From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 16 Apr 2023 14:18:59 +0000 (+0200)
Subject: firewall-lib.pl: Return custom host/neworks groups as sets to match
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ce35b983ff7cdc2a36c45dba180f956189ea3fa6;p=people%2Fstevee%2Fipfire-2.x.git

firewall-lib.pl: Return custom host/neworks groups as sets to match
against

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl
index b7d3ff958..1e5a92c25 100644
--- a/config/firewall/firewall-lib.pl
+++ b/config/firewall/firewall-lib.pl
@@ -311,17 +311,7 @@ sub get_addresses
 		$value = $$hash{$key}[6];
 	}
 
-	if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) {
-		foreach my $grp (sort {$a <=> $b} keys %customgrp) {
-			if ($customgrp{$grp}[0] eq $value) {
-				my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type);
-				next if ($address[0][0] eq 'none');
-				if (@address) {
-					push(@addresses, @address);
-				}
-			}
-		}
-	}elsif ($addr_type ~~ ["cust_location_src", "cust_location_tgt"] && $value =~ "group:") {
+	if ($addr_type ~~ ["cust_location_src", "cust_location_tgt"] && $value =~ "group:") {
 		$value=substr($value,6);
 		foreach my $grp (sort {$a <=> $b} keys %customlocationgrp) {
 			if ($customlocationgrp{$grp}[0] eq $value) {
@@ -479,6 +469,14 @@ sub get_address
 			push(@ret, ["-m set --match-set $value dst", "$external_interface"]);
 		}
 
+	# Handle rule option with a custom source group.
+	} elsif ($key eq "cust_grp_src") {
+		push(@ret, ["-m set --match-set $value src", ""]);
+
+	# Handle rule option with a custom destination group.
+	} elsif ($key eq "cust_grp_dst") {
+		push(@ret, ["-m set --match-set $value dst", ""]);
+
 	# If nothing was selected, we assume "any".
 	} else {
 		push(@ret, ["0/0", ""]);