forked from extern/shorewall_code
Create 'add_commands'; revise handling of 'detect' in the masq ADDRESSES column
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6135 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
69be038583
commit
da503e4b07
@ -52,6 +52,7 @@ our @EXPORT = qw( STANDARD
|
||||
ALL_RESTRICT
|
||||
|
||||
add_command
|
||||
add_commands
|
||||
add_file
|
||||
add_rule
|
||||
insert_rule
|
||||
@ -261,6 +262,17 @@ sub add_command($$)
|
||||
$chainref->{referenced} = 1;
|
||||
}
|
||||
|
||||
sub add_commands {
|
||||
my $chainref = shift @_;
|
||||
|
||||
for my $command ( @_ ) {
|
||||
push @{$chainref->{rules}}, join ('', '~', ' ' x $loopcount, $command );
|
||||
}
|
||||
|
||||
$chainref->{referenced} = 1;
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Copy a file into a chain's rules as a set of run-time commands
|
||||
#
|
||||
@ -272,8 +284,9 @@ sub add_file( $$ ) {
|
||||
if ( -f $file ) {
|
||||
open EF , '<', $file or fatal_error "Unable to open $file";
|
||||
|
||||
add_command $chainref, qq(progress_message "Processing $file...");
|
||||
add_command $chainref, '';
|
||||
add_commands( $chainref,
|
||||
qq(progress_message "Processing $file..."),
|
||||
'' );
|
||||
|
||||
while ( $line = <EF> ) {
|
||||
chomp $line;
|
||||
@ -1335,9 +1348,7 @@ sub expand_rule( $$$$$$$$$$ )
|
||||
#
|
||||
# ADDRESS 'detect' in the masq file.
|
||||
#
|
||||
add_command $chainref , "dests=\$(find_interface_addresses $diface)";
|
||||
add_command $chainref , qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"");
|
||||
add_command $chainref , 'for dest in $dests; do';
|
||||
add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' );
|
||||
$rule .= '-d $dest';
|
||||
$loopcount++;
|
||||
} else {
|
||||
|
||||
@ -184,11 +184,11 @@ sub setup_one_masq($$$$$$)
|
||||
$target .= "--to $addr ";
|
||||
}
|
||||
} elsif ( $addresses eq 'detect' ) {
|
||||
add_command( $chainref , 'addrlist=' );
|
||||
add_command( $chainref , join( '', 'for address in ' , get_interface_addresses( $interface ), '; do' ) );
|
||||
add_command( $chainref , ' addrlist="$addrlist --to-source $address"' );
|
||||
add_command( $chainref , 'done' );
|
||||
|
||||
add_commands( $chainref ,
|
||||
'addrlist=',
|
||||
join( '', 'for address in ' , get_interface_addresses( $interface ), '; do' ),
|
||||
' addrlist="$addrlist --to-source $address"',
|
||||
'done' );
|
||||
$target = '-j SNAT $addrlist';
|
||||
} else {
|
||||
my $addrlist = '';
|
||||
|
||||
@ -753,10 +753,11 @@ sub setup_mac_lists( $ ) {
|
||||
|
||||
if ( $level ne '' || $disposition ne 'ACCEPT' ) {
|
||||
my $variable = get_interface_addresses $interface;
|
||||
add_command $chainref, "for address in $variable; do";
|
||||
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3";
|
||||
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3";
|
||||
add_command $chainref, 'done';
|
||||
add_commands( $chainref,
|
||||
"for address in $variable; do",
|
||||
" echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3",
|
||||
" echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3",
|
||||
'done' );
|
||||
}
|
||||
|
||||
add_file $chainref, 'maclog';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user