From d1caa706a5b7329203fe802e63e9a0739e295e3c Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 13 Feb 2004 23:31:03 +0000 Subject: [PATCH] Action and rules file cleanup git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/firewall | 16 +++++++++++++--- Shorewall2/rules | 28 ++++------------------------ 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 152d88fcd..8cf9395a0 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -2340,6 +2340,16 @@ process_action() # $1 = action fi } +# +# Create an action chain and run it's associated user exit +# + +createactionchain() # $1 = chain name +{ + createchain $1 no + run_user_exit $1 +} + # # Read /etc/shorewall/actions and for each defined , pre-process # /etc/shorewall/action. @@ -2388,7 +2398,7 @@ process_actions1() { eval ${temp}_common=$xaction if ! list_search $xaction $USEDACTIONS; then USEDACTIONS="$USEDACTIONS $xaction" - [ $command = check ] || createchain $xaction no + [ $command = check ] || createactionchain $xaction fi ;; *) @@ -2487,7 +2497,7 @@ process_actions2() { for action in $required; do if ! list_search $action $USEDACTIONS; then USEDACTIONS="$USEDACTIONS $action" - [ $command = check ] || createchain $action no + [ $command = check ] || createactionchain $action changed=Yes fi done @@ -3287,7 +3297,7 @@ process_rules() *) if list_search $temp $ACTIONS; then if ! list_search $temp $USEDACTIONS; then - [ $command = check ] || createchain $temp no + [ $command = check ] || createactionchain $temp USEDACTIONS="$USEDACTIONS $temp" fi diff --git a/Shorewall2/rules b/Shorewall2/rules index 294bb3fc9..c26000d14 100755 --- a/Shorewall2/rules +++ b/Shorewall2/rules @@ -51,33 +51,16 @@ # (those) zone(s). # LOG -- Simply log the packet and continue. # QUEUE -- Queue the packet to a user-space -# application such as p2pwall. +# application such as ftwall +# (http://p2pwall.sf.net). # -- The name of an action defined in # /etc/shorewall/actions. # -# You may rate-limit the rule by optionally -# following ACCEPT, DNAT[-], REDIRECT[-] or LOG with -# -# < /[:] > -# -# where is the number of connections per -# ("sec" or "min") and is the -# largest burst permitted. If no is given, -# a value of 5 is assumed. There may be no -# no whitespace embedded in the specification. -# -# Example: ACCEPT<10/sec:20> -# -# The ACTION (and rate limit) may optionally be followed +# The ACTION may optionally be followed # by ":" and a syslog log level (e.g, REJECT:info or -# DNAT<4/sec:8>:debugging). This causes the packet to be +# DNAT:debug). This causes the packet to be # logged at the specified level. # -# NOTE: For those of you who prefer to place the -# rate limit in a separate column, see the RATE LIMIT -# column below. If you specify a value in that column, -# you must not include a rate limit in the ACTION column -# # You may also specify ULOG (must be in upper case) as a # log level.This will log to the ULOG target for routing # to a separate log through use of ulogd @@ -233,9 +216,6 @@ # # Example: 10/sec:20 # -# If you place a rate limit in this column, you may not -# place a similar limit in the ACTION column. -# # USER/GROUP This column may only be non-empty if the SOURCE is # the firewall itself. #