From 8e4dce95aba612bd22c8a9ed253c6e901e0195ec Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sun, 16 Apr 2023 16:18:59 +0200 Subject: [PATCH] firewall-lib.pl: Return custom host/neworks groups as sets to match against Signed-off-by: Stefan Schantl --- config/firewall/firewall-lib.pl | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index b7d3ff9585..1e5a92c25f 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -311,17 +311,7 @@ sub get_addresses $value = $$hash{$key}[6]; } - if ($addr_type ~~ ["cust_grp_src", "cust_grp_tgt"]) { - foreach my $grp (sort {$a <=> $b} keys %customgrp) { - if ($customgrp{$grp}[0] eq $value) { - my @address = &get_address($customgrp{$grp}[3], $customgrp{$grp}[2], $type); - next if ($address[0][0] eq 'none'); - if (@address) { - push(@addresses, @address); - } - } - } - }elsif ($addr_type ~~ ["cust_location_src", "cust_location_tgt"] && $value =~ "group:") { + if ($addr_type ~~ ["cust_location_src", "cust_location_tgt"] && $value =~ "group:") { $value=substr($value,6); foreach my $grp (sort {$a <=> $b} keys %customlocationgrp) { if ($customlocationgrp{$grp}[0] eq $value) { @@ -479,6 +469,14 @@ sub get_address push(@ret, ["-m set --match-set $value dst", "$external_interface"]); } + # Handle rule option with a custom source group. + } elsif ($key eq "cust_grp_src") { + push(@ret, ["-m set --match-set $value src", ""]); + + # Handle rule option with a custom destination group. + } elsif ($key eq "cust_grp_dst") { + push(@ret, ["-m set --match-set $value dst", ""]); + # If nothing was selected, we assume "any". } else { push(@ret, ["0/0", ""]); -- 2.39.5