forked from extern/shorewall_code
Compare commits
6 Commits
5.0.3-Beta
...
5.0.3
| Author | SHA1 | Date | |
|---|---|---|---|
|
e7e62b951c | ||
|
|
7a6f975af4 | ||
|
|
1a762c20da | ||
|
|
c9f57ad9c9 | ||
|
|
694dc64900 | ||
|
|
54b6488113 |
@@ -6242,7 +6242,7 @@ sub log_rule_limit( $$$$$$$$ ) {
|
|||||||
if ( $tag =~ /^,/ ) {
|
if ( $tag =~ /^,/ ) {
|
||||||
( $disposition = $tag ) =~ s/,//;
|
( $disposition = $tag ) =~ s/,//;
|
||||||
} elsif ( $tag =~ /,/ ) {
|
} elsif ( $tag =~ /,/ ) {
|
||||||
( $chain, $disposition ) = split ',', $tag;
|
( $chain, $disposition ) = split ',', $tag, 2;
|
||||||
} else {
|
} else {
|
||||||
$chain = $tag;
|
$chain = $tag;
|
||||||
}
|
}
|
||||||
@@ -6336,7 +6336,7 @@ sub log_irule_limit( $$$$$$$@ ) {
|
|||||||
if ( $tag =~ /^,/ ) {
|
if ( $tag =~ /^,/ ) {
|
||||||
( $disposition = $tag ) =~ s/,//;
|
( $disposition = $tag ) =~ s/,//;
|
||||||
} elsif ( $tag =~ /,/ ) {
|
} elsif ( $tag =~ /,/ ) {
|
||||||
( $chain, $disposition ) = split ',', $tag;
|
( $chain, $disposition ) = split ',', $tag, 2;
|
||||||
} else {
|
} else {
|
||||||
$chain = $tag;
|
$chain = $tag;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2477,13 +2477,21 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
$actiontype |= HELPER;
|
$actiontype |= HELPER;
|
||||||
} elsif ( $actiontype & SET ) {
|
} elsif ( $actiontype & SET ) {
|
||||||
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
|
||||||
|
my ( $setname, $flags, $timeout, $rest ) = split ':', $param, 4;
|
||||||
|
|
||||||
my ( $setname, $flags, $rest ) = split ':', $param, 3;
|
|
||||||
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
|
||||||
$setname =~ s/^\+//;
|
$setname =~ s/^\+//;
|
||||||
fatal_error "Expected ipset name ($setname)" unless $setname =~ /^(6_)?[a-zA-Z][-\w]*$/;
|
fatal_error "Expected ipset name ($setname)" unless $setname =~ /^(6_)?[a-zA-Z][-\w]*$/;
|
||||||
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
|
||||||
|
|
||||||
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
|
||||||
|
|
||||||
|
if ( supplied $timeout ) {
|
||||||
|
fatal_error "A timeout may only be supplied in an ADD rule" unless $basictarget eq 'ADD';
|
||||||
|
fatal_error "Invalid Timeout ($timeout)" unless $timeout && $timeout =~ /^\d+$/;
|
||||||
|
|
||||||
|
$action .= " --timeout $timeout";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -452,6 +452,16 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
DROP => {
|
||||||
|
defaultchain => 0,
|
||||||
|
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
||||||
|
minparams => 0,
|
||||||
|
maxparams => 0,
|
||||||
|
function => sub() {
|
||||||
|
$target = 'DROP';
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
DSCP => {
|
DSCP => {
|
||||||
defaultchain => 0,
|
defaultchain => 0,
|
||||||
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
||||||
|
|||||||
@@ -241,7 +241,7 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">ADD(<replaceable>ipset</replaceable>:<replaceable>flags</replaceable>)</emphasis></term>
|
role="bold">ADD(<replaceable>ipset</replaceable>:<replaceable>flags</replaceable>[:<replaceable>timeout</replaceable>])</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 4.4.12. Causes addresses and/or port
|
<para>Added in Shorewall 4.4.12. Causes addresses and/or port
|
||||||
@@ -256,6 +256,12 @@
|
|||||||
role="bold">dst</emphasis> respectively (see the -A command in
|
role="bold">dst</emphasis> respectively (see the -A command in
|
||||||
ipset (8)).</para>
|
ipset (8)).</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 5.0.3, an optional
|
||||||
|
<replaceable>timeout</replaceable> can be specified. This is
|
||||||
|
the number of seconds that the new entry in the ipset is to
|
||||||
|
remain valid and overrides any timeout specified when the
|
||||||
|
ipset was created.</para>
|
||||||
|
|
||||||
<para>ADD is non-terminating. Even if a packet matches the
|
<para>ADD is non-terminating. Even if a packet matches the
|
||||||
rule, it is passed on to the next rule.</para>
|
rule, it is passed on to the next rule.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|||||||
@@ -229,6 +229,12 @@
|
|||||||
role="bold">dst</emphasis> respectively (see the -A command in
|
role="bold">dst</emphasis> respectively (see the -A command in
|
||||||
ipset (8)).</para>
|
ipset (8)).</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 5.0.3, an optional
|
||||||
|
<replaceable>timeout</replaceable> can be specified. This is
|
||||||
|
the number of seconds that the new entry in the ipset is to
|
||||||
|
remain valid and overrides any timeout specified when the
|
||||||
|
ipset was created.</para>
|
||||||
|
|
||||||
<para>ADD is non-terminating. Even if a packet matches the
|
<para>ADD is non-terminating. Even if a packet matches the
|
||||||
rule, it is passed on to the next rule.</para>
|
rule, it is passed on to the next rule.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|||||||
Reference in New Issue
Block a user