diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-26 14:33:26 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-01-26 14:33:26 -0800 |
| commit | 032ed4f9bbb17c82fa618c0180e8009e25d44bae (patch) | |
| tree | 13901fff4a571910f808c1f6ef66b71a545b3c4e /lib/Vyatta/IpTables | |
| parent | cc26522cff83855f546c98a28acd8d31a2f4ca22 (diff) | |
| download | vyatta-cfg-firewall-032ed4f9bbb17c82fa618c0180e8009e25d44bae.tar.gz vyatta-cfg-firewall-032ed4f9bbb17c82fa618c0180e8009e25d44bae.zip | |
Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474
Diffstat (limited to 'lib/Vyatta/IpTables')
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index d55cf64..a7f1ebb 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -18,6 +18,7 @@ my %fields = ( }, _action => undef, _log => undef, + _tcp_flags => undef, _icmp_code => undef, _icmp_type => undef, _mod_mark => undef, @@ -65,6 +66,7 @@ my %dummy_rule = ( }, _action => "DROP", _log => undef, + _tcp_flags => undef, _icmp_code => undef, _icmp_type => undef, _mod_mark => undef, @@ -137,6 +139,7 @@ sub setup { $self->{_state}->{_invalid} = $config->returnValue("state invalid"); $self->{_action} = $config->returnValue("action"); $self->{_log} = $config->returnValue("log"); + $self->{_tcp_flags} = $config->returnValue("tcp flags"); $self->{_icmp_code} = $config->returnValue("icmp code"); $self->{_icmp_type} = $config->returnValue("icmp type"); $self->{_mod_mark} = $config->returnValue("modify mark"); @@ -197,6 +200,7 @@ sub setupOrig { $self->{_state}->{_invalid} = $config->returnOrigValue("state invalid"); $self->{_action} = $config->returnOrigValue("action"); $self->{_log} = $config->returnOrigValue("log"); + $self->{_tcp_flags} = $config->returnOrigValue("tcp flags"); $self->{_icmp_code} = $config->returnOrigValue("icmp code"); $self->{_icmp_type} = $config->returnOrigValue("icmp type"); $self->{_mod_mark} = $config->returnOrigValue("modify mark"); @@ -337,6 +341,19 @@ sub rule { $rule .= "-m state --state $state_str "; } + # set tcp flags if applicable + my $tcp_flags = undef; + if (defined $self->{_tcp_flags}) { + if (($self->{_protocol} eq "tcp") || ($self->{_protocol} eq "6")) { + $tcp_flags = get_tcp_flags_string($self->{_tcp_flags}); + } else { + return ("TCP flags can only be set if protocol is set to TCP", ); + } + } + if (defined($tcp_flags)) { + $rule .= " -m tcp --tcp-flags $tcp_flags "; + } + # set the icmp code and type if applicable if (($self->{_protocol} eq "icmp") || ($self->{_protocol} eq "1")) { if (defined $self->{_icmp_type}) { @@ -619,6 +636,28 @@ Date should use yyyy-mm-dd format and lie in between 1970-01-01 and 2038-01-19") return (""); } +sub get_tcp_flags_string { + + my $string = shift; + my @list_of_flags = (); # list of tcp flags to be examined + my @list_of_set_flags = (); # list of flags which must be set + + my @string_list = split(/,/, $string); + while(@string_list) { + if (!grep(/!/,$string_list[0])) { + push @list_of_flags, $string_list[0]; + push @list_of_set_flags, $string_list[0]; + } else { + $string_list[0] =~ s/!//g; + push @list_of_flags, $string_list[0]; + } + shift(@string_list); + } + + push @list_of_set_flags, 'NONE' if @list_of_set_flags == (); + return join(",",@list_of_flags) . " " . join(",",@list_of_set_flags); +} + 1; # Local Variables: |