holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Factor some similar code

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-05-23 14:20:14 -07:00
parent 0a11a0e2ad
commit c050b29985
1 changed files with 31 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1133,22 +1133,22 @@ sub map_old_actions( $ ) {
} }
} }
sub require_audit($$) { #
my ($action, $audit ) = @_; # Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
return $action unless defined $audit and $audit ne ''; sub ensure_audit_chain( $;$ ) {
my ( $target, $action ) = @_;
my $target = 'A_' . $action;
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
my $ref = $filter_table->{$target}; my $ref = $filter_table->{$target};
unless ( $ref ) { unless ( $ref ) {
$ref = new_chain 'filter', $target; $ref = new_chain 'filter', $target;
unless ( $action ) {
$action = $target;
$action =~ s/^A_//;
}
if ( $config{FAKE_AUDIT} ) { if ( $config{FAKE_AUDIT} ) {
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' ); add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
} else { } else {
@ -1165,6 +1165,24 @@ sub require_audit($$) {
return $target; return $target;
} }
#
# Return the appropriate target based on whether the second argument is 'audit'
#
sub require_audit($$) {
my ($action, $audit ) = @_;
return $action unless defined $audit and $audit ne '';
my $target = 'A_' . $action;
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
require_capability 'AUDIT_TARGET', 'audit', 's';
return ensure_audit_chain $target, $action;
}
# #
# The following small functions generate rules for the builtin actions of the same name # The following small functions generate rules for the builtin actions of the same name
# #
@ -1607,34 +1625,15 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
return $generated; return $generated;
} }
#
# Confirm that we have AUDIT_TARGET capability and ensure the appropriate AUDIT chain.
#
sub verify_audit($) { sub verify_audit($) {
my ($target, $audit ) = @_; my ($target, $audit ) = @_;
require_capability 'AUDIT_TARGET', "$target rules", ''; require_capability 'AUDIT_TARGET', "$target rules", '';
my $ref = $filter_table->{$target}; return ensure_audit_chain $target;
unless ( $ref ) {
$ref = new_chain 'filter', $target;
my $action = $target;
$action =~ s/^A_//;
if ( $config{FAKE_AUDIT} ) {
add_rule $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"';
} else {
add_rule $ref, '-j AUDIT --type ' . lc $action;
}
if ( $action eq 'REJECT' ) {
add_jump $ref , 'reject', 1;
} else {
add_rule $ref , "-j $action";
}
}
return $target;
} }
# #