On 04/17/2013 01:20 AM, Dash Four wrote: ernal rule representation. >> > So much for "When multiple matches are specified, the compiler will keep > them in the order in which they appear" then. I take it this cannot be > corrected and you can't leave the order as specified after the ";" bit? > If that is indeed the case, then this new feature would be next to > useless to me.
Patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index f2cd69f..33207ba 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -834,8 +834,9 @@ sub set_rule_option( $$$ ) {
}
} else {
$ruleref->{$option} = $value;
- push @{$ruleref->{matches}}, $option;
}
+
+ push @{$ruleref->{matches}}, $option;
}
sub transform_rule( $;\$ ) {
@@ -945,28 +946,38 @@ sub set_rule_target( $$$ ) {
sub format_option( $$ ) {
my ( $option, $value ) = @_;
- my $list = reftype $value ? $value : [ $value ];
+ assert( ! reftype $value );
my $rule = '';
- s/\s*$//, $rule .= join( ' ' , ' -m', $option, $_ ) for @$list;
+ $value =~ s/\s*$//;
+
+ $rule .= join( ' ' , ' -m', $option, $value );
$rule;
}
-sub debug() {
- return 1;
+#
+# And one that 'pops' an option value
+#
+sub pop_match( $$ ) {
+ my ( $ruleref, $option ) = @_;
+ my $value = $ruleref->{$option};
+
+ $value = shift @{$ruleref->{$option}} if reftype $value;
+
+ $value;
}
sub format_rule( $$;$ ) {
- my ( $chainref, $ruleref, $suppresshdr ) = @_;
-
- return $ruleref->{cmd} if exists $ruleref->{cmd};
+ my ( $chainref, $rulerefp, $suppresshdr ) = @_;
- debug if $chainref->{name} eq 'drct-net';
+ return $rulerefp->{cmd} if exists $rulerefp->{cmd};
my $rule = $suppresshdr ? '' : "-A $chainref->{name}";
+ my $ruleref = clone_rule( $rulerefp );
+
for ( @unique_options ) {
if ( exists $ruleref->{$_} ) {
my $value = $ruleref->{$_};
@@ -989,10 +1000,8 @@ sub format_rule( $$;$ ) {
$rule .= format_option( 'state', $ruleref->{state} );
}
- my %done;
-
for ( grep ! $opttype{$_}, @{$ruleref->{matches}} ) {
- $rule .= format_option( $_, $ruleref->{$_} ) unless $done{$_}++;
+ $rule .= format_option( $_, pop_match( $ruleref, $_ ) );
}
if ( $ruleref->{target} ) {
@@ -1327,8 +1336,9 @@ sub push_matches {
} else {
$ruleref->{$option} = $value;
$dont_optimize ||= $option =~ /^[piosd]$/ && $value =~ /^!/;
- push @{$ruleref->{matches}}, $option;
}
+
+ push @{$ruleref->{matches}}, $option;
}
DONT_OPTIMIZE if $dont_optimize;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
