diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index 1b1d28ac0..3a1c4029e 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -35,21 +35,21 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_accounting ); our @EXPORT_OK = qw( ); -our $VERSION = '4.4.18'; +our $VERSION = '4.4.20'; # # Per-IP accounting tables. Each entry contains the associated network. # -our %tables; +my %tables; -our $jumpchainref; -our %accountingjumps; -our $asection; -our $defaultchain; -our $defaultrestriction; -our $restriction; -our $accounting_commands = { COMMENT => 0, SECTION => 2 }; -our $sectionname; +my $jumpchainref; +my %accountingjumps; +my $asection; +my $defaultchain; +my $defaultrestriction; +my $restriction; +my $accounting_commands = { COMMENT => 0, SECTION => 2 }; +my $sectionname; # # Sections in the Accounting File diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index b8b28ef79..5391e0302 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -188,7 +188,7 @@ our %EXPORT_TAGS = ( Exporter::export_ok_tags('internal'); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; # # Chain Table @@ -242,8 +242,8 @@ our $raw_table; our $nat_table; our $mangle_table; our $filter_table; -our $comment; -our @comments; +my $comment; +my @comments; # # Target Types @@ -280,14 +280,15 @@ use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i an # # See initialize() below for additional comments on these variables # -our $iprangematch; -our $chainseq; -our $idiotcount; -our $idiotcount1; -our $warningcount; -our $hashlimitset; -our $global_variables; -our $ipset_rules; + +my $iprangematch; +my $chainseq; +my $idiotcount; +my $idiotcount1; +my $warningcount; +my $hashlimitset; +my $global_variables; +my $ipset_rules; # # Determines the commands for which a particular interface-oriented shell variable needs to be set # @@ -296,18 +297,18 @@ use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 }; # # These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents # -our %interfaceaddr; # First interface address -our %interfaceaddrs; # All interface addresses -our %interfacenets; # Networks routed out of the interface -our %interfacemacs; # Interface MAC -our %interfacebcasts; # Broadcast addresses associated with the interface (IPv4) -our %interfaceacasts; # Anycast addresses associated with the interface (IPv6) -our %interfacegateways; # Gateway of default route out of the interface +my %interfaceaddr; # First interface address +my %interfaceaddrs; # All interface addresses +my %interfacenets; # Networks routed out of the interface +my %interfacemacs; # Interface MAC +my %interfacebcasts; # Broadcast addresses associated with the interface (IPv4) +my %interfaceacasts; # Anycast addresses associated with the interface (IPv6) +my %interfacegateways; # Gateway of default route out of the interface # # Built-in Chains # -our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); +my @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); # # Mode of the emitter (part of this module that converts rules in the chain table into iptables-restore input) @@ -316,7 +317,7 @@ use constant { NULL_MODE => 0 , # Emitting neither shell commands nor iptables CAT_MODE => 1 , # Emitting iptables-restore input CMD_MODE => 2 }; # Emitting shell commands. -our $mode; +my $mode; # # Address Family # @@ -325,7 +326,7 @@ our $family; # # These are the current builtin targets # -our %builtin_target = ( ACCEPT => 1, +my %builtin_target = ( ACCEPT => 1, ACCOUNT => 1, CHAOS => 1, CHECKSUM => 1, diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 2f43c75d9..8df24df5f 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -41,13 +41,13 @@ use Shorewall::Misc; our @ISA = qw(Exporter); our @EXPORT = qw( compiler ); our @EXPORT_OK = qw( $export ); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; -our $export; +my $export; -our $test; +my $test; -our $family; +my $family; # # Initilize the package-globals in the other modules diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 56d17830f..da8783027 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -139,7 +139,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script Exporter::export_ok_tags('internal'); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; # # describe the current command, it's present progressive, and it's completion. @@ -148,47 +148,47 @@ our ($command, $doing, $done ); # # VERBOSITY # -our $verbosity; +my $verbosity; # # Logging # -our ( $log, $log_verbosity ); +my ( $log, $log_verbosity ); # # Timestamp each progress message, if true. # -our $timestamp; +my $timestamp; # # Script (output) file handle # -our $script; +my $script; # # When 'true', writes to the script are enabled. Used to catch code emission between functions # -our $script_enabled; +my $script_enabled; # # True, if last line emitted is blank # -our $lastlineblank; +my $lastlineblank; # # Tabs to indent the output # -our $indent1; +my $indent1; # # Characters to indent the output # -our $indent2; +my $indent2; # # Total indentation # -our $indent; +my $indent; # # Script's Directory and File # -our ( $dir, $file ); +my ( $dir, $file ); # # Temporary output file's name # -our $tempfile; +my $tempfile; # # Misc Globals # @@ -200,15 +200,15 @@ our %config; # # Config options and global settings that are to be copied to output script # -our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY SUBSYSLOCK LOG_VERBOSITY/; +my @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY SUBSYSLOCK LOG_VERBOSITY/; # # From parsing the capabilities file or detecting capabilities # -our %capabilities; +my %capabilities; # # Capabilities # -our %capdesc = ( NAT_ENABLED => 'NAT', +my %capdesc = ( NAT_ENABLED => 'NAT', MANGLE_ENABLED => 'Packet Mangling', MULTIPORT => 'Multi-port Match' , XMULTIPORT => 'Extended Multi-port Match', @@ -312,52 +312,52 @@ our %config_files = ( #accounting => 1, # # Directories to search for configuration files # -our @config_path; +my @config_path; # # Stash away file references here when we encounter INCLUDE # -our @includestack; +my @includestack; # # Allow nested opens # -our @openstack; +my @openstack; # # From the params file # -our %params; +my %params; # # Entries that the compiler adds to %params # -our %compiler_params; +my %compiler_params; # # Action parameters # -our %actparms; +my %actparms; -our $currentline; # Current config file line image -our $currentfile; # File handle reference -our $currentfilename; # File NAME -our $currentlinenumber; # Line number -our $perlscript; # File Handle Reference to current temporary file being written by an in-line Perl script -our $perlscriptname; # Name of that file. -our @tempfiles; # Files that need unlinking at END -our $first_entry; # Message to output or function to call on first non-blank line of a file +our $currentline; # Current config file line image +my $currentfile; # File handle reference +my $currentfilename; # File NAME +my $currentlinenumber; # Line number +my $perlscript; # File Handle Reference to current temporary file being written by an in-line Perl script +my $perlscriptname; # Name of that file. +my @tempfiles; # Files that need unlinking at END +my $first_entry; # Message to output or function to call on first non-blank line of a file -our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files. +my $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files. -our $debug; # If true, use Carp to report errors with stack trace. +my $debug; # If true, use Carp to report errors with stack trace. -our $family; # Protocol family (4 or 6) -our $toolname; # Name of the tool to use (iptables or iptables6) -our $toolNAME; # Tool name in CAPS -our $product; # Name of product that will run the generated script -our $Product; # $product with initial cap. +our $family; # Protocol family (4 or 6) +my $toolname; # Name of the tool to use (iptables or iptables6) +my $toolNAME; # Tool name in CAPS +our $product; # Name of product that will run the generated script +our $Product; # $product with initial cap. -our $sillyname; # Name of temporary filter chains for testing capabilities -our $sillyname1; -our $iptables; # Path to iptables/ip6tables -our $tc; # Path to tc -our $ip; # Path to ip +my $sillyname; # Name of temporary filter chains for testing capabilities +my $sillyname1; +my $iptables; # Path to iptables/ip6tables +my $tc; # Path to tc +my $ip; # Path to ip use constant { MIN_VERBOSITY => -1, MAX_VERBOSITY => 2 , @@ -365,7 +365,7 @@ use constant { MIN_VERBOSITY => -1, F_IPV6 => 6, }; -our %validlevels; # Valid log levels. +my %validlevels; # Valid log levels. # # Rather than initializing globals in an INIT block or during declaration, diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 46fa22375..f533ac289 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -80,25 +80,25 @@ our @EXPORT = qw( ALLIPv4 validate_icmp6 ); our @EXPORT_OK = qw( ); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; # # Some IPv4/6 useful stuff # -our @allipv4 = ( '0.0.0.0/0' ); -our @allipv6 = ( '::/0' ); -our $allip; -our @allip; -our @nilipv4 = ( '0.0.0.0' ); -our @nilipv6 = ( '::' ); -our $nilip; -our @nilip; -our $valid_address; -our $validate_address; -our $validate_net; -our $validate_range; -our $validate_host; -our $family; +my @allipv4 = ( '0.0.0.0/0' ); +my @allipv6 = ( '::/0' ); +my $allip; +my @allip; +my @nilipv4 = ( '0.0.0.0' ); +my @nilipv6 = ( '::' ); +my $nilip; +my @nilip; +my $valid_address; +my $validate_address; +my $validate_net; +my $validate_range; +my $validate_host; +my $family; use constant { ALLIPv4 => '0.0.0.0/0' , ALLIPv6 => '::/0' , @@ -121,7 +121,7 @@ use constant { ALLIPv4 => '0.0.0.0/0' , SCTP => 132, UDPLITE => 136 }; -our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); +my @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); # # Note: initialize() is declared at the bottom of the file diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 895f520c5..f3dda3f2e 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( process_tos our @EXPORT_OK = qw( initialize ); our $VERSION = '4.4_20'; -our $family; +my $family; # # Rather than initializing globals in an INIT block or during declaration, diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index 9ea20becb..4c3243a4e 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -38,8 +38,8 @@ our @EXPORT = qw( setup_masq setup_nat setup_netmap add_addresses ); our @EXPORT_OK = (); our $VERSION = '4.4_20'; -our @addresses_to_add; -our %addresses_to_add; +my @addresses_to_add; +my %addresses_to_add; # # Called by the compiler diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index a8575d8c3..58bc4fd94 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -43,23 +43,23 @@ use constant { LOCAL_TABLE => 255, UNSPEC_TABLE => 0 }; -our @routemarked_providers; -our %routemarked_interfaces; +my @routemarked_providers; +my %routemarked_interfaces; our @routemarked_interfaces; -our %provider_interfaces; +my %provider_interfaces; -our $balancing; -our $fallback; -our $first_default_route; -our $first_fallback_route; +my $balancing; +my $fallback; +my $first_default_route; +my $first_fallback_route; -our %providers; +my %providers; -our @providers; +my @providers; -our $family; +my $family; -our $lastmark; +my $lastmark; use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 }; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 75253417f..38021b7ce 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -52,47 +52,47 @@ our @EXPORT = qw( ); our @EXPORT_OK = qw( initialize ); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; # # Globals are documented in the initialize() function # -our %sections; +my %sections; -our $section; +my $section; -our @policy_chains; +my @policy_chains; -our %policy_actions; +my %policy_actions; -our %default_actions; +my %default_actions; -our %macros; +my %macros; -our $family; +my $family; -our @builtins; +my @builtins; # # Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited). # -our $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 }; +my $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 }; use constant { MAX_MACRO_NEST_LEVEL => 5 }; -our $macro_nest_level; +my $macro_nest_level; -our @actionstack; -our %active; +my @actionstack; +my %active; # Action Table # # %actions{ actchain => used to eliminate collisions } # -our %actions; +my %actions; # # Contains an entry for each used :[:] that maps to the associated chain. # -our %usedactions; +my %usedactions; # # Rather than initializing globals in an INIT block or during declaration, diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 0655cfb28..4d5d70ecc 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -40,9 +40,9 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_tc ); our @EXPORT_OK = qw( process_tc_rule initialize ); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; -our %tcs = ( T => { chain => 'tcpost', +my %tcs = ( T => { chain => 'tcpost', connmark => 0, fw => 1, fwi => 0, @@ -86,7 +86,7 @@ use constant { NOMARK => 0 , HIGHMARK => 2 }; -our %flow_keys = ( 'src' => 1, +my %flow_keys = ( 'src' => 1, 'dst' => 1, 'proto' => 1, 'proto-src' => 1, @@ -104,14 +104,14 @@ our %flow_keys = ( 'src' => 1, 'sk-gid' => 1, 'vlan-tag' => 1 ); -our %tosoptions = ( 'tos-minimize-delay' => '0x10/0x10' , +my %tosoptions = ( 'tos-minimize-delay' => '0x10/0x10' , 'tos-maximize-throughput' => '0x08/0x08' , 'tos-maximize-reliability' => '0x04/0x04' , 'tos-minimize-cost' => '0x02/0x02' , 'tos-normal-service' => '0x00/0x1e' ); -our %classids; +my %classids; -our @deferred_rules; +my @deferred_rules; # # Perl version of Arn Bernin's 'tc4shorewall'. @@ -132,12 +132,12 @@ our @deferred_rules; # name => # } # -our @tcdevices; -our %tcdevices; -our @devnums; -our $devnum; -our $sticky; -our $ipp2p; +my @tcdevices; +my %tcdevices; +my @devnums; +my $devnum; +my $sticky; +my $ipp2p; # # TCClasses Table @@ -158,17 +158,16 @@ our $ipp2p; # } # } # } +my @tcclasses; +my %tcclasses; -our @tcclasses; -our %tcclasses; - -our %restrictions = ( tcpre => PREROUTE_RESTRICT , +my %restrictions = ( tcpre => PREROUTE_RESTRICT , tcpost => POSTROUTE_RESTRICT , tcfor => NO_RESTRICT , tcin => INPUT_RESTRICT , tcout => OUTPUT_RESTRICT ); -our $family; +my $family; # # Rather than initializing globals in an INIT block or during declaration, diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 389259b9f..903574c8a 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -85,7 +85,7 @@ our @EXPORT = qw( NOTHING ); our @EXPORT_OK = qw( initialize ); -our $VERSION = '4.4_19'; +our $VERSION = '4.4_20'; # # IPSEC Option types @@ -129,11 +129,11 @@ use constant { NOTHING => 'NOTHING', # # $firewall_zone names the firewall zone. # -our @zones; -our %zones; -our $firewall_zone; +my @zones; +my %zones; +my $firewall_zone; -our %reservedName = ( all => 1, +my %reservedName = ( all => 1, any => 1, none => 1, SOURCE => 1, @@ -167,18 +167,18 @@ our %reservedName = ( all => 1, # The purpose of the 'base' member is to ensure that the base names associated with the physical interfaces are assigned in # the same order as the interfaces are encountered in the configuration files. # -our @interfaces; -our %interfaces; -our %roots; -our @bport_zones; -our %ipsets; -our %physical; -our %basemap; -our %mapbase; -our $family; -our $have_ipsec; -our $baseseq; -our $minroot; +my @interfaces; +my %interfaces; +my %roots; +my @bport_zones; +my %ipsets; +my %physical; +my %basemap; +my %mapbase; +my $family; +my $have_ipsec; +my $baseseq; +my $minroot; use constant { FIREWALL => 1, IP => 2, @@ -202,13 +202,13 @@ use constant { SIMPLE_IF_OPTION => 1, IF_OPTION_WILDOK => 64 }; -our %validinterfaceoptions; +my %validinterfaceoptions; -our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60 ); +my %defaultinterfaceoptions = ( routefilter => 1 , wait => 60 ); -our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 ); +my %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 ); -our %validhostoptions; +my %validhostoptions; # # Rather than initializing globals in an INIT block or during declaration, diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index d5907df92..f0edb6ad7 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,7 @@ +Changes in Shorewall 4.4.20 Beta 2 + +1) Use 'my' unless variable is exported. + Changes in Shorewall 4.4.20 Beta 1 1) Apply Togan's patch for installation flexibility.