holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Clean up handling of server port in rules processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6298 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-09 14:48:18 +00:00
parent babc50a4a4
commit d00d83da9b
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall-perl/Shorewall/Rules.pm
View File

@ -995,9 +995,9 @@ sub process_rule1 ( $$$$$$$$$$ ) {
} }
# #
# After DNAT, dest port will be the server port # After DNAT, dest port will be the server port. Capture it here because $serverport gets modified below.
# #
$ports = $serverport if $serverport; my $servport = $serverport ne '' ? $serverport : $ports;
fatal_error "A server must be specified in the DEST column in $action rules" unless ( $actiontype & REDIRECT ) || $server ne ALLIPv4; fatal_error "A server must be specified in the DEST column in $action rules" unless ( $actiontype & REDIRECT ) || $server ne ALLIPv4;
fatal_error "Invalid server ($server)" if $server =~ /:/; fatal_error "Invalid server ($server)" if $server =~ /:/;
@ -1007,7 +1007,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
my $target = ''; my $target = '';
if ( $actiontype & REDIRECT ) { if ( $actiontype & REDIRECT ) {
$target = '-j REDIRECT --to-port ' . ( $serverport ? $serverport : $ports ); $target = '-j REDIRECT --to-port ' . ( $serverport ne '' ? $serverport : $ports );
} else { } else {
if ( $action eq 'SAME' ) { if ( $action eq 'SAME' ) {
fatal_error 'Port mapping not allowed in SAME rules' if $serverport; fatal_error 'Port mapping not allowed in SAME rules' if $serverport;
@ -1016,8 +1016,6 @@ sub process_rule1 ( $$$$$$$$$$ ) {
for my $serv ( split /,/, $server ) { for my $serv ( split /,/, $server ) {
$target .= "--to $serv "; $target .= "--to $serv ";
} }
$serverport = $ports;
} elsif ( $action eq 'DNAT' ) { } elsif ( $action eq 'DNAT' ) {
$target = '-j DNAT '; $target = '-j DNAT ';
$serverport = ":$serverport" if $serverport; $serverport = ":$serverport" if $serverport;
@ -1057,7 +1055,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
# - the target will be ACCEPT. # - the target will be ACCEPT.
# #
unless ( $actiontype & NATONLY ) { unless ( $actiontype & NATONLY ) {
$rule = join( '', do_proto( $proto, $ports, $sports ), do_ratelimit( $ratelimit, 'ACCEPT' ), do_user $user ); $rule = join( '', do_proto( $proto, $servport, $sports ), do_ratelimit( $ratelimit, 'ACCEPT' ), do_user $user , do_test( $mark , 0xFF ) );
$loglevel = ''; $loglevel = '';
$dest = $server; $dest = $server;
$action = 'ACCEPT'; $action = 'ACCEPT';