extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 19:30:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Some 'on the train' changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6437 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-26 02:57:27 +00:00
parent 9303e56f99
commit 0771b15bb0
6 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-perl/Shorewall/Chains.pm
View File

@ -644,8 +644,8 @@ sub finish_chain_section ($$) {
} else { } else {
my $policychainref = $chainref->{policychain}; my $policychainref = $chainref->{policychain};
if ( $policychainref->{synparams} ) { if ( $policychainref->{synparams} ) {
my $synchainref = ensure_chain 'filter', "\@$policychainref->{name}"; my $synchainref = ensure_chain 'filter', syn_chain $policychainref->{name};
add_rule $synchainref, "-p tcp --syn -j $synchainref->{name}"; add_rule $chainref, "-p tcp --syn -j $synchainref->{name}";
} }
} }
} }

16
Shorewall-perl/Shorewall/Common.pm
View File

@ -127,7 +127,7 @@ sub emitj {
my $line = $_; # This copy is necessary because the actual arguments are almost always read-only. my $line = $_; # This copy is necessary because the actual arguments are almost always read-only.
$line =~ s/^\n// if $lastlineblank; $line =~ s/^\n// if $lastlineblank;
$line =~ s/^/$indent/gm if $indent; $line =~ s/^/$indent/gm if $indent;
$line =~ s/ /\t/g; $line =~ s/ /\t/gm;
print $object "$line\n"; print $object "$line\n";
$lastlineblank = ( substr( $line, -1, 1 ) eq "\n" ); $lastlineblank = ( substr( $line, -1, 1 ) eq "\n" );
} else { } else {
@ -138,7 +138,6 @@ sub emitj {
} }
} }
# #
# Write passed message to the object with newline but no indentation. # Write passed message to the object with newline but no indentation.
# #
@ -269,12 +268,13 @@ sub create_temp_object( $ ) {
( $file, $dir, $suffix ) = fileparse( $objectfile ); ( $file, $dir, $suffix ) = fileparse( $objectfile );
}; };
die $@ if $@; die if $@;
fatal_error "Directory $dir does not exist" unless -d $dir; fatal_error "Directory $dir does not exist" unless -d $dir;
fatal_error "$dir is a Symbolic Link" if -l $dir; fatal_error "Directory $dir is not writable" unless -w _;
fatal_error "$objectfile is a Directory" if -d $objectfile; fatal_error "$dir is a Symbolic Link" if -l $dir;
fatal_error "$dir is a Symbolic Link" if -l $objectfile; fatal_error "$objectfile is a Directory" if -d $objectfile;
fatal_error "$dir is a Symbolic Link" if -l $objectfile;
fatal_error "$objectfile exists and is not a compiled script" if -e _ && ! -x _; fatal_error "$objectfile exists and is not a compiled script" if -e _ && ! -x _;
eval { eval {
@ -282,7 +282,7 @@ sub create_temp_object( $ ) {
( $object, $tempfile ) = tempfile ( 'tempfileXXXX' , DIR => $dir ); ( $object, $tempfile ) = tempfile ( 'tempfileXXXX' , DIR => $dir );
}; };
die if $@; fatal_error "Unable to create temporary file in directory $dir" if $@;
$file = "$file.$suffix" if $suffix; $file = "$file.$suffix" if $suffix;
$dir .= '/' unless substr( $dir, -1, 1 ) eq '/'; $dir .= '/' unless substr( $dir, -1, 1 ) eq '/';

4
Shorewall-perl/Shorewall/Config.pm
View File

@ -74,7 +74,7 @@ our %globals = ( SHAREDIR => '/usr/share/shorewall' ,
ORIGINAL_POLICY_MATCH => '', ORIGINAL_POLICY_MATCH => '',
LOGPARMS => '', LOGPARMS => '',
TC_SCRIPT => '', TC_SCRIPT => '',
VERSION => '4.0.0-Beta1', VERSION => '4.0.0-Beta2',
); );
# #
@ -171,7 +171,7 @@ our %config =
BLACKLIST_DISPOSITION => undef, BLACKLIST_DISPOSITION => undef,
); );
# #
# Config options and global settings that are to be copied to object # Config options and global settings that are to be copied to object script
# #
my @propagateconfig = qw/ CLEAR_TC DISABLE_IPV6 ADMINISABSENTMINDED IP_FORWARDING MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE/; my @propagateconfig = qw/ CLEAR_TC DISABLE_IPV6 ADMINISABSENTMINDED IP_FORWARDING MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE/;
my @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /; my @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /;

6
Shorewall-perl/Shorewall/Policy.pm
View File

@ -209,9 +209,9 @@ sub validate_policy()
push @policy_chains, ( $chainref ); push @policy_chains, ( $chainref );
} }
$chainref->{loglevel} = $loglevel if defined $loglevel && $loglevel ne ''; $chainref->{loglevel} = $loglevel if defined $loglevel && $loglevel ne '';
$chainref->{synparams} = $synparams if $synparams; $chainref->{synparams} = do_ratelimit $synparams, 'ACCEPT' if $synparams ne '';
$chainref->{default} = $default if $default; $chainref->{default} = $default if $default;
if ( $clientwild ) { if ( $clientwild ) {
if ( $serverwild ) { if ( $serverwild ) {

7
Shorewall-perl/Shorewall/Rules.pm
View File

@ -260,12 +260,9 @@ sub setup_syn_flood_chains() {
for my $chainref ( @policy_chains ) { for my $chainref ( @policy_chains ) {
my $limit = $chainref->{synparams}; my $limit = $chainref->{synparams};
if ( $limit ) { if ( $limit ) {
my $level = $chainref->{loglevel}; my $level = $chainref->{loglevel};
( $limit, my ( $burst, $remainder) ) = split( ':', $limit, 3 );
fatal_error "Invalid BURST/LIMIT" if defined $remainder;
$burst = $burst ? "--limit-burst $burst " : '';
my $synchainref = new_chain 'filter' , syn_chain $chainref->{name}; my $synchainref = new_chain 'filter' , syn_chain $chainref->{name};
add_rule $synchainref , "-m limit --limit $limit ${burst}-j RETURN"; add_rule $synchainref , "${limit}-j RETURN";
log_rule_limit $level , $synchainref , $chainref->{name} , 'DROP', '-m limit --limit 5/min --limit-burst 5 ' , '' , 'add' , '' log_rule_limit $level , $synchainref , $chainref->{name} , 'DROP', '-m limit --limit 5/min --limit-burst 5 ' , '' , 'add' , ''
if $level ne ''; if $level ne '';
add_rule $synchainref, '-j DROP'; add_rule $synchainref, '-j DROP';

2
Shorewall-perl/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=4.0.0-Beta1 VERSION=4.0.0-Beta2
usage() # $1 = exit status usage() # $1 = exit status
{ {