forked from extern/shorewall_code
Factor some similar code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
0a11a0e2ad
commit
c050b29985
@ -1133,22 +1133,22 @@ sub map_old_actions( $ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub require_audit($$) {
|
#
|
||||||
my ($action, $audit ) = @_;
|
# Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
|
||||||
|
|
||||||
return $action unless defined $audit and $audit ne '';
|
sub ensure_audit_chain( $;$ ) {
|
||||||
|
my ( $target, $action ) = @_;
|
||||||
my $target = 'A_' . $action;
|
|
||||||
|
|
||||||
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
|
|
||||||
|
|
||||||
require_capability 'AUDIT_TARGET', 'audit', 's';
|
|
||||||
|
|
||||||
my $ref = $filter_table->{$target};
|
my $ref = $filter_table->{$target};
|
||||||
|
|
||||||
unless ( $ref ) {
|
unless ( $ref ) {
|
||||||
$ref = new_chain 'filter', $target;
|
$ref = new_chain 'filter', $target;
|
||||||
|
|
||||||
|
unless ( $action ) {
|
||||||
|
$action = $target;
|
||||||
|
$action =~ s/^A_//;
|
||||||
|
}
|
||||||
|
|
||||||
if ( $config{FAKE_AUDIT} ) {
|
if ( $config{FAKE_AUDIT} ) {
|
||||||
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
|
add_rule( $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"' );
|
||||||
} else {
|
} else {
|
||||||
@ -1163,6 +1163,24 @@ sub require_audit($$) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return $target;
|
return $target;
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Return the appropriate target based on whether the second argument is 'audit'
|
||||||
|
#
|
||||||
|
|
||||||
|
sub require_audit($$) {
|
||||||
|
my ($action, $audit ) = @_;
|
||||||
|
|
||||||
|
return $action unless defined $audit and $audit ne '';
|
||||||
|
|
||||||
|
my $target = 'A_' . $action;
|
||||||
|
|
||||||
|
fatal_error "Invalid parameter ($audit)" unless $audit eq 'audit';
|
||||||
|
|
||||||
|
require_capability 'AUDIT_TARGET', 'audit', 's';
|
||||||
|
|
||||||
|
return ensure_audit_chain $target, $action;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1607,34 +1625,15 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
return $generated;
|
return $generated;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Confirm that we have AUDIT_TARGET capability and ensure the appropriate AUDIT chain.
|
||||||
|
#
|
||||||
sub verify_audit($) {
|
sub verify_audit($) {
|
||||||
my ($target, $audit ) = @_;
|
my ($target, $audit ) = @_;
|
||||||
|
|
||||||
require_capability 'AUDIT_TARGET', "$target rules", '';
|
require_capability 'AUDIT_TARGET', "$target rules", '';
|
||||||
|
|
||||||
my $ref = $filter_table->{$target};
|
return ensure_audit_chain $target;
|
||||||
|
|
||||||
unless ( $ref ) {
|
|
||||||
$ref = new_chain 'filter', $target;
|
|
||||||
|
|
||||||
my $action = $target;
|
|
||||||
|
|
||||||
$action =~ s/^A_//;
|
|
||||||
|
|
||||||
if ( $config{FAKE_AUDIT} ) {
|
|
||||||
add_rule $ref, '-j AUDIT -m comment --comment "--type ' . lc $action . '"';
|
|
||||||
} else {
|
|
||||||
add_rule $ref, '-j AUDIT --type ' . lc $action;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( $action eq 'REJECT' ) {
|
|
||||||
add_jump $ref , 'reject', 1;
|
|
||||||
} else {
|
|
||||||
add_rule $ref , "-j $action";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $target;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user