From: Jo-Philipp Wich Date: Sat, 2 Mar 2013 17:02:58 +0000 (+0100) Subject: introduce support for enabled option in zones, forwards, rules, redirects, ipsets... X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=46536e5263c4bf57a91c38b5d08d78c774649dda;p=oweals%2Ffirewall3.git introduce support for enabled option in zones, forwards, rules, redirects, ipsets and includes --- diff --git a/forwards.c b/forwards.c index e01f126..158ccbf 100644 --- a/forwards.c +++ b/forwards.c @@ -20,6 +20,8 @@ const struct fw3_option fw3_forward_opts[] = { + FW3_OPT("enabled", bool, forward, enabled), + FW3_OPT("name", string, forward, name), FW3_OPT("family", family, forward, family), @@ -53,8 +55,16 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p) memset(forward, 0, sizeof(*forward)); + forward->enabled = true; + fw3_parse_options(forward, fw3_forward_opts, s); + if (!forward->enabled) + { + fw3_free_forward(forward); + continue; + } + if (forward->src.invert || forward->dest.invert) { warn_elem(e, "must not have inverted 'src' or 'dest' options"); diff --git a/includes.c b/includes.c index 40995ca..4221def 100644 --- a/includes.c +++ b/includes.c @@ -20,6 +20,8 @@ const struct fw3_option fw3_include_opts[] = { + FW3_OPT("enabled", bool, include, enabled), + FW3_OPT("path", string, include, path), FW3_OPT("type", include_type, include, type), FW3_OPT("family", family, include, family), @@ -50,10 +52,18 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p) continue; memset(include, 0, sizeof(*include)); + include->name = e->name; + include->enabled = true; fw3_parse_options(include, fw3_include_opts, s); + if (!include->enabled) + { + fw3_free_include(include); + continue; + } + if (!include->path) { warn_elem(e, "must specify a path"); diff --git a/ipsets.c b/ipsets.c index a720172..62877c8 100644 --- a/ipsets.c +++ b/ipsets.c @@ -20,6 +20,8 @@ const struct fw3_option fw3_ipset_opts[] = { + FW3_OPT("enabled", bool, ipset, enabled), + FW3_OPT("name", string, ipset, name), FW3_OPT("family", family, ipset, family), diff --git a/options.h b/options.h index 96afcd2..2af443b 100644 --- a/options.h +++ b/options.h @@ -245,6 +245,7 @@ struct fw3_zone struct list_head list; struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; @@ -280,6 +281,7 @@ struct fw3_rule { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -316,6 +318,7 @@ struct fw3_redirect { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -354,6 +357,7 @@ struct fw3_forward { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -370,6 +374,7 @@ struct fw3_ipset struct list_head list; struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; @@ -395,6 +400,7 @@ struct fw3_include struct list_head list; struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; diff --git a/redirects.c b/redirects.c index 2aa6664..2acfabc 100644 --- a/redirects.c +++ b/redirects.c @@ -20,6 +20,8 @@ const struct fw3_option fw3_redirect_opts[] = { + FW3_OPT("enabled", bool, redirect, enabled), + FW3_OPT("name", string, redirect, name), FW3_OPT("family", family, redirect, family), @@ -131,10 +133,17 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) INIT_LIST_HEAD(&redir->proto); INIT_LIST_HEAD(&redir->mac_src); + redir->enabled = true; redir->reflection = true; fw3_parse_options(redir, fw3_redirect_opts, s); + if (!redir->enabled) + { + fw3_free_redirect(redir); + continue; + } + if (redir->src.invert) { warn_elem(e, "must not have an inverted source"); diff --git a/rules.c b/rules.c index e733cd9..c3f03cf 100644 --- a/rules.c +++ b/rules.c @@ -20,6 +20,8 @@ const struct fw3_option fw3_rule_opts[] = { + FW3_OPT("enabled", bool, rule, enabled), + FW3_OPT("name", string, rule, name), FW3_OPT("family", family, rule, family), @@ -91,8 +93,16 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p) INIT_LIST_HEAD(&rule->icmp_type); + rule->enabled = true; + fw3_parse_options(rule, fw3_rule_opts, s); + if (!rule->enabled) + { + fw3_free_rule(rule); + continue; + } + if (rule->src.invert || rule->dest.invert) { warn_elem(e, "must not have inverted 'src' or 'dest' options"); diff --git a/zones.c b/zones.c index e6c88db..82b76b4 100644 --- a/zones.c +++ b/zones.c @@ -50,6 +50,8 @@ static const struct chain dst_chains[] = { }; const struct fw3_option fw3_zone_opts[] = { + FW3_OPT("enabled", bool, zone, enabled), + FW3_OPT("name", string, zone, name), FW3_OPT("family", family, zone, family), @@ -162,6 +164,7 @@ fw3_alloc_zone(void) INIT_LIST_HEAD(&zone->masq_src); INIT_LIST_HEAD(&zone->masq_dest); + zone->enabled = true; zone->log_limit.rate = 10; return zone; @@ -191,6 +194,12 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) fw3_parse_options(zone, fw3_zone_opts, s); + if (!zone->enabled) + { + fw3_free_zone(zone); + continue; + } + if (!zone->extra_dest) zone->extra_dest = zone->extra_src;