STC_FW_RULE_CHAIN,
g_variant_new_string(rule->chain));
- if (rule->direction != STC_FIREWALL_DIRECTION_NONE)
+ if (rule->direction != STC_FIREWALL_DIRECTION_NONE) {
g_variant_builder_add(builder, "{sv}",
STC_FW_RULE_DIRECTION,
g_variant_new_uint16(rule->direction));
- if (rule->s_ip_type != STC_FIREWALL_IP_NONE)
+ if (rule->ifname)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_IFNAME,
+ g_variant_new_string(rule->ifname));
+ }
+
+ if (rule->family != STC_FIREWALL_FAMILY_NONE)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_FAMILY,
+ g_variant_new_uint16(rule->family));
+
+ if (rule->s_ip_type != STC_FIREWALL_IP_NONE) {
g_variant_builder_add(builder, "{sv}",
STC_FW_RULE_SIPTYPE,
g_variant_new_uint16(rule->s_ip_type));
- if (rule->d_ip_type != STC_FIREWALL_IP_NONE)
+ if (rule->s_ip1)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_SIP1,
+ g_variant_new_string(rule->s_ip1));
+
+ if (rule->s_ip2)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_SIP2,
+ g_variant_new_string(rule->s_ip2));
+ }
+
+ if (rule->d_ip_type != STC_FIREWALL_IP_NONE) {
g_variant_builder_add(builder, "{sv}",
STC_FW_RULE_DIPTYPE,
g_variant_new_uint16(rule->d_ip_type));
- if (rule->s_port_type != STC_FIREWALL_PORT_NONE)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_SPORTTYPE,
- g_variant_new_uint16(rule->s_port_type));
+ if (rule->d_ip1)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_DIP1,
+ g_variant_new_string(rule->d_ip1));
- if (rule->d_port_type != STC_FIREWALL_PORT_NONE)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_DPORTTYPE,
- g_variant_new_uint16(rule->d_port_type));
+ if (rule->d_ip2)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_DIP2,
+ g_variant_new_string(rule->d_ip2));
+ }
- if (rule->protocol != STC_FIREWALL_PROTOCOL_NONE)
+ if (rule->protocol != STC_FIREWALL_PROTOCOL_NONE) {
g_variant_builder_add(builder, "{sv}",
STC_FW_RULE_PROTOCOL,
g_variant_new_uint16(rule->protocol));
- if (rule->family != STC_FIREWALL_FAMILY_NONE)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_FAMILY,
- g_variant_new_uint16(rule->family));
+ if (rule->s_port_type != STC_FIREWALL_PORT_NONE) {
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_SPORTTYPE,
+ g_variant_new_uint16(rule->s_port_type));
- if (rule->s_ip1)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_SIP1,
- g_variant_new_string(rule->s_ip1));
+ if (rule->s_port1)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_SPORT1,
+ g_variant_new_uint32(rule->s_port1));
- if (rule->s_ip2)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_SIP2,
- g_variant_new_string(rule->s_ip2));
+ if (rule->s_port2)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_SPORT2,
+ g_variant_new_uint32(rule->s_port2));
+ }
- if (rule->d_ip1)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_DIP1,
- g_variant_new_string(rule->d_ip1));
+ if (rule->d_port_type != STC_FIREWALL_PORT_NONE) {
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_DPORTTYPE,
+ g_variant_new_uint16(rule->d_port_type));
- if (rule->d_ip2)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_DIP2,
- g_variant_new_string(rule->d_ip2));
-
- if (rule->s_port1)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_SPORT1,
- g_variant_new_uint32(rule->s_port1));
-
- if (rule->s_port2)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_SPORT2,
- g_variant_new_uint32(rule->s_port2));
+ if (rule->d_port1)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_DPORT1,
+ g_variant_new_uint32(rule->d_port1));
- if (rule->d_port1)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_DPORT1,
- g_variant_new_uint32(rule->d_port1));
-
- if (rule->d_port2)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_DPORT2,
- g_variant_new_uint32(rule->d_port2));
-
- if (rule->ifname)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_IFNAME,
- g_variant_new_string(rule->ifname));
+ if (rule->d_port2)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_DPORT2,
+ g_variant_new_uint32(rule->d_port2));
+ }
+ }
if (rule->target)
g_variant_builder_add(builder, "{sv}",
STC_FW_RULE_TARGET,
g_variant_new_uint16(rule->target));
- if (rule->log_level)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_LOG_LEVEL,
- g_variant_new_uint16(rule->log_level));
+ if (rule->target == STC_FIREWALL_RULE_TARGET_LOG) {
+ if (rule->log_level)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_LOG_LEVEL,
+ g_variant_new_uint16(rule->log_level));
- if (rule->log_prefix)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_LOG_PREFIX,
- g_variant_new_string(rule->log_prefix));
+ if (rule->log_prefix)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_LOG_PREFIX,
+ g_variant_new_string(rule->log_prefix));
+ }
- if (rule->nflog_group)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_NFLOG_GROUP,
- g_variant_new_uint16(rule->nflog_group));
+ if (rule->target == STC_FIREWALL_RULE_TARGET_NFLOG) {
+ if (rule->nflog_group)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_NFLOG_GROUP,
+ g_variant_new_uint16(rule->nflog_group));
- if (rule->nflog_prefix)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_NFLOG_PREFIX,
- g_variant_new_string(rule->nflog_prefix));
+ if (rule->nflog_prefix)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_NFLOG_PREFIX,
+ g_variant_new_string(rule->nflog_prefix));
- if (rule->nflog_range)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_NFLOG_RANGE,
- g_variant_new_uint16(rule->nflog_range));
+ if (rule->nflog_range)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_NFLOG_RANGE,
+ g_variant_new_uint16(rule->nflog_range));
- if (rule->nflog_threshold)
- g_variant_builder_add(builder, "{sv}",
- STC_FW_RULE_NFLOG_THRESHOLD,
- g_variant_new_uint16(rule->nflog_threshold));
+ if (rule->nflog_threshold)
+ g_variant_builder_add(builder, "{sv}",
+ STC_FW_RULE_NFLOG_THRESHOLD,
+ g_variant_new_uint16(rule->nflog_threshold));
+ }
if (rule->identifier)
g_variant_builder_add(builder, "{sv}",
unsigned int s_port2 = 0;
unsigned int d_port1 = 0;
unsigned int d_port2 = 0;
- unsigned int log_level = 0;
+ unsigned char log_level = 0;
unsigned int nflog_group = 0;
unsigned int nflog_range = 0;
unsigned int nflog_threshold = 0;
}
ret = stc_firewall_rule_get_direction(rule_h, &direction);
- if (ret == STC_ERROR_NONE)
+ if (ret == STC_ERROR_NONE) {
msg("Direction: " LOG_CYAN "[%s]" LOG_END,
test_stc_convert_fw_direction_to_string(direction));
- ret = stc_firewall_rule_get_ifname(rule_h, &ifname);
- if (ret == STC_ERROR_NONE) {
- if (ifname)
- msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname);
+ if (direction != STC_FIREWALL_DIRECTION_NONE) {
+ ret = stc_firewall_rule_get_ifname(rule_h, &ifname);
+ if (ret == STC_ERROR_NONE) {
+ if (ifname)
+ msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname);
- FREE(ifname);
+ FREE(ifname);
+ }
+ }
}
ret = stc_firewall_rule_get_family_type(rule_h, &family);
test_stc_convert_fw_family_type_to_string(family));
ret = stc_firewall_rule_get_src_ip_type(rule_h, &s_ip_type);
- if (ret == STC_ERROR_NONE)
+ if (ret == STC_ERROR_NONE) {
msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END,
test_stc_convert_fw_ip_type_to_string(s_ip_type));
- ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2);
- if (ret == STC_ERROR_NONE) {
- if (s_ip1 || s_ip2)
- msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2);
+ if (s_ip_type != STC_FIREWALL_IP_NONE) {
+ ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2);
+ if (ret == STC_ERROR_NONE) {
+ if (s_ip1 || s_ip2)
+ msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2);
- FREE(s_ip1);
- FREE(s_ip2);
+ FREE(s_ip1);
+ FREE(s_ip2);
+ }
+ }
}
ret = stc_firewall_rule_get_dst_ip_type(rule_h, &d_ip_type);
- if (ret == STC_ERROR_NONE)
+ if (ret == STC_ERROR_NONE) {
msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END,
test_stc_convert_fw_ip_type_to_string(d_ip_type));
- ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2);
- if (ret == STC_ERROR_NONE) {
- if (d_ip1 || d_ip2)
- msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2);
+ if (d_ip_type != STC_FIREWALL_IP_NONE) {
+ ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2);
+ if (ret == STC_ERROR_NONE) {
+ if (d_ip1 || d_ip2)
+ msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2);
- FREE(d_ip1);
- FREE(d_ip2);
+ FREE(d_ip1);
+ FREE(d_ip2);
+ }
+ }
}
ret = stc_firewall_rule_get_protocol_type(rule_h, &protocol);
- if (ret == STC_ERROR_NONE)
+ if (ret == STC_ERROR_NONE) {
msg("Protocol: " LOG_CYAN "[%s]" LOG_END,
test_stc_convert_fw_protocol_type_to_string(protocol));
- ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type);
- if (ret == STC_ERROR_NONE)
- msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END,
- test_stc_convert_fw_port_type_to_string(s_port_type));
-
- ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2);
- if (ret == STC_ERROR_NONE) {
- if (s_port1 || s_port2)
- msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2);
- }
-
- ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type);
- if (ret == STC_ERROR_NONE)
- msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END,
- test_stc_convert_fw_port_type_to_string(d_port_type));
-
- ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2);
- if (ret == STC_ERROR_NONE) {
- if (d_port1 || d_port2)
- msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2);
+ if (protocol != STC_FIREWALL_PROTOCOL_NONE) {
+ ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END,
+ test_stc_convert_fw_port_type_to_string(s_port_type));
+
+ if (s_port_type != STC_FIREWALL_PORT_NONE) {
+ ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2);
+ if (ret == STC_ERROR_NONE) {
+ if (s_port1 || s_port2)
+ msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2);
+ }
+ }
+
+ ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END,
+ test_stc_convert_fw_port_type_to_string(d_port_type));
+
+ if (d_port_type != STC_FIREWALL_PORT_NONE) {
+ ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2);
+ if (ret == STC_ERROR_NONE) {
+ if (d_port1 || d_port2)
+ msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2);
+ }
+ }
+ }
}
ret = stc_firewall_rule_get_target(rule_h, &target);
msg("Fail to set chain of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- if (direction > STC_FIREWALL_DIRECTION_NONE &&
- direction <= STC_FIREWALL_DIRECTION_OUT) {
+ if (direction <= STC_FIREWALL_DIRECTION_OUT) {
ret = stc_firewall_rule_set_direction(g_fw_rule_h, direction);
if (ret == STC_ERROR_NONE)
msg(LOG_GREEN "Success to set direction of rule" LOG_END);
else
msg("Fail to set direction of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (s_ip_type > STC_FIREWALL_IP_NONE &&
- s_ip_type <= STC_FIREWALL_IP_RANGE) {
- ret = stc_firewall_rule_set_src_ip_type(g_fw_rule_h, s_ip_type);
+ ret = stc_firewall_rule_set_ifname(g_fw_rule_h, g_rule_ifname);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source IP type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set interface name of rule" LOG_END);
else
- msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (d_ip_type > STC_FIREWALL_IP_NONE &&
- d_ip_type <= STC_FIREWALL_IP_RANGE) {
- ret = stc_firewall_rule_set_dst_ip_type(g_fw_rule_h, d_ip_type);
+ if (family <= STC_FIREWALL_FAMILY_V6) {
+ ret = stc_firewall_rule_set_family_type(g_fw_rule_h, family);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set family type of rule" LOG_END);
else
- msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (s_port_type > STC_FIREWALL_PORT_NONE &&
- s_port_type <= STC_FIREWALL_PORT_RANGE) {
- ret = stc_firewall_rule_set_src_port_type(g_fw_rule_h, s_port_type);
+ if (s_ip_type <= STC_FIREWALL_IP_RANGE) {
+ ret = stc_firewall_rule_set_src_ip_type(g_fw_rule_h, s_ip_type);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source port type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set source IP type of rule" LOG_END);
else
- msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (d_port_type > STC_FIREWALL_PORT_NONE &&
- d_port_type <= STC_FIREWALL_PORT_RANGE) {
- ret = stc_firewall_rule_set_dst_port_type(g_fw_rule_h, d_port_type);
+ ret = stc_firewall_rule_set_src_ip(g_fw_rule_h, g_rule_s_ip1, g_rule_s_ip2);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination port type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set source IP of rule" LOG_END);
else
- msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (protocol > STC_FIREWALL_PROTOCOL_NONE &&
- protocol <= STC_FIREWALL_PROTOCOL_ALL) {
- ret = stc_firewall_rule_set_protocol_type(g_fw_rule_h, protocol);
+ if (d_ip_type <= STC_FIREWALL_IP_RANGE) {
+ ret = stc_firewall_rule_set_dst_ip_type(g_fw_rule_h, d_ip_type);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set protocol type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END);
else
- msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (family > STC_FIREWALL_FAMILY_NONE &&
- family <= STC_FIREWALL_FAMILY_V6) {
- ret = stc_firewall_rule_set_family_type(g_fw_rule_h, family);
+ ret = stc_firewall_rule_set_dst_ip(g_fw_rule_h, g_rule_d_ip1, g_rule_d_ip2);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set family type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set destination IP of rule" LOG_END);
else
- msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- ret = stc_firewall_rule_set_src_ip(g_fw_rule_h, g_rule_s_ip1, g_rule_s_ip2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source IP of rule" LOG_END);
- else
- msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_dst_ip(g_fw_rule_h, g_rule_d_ip1, g_rule_d_ip2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination IP of rule" LOG_END);
- else
- msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_src_port(g_fw_rule_h, s_port1, s_port2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source port of rule" LOG_END);
- else
- msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (protocol <= STC_FIREWALL_PROTOCOL_ALL) {
+ ret = stc_firewall_rule_set_protocol_type(g_fw_rule_h, protocol);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set protocol type of rule" LOG_END);
+ else
+ msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
- ret = stc_firewall_rule_set_dst_port(g_fw_rule_h, d_port1, d_port2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination port of rule" LOG_END);
- else
- msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (s_port_type <= STC_FIREWALL_PORT_RANGE) {
+ ret = stc_firewall_rule_set_src_port_type(g_fw_rule_h, s_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set source port type of rule" LOG_END);
+ else
+ msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_src_port(g_fw_rule_h, s_port1, s_port2);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set source port of rule" LOG_END);
+ else
+ msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
- ret = stc_firewall_rule_set_ifname(g_fw_rule_h, g_rule_ifname);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set interface name of rule" LOG_END);
- else
- msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (d_port_type <= STC_FIREWALL_PORT_RANGE) {
+ ret = stc_firewall_rule_set_dst_port_type(g_fw_rule_h, d_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set destination port type of rule" LOG_END);
+ else
+ msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_dst_port(g_fw_rule_h, d_port1, d_port2);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set destination port of rule" LOG_END);
+ else
+ msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
+ }
- if (target > STC_FIREWALL_RULE_TARGET_NONE &&
- target < STC_FIREWALL_RULE_TARGET_MAX) {
+ if (target < STC_FIREWALL_RULE_TARGET_MAX) {
ret = stc_firewall_rule_set_target(g_fw_rule_h, target);
if (ret == STC_ERROR_NONE)
msg(LOG_GREEN "Success to set target of rule" LOG_END);
else
msg("Fail to set target of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
-
- ret = stc_firewall_rule_set_log_level(g_fw_rule_h, log_level);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set log level of rule" LOG_END);
- else
- msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_log_prefix(g_fw_rule_h, g_rule_log_prefix);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set log prefix of rule" LOG_END);
- else
- msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
- ret = stc_firewall_rule_set_nflog_group(g_fw_rule_h, nflog_group);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog group of rule" LOG_END);
- else
- msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_prefix(g_fw_rule_h, g_rule_nflog_prefix);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END);
- else
- msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_range(g_fw_rule_h, nflog_range);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog range of rule" LOG_END);
- else
- msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_threshold(g_fw_rule_h, nflog_threshold);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END);
- else
- msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (target == STC_FIREWALL_RULE_TARGET_LOG) {
+ ret = stc_firewall_rule_set_log_level(g_fw_rule_h, log_level);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set log level of rule" LOG_END);
+ else
+ msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_log_prefix(g_fw_rule_h, g_rule_log_prefix);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set log prefix of rule" LOG_END);
+ else
+ msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ } else if (target == STC_FIREWALL_RULE_TARGET_NFLOG) {
+ ret = stc_firewall_rule_set_nflog_group(g_fw_rule_h, nflog_group);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog group of rule" LOG_END);
+ else
+ msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_prefix(g_fw_rule_h, g_rule_nflog_prefix);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END);
+ else
+ msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_range(g_fw_rule_h, nflog_range);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog range of rule" LOG_END);
+ else
+ msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_threshold(g_fw_rule_h, nflog_threshold);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END);
+ else
+ msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
+ }
msg(HR_SINGLE);
(unsigned int)strtol(g_rule_nflog_threshold, NULL, 10);
int ret = STC_ERROR_NONE;
- if (direction > STC_FIREWALL_DIRECTION_NONE &&
- direction <= STC_FIREWALL_DIRECTION_OUT) {
+ if (direction <= STC_FIREWALL_DIRECTION_OUT) {
ret = stc_firewall_rule_set_direction(rule_h, direction);
if (ret == STC_ERROR_NONE)
msg(LOG_GREEN "Success to set direction of rule" LOG_END);
else
msg("Fail to set direction of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (s_ip_type > STC_FIREWALL_IP_NONE &&
- s_ip_type <= STC_FIREWALL_IP_RANGE) {
- ret = stc_firewall_rule_set_src_ip_type(rule_h, s_ip_type);
+ ret = stc_firewall_rule_set_ifname(rule_h, g_rule_ifname);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source IP type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set interface name of rule" LOG_END);
else
- msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (d_ip_type > STC_FIREWALL_IP_NONE &&
- d_ip_type <= STC_FIREWALL_IP_RANGE) {
- ret = stc_firewall_rule_set_dst_ip_type(rule_h, d_ip_type);
+ if (family <= STC_FIREWALL_FAMILY_V6) {
+ ret = stc_firewall_rule_set_family_type(rule_h, family);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set family type of rule" LOG_END);
else
- msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (s_port_type > STC_FIREWALL_PORT_NONE &&
- s_port_type <= STC_FIREWALL_PORT_RANGE) {
- ret = stc_firewall_rule_set_src_port_type(rule_h, s_port_type);
+ if (s_ip_type <= STC_FIREWALL_IP_RANGE) {
+ ret = stc_firewall_rule_set_src_ip_type(rule_h, s_ip_type);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source port type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set source IP type of rule" LOG_END);
else
- msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (d_port_type > STC_FIREWALL_PORT_NONE &&
- d_port_type <= STC_FIREWALL_PORT_RANGE) {
- ret = stc_firewall_rule_set_dst_port_type(rule_h, d_port_type);
+ ret = stc_firewall_rule_set_src_ip(rule_h, g_rule_s_ip1, g_rule_s_ip2);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination port type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set source IP of rule" LOG_END);
else
- msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- if (protocol > STC_FIREWALL_PROTOCOL_NONE &&
- protocol <= STC_FIREWALL_PROTOCOL_ALL) {
- ret = stc_firewall_rule_set_protocol_type(rule_h, protocol);
+ if (d_ip_type <= STC_FIREWALL_IP_RANGE) {
+ ret = stc_firewall_rule_set_dst_ip_type(rule_h, d_ip_type);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set protocol type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END);
else
- msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
- if (family > STC_FIREWALL_FAMILY_NONE &&
- family <= STC_FIREWALL_FAMILY_V6) {
- ret = stc_firewall_rule_set_family_type(rule_h, family);
+ ret = stc_firewall_rule_set_dst_ip(rule_h, g_rule_d_ip1, g_rule_d_ip2);
if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set family type of rule" LOG_END);
+ msg(LOG_GREEN "Success to set destination IP of rule" LOG_END);
else
- msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END,
+ msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
}
- ret = stc_firewall_rule_set_src_ip(rule_h, g_rule_s_ip1, g_rule_s_ip2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source IP of rule" LOG_END);
- else
- msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_dst_ip(rule_h, g_rule_d_ip1, g_rule_d_ip2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination IP of rule" LOG_END);
- else
- msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_src_port(rule_h, s_port1, s_port2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set source port of rule" LOG_END);
- else
- msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (protocol <= STC_FIREWALL_PROTOCOL_ALL) {
+ ret = stc_firewall_rule_set_protocol_type(rule_h, protocol);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set protocol type of rule" LOG_END);
+ else
+ msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
- ret = stc_firewall_rule_set_dst_port(rule_h, d_port1, d_port2);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set destination port of rule" LOG_END);
- else
- msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (s_port_type <= STC_FIREWALL_PORT_RANGE) {
+ ret = stc_firewall_rule_set_src_port_type(rule_h, s_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set source port type of rule" LOG_END);
+ else
+ msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_src_port(rule_h, s_port1, s_port2);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set source port of rule" LOG_END);
+ else
+ msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
- ret = stc_firewall_rule_set_ifname(rule_h, g_rule_ifname);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set interface name of rule" LOG_END);
- else
- msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (d_port_type <= STC_FIREWALL_PORT_RANGE) {
+ ret = stc_firewall_rule_set_dst_port_type(rule_h, d_port_type);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set destination port type of rule" LOG_END);
+ else
+ msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_dst_port(rule_h, d_port1, d_port2);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set destination port of rule" LOG_END);
+ else
+ msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
+ }
- if (target > STC_FIREWALL_RULE_TARGET_NONE &&
- target < STC_FIREWALL_RULE_TARGET_MAX) {
+ if (target < STC_FIREWALL_RULE_TARGET_MAX) {
ret = stc_firewall_rule_set_target(rule_h, target);
if (ret == STC_ERROR_NONE)
msg(LOG_GREEN "Success to set target of rule" LOG_END);
else
msg("Fail to set target of rule " LOG_RED "[%s]" LOG_END,
test_stc_convert_error_type_to_string(ret));
- }
-
- ret = stc_firewall_rule_set_log_level(rule_h, log_level);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set log level of rule" LOG_END);
- else
- msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
- ret = stc_firewall_rule_set_log_prefix(rule_h, g_rule_log_prefix);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set log prefix of rule" LOG_END);
- else
- msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_group(rule_h, nflog_group);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog group of rule" LOG_END);
- else
- msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_prefix(rule_h, g_rule_nflog_prefix);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END);
- else
- msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_range(rule_h, nflog_range);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog range of rule" LOG_END);
- else
- msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
-
- ret = stc_firewall_rule_set_nflog_threshold(rule_h, nflog_threshold);
- if (ret == STC_ERROR_NONE)
- msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END);
- else
- msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END,
- test_stc_convert_error_type_to_string(ret));
+ if (target == STC_FIREWALL_RULE_TARGET_LOG) {
+ ret = stc_firewall_rule_set_log_level(rule_h, log_level);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set log level of rule" LOG_END);
+ else
+ msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_log_prefix(rule_h, g_rule_log_prefix);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set log prefix of rule" LOG_END);
+ else
+ msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ } else if (target == STC_FIREWALL_RULE_TARGET_NFLOG) {
+ ret = stc_firewall_rule_set_nflog_group(rule_h, nflog_group);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog group of rule" LOG_END);
+ else
+ msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_prefix(rule_h, g_rule_nflog_prefix);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END);
+ else
+ msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_range(rule_h, nflog_range);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog range of rule" LOG_END);
+ else
+ msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+
+ ret = stc_firewall_rule_set_nflog_threshold(rule_h, nflog_threshold);
+ if (ret == STC_ERROR_NONE)
+ msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END);
+ else
+ msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END,
+ test_stc_convert_error_type_to_string(ret));
+ }
+ }
msg(HR_SINGLE);