mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Allow independent setting of ipv4 and ipv6 src/dst
This commit is contained in:
parent
ed8e75ece3
commit
62a969547a
130
sbin/firehol.in
130
sbin/firehol.in
@ -4142,16 +4142,16 @@ rule() {
|
||||
local mac=any
|
||||
local macnot=
|
||||
|
||||
local src4=any
|
||||
local src4=default
|
||||
local src4not=
|
||||
|
||||
local dst4=any
|
||||
local dst4=default
|
||||
local dst4not=
|
||||
|
||||
local src6=any
|
||||
local src6=default
|
||||
local src6not=
|
||||
|
||||
local dst6=any
|
||||
local dst6=default
|
||||
local dst6not=
|
||||
|
||||
local srctype=
|
||||
@ -4389,69 +4389,137 @@ rule() {
|
||||
shift
|
||||
;;
|
||||
|
||||
src|SRC|source|SOURCE)
|
||||
src|SRC|source|SOURCE|src4|src6)
|
||||
if [ "${1}" = "src4" ]
|
||||
then
|
||||
push_namespace ipv4
|
||||
elif [ "${1}" = "src6" ]
|
||||
then
|
||||
push_namespace ipv6
|
||||
else
|
||||
push_namespace "${FIREHOL_NS_CURR}"
|
||||
fi
|
||||
shift
|
||||
if [ ${reverse} -eq 0 ]
|
||||
then
|
||||
if running_ipv4; then
|
||||
src4not=
|
||||
fi
|
||||
if running_ipv6; then
|
||||
src6not=
|
||||
fi
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
then
|
||||
shift
|
||||
if running_ipv4; then
|
||||
src4not="!"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
src6not="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "any" && softwarning "Overwritting param: src4 '${src4}' becomes '${1}'"
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "any" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
fi
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src4 '${src4}' becomes '${1}'"
|
||||
src4="${1}"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
src6="${1}"
|
||||
fi
|
||||
else
|
||||
if running_ipv4; then
|
||||
dst4not=
|
||||
fi
|
||||
if running_ipv6; then
|
||||
dst6not=
|
||||
fi
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
then
|
||||
shift
|
||||
if running_ipv4; then
|
||||
dst4not="!"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
dst6not="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "any" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "any" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
fi
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
dst4="${1}"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
dst6="${1}"
|
||||
fi
|
||||
fi
|
||||
pop_namespace
|
||||
shift
|
||||
;;
|
||||
|
||||
dst|DST|destination|DESTINATION)
|
||||
if [ "${1}" = "dst4" ]
|
||||
then
|
||||
push_namespace ipv4
|
||||
elif [ "${1}" = "dst6" ]
|
||||
then
|
||||
push_namespace ipv6
|
||||
else
|
||||
push_namespace "${FIREHOL_NS_CURR}"
|
||||
fi
|
||||
shift
|
||||
if [ ${reverse} -eq 0 ]
|
||||
then
|
||||
if running_ipv4; then
|
||||
dst4not=
|
||||
fi
|
||||
if running_ipv6; then
|
||||
dst6not=
|
||||
fi
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
then
|
||||
shift
|
||||
if running_ipv4; then
|
||||
dst4not="!"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
dst6not="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "any" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "any" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
fi
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
dst4="${1}"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
dst6="${1}"
|
||||
fi
|
||||
else
|
||||
if running_ipv4; then
|
||||
src4not=
|
||||
fi
|
||||
if running_ipv6; then
|
||||
src6not=
|
||||
fi
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
then
|
||||
shift
|
||||
if running_ipv4; then
|
||||
src4not="!"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
src6not="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "any" && softwarning "Overwritting param: src6 '${src4}' becomes '${1}'"
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "any" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
fi
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src6 '${src4}' becomes '${1}'"
|
||||
src4="${1}"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
src6="${1}"
|
||||
fi
|
||||
fi
|
||||
pop_namespace
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5036,18 +5104,48 @@ rule() {
|
||||
test -z "${sid}" && error "Cannot accept an empty 'sid'." && return 1
|
||||
test -z "${cmd}" && error "Cannot accept an empty 'cmd'." && return 1
|
||||
|
||||
local srcnot=
|
||||
local dstnot=
|
||||
if running_both; then
|
||||
if [ "${src4not}" != "${src6not}" ]
|
||||
then
|
||||
error "Mixed use of 'not' with src4 and src6." && return 1
|
||||
fi
|
||||
local srcnot="${src4not}"
|
||||
|
||||
if [ "${dst4not}" != "${dst6not}" ]
|
||||
then
|
||||
error "Mixed use of 'not' with dst4 and dst6." && return 1
|
||||
fi
|
||||
local dstnot="${dst4not}"
|
||||
if [ "${src4}" = "default" -a "${src6}" != "default" ]
|
||||
then
|
||||
error "Must specify src4 when specifying src6" && return 1
|
||||
fi
|
||||
|
||||
if [ "${dst4}" = "default" -a "${dst6}" != "default" ]
|
||||
then
|
||||
error "Must specify dst4 when specifying dst6" && return 1
|
||||
fi
|
||||
|
||||
if [ "${src6}" = "default" -a "${src4}" != "default" ]
|
||||
then
|
||||
error "Must specify src6 when specifying src4" && return 1
|
||||
fi
|
||||
|
||||
if [ "${dst6}" = "default" -a "${dst4}" != "default" ]
|
||||
then
|
||||
error "Must specify dst6 when specifying dst4" && return 1
|
||||
fi
|
||||
elif running_ipv6; then
|
||||
srcnot="${src6not}"
|
||||
dstnot="${dst6not}"
|
||||
else
|
||||
srcnot="${src4not}"
|
||||
dstnot="${dst4not}"
|
||||
fi
|
||||
|
||||
test "${src4}" = "default" && src4="any"
|
||||
test "${dst4}" = "default" && dst4="any"
|
||||
test "${src6}" = "default" && src6="any"
|
||||
test "${dst6}" = "default" && dst6="any"
|
||||
|
||||
# ----------------------------------------------------------------------------------
|
||||
# Do we have negative contitions?
|
||||
|
Loading…
Reference in New Issue
Block a user