Re: [Shorewall-devel] [Shorewall-users] Macro files bug

Sun, 28 Oct 2007 07:31:54 -0800 

Andrew Suffield wrote:

> I want an interface of the form:
> 
> my $name = 'knock' . ++$i;
> my $chainref = new_manual_chain($name);
> shorewall "$name $src $dest";
> add_rule($chainref, ...);
> 
> which tells shorewall "I'm going to populate this chain myself; please
> create it and insert a rule that jumps to it, like for an action, but
> otherwise leave it alone". If I understand the code correctly, this
> should be a simple variation on the theme of the ($actiontype &
> ACTION) bits of process_rule1, that just avoids triggering
> Shorewall::Action.

Patch attached.

Thanks, Andrew.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Index: Shorewall/Chains.pm
===================================================================
--- Shorewall/Chains.pm	(revision 7555)
+++ Shorewall/Chains.pm	(working copy)
@@ -82,6 +82,7 @@
 		  ensure_mangle_chain
 		  new_standard_chain
 		  new_builtin_chain
+		  new_manual_chain
 		  initialize_chain_table
 		  finish_section
 		  setup_zone_mss
@@ -187,6 +188,7 @@
 	       MACRO    => 128,            #A Macro
 	       LOGRULE  => 256,            #'LOG'
 	       NFQ      => 512,            #'NFQUEUE'
+	       CHAIN    => 1024,           #Manual Chain
 	   };
 
 our %targets;
@@ -678,6 +680,13 @@
     $chainref;
 }
 
+sub new_manual_chain($) {
+    my $chain = $_[0];
+    fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
+    $targets{$chain} = CHAIN;
+    ensure_filter_chain( $chain, 0);
+}
+
 #
 # Add all builtin chains to the chain table
 #
Index: Shorewall/Config.pm
===================================================================
--- Shorewall/Config.pm	(revision 7555)
+++ Shorewall/Config.pm	(working copy)
@@ -859,8 +859,6 @@
 	fatal_error "Unable to create temporary file in directory $dir" if $@;
     }
 
-    chomp $_[-1];
-
     print $scriptfile "@_\n";
 }

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to