holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix NFQUEUE parsing and documentation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-05-29 18:19:35 -07:00
parent 29a0c92918
commit f227250959
3 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -475,28 +475,36 @@ sub process_default_action( $$$$ ) {
sub handle_nfqueue( $$ ) {
my ($params, $allow_bypass ) = @_;
my $action;
my ( $queue1, $queue2, $queuenum1, $queuenum2 );
require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules and Policies', '' );
my ( $queue, $bypass ) = split ',', $params;
$params = '' unless defined $params;
if ( $queue eq 'bypass' ) {
fatal_error "'bypass' is not allowed in this context" unless $allow_bypass;
fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass;
return 'NFQUEUE --queue-bypass';
}
my ( $queue, $bypass, $junk ) = split ',', $params;
my ( $queue1, $queue2 ) = split ':', $queue;
fatal_error "Invalid NFQUEUE parameter list" if defined $junk;
my $queuenum1 = numeric_value( $queue1 );
my $queuenum2;
if ( supplied $queue ) {
if ( $queue eq 'bypass' ) {
fatal_error "'bypass' is not allowed in this context" unless $allow_bypass;
fatal_error "Invalid NFQUEUE options (bypass,$bypass)" if supplied $bypass;
return 'NFQUEUE --queue-bypass';
}
fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
( $queue1, $queue2 ) = split ':', $queue;
if ( supplied $queue2 ) {
$queuenum2 = numeric_value( $queue2 );
$queuenum1 = numeric_value( $queue1 );
fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2;
fatal_error "Invalid NFQUEUE queue number ($queue1)" unless defined( $queuenum1) && $queuenum1 >= 0 && $queuenum1 <= 65535;
if ( supplied $queue2 ) {
$queuenum2 = numeric_value( $queue2 );
fatal_error "Invalid NFQUEUE queue number ($queue2)" unless defined( $queuenum2) && $queuenum2 >= 0 && $queuenum2 <= 65535 && $queuenum1 < $queuenum2;
}
} else {
$queuenum1 = 0;
}
if ( supplied $bypass ) {

2
Shorewall/manpages/shorewall-policy.xml
View File

@ -105,7 +105,7 @@
role="bold">REJECT</emphasis>|<emphasis
role="bold">CONTINUE</emphasis>|<emphasis
role="bold">QUEUE</emphasis>|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NONE</emphasis>}[<emphasis
role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
role="bold">None</emphasis>}]</term>

2
Shorewall6/manpages/shorewall6-policy.xml
View File

@ -105,7 +105,7 @@
role="bold">REJECT</emphasis>|<emphasis
role="bold">CONTINUE</emphasis>|<emphasis
role="bold">QUEUE</emphasis>|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[,<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NFQUEUE</emphasis>[(<emphasis>queuenumber1</emphasis>[:<replaceable>queuenumber2</replaceable>])]|<emphasis
role="bold">NONE</emphasis>}[<emphasis
role="bold">:</emphasis>{<emphasis>default-action-or-macro</emphasis>[:level]|<emphasis
role="bold">None</emphasis>}]</term>