Correct use of $family in combined actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 16:52:16 -07:00 · 2017-03-13 16:52:16 -07:00 · fe29adbd66
commit fe29adbd66
parent 4dc6be6b3b
3 changed files with 21 additions and 18 deletions
--- a/Shorewall/Actions/action.Broadcast
+++ b/Shorewall/Actions/action.Broadcast
@ -31,22 +31,28 @@ DEFAULTS DROP,-
 ?if __ADDRTYPE
    @1	-	-	-	;; -m addrtype --dst-type BROADCAST
    @1	-	-	-	;; -m addrtype --dst-type ANYCAST
-?elseif __IPV4
+?else
    ?begin perl;

+    use strict;
    use Shorewall::IPAddrs;
    use Shorewall::Config;
    use Shorewall::Chains;

-    my ( $action )         = get_action_params( 1 );
+    my ( $action, $audit ) = get_action_params( 2 );
    my $chainref           = get_action_chain;
    my ( $level, $tag )    = get_action_logging;
+
+    fatal_error "Invalid parameter to action Broadcast" if supplied $audit && $audit ne 'audit';
+
    my $target             = require_audit ( $action , $audit );

-    if ( $family == F_IPv4 ) {
+    if ( $family == F_IPV4 ) {
        add_commands $chainref, 'for address in $ALL_BCASTS; do';
-    } else {
+    } elsif ($family == F_IPV6 ) {
        add_commands $chainref, 'for address in $ALL_ACASTS; do';
+    } else {
+        fatal_error "Internal error - \$family == $family";
    }

    incr_cmd_level $chainref;
--- a/Shorewall/Actions/action.Multicast
+++ b/Shorewall/Actions/action.Multicast
@ -33,25 +33,22 @@ DEFAULTS DROP,-
 ?else
    ?begin perl;

+    use strict;
    use Shorewall::IPAddrs;
    use Shorewall::Config;
    use Shorewall::Chains;

-    my ( $action )         = get_action_params( 1 );
+    my ( $action, $audit ) = get_action_params( 2 );
    my $chainref           = get_action_chain;
    my ( $level, $tag )    = get_action_logging;

-    fatal_error "Invalid parameter to action Broadcast"	  if supplied $audit && $audit ne 'audit';
+    fatal_error "Invalid parameter to action Multicast" if supplied $audit && $audit ne 'audit';

-    my $target		   = require_audit ( $action , $audit );
+    my $target = require_audit ( $action , $audit );
+    my $dest   = ( $family == F_IPV4 ) ? join( ' ', '-d', IPv4_MULTICAST . ' ' ) : join( ' ', '-d', IPv6_MULTICAST . ' ' );

-    if ( $family == F_IPv4 ) {
-        log_rule_limit $level, $chainref, 'Multicast' , $action, '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
-        add_jump $chainref, $action, 0, '-d 224.0.0.0/4 ';
-    } else {
-        log_rule_limit( $level, $chainref, 'Broadcast' , $action, '', $tag, 'add', join( ' ', '-d', IPv6_MULTICAST . ' ' ) )  if $level ne '';
-        add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
-    }
+    log_rule_limit( $level, $chainref, 'Multicast' , $action, '', $tag, 'add', $dest ) if $level ne '';
+    add_jump $chainref, $target, 0, $dest;

    1;

--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -86,6 +86,9 @@ our @EXPORT = qw(
 		 kernel_version

                 compiletime
+				       
+		 F_IPV4
+		 F_IPV6
                );

 our @EXPORT_OK = qw( $shorewall_dir initialize shorewall);
@ -196,9 +199,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script

                                       PARMSMODIFIED
                                       USEDCALLER
-				       
-		                       F_IPV4
-		                       F_IPV6

 				       TCP
 				       UDP
@ -748,7 +748,7 @@ sub initialize( $;$$) {
 		    TC_SCRIPT               => '',
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
-		    VERSION                 => "5.1.1-RC1",
+		    VERSION                 => "5.1.4-Beta1",
 		    CAPVERSION              => 50100 ,
 		    BLACKLIST_LOG_TAG       => '',
 		    RELATED_LOG_TAG         => '',