holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Deprecate 'all[+]-'

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2019-01-23 12:28:25 -08:00
parent ef11ae834d
commit edc9e25f25
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -292,6 +292,8 @@ our $mangle;
our $sticky; our $sticky;
our $excludefw;
our $divertref; # DIVERT chain our $divertref; # DIVERT chain
our %validstates = ( NEW => 0, our %validstates = ( NEW => 0,
@ -365,6 +367,10 @@ sub initialize( $ ) {
# #
%actions = (); %actions = ();
# #
# Count of 'all[+]=' encountered
#
$excludefw = 0;
#
# Action variants actually used. Key is <action>:<loglevel>:<tag>:<caller>:<params>; value is corresponding chain name # Action variants actually used. Key is <action>:<loglevel>:<tag>:<caller>:<params>; value is corresponding chain name
# #
%usedactions = (); %usedactions = ();
@ -3689,6 +3695,7 @@ sub next_section() {
# #
sub build_zone_list( $$$\$\$ ) { sub build_zone_list( $$$\$\$ ) {
my ($fw, $input, $which, $intrazoneref, $wildref ) = @_; my ($fw, $input, $which, $intrazoneref, $wildref ) = @_;
my $original_input = $input;
my $any = ( $input =~ s/^any/all/ ); my $any = ( $input =~ s/^any/all/ );
my $exclude; my $exclude;
my $rest; my $rest;
@ -3717,9 +3724,25 @@ sub build_zone_list( $$$\$\$ ) {
if ( $input eq 'all+' ) { if ( $input eq 'all+' ) {
$$intrazoneref = 1; $$intrazoneref = 1;
} elsif ( ( $input eq 'all+-' ) || ( $input eq 'all-+' ) ) { } elsif ( ( $input eq 'all+-' ) || ( $input eq 'all-+' ) ) {
unless ( $excludefw++ ) {
if ( $any ) {
warning message "$original_input is deprecated in favor of 'any+!\$FW'";
} else {
warning message "$original_input is deprecated in favor of 'all+!\$FW'";
}
}
$$intrazoneref = 1; $$intrazoneref = 1;
$exclude{$fw} = 1; $exclude{$fw} = 1;
} elsif ( $input eq 'all-' ) { } elsif ( $input eq 'all-' ) {
unless ( $excludefw++ ) {
if ( $any ) {
warning message "any- is deprecated in favor of 'any!\$FW'";
} else {
warning message "all- is deprecated in favor of 'all!\$FW'" unless $excludefw++;
}
}
$exclude{$fw} = 1; $exclude{$fw} = 1;
} else { } else {
fatal_error "Invalid $which ($input)"; fatal_error "Invalid $which ($input)";

6
Shorewall/manpages/shorewall-rules.xml
View File

@ -1259,11 +1259,11 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>all+!dmz</term> <term>all+!$FW</term>
<listitem> <listitem>
<para>All but the <emphasis role="bold">dmz</emphasis> zone <para>All but the firewall zone and applies to intrazone
and applies to intrazone traffic.</para> traffic.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>