struct fw3_state *state)
{
struct fw3_defaults *defs = &state->defaults;
- const char *policy[] = {
- "(bug)",
- "ACCEPT",
- "DROP",
- "DROP",
- "(bug)",
- "(bug)",
- "(bug)",
- };
+
+#define policy(t) \
+ ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t])
if (table == FW3_TABLE_FILTER)
{
- fw3_pr(":INPUT %s [0:0]\n", policy[defs->policy_input]);
- fw3_pr(":FORWARD %s [0:0]\n", policy[defs->policy_forward]);
- fw3_pr(":OUTPUT %s [0:0]\n", policy[defs->policy_output]);
+ fw3_pr(":INPUT %s [0:0]\n", policy(defs->policy_input));
+ fw3_pr(":FORWARD %s [0:0]\n", policy(defs->policy_forward));
+ fw3_pr(":OUTPUT %s [0:0]\n", policy(defs->policy_output));
}
print_chains(table, family, ":%s - [0:0]\n", defs->flags,
"set",
};
- const char *families[] = {
- "(bug)",
- "inet",
- "inet6",
- };
-
if (ipset->external && *ipset->external)
return;
}
if (ipset->family != FW3_FAMILY_ANY)
- fw3_pr(" family %s", families[ipset->family]);
+ fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
if (ipset->timeout > 0)
fw3_pr(" timeout %u", ipset->timeout);
static bool print_rules = false;
static enum fw3_family use_family = FW3_FAMILY_ANY;
-static const char *families[] = {
- "(bug)",
- "IPv4",
- "IPv6",
-};
-
-static const char *tables[] = {
- "filter",
- "nat",
- "mangle",
- "raw",
-};
-
static struct fw3_state *
build_state(void)
static bool
restore_pipe(enum fw3_family family, bool silent)
{
- const char *cmd[] = {
- "(bug)",
- "iptables-restore",
- "ip6tables-restore",
- };
+ const char *cmd;
+
+ cmd = (family == FW3_FAMILY_V4) ? "iptables-restore" : "ip6tables-restore";
if (print_rules)
return fw3_stdout_pipe();
- if (!fw3_command_pipe(silent, cmd[family], "--lenient", "--noflush"))
+ if (!fw3_command_pipe(silent, cmd, "--lenient", "--noflush"))
{
- warn("Unable to execute %s", cmd[family]);
+ warn("Unable to execute %s", cmd);
return false;
}
if (!family_used(family) || !restore_pipe(family, true))
continue;
- info("Removing %s rules ...", families[family]);
+ info("Removing %s rules ...", fw3_flag_names[family]);
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, tables[table]))
+ if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
continue;
info(" * %sing %s table",
- complete ? "Flush" : "Clear", tables[table]);
+ complete ? "Flush" : "Clear", fw3_flag_names[table]);
- fw3_pr("*%s\n", tables[table]);
+ fw3_pr("*%s\n", fw3_flag_names[table]);
if (complete)
{
{
warn("The %s firewall appears to be started already. "
"If it is indeed empty, remove the %s file and retry.",
- families[family], FW3_STATEFILE);
+ fw3_flag_names[family], FW3_STATEFILE);
continue;
}
- info("Constructing %s rules ...", families[family]);
+ info("Constructing %s rules ...", fw3_flag_names[family]);
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
{
- if (!fw3_has_table(family == FW3_FAMILY_V6, tables[table]))
+ if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
continue;
- info(" * Populating %s table", tables[table]);
+ info(" * Populating %s table", fw3_flag_names[table]);
- fw3_pr("*%s\n", tables[table]);
+ fw3_pr("*%s\n", fw3_flag_names[table]);
fw3_print_default_chains(table, family, state);
fw3_print_zone_chains(table, family, state);
fw3_print_default_head_rules(table, family, state);
#include "options.h"
+const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1] = {
+ "filter",
+ "nat",
+ "mangle",
+ "raw",
+
+ "IPv4",
+ "IPv6",
+
+ "ACCEPT",
+ "REJECT",
+ "DROP",
+ "NOTRACK",
+ "DNAT",
+ "SNAT",
+};
+
bool
fw3_parse_bool(void *ptr, const char *val)
{
FW3_DEFAULT_DROP_INVALID = 15,
};
+extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
+
+
enum fw3_limit_unit
{
FW3_LIMIT_UNIT_SECOND = 0,
struct fw3_address *sub, bool disable_notrack)
{
enum fw3_target t;
- const char *targets[] = {
- "(bug)", "(bug)",
- "ACCEPT", "ACCEPT",
- "REJECT", "reject",
- "DROP", "DROP",
- };
+
+#define jump_target(t) \
+ ((t == FW3_TARGET_REJECT) ? "reject" : fw3_flag_names[t])
if (table == FW3_TABLE_FILTER)
{
{
if (hasbit(zone->src_flags, t))
{
- fw3_pr("-A zone_%s_src_%s", zone->name, targets[t*2]);
+ fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]);
fw3_format_in_out(dev, NULL);
fw3_format_src_dest(sub, NULL);
fw3_format_extra(zone->extra_src);
- fw3_pr(" -j %s\n", targets[t*2+1]);
+ fw3_pr(" -j %s\n", jump_target(t));
}
if (hasbit(zone->dst_flags, t))
{
- fw3_pr("-A zone_%s_dest_%s", zone->name, targets[t*2]);
+ fw3_pr("-A zone_%s_dest_%s", zone->name, fw3_flag_names[t]);
fw3_format_in_out(NULL, dev);
fw3_format_src_dest(NULL, sub);
fw3_format_extra(zone->extra_dest);
- fw3_pr(" -j %s\n", targets[t*2+1]);
+ fw3_pr(" -j %s\n", jump_target(t));
}
}
struct fw3_address *mdest;
enum fw3_target t;
- const char *targets[] = {
- "(bug)",
- "ACCEPT",
- "REJECT",
- "DROP",
- "(bug)",
- "(bug)",
- "(bug)",
- };
if (!fw3_is_family(zone, family))
return;
{
case FW3_TABLE_FILTER:
fw3_pr("-A zone_%s_input -j zone_%s_src_%s\n",
- zone->name, zone->name, targets[zone->policy_input]);
+ zone->name, zone->name, fw3_flag_names[zone->policy_input]);
fw3_pr("-A zone_%s_forward -j zone_%s_dest_%s\n",
- zone->name, zone->name, targets[zone->policy_forward]);
+ zone->name, zone->name, fw3_flag_names[zone->policy_forward]);
fw3_pr("-A zone_%s_output -j zone_%s_dest_%s\n",
- zone->name, zone->name, targets[zone->policy_output]);
+ zone->name, zone->name, fw3_flag_names[zone->policy_output]);
if (zone->log)
{
{
if (hasbit(zone->src_flags, t))
{
- fw3_pr("-A zone_%s_src_%s", zone->name, targets[t]);
+ fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]);
fw3_format_limit(&zone->log_limit);
fw3_pr(" -j LOG --log-prefix \"%s(src %s)\"\n",
- targets[t], zone->name);
+ fw3_flag_names[t], zone->name);
}
if (hasbit(zone->dst_flags, t))
{
- fw3_pr("-A zone_%s_dest_%s", zone->name, targets[t]);
+ fw3_pr("-A zone_%s_dest_%s", zone->name, fw3_flag_names[t]);
fw3_format_limit(&zone->log_limit);
fw3_pr(" -j LOG --log-prefix \"%s(dest %s)\"\n",
- targets[t], zone->name);
+ fw3_flag_names[t], zone->name);
}
}
}
projects / oweals / firewall3.git / commitdiff