one or more of the above
|
||||
@ -2484,8 +2486,10 @@ sub initialize_chain_table($) {
|
||||
'COUNT' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'QUEUE!' => STANDARD,
|
||||
'NFLOG' => STANDARD + LOGRULE + NFLOG,
|
||||
'NFQUEUE' => STANDARD + NFQ,
|
||||
'NFQUEUE!' => STANDARD + NFQ,
|
||||
'ULOG' => STANDARD + LOGRULE + NFLOG,
|
||||
'ADD' => STANDARD + SET,
|
||||
'DEL' => STANDARD + SET,
|
||||
'WHITELIST' => STANDARD,
|
||||
@ -2537,8 +2541,10 @@ sub initialize_chain_table($) {
|
||||
'COUNT' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'QUEUE!' => STANDARD,
|
||||
'NFLOG' => STANDARD + LOGRULE + NFLOG,
|
||||
'NFQUEUE' => STANDARD + NFQ,
|
||||
'NFQUEUE!' => STANDARD + NFQ,
|
||||
'ULOG' => STANDARD + LOGRULE + NFLOG,
|
||||
'ADD' => STANDARD + SET,
|
||||
'DEL' => STANDARD + SET,
|
||||
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
||||
|
||||
@ -1127,7 +1127,7 @@ sub merge_levels ($$) {
|
||||
my $tag = $supparts[2];
|
||||
|
||||
if ( @supparts == 3 ) {
|
||||
return $subordinate if $target =~ /^(?:NFLOG|ULOG)\b/ || $sublevel =~ /^(?:NFLOG|ULOG)\b/;
|
||||
return $subordinate if $target =~ /^(?:NFLOG|ULOG)\b/;
|
||||
return "$target:none!:$tag" if $level eq 'none!';
|
||||
return "$target:$level:$tag" if $level =~ /!$/;
|
||||
return $subordinate if $subparts >= 2;
|
||||
@ -1135,7 +1135,7 @@ sub merge_levels ($$) {
|
||||
}
|
||||
|
||||
if ( @supparts == 2 ) {
|
||||
return $subordinate if $target =~ /^(?:NFLOG|ULOG)\b/|| $sublevel =~ /^(?:NFLOG|ULOG)\b/;
|
||||
return $subordinate if $target =~ /^(?:NFLOG|ULOG)\b/;
|
||||
return "$target:none!" if $level eq 'none!';
|
||||
return "$target:$level" if ($level =~ /!$/) || ($subparts < 2);
|
||||
}
|
||||
@ -1658,14 +1658,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
|
||||
$mtarget = substitute_param $param, $mtarget;
|
||||
}
|
||||
|
||||
if ( $mtarget =~ s/&$// ) {
|
||||
if ( supplied $param ) {
|
||||
$mtarget = "${mtarget}${macro}($param)";
|
||||
} else {
|
||||
$mtarget = "${mtarget}${macro}";
|
||||
}
|
||||
}
|
||||
|
||||
my $action = isolate_basic_target $mtarget;
|
||||
|
||||
fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action;
|
||||
@ -1845,6 +1837,10 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
||||
require_capability ( 'AUDIT_TARGET', 'The AUDIT action', 's' );
|
||||
$param = $param eq '' ? 'drop' : $param;
|
||||
fatal_error "Invalid AUDIT type ($param) -- must be 'accept', 'drop' or 'reject'" unless $param =~ /^(?:accept|drop|reject)$/;
|
||||
} elsif ( $actiontype & NFLOG ) {
|
||||
fatal_error "$basictarget does not allow a log level" if $loglevel;
|
||||
validate_level( $action );
|
||||
$action = join( ':', 'LOG', $action );
|
||||
} else {
|
||||
fatal_error "The $basictarget TARGET does not accept a parameter" unless $param eq '';
|
||||
}
|
||||
@ -1900,7 +1896,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
||||
#
|
||||
my $log_action = $action;
|
||||
|
||||
unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
|
||||
unless ( $actiontype & ( ACTION | MACRO | NFLOG | NFQ | CHAIN ) ) {
|
||||
my $bt = $basictarget;
|
||||
|
||||
$bt =~ s/[-+!]$//;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user