sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-28 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow independent setting of ipv4 and ipv6 src/dst

Browse Source
This commit is contained in:
Phil Whineray 2013-11-10 12:40:28 +00:00
parent ed8e75ece3
commit 62a969547a
1 changed files with 146 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
sbin/firehol.in
View File

@ -4142,16 +4142,16 @@ rule() {
local mac=any
local macnot=
local src4=any
local src4=default
local src4not=
local dst4=any
local dst4=default
local dst4not=
local src6=any
local src6=default
local src6not=
local dst6=any
local dst6=default
local dst6not=
local srctype=
@ -4389,69 +4389,137 @@ rule() {
shift
;;
src|SRC|source|SOURCE)
src|SRC|source|SOURCE|src4|src6)
if [ "${1}" = "src4" ]
then
push_namespace ipv4
elif [ "${1}" = "src6" ]
then
push_namespace ipv6
else
push_namespace "${FIREHOL_NS_CURR}"
fi
shift
if [ ${reverse} -eq 0 ]
then
src4not=
src6not=
if running_ipv4; then
src4not=
fi
if running_ipv6; then
src6not=
fi
if [ "${1}" = "not" -o "${1}" = "NOT" ]
then
shift
src4not="!"
src6not="!"
if running_ipv4; then
src4not="!"
fi
if running_ipv6; then
src6not="!"
fi
fi
if running_ipv4; then
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src4 '${src4}' becomes '${1}'"
src4="${1}"
fi
if running_ipv6; then
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
src6="${1}"
fi
test ${softwarnings} -eq 1 -a ! "${src4}" = "any" && softwarning "Overwritting param: src4 '${src4}' becomes '${1}'"
test ${softwarnings} -eq 1 -a ! "${src6}" = "any" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
src4="${1}"
src6="${1}"
else
dst4not=
dst6not=
if running_ipv4; then
dst4not=
fi
if running_ipv6; then
dst6not=
fi
if [ "${1}" = "not" -o "${1}" = "NOT" ]
then
shift
dst4not="!"
dst6not="!"
if running_ipv4; then
dst4not="!"
fi
if running_ipv6; then
dst6not="!"
fi
fi
if running_ipv4; then
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
dst4="${1}"
fi
if running_ipv6; then
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
dst6="${1}"
fi
test ${softwarnings} -eq 1 -a ! "${dst4}" = "any" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
test ${softwarnings} -eq 1 -a ! "${dst6}" = "any" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
dst4="${1}"
dst6="${1}"
fi
pop_namespace
shift
;;
dst|DST|destination|DESTINATION)
if [ "${1}" = "dst4" ]
then
push_namespace ipv4
elif [ "${1}" = "dst6" ]
then
push_namespace ipv6
else
push_namespace "${FIREHOL_NS_CURR}"
fi
shift
if [ ${reverse} -eq 0 ]
then
dst4not=
dst6not=
if running_ipv4; then
dst4not=
fi
if running_ipv6; then
dst6not=
fi
if [ "${1}" = "not" -o "${1}" = "NOT" ]
then
shift
dst4not="!"
dst6not="!"
if running_ipv4; then
dst4not="!"
fi
if running_ipv6; then
dst6not="!"
fi
fi
if running_ipv4; then
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
dst4="${1}"
fi
if running_ipv6; then
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
dst6="${1}"
fi
test ${softwarnings} -eq 1 -a ! "${dst4}" = "any" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
test ${softwarnings} -eq 1 -a ! "${dst6}" = "any" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
dst4="${1}"
dst6="${1}"
else
src4not=
src6not=
if running_ipv4; then
src4not=
fi
if running_ipv6; then
src6not=
fi
if [ "${1}" = "not" -o "${1}" = "NOT" ]
then
shift
src4not="!"
src6not="!"
if running_ipv4; then
src4not="!"
fi
if running_ipv6; then
src6not="!"
fi
fi
if running_ipv4; then
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src6 '${src4}' becomes '${1}'"
src4="${1}"
fi
if running_ipv6; then
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
src6="${1}"
fi
test ${softwarnings} -eq 1 -a ! "${src4}" = "any" && softwarning "Overwritting param: src6 '${src4}' becomes '${1}'"
test ${softwarnings} -eq 1 -a ! "${src6}" = "any" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
src4="${1}"
src6="${1}"
fi
pop_namespace
shift
;;
@ -5036,19 +5104,49 @@ rule() {
test -z "${sid}" && error "Cannot accept an empty 'sid'." && return 1
test -z "${cmd}" && error "Cannot accept an empty 'cmd'." && return 1
if [ "${src4not}" != "${src6not}" ]
then
error "Mixed use of 'not' with src4 and src6." && return 1
fi
local srcnot="${src4not}"
local srcnot=
local dstnot=
if running_both; then
if [ "${src4not}" != "${src6not}" ]
then
error "Mixed use of 'not' with src4 and src6." && return 1
fi
if [ "${dst4not}" != "${dst6not}" ]
then
error "Mixed use of 'not' with dst4 and dst6." && return 1
fi
if [ "${src4}" = "default" -a "${src6}" != "default" ]
then
error "Must specify src4 when specifying src6" && return 1
fi
if [ "${dst4not}" != "${dst6not}" ]
then
error "Mixed use of 'not' with dst4 and dst6." && return 1
if [ "${dst4}" = "default" -a "${dst6}" != "default" ]
then
error "Must specify dst4 when specifying dst6" && return 1
fi
if [ "${src6}" = "default" -a "${src4}" != "default" ]
then
error "Must specify src6 when specifying src4" && return 1
fi
if [ "${dst6}" = "default" -a "${dst4}" != "default" ]
then
error "Must specify dst6 when specifying dst4" && return 1
fi
elif running_ipv6; then
srcnot="${src6not}"
dstnot="${dst6not}"
else
srcnot="${src4not}"
dstnot="${dst4not}"
fi
local dstnot="${dst4not}"
test "${src4}" = "default" && src4="any"
test "${dst4}" = "default" && dst4="any"
test "${src6}" = "default" && src6="any"
test "${dst6}" = "default" && dst6="any"
# ----------------------------------------------------------------------------------
# Do we have negative contitions?
# If yes, we have to: