IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ipt_rule_to_cmds converts a %rule to an array of iptables commands
ruleset_add_ipt_cmd adds such an iptables command to a chain
ruleset_generate_rule uses these now
ruleset_generate_rule_old is an interim workaround
Signed-off-by: Tom Weber <pve@junkyard.4t2.com>
put generation of iptables source/destination address matching
in own subroutine and use this in ruleset_generate_match
Signed-off-by: Tom Weber <pve@junkyard.4t2.com>
create a new $pve_std_chains with $pve_std_chains_conf as template on
every compilation of the rules. This avoids persitant changes to the
$pve_std_chains and makes it easier to read the std_chains configuration
from external config files (later to implement).
Signed-off-by: Tom Weber <pve@junkyard.4t2.com>
making ruleset generation aware of a match and action
part in iptable rules.
code will generate the same iptables as before! (except for
a few additional spaces between match and action).
Signed-off-by: Tom Weber <pve@junkyard.4t2.com>
On packages removal (!= purge) systemd units are masked.
The postinst script has then to reenable this units at the
beginning of the 'configure' step.
Our other packages are doing this manually, or automatically
when the dh_systemd_enable helpers generated a postinst,
but this was missing here.
g_thread_new is part of glib directly, libgthread only
contains the deprecated g_thread_init() & friends which we
do not use.
This silences a build warning.
the funciton nflog_bind_pf(...) returns an integer smaller 0 on a
failure, we negated that which results in 1 if no failure and 0 if
there was a failure.
This is ambiguous and as no parenthesis are set the GCC 6 warning
"logical-not-parentheses" gets triggered.
Use a simple
nflog_bind_pf(...) < 0
check instead.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Skip zero-prefix routes as they make no sense to be
considered (and ipset doesn't allow ::/0 to be added
anyway).
Support /128 local addresses by also checking for identical
addresses beside b-in-a overlapping.
