X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=rules.c;h=eea872496e5e42c25d9116d8aa755637161b710f;hb=1f3cd50c62a909da3f3245284de473583440109a;hp=53268e29d3cebd7c5d36e3dce0cba1d188901afb;hpb=6b27a6665c288937eb5028063064e3350dcab545;p=oweals%2Ffirewall3.git

diff --git a/rules.c b/rules.c
index 53268e2..eea8724 100644
--- a/rules.c
+++ b/rules.c
@@ -32,11 +32,11 @@ const struct fw3_option fw3_rule_opts[] = {
 
 	FW3_LIST("proto",              protocol,  rule,     proto),
 
-	FW3_LIST("src_ip",             address,   rule,     ip_src),
+	FW3_LIST("src_ip",             network,   rule,     ip_src),
 	FW3_LIST("src_mac",            mac,       rule,     mac_src),
 	FW3_LIST("src_port",           port,      rule,     port_src),
 
-	FW3_LIST("dest_ip",            address,   rule,     ip_dest),
+	FW3_LIST("dest_ip",            network,   rule,     ip_dest),
 	FW3_LIST("dest_port",          port,      rule,     port_dest),
 
 	FW3_LIST("icmp_type",          icmptype,  rule,     icmp_type),
@@ -245,7 +245,13 @@ append_chain(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 		}
 
 		if (rule->dest.set && !rule->src.set)
-			snprintf(chain, sizeof(chain), "zone_%s_output", rule->dest.name);
+		{
+			if (rule->dest.any)
+				snprintf(chain, sizeof(chain), "delegate_output");
+			else
+				snprintf(chain, sizeof(chain), "zone_%s_output",
+				         rule->dest.name);
+		}
 	}
 
 	fw3_ipt_rule_append(r, chain);
@@ -287,9 +293,18 @@ static void set_target(struct fw3_ipt_rule *r, struct fw3_rule *rule)
 		fw3_ipt_rule_target(r, name);
 }
 
+static void
+set_comment(struct fw3_ipt_rule *r, const char *name, int num)
+{
+	if (name)
+		fw3_ipt_rule_comment(r, name);
+	else
+		fw3_ipt_rule_comment(r, "@rule[%u]", num);
+}
+
 static void
 print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
-           struct fw3_rule *rule, struct fw3_protocol *proto,
+           struct fw3_rule *rule, int num, struct fw3_protocol *proto,
            struct fw3_address *sip, struct fw3_address *dip,
            struct fw3_port *sport, struct fw3_port *dport,
            struct fw3_mac *mac, struct fw3_icmptype *icmptype)
@@ -319,7 +334,7 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	fw3_ipt_rule_mark(r, &rule->mark);
 	set_target(r, rule);
 	fw3_ipt_rule_extra(r, rule->extra);
-	fw3_ipt_rule_comment(r, rule->name);
+	set_comment(r, rule->name, num);
 	append_chain(r, rule);
 }
 
@@ -403,7 +418,7 @@ expand_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		fw3_foreach(dport, dports)
 		fw3_foreach(mac, &rule->mac_src)
 		fw3_foreach(icmptype, icmptypes)
-			print_rule(handle, state, rule, proto, sip, dip,
+			print_rule(handle, state, rule, num, proto, sip, dip,
 			           sport, dport, mac, icmptype);
 	}
 }