holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix expand_rule() handling of PREROUTING_RESTRICTION

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9547 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-02-26 21:46:03 +00:00
parent f911165e65
commit f801c7cbfc
1 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Shorewall/Shorewall/Chains.pm
View File

@ -2273,36 +2273,40 @@ sub expand_rule( $$$$$$$$$$$ )
if ( $dest ) { if ( $dest ) {
if ( $dest eq '-' ) { if ( $dest eq '-' ) {
$dest = ''; $dest = '';
} elsif ( ( $restriction & PREROUTE_RESTRICT ) && $dest =~ /^detect:(.*)$/ ) { } elsif ( $restriction & PREROUTE_RESTRICT ) {
# if ( $dest =~ /^detect:(.*)$/ ) {
# DETECT_DNAT_IPADDRS=Yes and we're generating the nat rule #
# # DETECT_DNAT_IPADDRS=Yes and we're generating the nat rule
my @interfaces = split /\s+/, $1; #
my @interfaces = split /\s+/, $1;
if ( @interfaces > 1 ) { if ( @interfaces > 1 ) {
my $list = ""; my $list = "";
my $optional; my $optional;
for my $interface ( @interfaces ) {
$optional++ if interface_is_optional $interface;
$list = join( ' ', $list , get_interface_address( $interface ) );
}
for my $interface ( @interfaces ) { push_command( $chainref , "for address in $list; do" , 'done' );
$optional++ if interface_is_optional $interface;
$list = join( ' ', $list , get_interface_address( $interface ) ); push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional;
$rule .= '-d $address ';
} else {
my $interface = $interfaces[0];
my $variable = get_interface_address( $interface );
push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi') if interface_is_optional( $interface );
$rule .= "-d $variable ";
} }
push_command( $chainref , "for address in $list; do" , 'done' ); $dest = '';
push_command( $chainref , 'if [ $address != 0.0.0.0 ]; then' , 'fi' ) if $optional;
$rule .= '-d $address ';
} else { } else {
my $interface = $interfaces[0]; fatal_error "A DESTINATION interface may not be specified in this rule";
my $variable = get_interface_address( $interface );
push_command( $chainref , "if [ $variable != 0.0.0.0 ]; then" , 'fi') if interface_is_optional( $interface );
$rule .= "-d $variable ";
} }
$dest = '';
} elsif ( $family == F_IPV4 ) { } elsif ( $family == F_IPV4 ) {
if ( $dest =~ /^(.+?):(.+)$/ ) { if ( $dest =~ /^(.+?):(.+)$/ ) {
$diface = $1; $diface = $1;