holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow multiple nfacct matches in one accounting rule.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-18 16:14:57 -07:00
parent 9c010691a3
commit b87b4b61d8
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -222,11 +222,12 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
} }
} elsif ( $action =~ /^NFLOG/ ) { } elsif ( $action =~ /^NFLOG/ ) {
$target = validate_level $action; $target = validate_level $action;
} elsif ( $action =~ /^NFACCT\((\w+)\)$/ ) { } elsif ( $action =~ /^NFACCT\(([\w,]+)\)$/ ) {
require_capability 'NFACCT_MATCH', 'The NFACCT action', 's'; require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
$nfobjects{$1} = 1; $nfobjects{$1} = 1;
$target = ''; $target = '';
$rule .= "-m nfacct --nfacct-name $1 "; my @objects = split_list $1, 'nfacct';
$rule .= "-m nfacct --nfacct-name $_ " for @objects;
} else { } else {
( $action, my $cmd ) = split /:/, $action; ( $action, my $cmd ) = split /:/, $action;

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -807,7 +807,7 @@ sub set_rule_option( $$$ ) {
if ( exists $ruleref->{$option} ) { if ( exists $ruleref->{$option} ) {
assert( defined( my $value1 = $ruleref->{$option} ) , $ruleref ); assert( defined( my $value1 = $ruleref->{$option} ) , $ruleref );
if ( $opttype == MATCH ) { if ( $opttype == MATCH || $opttype == LAST ) {
if ( $globals{KLUDGEFREE} ) { if ( $globals{KLUDGEFREE} ) {
unless ( reftype $value1 ) { unless ( reftype $value1 ) {
unless ( reftype $value ) { unless ( reftype $value ) {