holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More fixes for 'detect'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5571 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-18 21:57:39 +00:00
parent 092083379c
commit fedc99ecb6
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
New/Shorewall/Chains.pm
View File

@ -978,9 +978,11 @@ sub expand_rule( $$$$$$$$$$ )
# #
if ( $iiface ) { if ( $iiface ) {
fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface; fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface;
if ( $restriction == POSTROUTE_RESTRICT ) { if ( $restriction == POSTROUTE_RESTRICT ) {
add_command( $chainref , (' ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" ); add_command( $chainref , (' ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" );
add_command( $chainref , (' ' x $detectcount) . 'for source in $sources; do' ); add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$sourcess" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"") );
add_command( $chainref , (' ' x $detectcount) . 'for source in $sources; do' );
$rule .= '-s $source'; $rule .= '-s $source';
$detectcount++; $detectcount++;
} else { } else {
@ -1010,9 +1012,12 @@ sub expand_rule( $$$$$$$$$$ )
# #
if ( $diface ) { if ( $diface ) {
fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface; fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface;
if ( $restriction == PREROUTE_RESTRICT ) { if ( $restriction == PREROUTE_RESTRICT ) {
add_command( $chainref , (' ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" ); add_command( $chainref , (' ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" );
add_command( $chainref , (' ' x $detectcount) . 'for dest in $dests; do' ); add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"") );
add_command( $chainref , (' ' x $detectcount) . 'for dest in $dests; do' );
$rule .= '-d $dest'; $rule .= '-d $dest';
$detectcount++; $detectcount++;
} else { } else {
@ -1025,10 +1030,10 @@ sub expand_rule( $$$$$$$$$$ )
if ( $detectcount ) { if ( $detectcount ) {
my $newchainref = new_anon_chain( $chainref ); my $newchainref = new_anon_chain( $chainref );
add_command $chainref, (' ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}"); add_command $chainref, (' ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}");
while ( $detectcount-- ) { while ( $detectcount-- ) {
add_command( $chainref, (' ' x $detectcount) . 'done' ); add_command( $chainref, (' ' x $detectcount) . 'done' );
} }
$chainref = $newchainref; $chainref = $newchainref;