Re: [Shorewall-devel] Shorewall 4.5.16 Beta 6

Mon, 22 Apr 2013 18:28:37 -0700 


Tom Eastep wrote:

On 4/22/13 5:07 PM, "Dash Four" <[email protected]> wrote:


  

Anyway, I've just implemented individual "!" in the NFACCT statement by
hacking your Accounting.pm - I can attach a small patch for
review/inclusion if you are interested, but be aware that it does change
the syntax slightly in a sense that "!" needs to be specified for each
object within NFACCT() - "NFACCT(...)!" is no longer allowed.

    


Sure -- send it along.

  

Attached - the above caveat applies though.


--- a/Perl/Shorewall/Accounting.pm      2013-04-20 16:15:44.000000000 +0100
+++ b/Perl/Shorewall/Accounting.pm      2013-04-23 01:01:30.899319449 +0100
@@ -138,6 +138,14 @@
     $asection = $newsect;
 }
 
+sub split_nfacct_list( $$;$ ) {
+    my ($list, $type, $origlist ) = @_;
+
+    fatal_error( "Invalid $type list (" . ( $origlist ? $origlist : $list ) . 
')' ) if $list =~ /^,|,$|,,$/;
+
+    split /,/, $list;
+}
+
 #
 # Accounting
 #
@@ -223,14 +231,20 @@
            }
        } elsif ( $action =~ /^NFLOG/ ) {
            $target = validate_level $action;
-       } elsif ( $action =~ /^NFACCT\(([\w,]+)\)(!)?$/ ) {
+       } elsif ( $action =~ /^NFACCT\(([\w,!]+)\)$/ ) {
            require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
            $target = '';
-           my @objects = split_list $1, 'nfacct';
+           my @objects = split_nfacct_list $1, 'nfacct';
+           for ( @objects ) {
+              if ( $_ =~ /^([\w]+)(!)?$/ ) {
            if ( $2 ) {
-               $prerule .= "-m nfacct --nfacct-name $_ " for @objects;
+                  $prerule .= "-m nfacct --nfacct-name $1 ";
            } else {
-               $rule .= "-m nfacct --nfacct-name $_ " for @objects;
+                  $rule .= "-m nfacct --nfacct-name $1 ";
+                }
+              } else {
+               accounting_error;
+              }
            }
        } elsif ( $action eq 'INLINE' ) {
            $rule .= get_inline_matches;


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel























					Reply via email to