diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2010-12-01 00:10:35 +0100 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-12-01 00:10:35 +0100 |
commit | ec1edb86e254b8b730a9f882dea919e127723f77 (patch) | |
tree | 85b93f956c991119af65925af1902b435487069e /plugin/firewall/iptables/efw-iptables.c | |
parent | b3f80c7922908e7d048c4e691ceadf79db62bd75 (diff) | |
download | eurephia-ec1edb86e254b8b730a9f882dea919e127723f77.tar.gz eurephia-ec1edb86e254b8b730a9f882dea919e127723f77.tar.xz eurephia-ec1edb86e254b8b730a9f882dea919e127723f77.zip |
Add preliminary support for using IP addresses in the firewall module
The current implementation uses the MAC address of the client's VPN
interface. This also restricts eurephia to use TAP mode.
This patch adds preliminary support for also accepting the clients
IP address when updating the firewall rules. But the complete support
for TUN mode is not completed yet.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'plugin/firewall/iptables/efw-iptables.c')
-rw-r--r-- | plugin/firewall/iptables/efw-iptables.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/plugin/firewall/iptables/efw-iptables.c b/plugin/firewall/iptables/efw-iptables.c index aad5d4f..6172d5d 100644 --- a/plugin/firewall/iptables/efw-iptables.c +++ b/plugin/firewall/iptables/efw-iptables.c @@ -176,7 +176,7 @@ void eFW_RunFirewall(void *fwargs) { */ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *req) { const char *iptables_args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}; - int ret = 0; + int ret = 0, argc = 2; DEBUG(ctx, 36, "eFW_RunFirewall::process_input(ctx, %s, %s, %s, %s, %s)", eFWmode_str[req->mode], req->ipaddress, req->macaddress, @@ -195,24 +195,24 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[1] = "-D"; } // Prepare iptables arguments - iptables_args[2] = req->rule_destination; - if( req->ipaddress ) { - iptables_args[3] = "-s\0"; - iptables_args[4] = req->ipaddress; + iptables_args[argc++] = req->rule_destination; + if( strlen_nullsafe(req->ipaddress) > 0 ) { + iptables_args[argc++] = "-s\0"; + iptables_args[argc++] = req->ipaddress; } - if( req->macaddress ) { - iptables_args[3] = "-m\0"; - iptables_args[4] = "mac\0"; - iptables_args[5] = "--mac-source\0"; - iptables_args[6] = req->macaddress; + if( strlen_nullsafe(req->macaddress) > 0 ) { + iptables_args[argc++] = "-m\0"; + iptables_args[argc++] = "mac\0"; + iptables_args[argc++] = "--mac-source\0"; + iptables_args[argc++] = req->macaddress; } - iptables_args[7] = "-m\0"; - iptables_args[8] = "state\0"; - iptables_args[9] = "--state\0"; - iptables_args[10] = "NEW\0"; - iptables_args[11] = "-j\0"; - iptables_args[12] = req->goto_destination; - iptables_args[13] = NULL; + iptables_args[argc++] = "-m\0"; + iptables_args[argc++] = "state\0"; + iptables_args[argc++] = "--state\0"; + iptables_args[argc++] = "NEW\0"; + iptables_args[argc++] = "-j\0"; + iptables_args[argc++] = req->goto_destination; + iptables_args[argc++] = NULL; eurephia_log(ctx, LOG_INFO, 3, "eFW_RunFirewall - updating iptables rules " "==> mode: %s ipaddr: %s macaddr: '%s' destchain: '%s' jump: '%s'", |