Implement INLINE action (again).

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00 · 2013-04-11 09:15:59 -07:00 · beec4a188f
commit beec4a188f
parent f85d548d40
5 changed files with 18 additions and 30 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -97,6 +97,7 @@ our @EXPORT = ( qw(
 		    TERMINATING
 		    STATEMATCH
 		    USERBUILTIN
+		    INLINERULE

 		    %chain_table
 		    %targets
@ -404,6 +405,7 @@ use constant { STANDARD     =>     0x1,       #defined by Netfilter
 	       INLINE       =>  0x8000,       #Inline action
 	       STATEMATCH   => 0x10000,       #action.Invalid, action.Related, etc.
 	       USERBUILTIN  => 0x20000,       #Builtin action from user's actions file.
+	       INLINERULE   => 0x40000,       #INLINE
 	   };
 #
 # Valid Targets -- value is a combination of one or more of the above
@ -2624,6 +2626,7 @@ sub initialize_chain_table($) {
 		    'DEL'             => STANDARD + SET,
 		    'WHITELIST'       => STANDARD,
 		    'HELPER'          => STANDARD + HELPER + NATONLY, #Actually RAWONLY
+		    'INLINE'          => INLINERULE,
 		   );

 	for my $chain ( qw(OUTPUT PREROUTING) ) {
@ -2686,6 +2689,7 @@ sub initialize_chain_table($) {
 		    'DEL'             => STANDARD + SET,
 		    'WHITELIST'       => STANDARD,
 		    'HELPER'          => STANDARD + HELPER + NATONLY, #Actually RAWONLY
+		    'INLINE'          => INLINERULE,
 		   );

 	for my $chain ( qw(OUTPUT PREROUTING) ) {
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -2238,6 +2238,20 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 		  fatal_error "HELPER requires require that the helper be specified in the HELPER column" if $helper eq '-';
 		  fatal_error "HELPER rules may only appear in the NEW section" unless $section == NEW_SECTION;
 		  $action = ''; } ,
+
+             INLINE => sub {
+		 my $inline_matches = get_inline_matches;
+
+		 if ( $inline_matches =~ /^(.*\s+)-j\s+(.+)$/ ) {
+		     $matches .= $1;
+		     $action = $2;
+		 } else {
+		     $matches .= "$inline_matches ";
+		     $action = '';
+		 }
+
+		 $rule = $matches;
+	     } ,
 	    );

 	my $function = $functions{ $bt };
--- a/Shorewall/action.INLINE
+++ b/Shorewall/action.INLINE
@ -1,28 +0,0 @@
-#
-# Shorewall version 4 - INLINE Action
-#
-# /usr/share/shorewall/action.INLINE
-#
-#################################################################################
-?FORMAT 2
-
-DEFAULTS -
-
-?BEGIN PERL;
-use strict;
-use Shorewall::Chains;
-use Shorewall::Rules;
-
-my $chainref = get_action_chain;
-my $rule     = get_inline_matches;
-
-add_rule( $chainref, $rule, '' );
-
-allow_optimize( $chainref );
-
-?END PERL;
-
-
-
-
-
--- a/Shorewall/actions.std
+++ b/Shorewall/actions.std
@ -33,7 +33,6 @@ Drop		                # Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
 DropSmurfs   noinline           # Drop smurf packets
 Established  inline		# Handles packets in the ESTABLISHED state
-INLINE       nolog		# Handles in-line rules
 Invalid      inline             # Handles packets in the INVALID conntrack state
 New	     inline             # Handles packets in the NEW conntrack state
 NotSyn       inline             # Handles TCP packets which do not have SYN=1 and ACK=0
--- a/Shorewall6/actions.std
+++ b/Shorewall6/actions.std
@ -25,7 +25,6 @@ Drop		        	# Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
 DropSmurfs   noinline     	# Handles packets with a broadcast source address
 Established  inline		# Handles packets in the ESTABLISHED state
-INLINE       nolog		# Handles in-line rules
 Invalid	     inline		# Handles packets in the INVALID conntrack state
 New	     inline             # Handles packets in the NEW conntrack state
 NotSyn	     inline 		# Handles TCP packets that do not have SYN=1 and ACK=0