introduce support for enabled option in zones, forwards, rules, redirects, ipsets...

diff --git a/forwards.c b/forwards.c
index e01f126..158ccbf 100644 (file)
--- a/forwards.c
+++ b/forwards.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_forward_opts[] = {
 
 
 const struct fw3_option fw3_forward_opts[] = {

+       FW3_OPT("enabled",             bool,     forward,     enabled),
+

        FW3_OPT("name",                string,   forward,     name),
        FW3_OPT("family",              family,   forward,     family),
 
        FW3_OPT("name",                string,   forward,     name),
        FW3_OPT("family",              family,   forward,     family),
 


@@ -53,8 +55,16 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
 
                memset(forward, 0, sizeof(*forward));
 
 
                memset(forward, 0, sizeof(*forward));
 

+               forward->enabled = true;
+

                fw3_parse_options(forward, fw3_forward_opts, s);
 
                fw3_parse_options(forward, fw3_forward_opts, s);
 

+               if (!forward->enabled)
+               {
+                       fw3_free_forward(forward);
+                       continue;
+               }
+

                if (forward->src.invert || forward->dest.invert)
                {
                        warn_elem(e, "must not have inverted 'src' or 'dest' options");
                if (forward->src.invert || forward->dest.invert)
                {
                        warn_elem(e, "must not have inverted 'src' or 'dest' options");

diff --git a/includes.c b/includes.c
index 40995ca..4221def 100644 (file)
--- a/includes.c
+++ b/includes.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_include_opts[] = {
 
 
 const struct fw3_option fw3_include_opts[] = {

+       FW3_OPT("enabled",             bool,           include,     enabled),
+

        FW3_OPT("path",                string,         include,     path),
        FW3_OPT("type",                include_type,   include,     type),
        FW3_OPT("family",              family,         include,     family),
        FW3_OPT("path",                string,         include,     path),
        FW3_OPT("type",                include_type,   include,     type),
        FW3_OPT("family",              family,         include,     family),


@@ -50,10 +52,18 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p)
                        continue;
 
                memset(include, 0, sizeof(*include));
                        continue;
 
                memset(include, 0, sizeof(*include));

+

                include->name = e->name;
                include->name = e->name;

+               include->enabled = true;

 
                fw3_parse_options(include, fw3_include_opts, s);
 
 
                fw3_parse_options(include, fw3_include_opts, s);
 

+               if (!include->enabled)
+               {
+                       fw3_free_include(include);
+                       continue;
+               }
+

                if (!include->path)
                {
                        warn_elem(e, "must specify a path");
                if (!include->path)
                {
                        warn_elem(e, "must specify a path");

diff --git a/ipsets.c b/ipsets.c
index a720172..62877c8 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_ipset_opts[] = {
 
 
 const struct fw3_option fw3_ipset_opts[] = {

+       FW3_OPT("enabled",       bool,           ipset,     enabled),
+

        FW3_OPT("name",          string,         ipset,     name),
        FW3_OPT("family",        family,         ipset,     family),
 
        FW3_OPT("name",          string,         ipset,     name),
        FW3_OPT("family",        family,         ipset,     family),
 

diff --git a/options.h b/options.h
index 96afcd2..2af443b 100644 (file)
--- a/options.h
+++ b/options.h
@@ -245,6 +245,7 @@ struct fw3_zone
        struct list_head list;
        struct list_head running_list;
 
        struct list_head list;
        struct list_head running_list;
 

+       bool enabled;

        const char *name;
 
        enum fw3_family family;
        const char *name;
 
        enum fw3_family family;


@@ -280,6 +281,7 @@ struct fw3_rule
 {
        struct list_head list;
 
 {
        struct list_head list;
 

+       bool enabled;

        const char *name;
 
        enum fw3_family family;
        const char *name;
 
        enum fw3_family family;


@@ -316,6 +318,7 @@ struct fw3_redirect
 {
        struct list_head list;
 
 {
        struct list_head list;
 

+       bool enabled;

        const char *name;
 
        enum fw3_family family;
        const char *name;
 
        enum fw3_family family;


@@ -354,6 +357,7 @@ struct fw3_forward
 {
        struct list_head list;
 
 {
        struct list_head list;
 

+       bool enabled;

        const char *name;
 
        enum fw3_family family;
        const char *name;
 
        enum fw3_family family;


@@ -370,6 +374,7 @@ struct fw3_ipset
        struct list_head list;
        struct list_head running_list;
 
        struct list_head list;
        struct list_head running_list;
 

+       bool enabled;

        const char *name;
        enum fw3_family family;
 
        const char *name;
        enum fw3_family family;
 


@@ -395,6 +400,7 @@ struct fw3_include
        struct list_head list;
        struct list_head running_list;
 
        struct list_head list;
        struct list_head running_list;
 

+       bool enabled;

        const char *name;
        enum fw3_family family;
 
        const char *name;
        enum fw3_family family;
 

diff --git a/redirects.c b/redirects.c
index 2aa6664..2acfabc 100644 (file)
--- a/redirects.c
+++ b/redirects.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_redirect_opts[] = {
 
 
 const struct fw3_option fw3_redirect_opts[] = {

+       FW3_OPT("enabled",             bool,      redirect,     enabled),
+

        FW3_OPT("name",                string,    redirect,     name),
        FW3_OPT("family",              family,    redirect,     family),
 
        FW3_OPT("name",                string,    redirect,     name),
        FW3_OPT("family",              family,    redirect,     family),
 


@@ -131,10 +133,17 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p)
                INIT_LIST_HEAD(&redir->proto);
                INIT_LIST_HEAD(&redir->mac_src);
 
                INIT_LIST_HEAD(&redir->proto);
                INIT_LIST_HEAD(&redir->mac_src);
 

+               redir->enabled = true;

                redir->reflection = true;
 
                fw3_parse_options(redir, fw3_redirect_opts, s);
 
                redir->reflection = true;
 
                fw3_parse_options(redir, fw3_redirect_opts, s);
 

+               if (!redir->enabled)
+               {
+                       fw3_free_redirect(redir);
+                       continue;
+               }
+

                if (redir->src.invert)
                {
                        warn_elem(e, "must not have an inverted source");
                if (redir->src.invert)
                {
                        warn_elem(e, "must not have an inverted source");

diff --git a/rules.c b/rules.c
index e733cd9..c3f03cf 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -20,6 +20,8 @@
 
 
 const struct fw3_option fw3_rule_opts[] = {
 
 
 const struct fw3_option fw3_rule_opts[] = {

+       FW3_OPT("enabled",             bool,      rule,     enabled),
+

        FW3_OPT("name",                string,    rule,     name),
        FW3_OPT("family",              family,    rule,     family),
 
        FW3_OPT("name",                string,    rule,     name),
        FW3_OPT("family",              family,    rule,     family),
 


@@ -91,8 +93,16 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p)
 
                INIT_LIST_HEAD(&rule->icmp_type);
 
 
                INIT_LIST_HEAD(&rule->icmp_type);
 

+               rule->enabled = true;
+

                fw3_parse_options(rule, fw3_rule_opts, s);
 
                fw3_parse_options(rule, fw3_rule_opts, s);
 

+               if (!rule->enabled)
+               {
+                       fw3_free_rule(rule);
+                       continue;
+               }
+

                if (rule->src.invert || rule->dest.invert)
                {
                        warn_elem(e, "must not have inverted 'src' or 'dest' options");
                if (rule->src.invert || rule->dest.invert)
                {
                        warn_elem(e, "must not have inverted 'src' or 'dest' options");

diff --git a/zones.c b/zones.c
index e6c88db..82b76b4 100644 (file)
--- a/zones.c
+++ b/zones.c
@@ -50,6 +50,8 @@ static const struct chain dst_chains[] = {
 };
 
 const struct fw3_option fw3_zone_opts[] = {
 };
 
 const struct fw3_option fw3_zone_opts[] = {

+       FW3_OPT("enabled",             bool,     zone,     enabled),
+

        FW3_OPT("name",                string,   zone,     name),
        FW3_OPT("family",              family,   zone,     family),
 
        FW3_OPT("name",                string,   zone,     name),
        FW3_OPT("family",              family,   zone,     family),
 


@@ -162,6 +164,7 @@ fw3_alloc_zone(void)
        INIT_LIST_HEAD(&zone->masq_src);
        INIT_LIST_HEAD(&zone->masq_dest);
 
        INIT_LIST_HEAD(&zone->masq_src);
        INIT_LIST_HEAD(&zone->masq_dest);
 

+       zone->enabled = true;

        zone->log_limit.rate = 10;
 
        return zone;
        zone->log_limit.rate = 10;
 
        return zone;


@@ -191,6 +194,12 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p)
 
                fw3_parse_options(zone, fw3_zone_opts, s);
 
 
                fw3_parse_options(zone, fw3_zone_opts, s);
 

+               if (!zone->enabled)
+               {
+                       fw3_free_zone(zone);
+                       continue;
+               }
+

                if (!zone->extra_dest)
                        zone->extra_dest = zone->extra_src;
 
                if (!zone->extra_dest)
                        zone->extra_dest = zone->extra_src;