mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 19:30:44 +01:00
Reverse 'here docs' madness (cperl-mode sucks); fix ADMINSISABSENTMINDED=No
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5710 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
bcec7bdc63
commit
0c8ffffb10
@ -73,9 +73,10 @@ sub generate_script_1 {
|
|||||||
'PRODUCT="Shorewall Lite"' );
|
'PRODUCT="Shorewall Lite"' );
|
||||||
|
|
||||||
copy "$env{SHAREDIR}/lib.base";
|
copy "$env{SHAREDIR}/lib.base";
|
||||||
|
|
||||||
emitj ( '################################################################################',
|
emitj ( '################################################################################',
|
||||||
'# End of /usr/share/shorewall/lib.base',
|
'# End of /usr/share/shorewall/lib.base',
|
||||||
'################################################################################' );
|
'################################################################################' );
|
||||||
} else {
|
} else {
|
||||||
emitj ( 'SHAREDIR=/usr/share/shorewall',
|
emitj ( 'SHAREDIR=/usr/share/shorewall',
|
||||||
'CONFDIR=/etc/shorewall',
|
'CONFDIR=/etc/shorewall',
|
||||||
@ -86,15 +87,16 @@ sub generate_script_1 {
|
|||||||
|
|
||||||
emit 'TEMPFILE=';
|
emit 'TEMPFILE=';
|
||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
for my $exit qw/init start tcclear started stop stopped/ {
|
for my $exit qw/init start tcclear started stop stopped/
|
||||||
emit "run_${exit}_exit() {";
|
{
|
||||||
push_indent;
|
emit "run_${exit}_exit() {";
|
||||||
append_file $exit;
|
push_indent;
|
||||||
emit 'true';
|
append_file $exit;
|
||||||
pop_indent;
|
emit 'true';
|
||||||
emit "}\n";
|
pop_indent;
|
||||||
}
|
emit "}\n";
|
||||||
|
}
|
||||||
|
|
||||||
emit 'initialize()';
|
emit 'initialize()';
|
||||||
emit '{';
|
emit '{';
|
||||||
@ -159,8 +161,7 @@ sub generate_script_1 {
|
|||||||
|
|
||||||
sub compile_stop_firewall() {
|
sub compile_stop_firewall() {
|
||||||
|
|
||||||
emit <<EOF;
|
emit "#
|
||||||
#
|
|
||||||
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
||||||
#
|
#
|
||||||
stop_firewall() {
|
stop_firewall() {
|
||||||
@ -298,7 +299,7 @@ stop_firewall() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f \${VARDIR}/proxyarp
|
rm -f \${VARDIR}/proxyarp
|
||||||
EOF
|
";
|
||||||
|
|
||||||
emit ' delete_tc1' if $config{CLEAR_TC};
|
emit ' delete_tc1' if $config{CLEAR_TC};
|
||||||
emit ' undo_routing';
|
emit ' undo_routing';
|
||||||
@ -326,25 +327,23 @@ EOF
|
|||||||
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
|
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
|
||||||
}
|
}
|
||||||
|
|
||||||
emit <<EOF;
|
emit "
|
||||||
|
|
||||||
for chain in INPUT OUTPUT; do
|
for chain in INPUT OUTPUT; do
|
||||||
setpolicy \$chain DROP
|
setpolicy \$chain DROP
|
||||||
done
|
done
|
||||||
EOF
|
";
|
||||||
} else {
|
} else {
|
||||||
emit <<EOF;
|
emit "
|
||||||
for chain in INPUT OUTPUT; do
|
for chain in INPUT OUTPUT; do
|
||||||
setpolicy \$chain ACCEPT
|
setpolicy \$chain ACCEPT
|
||||||
done
|
done
|
||||||
|
|
||||||
setpolicy FORWARD DROP
|
setpolicy FORWARD DROP
|
||||||
|
|
||||||
deleteallchains
|
deleteallchains";
|
||||||
EOF
|
|
||||||
|
|
||||||
for my $hosts ( @$criticalhosts ) {
|
for my $hosts ( @$criticalhosts ) {
|
||||||
my ( $interface, $host ) = ( split /,/, $hosts );
|
my ( $interface, $host ) = ( split /:/, $hosts );
|
||||||
my $source = match_source_net $host;
|
my $source = match_source_net $host;
|
||||||
my $dest = match_dest_net $host;
|
my $dest = match_dest_net $host;
|
||||||
|
|
||||||
@ -352,25 +351,22 @@ EOF
|
|||||||
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
|
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
|
||||||
}
|
}
|
||||||
|
|
||||||
emit <<EOF;
|
emit "
|
||||||
|
|
||||||
setpolicy INPUT DROP
|
setpolicy INPUT DROP
|
||||||
|
|
||||||
for chain in INPUT FORWARD; do
|
for chain in INPUT FORWARD; do
|
||||||
setcontinue \$chain
|
setcontinue \$chain
|
||||||
done
|
done";
|
||||||
EOF
|
|
||||||
}
|
}
|
||||||
} elsif ( ! $config{ADMINISABSENTMINDED} ) {
|
} elsif ( ! $config{ADMINISABSENTMINDED} ) {
|
||||||
emit <<EOF;
|
emit "for chain in INPUT OUTPUT FORWARD; do
|
||||||
for chain in INPUT OUTPUT FORWARD; do
|
|
||||||
setpolicy \$chain DROP
|
setpolicy \$chain DROP
|
||||||
done
|
done
|
||||||
|
|
||||||
deleteallchains
|
deleteallchains"
|
||||||
EOF
|
} else {
|
||||||
} else {
|
emit "for chain in INPUT FORWARD; do
|
||||||
emit <<EOF;
|
|
||||||
for chain in INPUT FORWARD; do
|
|
||||||
setpolicy \$chain DROP
|
setpolicy \$chain DROP
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -380,10 +376,8 @@ EOF
|
|||||||
|
|
||||||
for chain in INPUT FORWARD; do
|
for chain in INPUT FORWARD; do
|
||||||
setcontinue \$chain
|
setcontinue \$chain
|
||||||
done
|
done";
|
||||||
|
}
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
@ -418,8 +412,7 @@ EOF
|
|||||||
|
|
||||||
pop_indent;
|
pop_indent;
|
||||||
|
|
||||||
emit <<EOF;
|
emit "
|
||||||
|
|
||||||
set_state \"Stopped\"
|
set_state \"Stopped\"
|
||||||
|
|
||||||
logger -p kern.info \"\$PRODUCT Stopped\"
|
logger -p kern.info \"\$PRODUCT Stopped\"
|
||||||
@ -437,7 +430,7 @@ EOF
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
EOF
|
";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user