extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 04:01:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use 'our' for globals to aid debugging.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-12-23 13:16:54 -08:00
parent bd563ae9b7
commit 15817078b8
12 changed files with 267 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -40,18 +40,18 @@ our $VERSION = 'MODULEVERSION';
# #
# Per-IP accounting tables. Each entry contains the associated network. # Per-IP accounting tables. Each entry contains the associated network.
# #
my %tables; our %tables;
my $jumpchainref; our $jumpchainref;
my %accountingjumps; our %accountingjumps;
my $asection; our $asection;
my $defaultchain; our $defaultchain;
my $ipsecdir; our $ipsecdir;
my $defaultrestriction; our $defaultrestriction;
my $restriction; our $restriction;
my $accounting_commands = { COMMENT => 0, SECTION => 2 }; our $accounting_commands = { COMMENT => 0, SECTION => 2 };
my $sectionname; our $sectionname;
my $acctable; our $acctable;
# #
# Sections in the Accounting File # Sections in the Accounting File

116
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -332,8 +332,8 @@ our $rawpost_table;
our $nat_table; our $nat_table;
our $mangle_table; our $mangle_table;
our $filter_table; our $filter_table;
my $export; our $export;
my %renamed; our %renamed;
our %nfobjects; our %nfobjects;
# #
@ -375,14 +375,14 @@ use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i an
# #
# See initialize() below for additional comments on these variables # See initialize() below for additional comments on these variables
# #
my $iprangematch; our $iprangematch;
my %chainseq; our %chainseq;
my $idiotcount; our $idiotcount;
my $idiotcount1; our $idiotcount1;
my $hashlimitset; our $hashlimitset;
my $global_variables; our $global_variables;
my %address_variables; our %address_variables;
my $ipset_rules; our $ipset_rules;
# #
# Determines the commands for which a particular interface-oriented shell variable needs to be set # Determines the commands for which a particular interface-oriented shell variable needs to be set
@ -434,18 +434,18 @@ our %tosmap = ( 'Minimize-Delay' => 0x10,
# #
# These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents # These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents
# #
my %interfaceaddr; # First interface address our %interfaceaddr; # First interface address
my %interfaceaddrs; # All interface addresses our %interfaceaddrs; # All interface addresses
my %interfacenets; # Networks routed out of the interface our %interfacenets; # Networks routed out of the interface
my %interfacemacs; # Interface MAC our %interfacemacs; # Interface MAC
my %interfacebcasts; # Broadcast addresses associated with the interface (IPv4) our %interfacebcasts; # Broadcast addresses associated with the interface (IPv4)
my %interfaceacasts; # Anycast addresses associated with the interface (IPv6) our %interfaceacasts; # Anycast addresses associated with the interface (IPv6)
my %interfacegateways; # Gateway of default route out of the interface our %interfacegateways; # Gateway of default route out of the interface
# #
# Built-in Chains # Built-in Chains
# #
my @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING);
# #
# Mode of the emitter (part of this module that converts rules in the chain table into iptables-restore input) # Mode of the emitter (part of this module that converts rules in the chain table into iptables-restore input)
@ -454,7 +454,7 @@ use constant { NULL_MODE => 0 , # Emitting neither shell commands nor iptables
CAT_MODE => 1 , # Emitting iptables-restore input CAT_MODE => 1 , # Emitting iptables-restore input
CMD_MODE => 2 }; # Emitting shell commands. CMD_MODE => 2 }; # Emitting shell commands.
my $mode; our $mode;
# #
# Address Family # Address Family
# #
@ -463,7 +463,7 @@ our $family;
# #
# These are the current builtin targets # These are the current builtin targets
# #
my %builtin_target = ( ACCEPT => 1, our %builtin_target = ( ACCEPT => 1,
ACCOUNT => 1, ACCOUNT => 1,
AUDIT => 1, AUDIT => 1,
CHAOS => 1, CHAOS => 1,
@ -518,7 +518,7 @@ my %builtin_target = ( ACCEPT => 1,
ULOG => 1, ULOG => 1,
); );
my %ipset_exists; our %ipset_exists;
# #
# Rules are stored in an internal form # Rules are stored in an internal form
@ -549,55 +549,55 @@ use constant { UNIQUE => 1,
MATCH => 8, MATCH => 8,
CONTROL => 16 }; CONTROL => 16 };
my %opttype = ( rule => CONTROL, our %opttype = ( rule => CONTROL,
cmd => CONTROL, cmd => CONTROL,
dhcp => UNIQUE, dhcp => UNIQUE,
mode => CONTROL, mode => CONTROL,
cmdlevel => CONTROL, cmdlevel => CONTROL,
simple => CONTROL, simple => CONTROL,
i => UNIQUE, i => UNIQUE,
s => UNIQUE, s => UNIQUE,
o => UNIQUE, o => UNIQUE,
d => UNIQUE, d => UNIQUE,
p => UNIQUE, p => UNIQUE,
dport => UNIQUE, dport => UNIQUE,
sport => UNIQUE, sport => UNIQUE,
'icmp-type' => UNIQUE, 'icmp-type' => UNIQUE,
'icmpv6-type' => UNIQUE, 'icmpv6-type' => UNIQUE,
comment => CONTROL, comment => CONTROL,
policy => MATCH, policy => MATCH,
state => EXCLUSIVE, state => EXCLUSIVE,
jump => TARGET, jump => TARGET,
target => TARGET, target => TARGET,
targetopts => TARGET, targetopts => TARGET,
); );
my %aliases = ( protocol => 'p', our %aliases = ( protocol => 'p',
source => 's', source => 's',
destination => 'd', destination => 'd',
jump => 'j', jump => 'j',
goto => 'g', goto => 'g',
'in-interface' => 'i', 'in-interface' => 'i',
'out-interface' => 'o', 'out-interface' => 'o',
dport => 'dport', dport => 'dport',
sport => 'sport', sport => 'sport',
'icmp-type' => 'icmp-type', 'icmp-type' => 'icmp-type',
'icmpv6-type' => 'icmpv6-type', 'icmpv6-type' => 'icmpv6-type',
); );
my @unique_options = ( qw/p dport sport icmp-type icmpv6-type s d i o/ ); our @unique_options = ( qw/p dport sport icmp-type icmpv6-type s d i o/ );
my %isocodes; our %isocodes;
use constant { ISODIR => '/usr/share/xt_geoip/LE' }; use constant { ISODIR => '/usr/share/xt_geoip/LE' };
my %switches; our %switches;
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,

6
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -44,11 +44,11 @@ our @EXPORT = qw( compiler );
our @EXPORT_OK = qw( $export ); our @EXPORT_OK = qw( $export );
our $VERSION = 'MODULEVERSION'; our $VERSION = 'MODULEVERSION';
my $export; our $export;
my $test; our $test;
my $family; our $family;
# #
# Initilize the package-globals in the other modules # Initilize the package-globals in the other modules

106
Shorewall/Perl/Shorewall/Config.pm
View File

@ -209,51 +209,51 @@ our ($command, $doing, $done );
# #
# VERBOSITY # VERBOSITY
# #
my $verbosity; our $verbosity;
# #
# Logging # Logging
# #
my ( $log, $log_verbosity ); our ( $log, $log_verbosity );
# #
# Timestamp each progress message, if true. # Timestamp each progress message, if true.
# #
my $timestamp; our $timestamp;
# #
# Script (output) file handle # Script (output) file handle
# #
my $script; our $script;
# #
# When 'true', writes to the script are enabled. Used to catch code emission between functions # When 'true', writes to the script are enabled. Used to catch code emission between functions
# #
my $script_enabled; our $script_enabled;
# #
# True, if last line emitted is blank # True, if last line emitted is blank
# #
my $lastlineblank; our $lastlineblank;
# #
# Tabs to indent the output # Tabs to indent the output
# #
my $indent1; our $indent1;
# #
# Characters to indent the output # Characters to indent the output
# #
my $indent2; our $indent2;
# #
# Total indentation # Total indentation
# #
my $indent; our $indent;
# #
# Script's Directory and File # Script's Directory and File
# #
my ( $dir, $file ); our ( $dir, $file );
# #
# Temporary output file's name # Temporary output file's name
# #
my $tempfile; our $tempfile;
# #
# Fully qualified name of the configuration file # Fully qualified name of the configuration file
# #
my $configfile; our $configfile;
# #
# Misc Globals exported to other modules # Misc Globals exported to other modules
# #
@ -265,19 +265,19 @@ our %config;
# #
# Entries in shorewall.conf that have been renamed # Entries in shorewall.conf that have been renamed
# #
my %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT' ); our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT' );
# #
# Config options and global settings that are to be copied to output script # Config options and global settings that are to be copied to output script
# #
my @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY SUBSYSLOCK LOG_VERBOSITY/; our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY SUBSYSLOCK LOG_VERBOSITY/;
# #
# From parsing the capabilities file or detecting capabilities # From parsing the capabilities file or detecting capabilities
# #
my %capabilities; our %capabilities;
# #
# Capabilities # Capabilities
# #
my %capdesc = ( NAT_ENABLED => 'NAT', our %capdesc = ( NAT_ENABLED => 'NAT',
MANGLE_ENABLED => 'Packet Mangling', MANGLE_ENABLED => 'Packet Mangling',
MULTIPORT => 'Multi-port Match' , MULTIPORT => 'Multi-port Match' ,
XMULTIPORT => 'Extended Multi-port Match', XMULTIPORT => 'Extended Multi-port Match',
@ -461,62 +461,62 @@ our @auditoptions = qw( BLACKLIST_DISPOSITION MACLIST_DISPOSITION TCP_FLAGS_DISP
# #
# Directories to search for configuration files # Directories to search for configuration files
# #
my @config_path; our @config_path;
# #
# Stash away file references here when we encounter INCLUDE # Stash away file references here when we encounter INCLUDE
# #
my @includestack; our @includestack;
# #
# Allow nested opens # Allow nested opens
# #
my @openstack; our @openstack;
# #
# From the params file # From the params file
# #
my %params; our %params;
# #
# Entries that the compiler adds to %params # Entries that the compiler adds to %params
# #
my %compiler_params; our %compiler_params;
# #
# Action parameters # Action parameters
# #
our %actparms; our %actparms;
our $currentline; # Current config file line image our $currentline; # Current config file line image
my $currentfile; # File handle reference our $currentfile; # File handle reference
our $currentfilename; # File NAME our $currentfilename; # File NAME
my $currentlinenumber; # Line number our $currentlinenumber; # Line number
my $perlscript; # File Handle Reference to current temporary file being written by an in-line Perl script our $perlscript; # File Handle Reference to current temporary file being written by an in-line Perl script
my $perlscriptname; # Name of that file. our $perlscriptname; # Name of that file.
my $embedded; # True if we're in an embedded perl script our $embedded; # True if we're in an embedded perl script
my @tempfiles; # Files that need unlinking at END our @tempfiles; # Files that need unlinking at END
my $first_entry; # Message to output or function to call on first non-blank line of a file our $first_entry; # Message to output or function to call on first non-blank line of a file
our $file_format; # Format of configuration file. our $file_format; # Format of configuration file.
my $max_format; # Max format value our $max_format; # Max format value
our $comment; # Current COMMENT our $comment; # Current COMMENT
my @comments; our @comments;
my $comments_allowed; our $comments_allowed;
my $warningcount; our $warningcount;
my $warningcount1; our $warningcount1;
my $warningcount2; our $warningcount2;
my $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files. our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files.
our $debug; # Global debugging flag our $debug; # Global debugging flag
my $confess; # If true, use Carp to report errors with stack trace. our $confess; # If true, use Carp to report errors with stack trace.
our $family; # Protocol family (4 or 6) our $family; # Protocol family (4 or 6)
our $toolname; # Name of the tool to use (iptables or iptables6) our $toolname; # Name of the tool to use (iptables or iptables6)
my $toolNAME; # Tool name in CAPS our $toolNAME; # Tool name in CAPS
our $product; # Name of product that will run the generated script our $product; # Name of product that will run the generated script
our $Product; # $product with initial cap. our $Product; # $product with initial cap.
our $sillyname; # Name of temporary filter chains for testing capabilities our $sillyname; # Name of temporary filter chains for testing capabilities
our $sillyname1; our $sillyname1;
my $iptables; # Path to iptables/ip6tables our $iptables; # Path to iptables/ip6tables
my $tc; # Path to tc our $tc; # Path to tc
my $ip; # Path to ip our $ip; # Path to ip
my $shell; # Type of shell that processed the params file my $shell; # Type of shell that processed the params file
@ -530,28 +530,28 @@ use constant { MIN_VERBOSITY => -1,
F_IPV6 => 6, F_IPV6 => 6,
}; };
my %validlevels; # Valid log levels. our %validlevels; # Valid log levels.
# #
# Deprecated options with their default values # Deprecated options with their default values
# #
my %deprecated = ( LOGRATE => '' , our %deprecated = ( LOGRATE => '' ,
LOGBURST => '' , LOGBURST => '' ,
EXPORTPARAMS => 'no', EXPORTPARAMS => 'no',
WIDE_TC_MARKS => 'no', WIDE_TC_MARKS => 'no',
HIGH_ROUTE_MARKS => 'no' HIGH_ROUTE_MARKS => 'no'
); );
# #
# Deprecated options that are eliminated via update # Deprecated options that are eliminated via update
# #
my %converted = ( WIDE_TC_MARKS => 1, our %converted = ( WIDE_TC_MARKS => 1,
HIGH_ROUTE_MARKS => 1 ); HIGH_ROUTE_MARKS => 1 );
# #
# Variables involved in ?IF, ?ELSE ?ENDIF processing # Variables involved in ?IF, ?ELSE ?ENDIF processing
# #
my $omitting; our $omitting;
my @ifstack; our @ifstack;
my $ifstack; our $ifstack;
# #
# Entries on the ifstack are a 4-tuple: # Entries on the ifstack are a 4-tuple:
# #
@ -577,7 +577,7 @@ use constant { PLAIN_READ => 0, # No read_a_line options
NORMAL_READ => -1 # All options NORMAL_READ => -1 # All options
}; };
my %variables; # Symbol table for expanding shell variables our %variables; # Symbol table for expanding shell variables
sub process_shorewallrc($$); sub process_shorewallrc($$);
sub add_variables( \% ); sub add_variables( \% );

30
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -79,20 +79,20 @@ our $VERSION = 'MODULEVERSION';
# #
# Some IPv4/6 useful stuff # Some IPv4/6 useful stuff
# #
my @allipv4 = ( '0.0.0.0/0' ); our @allipv4 = ( '0.0.0.0/0' );
my @allipv6 = ( '::/0' ); our @allipv6 = ( '::/0' );
my $allip; our $allip;
my @allip; our @allip;
my @nilipv4 = ( '0.0.0.0' ); our @nilipv4 = ( '0.0.0.0' );
my @nilipv6 = ( '::' ); our @nilipv6 = ( '::' );
my $nilip; our $nilip;
my @nilip; our @nilip;
my $valid_address; our $valid_address;
my $validate_address; our $validate_address;
my $validate_net; our $validate_net;
my $validate_range; our $validate_range;
my $validate_host; our $validate_host;
my $family; our $family;
use constant { ALLIPv4 => '0.0.0.0/0' , use constant { ALLIPv4 => '0.0.0.0/0' ,
ALLIPv6 => '::/0' , ALLIPv6 => '::/0' ,
@ -109,7 +109,7 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
IPv6_SITE_ALLRTRS => 'ff02::2' , IPv6_SITE_ALLRTRS => 'ff02::2' ,
}; };
my @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
# #
# Note: initialize() is declared at the bottom of the file # Note: initialize() is declared at the bottom of the file

2
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -48,7 +48,7 @@ our @EXPORT = qw( process_tos
our @EXPORT_OK = qw( initialize ); our @EXPORT_OK = qw( initialize );
our $VERSION = 'MODULEVERSION'; our $VERSION = 'MODULEVERSION';
my $family; our $family;
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,

4
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -42,8 +42,8 @@ Exporter::export_ok_tags('rules');
our $VERSION = 'MODULEVERSION'; our $VERSION = 'MODULEVERSION';
my @addresses_to_add; our @addresses_to_add;
my %addresses_to_add; our %addresses_to_add;
# #
# Called by the compiler # Called by the compiler

32
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -53,28 +53,28 @@ use constant { LOCAL_TABLE => 255,
UNSPEC_TABLE => 0 UNSPEC_TABLE => 0
}; };
my @routemarked_providers; our @routemarked_providers;
my %routemarked_interfaces; our %routemarked_interfaces;
our @routemarked_interfaces; our @routemarked_interfaces;
my %provider_interfaces; our %provider_interfaces;
my @load_providers; our @load_providers;
my @load_interfaces; our @load_interfaces;
my $balancing; our $balancing;
my $fallback; our $fallback;
my $metrics; our $metrics;
my $first_default_route; our $first_default_route;
my $first_fallback_route; our $first_fallback_route;
my $maxload; our $maxload;
my $tproxies; our $tproxies;
my %providers; our %providers;
my @providers; our @providers;
my $family; our $family;
my $lastmark; our $lastmark;
use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 }; use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 };

11
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -36,7 +36,16 @@ our @EXPORT = qw( setup_conntrack );
our @EXPORT_OK = qw( handle_helper_rule ); our @EXPORT_OK = qw( handle_helper_rule );
our $VERSION = 'MODULEVERSION'; our $VERSION = 'MODULEVERSION';
my %valid_ctevent = ( new => 1, related => 1, destroy => 1, reply => 1, assured => 1, protoinfo => 1, helper => 1, mark => 1, natseqinfo => 1, secmark => 1 ); our %valid_ctevent = ( new => 1,
related => 1,
destroy => 1,
reply => 1,
assured => 1,
protoinfo => 1,
helper => 1,
mark => 1,
natseqinfo => 1,
secmark => 1 );
# #
# Notrack # Notrack

70
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -58,72 +58,72 @@ our $VERSION = 'MODULEVERSION';
# #
# Globals are documented in the initialize() function # Globals are documented in the initialize() function
# #
my %sections; our %sections;
my $section; our $section;
my @policy_chains; our @policy_chains;
my %default_actions; our %default_actions;
my %macros; our %macros;
our $family; our $family;
my @builtins; our @builtins;
# #
# Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited). # Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited).
# #
my $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 }; our $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 };
my $action_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULTS => 2 }; our $action_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULTS => 2 };
my $macro_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULT => 2 }; our $macro_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULT => 2 };
my %rulecolumns = ( action => 0, our %rulecolumns = ( action => 0,
source => 1, source => 1,
dest => 2, dest => 2,
proto => 3, proto => 3,
dport => 4, dport => 4,
sport => 5, sport => 5,
origdest => 6, origdest => 6,
rate => 7, rate => 7,
user => 8, user => 8,
mark => 9, mark => 9,
connlimit => 10, connlimit => 10,
time => 11, time => 11,
headers => 12, headers => 12,
switch => 13, switch => 13,
helper => 14, helper => 14,
); );
use constant { MAX_MACRO_NEST_LEVEL => 10 }; use constant { MAX_MACRO_NEST_LEVEL => 10 };
my $macro_nest_level; our $macro_nest_level;
my @actionstack; our @actionstack;
my %active; our %active;
# Action Table # Action Table
# #
# %actions{ actchain => used to eliminate collisions } # %actions{ actchain => used to eliminate collisions }
# #
my %actions; our %actions;
# #
# Inline Action Table # Inline Action Table
# #
my %inlines; our %inlines;
# #
# Contains an entry for each used <action>:<level>[:<tag>] that maps to the associated chain. # Contains an entry for each used <action>:<level>[:<tag>] that maps to the associated chain.
# #
my %usedactions; our %usedactions;
# #
# Policies for which AUDIT is allowed # Policies for which AUDIT is allowed
# #
my %auditpolicies = ( ACCEPT => 1, our %auditpolicies = ( ACCEPT => 1,
DROP => 1, DROP => 1,
REJECT => 1 REJECT => 1
); );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:

44
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -86,7 +86,7 @@ use constant { NOMARK => 0 ,
HIGHMARK => 2 HIGHMARK => 2
}; };
my %flow_keys = ( 'src' => 1, our %flow_keys = ( 'src' => 1,
'dst' => 1, 'dst' => 1,
'proto' => 1, 'proto' => 1,
'proto-src' => 1, 'proto-src' => 1,
@ -104,15 +104,15 @@ my %flow_keys = ( 'src' => 1,
'sk-gid' => 1, 'sk-gid' => 1,
'vlan-tag' => 1 ); 'vlan-tag' => 1 );
my %designator = ( F => 'tcfor' , our %designator = ( F => 'tcfor' ,
T => 'tcpost' ); T => 'tcpost' );
my %tosoptions = ( 'tos-minimize-delay' => '0x10/0x10' , our %tosoptions = ( 'tos-minimize-delay' => '0x10/0x10' ,
'tos-maximize-throughput' => '0x08/0x08' , 'tos-maximize-throughput' => '0x08/0x08' ,
'tos-maximize-reliability' => '0x04/0x04' , 'tos-maximize-reliability' => '0x04/0x04' ,
'tos-minimize-cost' => '0x02/0x02' , 'tos-minimize-cost' => '0x02/0x02' ,
'tos-normal-service' => '0x00/0x1e' ); 'tos-normal-service' => '0x00/0x1e' );
my %classids; our %classids;
# #
# Perl version of Arn Bernin's 'tc4shorewall'. # Perl version of Arn Bernin's 'tc4shorewall'.
@ -133,12 +133,12 @@ my %classids;
# name => <interface> # name => <interface>
# } # }
# #
my @tcdevices; our @tcdevices;
my %tcdevices; our %tcdevices;
my @devnums; our @devnums;
my $devnum; our $devnum;
my $sticky; our $sticky;
my $ipp2p; our $ipp2p;
# #
# TCClasses Table # TCClasses Table
@ -159,10 +159,10 @@ my $ipp2p;
# } # }
# } # }
# } # }
my @tcclasses; our @tcclasses;
my %tcclasses; our %tcclasses;
my %restrictions = ( tcpre => PREROUTE_RESTRICT , our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
PREROUTING => PREROUTE_RESTRICT , PREROUTING => PREROUTE_RESTRICT ,
tcpost => POSTROUTE_RESTRICT , tcpost => POSTROUTE_RESTRICT ,
tcfor => NO_RESTRICT , tcfor => NO_RESTRICT ,
@ -170,16 +170,16 @@ my %restrictions = ( tcpre => PREROUTE_RESTRICT ,
tcout => OUTPUT_RESTRICT , tcout => OUTPUT_RESTRICT ,
); );
my $family; our $family;
my $divertref; # DIVERT chain our $divertref; # DIVERT chain
my %validstates = ( NEW => 0, our %validstates = ( NEW => 0,
RELATED => 0, RELATED => 0,
ESTABLISHED => 0, ESTABLISHED => 0,
UNTRACKED => 0, UNTRACKED => 0,
INVALID => 0, INVALID => 0,
); );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:

79
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -148,12 +148,12 @@ use constant { IN_OUT => 1,
# #
# $firewall_zone names the firewall zone. # $firewall_zone names the firewall zone.
# #
my @zones; our @zones;
my %zones; our %zones;
my %zonetypes; our %zonetypes;
my $firewall_zone; our $firewall_zone;
my %reservedName = ( all => 1, our %reservedName = ( all => 1,
any => 1, any => 1,
none => 1, none => 1,
SOURCE => 1, SOURCE => 1,
@ -188,24 +188,24 @@ my %reservedName = ( all => 1,
# The purpose of the 'base' member is to ensure that the base names associated with the physical interfaces are assigned in # The purpose of the 'base' member is to ensure that the base names associated with the physical interfaces are assigned in
# the same order as the interfaces are encountered in the configuration files. # the same order as the interfaces are encountered in the configuration files.
# #
my @interfaces; our @interfaces;
my %interfaces; our %interfaces;
my %roots; our %roots;
my @bport_zones; our @bport_zones;
my %ipsets; our %ipsets;
my %physical; our %physical;
my %basemap; our %basemap;
my %basemap1; our %basemap1;
my %mapbase; our %mapbase;
my %mapbase1; our %mapbase1;
my $family; our $family;
my $upgrade; our $upgrade;
my $have_ipsec; our $have_ipsec;
my $baseseq; our $baseseq;
my $minroot; our $minroot;
my $zonemark; our $zonemark;
my $zonemarkincr; our $zonemarkincr;
my $zonemarklimit; our $zonemarklimit;
use constant { FIREWALL => 1, use constant { FIREWALL => 1,
IP => 2, IP => 2,
@ -232,24 +232,24 @@ use constant { SIMPLE_IF_OPTION => 1,
use constant { NO_UPDOWN => 1, use constant { NO_UPDOWN => 1,
NO_SFILTER => 2 }; NO_SFILTER => 2 };
my %validinterfaceoptions; our %validinterfaceoptions;
my %defaultinterfaceoptions = ( routefilter => 1 , wait => 60 ); our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60 );
my %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN ); our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN );
my %validhostoptions; our %validhostoptions;
my %validzoneoptions = ( mss => NUMERIC, our %validzoneoptions = ( mss => NUMERIC,
nomark => NOTHING, nomark => NOTHING,
blacklist => NOTHING, blacklist => NOTHING,
dynamic_shared => NOTHING, dynamic_shared => NOTHING,
strict => NOTHING, strict => NOTHING,
next => NOTHING, next => NOTHING,
reqid => NUMERIC, reqid => NUMERIC,
spi => NUMERIC, spi => NUMERIC,
proto => IPSECPROTO, proto => IPSECPROTO,
mode => IPSECMODE, mode => IPSECMODE,
"tunnel-src" => NETWORK, "tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK, "tunnel-dst" => NETWORK,
); );
@ -258,7 +258,10 @@ use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
# #
# Hash of options that have their own key in the returned hash. # Hash of options that have their own key in the returned hash.
# #
my %zonekey = ( mss => UNRESTRICTED | COMPLEX , blacklist => NOFW, nomark => NOFW | IN_OUT_ONLY, dynamic_shared => IN_OUT_ONLY ); our %zonekey = ( mss => UNRESTRICTED | COMPLEX ,
blacklist => NOFW,
nomark => NOFW | IN_OUT_ONLY,
dynamic_shared => IN_OUT_ONLY );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,