}
}
+$SIG{'__WARN__'} = sub {
+ my $err = $@;
+ my $t = $_[0];
+ chomp $t;
+ add_trace("$t\n");
+ $@ = $err;
+};
+
sub nf_dev_match {
my ($devre, $dev) = @_;
next if $cstate =~ m/NEW/;
- die "please implement cstate test '$cstate'";
+ die "cstate test '$cstate' not implemented\n";
}
if ($rule =~ s/^-m addrtype --src-type (\S+)\s*//) {
my $atype = $1;
- die "missing srctype" if !$pkg->{srctype};
+ die "missing source address type (srctype)\n"
+ if !$pkg->{srctype};
return undef if $atype ne $pkg->{srctype};
}
if ($rule =~ s/^-m addrtype --dst-type (\S+)\s*//) {
my $atype = $1;
- die "missing dsttype" if !$pkg->{dsttype};
+ die "missing destination address type (dsttype)\n"
+ if !$pkg->{dsttype};
return undef if $atype ne $pkg->{dsttype};
}
if ($rule =~ s/^-i (\S+)\s*//) {
my $devre = $1;
- die "missing iface_in" if !$pkg->{iface_in};
+ die "missing interface (iface_in)\n" if !$pkg->{iface_in};
return undef if !nf_dev_match($devre, $pkg->{iface_in});
next;
}
if ($rule =~ s/^-o (\S+)\s*//) {
my $devre = $1;
- die "missing iface_out" if !$pkg->{iface_out};
+ die "missing interface (iface_out)\n" if !$pkg->{iface_out};
return undef if !nf_dev_match($devre, $pkg->{iface_out});
next;
}
- if ($rule =~ s/^-p (tcp|udp)\s*//) {
+ if ($rule =~ s/^-p (tcp|udp|igmp|icmp)\s*//) {
die "missing proto" if !$pkg->{proto};
return undef if $pkg->{proto} ne $1; # no match
next;
projects / pve-firewall.git / blobdiff