Skip to content

Commit af4b5ce

Browse files
acvacv
committed
Replace ruleset names with constants
1 parent 206a648 commit af4b5ce

File tree

2 files changed

+19
-9
lines changed

2 files changed

+19
-9
lines changed

src/conf.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,16 @@
7272
#define DEFAULT_AUTHSERVSSLPEERVER 1 /* 0 means: Enable peer verification */
7373
/*@}*/
7474

75+
/*@{*/
76+
/** Defines for firewall rule sets. */
77+
#define FWRULESET_GLOBAL "global"
78+
#define FWRULESET_VALIDATING_USERS "validating-users"
79+
#define FWRULESET_KNOWN_USERS "known-users"
80+
#define FWRULESET_AUTH_IS_DOWN "auth-is-down"
81+
#define FWRULESET_UNKNOWN_USERS "unknown-users"
82+
#define FWRULESET_LOCKED_USERS "locked-users"
83+
/*@}*/
84+
7585
/**
7686
* Information about the authentication server
7787
*/

src/fw_iptables.c

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -258,7 +258,7 @@ iptables_fw_init(void)
258258
t_trusted_mac *p;
259259
int proxy_port;
260260
fw_quiet = 0;
261-
int got_authdown_ruleset = NULL == get_ruleset("auth-is-down") ? 0 : 1;
261+
int got_authdown_ruleset = NULL == get_ruleset(FWRULESET_AUTH_IS_DOWN) ? 0 : 1;
262262

263263
LOCK_CONFIG();
264264
config = config_get_config();
@@ -377,25 +377,25 @@ iptables_fw_init(void)
377377
iptables_fw_set_authservers();
378378

379379
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -m mark --mark 0x%u -j " CHAIN_LOCKED, FW_MARK_LOCKED);
380-
iptables_load_ruleset("filter", "locked-users", CHAIN_LOCKED);
380+
iptables_load_ruleset("filter", FWRULESET_LOCKED_USERS, CHAIN_LOCKED);
381381

382382
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -j " CHAIN_GLOBAL);
383-
iptables_load_ruleset("filter", "global", CHAIN_GLOBAL);
384-
iptables_load_ruleset("nat", "global", CHAIN_GLOBAL);
383+
iptables_load_ruleset("filter", FWRULESET_GLOBAL, CHAIN_GLOBAL);
384+
iptables_load_ruleset("nat", FWRULESET_GLOBAL, CHAIN_GLOBAL);
385385

386386
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -m mark --mark 0x%u -j " CHAIN_VALIDATE, FW_MARK_PROBATION);
387-
iptables_load_ruleset("filter", "validating-users", CHAIN_VALIDATE);
387+
iptables_load_ruleset("filter", FWRULESET_VALIDATING_USERS, CHAIN_VALIDATE);
388388

389389
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -m mark --mark 0x%u -j " CHAIN_KNOWN, FW_MARK_KNOWN);
390-
iptables_load_ruleset("filter", "known-users", CHAIN_KNOWN);
390+
iptables_load_ruleset("filter", FWRULESET_KNOWN_USERS, CHAIN_KNOWN);
391391

392392
if (got_authdown_ruleset) {
393393
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -m mark --mark 0x%u -j " CHAIN_AUTH_IS_DOWN, FW_MARK_AUTH_IS_DOWN);
394-
iptables_load_ruleset("filter", "auth-is-down", CHAIN_AUTH_IS_DOWN);
394+
iptables_load_ruleset("filter", FWRULESET_AUTH_IS_DOWN, CHAIN_AUTH_IS_DOWN);
395395
}
396396

397397
iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -j " CHAIN_UNKNOWN);
398-
iptables_load_ruleset("filter", "unknown-users", CHAIN_UNKNOWN);
398+
iptables_load_ruleset("filter", FWRULESET_UNKNOWN_USERS, CHAIN_UNKNOWN);
399399
iptables_do_command("-t filter -A " CHAIN_UNKNOWN " -j REJECT --reject-with icmp-port-unreachable");
400400

401401
UNLOCK_CONFIG();
@@ -411,7 +411,7 @@ iptables_fw_init(void)
411411
int
412412
iptables_fw_destroy(void)
413413
{
414-
int got_authdown_ruleset = NULL == get_ruleset("auth-is-down") ? 0 : 1;
414+
int got_authdown_ruleset = NULL == get_ruleset(FWRULESET_AUTH_IS_DOWN) ? 0 : 1;
415415
fw_quiet = 1;
416416

417417
debug(LOG_DEBUG, "Destroying our iptables entries");

0 commit comments

Comments
 (0)