Action and rules file cleanup

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-13 23:31:03 +00:00 · 2004-02-13 23:31:03 +00:00 · d1caa706a5
commit d1caa706a5
parent e5c431bbad
2 changed files with 17 additions and 27 deletions
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -2340,6 +2340,16 @@ process_action() # $1 = action
    fi
 }

+#
+# Create an action chain and run it's associated user exit
+#
+
+createactionchain() # $1 = chain name
+{
+    createchain $1 no
+    run_user_exit $1
+}
+
 #
 # Read /etc/shorewall/actions and for each defined <action>, pre-process 
 # /etc/shorewall/action.<action>
@ -2388,7 +2398,7 @@ process_actions1() {
 			eval ${temp}_common=$xaction
 			if ! list_search $xaction $USEDACTIONS; then
 			    USEDACTIONS="$USEDACTIONS $xaction"
-			    [ $command = check ] || createchain $xaction no
+			    [ $command = check ] || createactionchain $xaction
 			fi
 			;;
 		    *)
@ -2487,7 +2497,7 @@ process_actions2() {
 	    for action in $required; do
 		if ! list_search $action $USEDACTIONS; then
 		    USEDACTIONS="$USEDACTIONS $action"
-		    [ $command = check ] || createchain $action no
+		    [ $command = check ] || createactionchain $action
 		    changed=Yes
 		fi
 	    done
@ -3287,7 +3297,7 @@ process_rules()
 	    *)
 		if list_search $temp $ACTIONS; then
 		    if ! list_search $temp $USEDACTIONS; then
-			[ $command = check ] || createchain $temp no
+			[ $command = check ] || createactionchain $temp
 			USEDACTIONS="$USEDACTIONS $temp"
 		    fi

--- a/Shorewall2/rules
+++ b/Shorewall2/rules
@ -51,33 +51,16 @@
 #					    (those) zone(s).
 #				LOG      -- Simply log the packet and continue.
 #				QUEUE	 -- Queue the packet to a user-space
-#					    application such as p2pwall.
+#					    application such as ftwall
+#					    (http://p2pwall.sf.net).
 #				<action> -- The name of an action defined in
 #					    /etc/shorewall/actions.
 #
-#			You may rate-limit the rule by optionally
-#			following ACCEPT, DNAT[-], REDIRECT[-] or LOG with
-# 
-#				< <rate>/<interval>[:<burst>] >
-#
-#			where <rate> is the number of connections per 
-#			<interval> ("sec" or "min") and <burst> is the
-#			largest burst permitted. If no <burst> is given,
-#			a value of 5 is assumed. There may be no
-#			no whitespace embedded in the specification.
-#
-#				Example: ACCEPT<10/sec:20>
-#
-#			The ACTION (and rate limit) may optionally be followed
+#			The ACTION may optionally be followed
 #			by ":" and a syslog log level (e.g, REJECT:info or
-#			DNAT<4/sec:8>:debugging). This causes the packet to be
+#			DNAT:debug). This causes the packet to be
 #			logged at the specified level.
 #
-#			NOTE: For those of you who prefer to place the
-#			rate limit in a separate column, see the RATE LIMIT
-#			column below. If you specify a value in that column,
-#			you must not include a rate limit in the ACTION column
-#
 #			You may also specify ULOG (must be in upper case) as a
 #			log level.This will log to the ULOG target for routing
 #			to a separate log through use of ulogd
@ -233,9 +216,6 @@
 #
 #				Example: 10/sec:20
 #
-#			If you place a rate limit in this column, you may not
-#			place a similar limit in the ACTION column.
-#
 #	USER/GROUP	This column may only be non-empty if the SOURCE is
 #			the firewall itself.
 #