From fc28f2f2be31e1a08d3cf4e4e7fb2a3866cebdc3 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 26 Sep 2004 22:59:42 +0000 Subject: [PATCH] Split addrule into two functions git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1652 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/firewall | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 1b7b0c311..6a4c4afdc 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -293,6 +293,12 @@ ensurechain1() # $1 = chain name # Add a rule to a chain creating the chain if necessary # addrule() # $1 = chain name, remainder of arguments specify the rule +{ + ensurechain $1 + run_iptables -A $@ +} + +addrule2() # $1 = chain name, remainder of arguments specify the rule { ensurechain $1 run_iptables2 -A $@ @@ -1558,8 +1564,8 @@ setup_tunnels() # $1 = name of tunnels file [ $kind = IPSEC ] && kind=ipsec options="-m state --state NEW -j ACCEPT" - addrule $inchain -p 50 $(source_ip_range $1) -j ACCEPT - addrule $outchain -p 50 $(dest_ip_range $1) -j ACCEPT + addrule2 $inchain -p 50 $(source_ip_range $1) -j ACCEPT + addrule2 $outchain -p 50 $(dest_ip_range $1) -j ACCEPT if [ -z "$noah" ]; then run_iptables -A $inchain -p 51 $(source_ip_range $1) -j ACCEPT run_iptables -A $outchain -p 51 $(dest_ip_range $1) -j ACCEPT @@ -1593,26 +1599,26 @@ setup_tunnels() # $1 = name of tunnels file setup_one_other() # $1 = TYPE, $2 = gateway, $3 = protocol { - addrule $inchain -p $3 $(source_ip_range $2) -j ACCEPT - addrule $outchain -p $3 $(dest_ip_range $2) -j ACCEPT + addrule2 $inchain -p $3 $(source_ip_range $2) -j ACCEPT + addrule2 $outchain -p $3 $(dest_ip_range $2) -j ACCEPT progress_message " $1 tunnel to $2 defined." } setup_pptp_client() # $1 = gateway { - addrule $outchain -p 47 $(dest_ip_range $1) -j ACCEPT - addrule $inchain -p 47 -j ACCEPT - addrule $outchain -p tcp --dport 1723 $(dest_ip_range $1) -j ACCEPT + addrule2 $outchain -p 47 $(dest_ip_range $1) -j ACCEPT + addrule2 $inchain -p 47 $(source_ip_range $1) -j ACCEPT + addrule2 $outchain -p tcp --dport 1723 $(dest_ip_range $1) -j ACCEPT progress_message " PPTP tunnel to $1 defined." } setup_pptp_server() # $1 = gateway { - addrule $inchain -p 47 -s $1 -j ACCEPT - addrule $outchain -p 47 -d $1 -j ACCEPT - addrule $inchain -p tcp --dport 1723 -s $1 -j ACCEPT + addrule2 $inchain -p 47 $(source_ip_range $1) -j ACCEPT + addrule2 $outchain -p 47 $(dest_ip_range $1) -j ACCEPT + addrule2 $inchain -p tcp --dport 1723 $(source_ip_range $1) -j ACCEPT progress_message " PPTP server defined." } @@ -1628,8 +1634,8 @@ setup_tunnels() # $1 = name of tunnels file ;; esac - addrule $inchain -p udp $(source_ip_range $1) --dport $p -j ACCEPT - addrule $outchain -p udp $(dest_ip_range $1) --dport $p -j ACCEPT + addrule2 $inchain -p udp $(source_ip_range $1) --dport $p -j ACCEPT + addrule2 $outchain -p udp $(dest_ip_range $1) --dport $p -j ACCEPT progress_message " OPENVPN tunnel to $1:$p defined." } @@ -1656,8 +1662,8 @@ setup_tunnels() # $1 = name of tunnels file p=${p:+--dport $p} - addrule $inchain -p $protocol $(source_ip_range $1) $p -j ACCEPT - addrule $outchain -p $protocol $(dest_ip_range $1) $p -j ACCEPT + addrule2 $inchain -p $protocol $(source_ip_range $1) $p -j ACCEPT + addrule2 $outchain -p $protocol $(dest_ip_range $1) $p -j ACCEPT for z in $(separate_list $3); do if validate_zone $z; then