X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FFirewallSimulator.pm;h=b522776df8f3b3b1299b5e751b4170ebd842a754;hb=e2c627332f86e357b06773208feb5e235b53e307;hp=73f01d3e8860ec46a9d73d4182e73b7a6ac7a10a;hpb=814de8329c79035df58f41e80c58dc979619f85a;p=pve-firewall.git diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm index 73f01d3..b522776 100644 --- a/src/PVE/FirewallSimulator.pm +++ b/src/PVE/FirewallSimulator.pm @@ -37,6 +37,14 @@ sub add_trace { } } +$SIG{'__WARN__'} = sub { + my $err = $@; + my $t = $_[0]; + chomp $t; + add_trace("$t\n"); + $@ = $err; +}; + sub nf_dev_match { my ($devre, $dev) = @_; @@ -80,36 +88,38 @@ sub rule_match { next if $cstate =~ m/NEW/; - die "please implement cstate test '$cstate'"; + die "cstate test '$cstate' not implemented\n"; } if ($rule =~ s/^-m addrtype --src-type (\S+)\s*//) { my $atype = $1; - die "missing srctype" if !$pkg->{srctype}; + die "missing source address type (srctype)\n" + if !$pkg->{srctype}; return undef if $atype ne $pkg->{srctype}; } if ($rule =~ s/^-m addrtype --dst-type (\S+)\s*//) { my $atype = $1; - die "missing dsttype" if !$pkg->{dsttype}; + die "missing destination address type (dsttype)\n" + if !$pkg->{dsttype}; return undef if $atype ne $pkg->{dsttype}; } if ($rule =~ s/^-i (\S+)\s*//) { my $devre = $1; - die "missing iface_in" if !$pkg->{iface_in}; + die "missing interface (iface_in)\n" if !$pkg->{iface_in}; return undef if !nf_dev_match($devre, $pkg->{iface_in}); next; } if ($rule =~ s/^-o (\S+)\s*//) { my $devre = $1; - die "missing iface_out" if !$pkg->{iface_out}; + die "missing interface (iface_out)\n" if !$pkg->{iface_out}; return undef if !nf_dev_match($devre, $pkg->{iface_out}); next; } - if ($rule =~ s/^-p (tcp|udp)\s*//) { + if ($rule =~ s/^-p (tcp|udp|igmp|icmp)\s*//) { die "missing proto" if !$pkg->{proto}; return undef if $pkg->{proto} ne $1; # no match next;