From: Jo-Philipp Wich Date: Sun, 10 Mar 2013 19:09:16 +0000 (+0100) Subject: Introduce new enum values for zone src policies and map src policy to dst_flags bitfi... X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=commitdiff_plain;h=0b61c395fc64cbc6d3550d80410a26aa49f1681c Introduce new enum values for zone src policies and map src policy to dst_flags bitfield, making the src_flags bitfield unnecessary --- diff --git a/options.c b/options.c index 6c5e2cf..344d33d 100644 --- a/options.c +++ b/options.c @@ -55,6 +55,10 @@ const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1] = { "NOTRACK", "DNAT", "SNAT", + + "ACCEPT", + "REJECT", + "DROP", }; static const char *limit_units[] = { diff --git a/options.h b/options.h index c4d94d2..202cd06 100644 --- a/options.h +++ b/options.h @@ -70,17 +70,20 @@ enum fw3_target FW3_TARGET_NOTRACK = 9, FW3_TARGET_DNAT = 10, FW3_TARGET_SNAT = 11, - FW3_TARGET_CUSTOM_CNS_V4 = 12, - FW3_TARGET_CUSTOM_CNS_V6 = 13, + FW3_TARGET_SRC_ACCEPT = 12, + FW3_TARGET_SRC_REJECT = 13, + FW3_TARGET_SRC_DROP = 14, + FW3_TARGET_CUSTOM_CNS_V4 = 15, + FW3_TARGET_CUSTOM_CNS_V6 = 16, }; enum fw3_default { FW3_DEFAULT_UNSPEC = 0, - FW3_DEFAULT_CUSTOM_CHAINS = 14, - FW3_DEFAULT_SYN_FLOOD = 15, - FW3_DEFAULT_MTU_FIX = 16, - FW3_DEFAULT_DROP_INVALID = 17, + FW3_DEFAULT_CUSTOM_CHAINS = 17, + FW3_DEFAULT_SYN_FLOOD = 18, + FW3_DEFAULT_MTU_FIX = 19, + FW3_DEFAULT_DROP_INVALID = 20, }; extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1]; diff --git a/zones.c b/zones.c index 86f7948..e3ec4ab 100644 --- a/zones.c +++ b/zones.c @@ -35,9 +35,9 @@ static const struct chain src_chains[] = { C(ANY, FILTER, UNSPEC, "zone_%1$s_output"), C(ANY, FILTER, UNSPEC, "zone_%1$s_forward"), - C(ANY, FILTER, ACCEPT, "zone_%1$s_src_ACCEPT"), - C(ANY, FILTER, REJECT, "zone_%1$s_src_REJECT"), - C(ANY, FILTER, DROP, "zone_%1$s_src_DROP"), + C(ANY, FILTER, SRC_ACCEPT, "zone_%1$s_src_ACCEPT"), + C(ANY, FILTER, SRC_REJECT, "zone_%1$s_src_REJECT"), + C(ANY, FILTER, SRC_DROP, "zone_%1$s_src_DROP"), }; static const struct chain dst_chains[] = { @@ -265,7 +265,7 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) setbit(zone->dst_flags, FW3_TARGET_DNAT); } - setbit(zone->src_flags, zone->policy_input); + setbit(zone->dst_flags, fw3_to_src_target(zone->policy_input)); setbit(zone->dst_flags, zone->policy_output); setbit(zone->dst_flags, zone->policy_forward); @@ -300,7 +300,7 @@ print_zone_chain(enum fw3_table table, enum fw3_family family, setbit(zone->dst_flags, FW3_TARGET_NOTRACK); s = print_chains(table, family, ":%s - [0:0]\n", zone->name, - zone->src_flags, + zone->dst_flags, src_chains, ARRAY_SIZE(src_chains)); d = print_chains(table, family, ":%s - [0:0]\n", zone->name, @@ -332,7 +332,7 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, { for (t = FW3_TARGET_ACCEPT; t <= FW3_TARGET_DROP; t++) { - if (hasbit(zone->src_flags, t)) + if (hasbit(zone->dst_flags, fw3_to_src_target(t))) { fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]); fw3_format_in_out(dev, NULL); @@ -474,7 +474,7 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, { for (t = FW3_TARGET_REJECT; t <= FW3_TARGET_DROP; t++) { - if (hasbit(zone->src_flags, t)) + if (hasbit(zone->dst_flags, fw3_to_src_target(t))) { fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]); fw3_format_limit(&zone->log_limit); @@ -555,7 +555,7 @@ fw3_flush_zones(enum fw3_table table, enum fw3_family family, continue; print_chains(table, family, pass2 ? "-X %s\n" : "-F %s\n", - z->name, z->running_src_flags, + z->name, z->running_dst_flags, src_chains, ARRAY_SIZE(src_chains)); print_chains(table, family, pass2 ? "-X %s\n" : "-F %s\n", diff --git a/zones.h b/zones.h index be331df..7fd8e4c 100644 --- a/zones.h +++ b/zones.h @@ -39,6 +39,9 @@ void fw3_flush_zones(enum fw3_table table, enum fw3_family family, struct fw3_zone * fw3_lookup_zone(struct fw3_state *state, const char *name, bool running); +#define fw3_to_src_target(t) \ + (FW3_TARGET_SRC_ACCEPT - FW3_TARGET_ACCEPT + t) + #define fw3_free_zone(zone) \ fw3_free_object(zone, fw3_zone_opts)