extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-02 10:59:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename cmdcount->cmdmode and allow expand_rule() to be called on a chain with non-zero cmdmode

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6987 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-28 17:31:31 +00:00
parent 967aaef9f6
commit 18dba96379
1 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Shorewall-perl/Shorewall/Chains.pm
View File

@ -146,7 +146,7 @@ our $VERSION = 4.01;
# synchain => <name of synparam chain> # synchain => <name of synparam chain>
# default => <default action> # default => <default action>
# policy_chain => <ref to policy chain -- self-reference if this is a policy chain> # policy_chain => <ref to policy chain -- self-reference if this is a policy chain>
# cmdcount => <number of open loops or blocks in runtime commands> # cmdmode => <number of open loops or blocks in runtime commands>
# rules => [ <rule1> # rules => [ <rule1>
# <rule2> # <rule2>
# ... # ...
@ -335,21 +335,21 @@ sub process_comment() {
} }
} }
# #
# Functions to manipulate cmdcount # Functions to manipulate cmdmode
# #
sub push_cmd_mode( $ ) { sub push_cmd_mode( $ ) {
$_[0]->{cmdcount}++; $_[0]->{cmdmode}++;
} }
sub pop_cmd_mode( $ ) { sub pop_cmd_mode( $ ) {
fatal_error "Internal error in pop_cmd_mode()" if --$_[0]->{cmdcount} < 0; fatal_error "Internal error in pop_cmd_mode()" if --$_[0]->{cmdmode} < 0;
} }
sub add_command($$) sub add_command($$)
{ {
my ($chainref, $command) = @_; my ($chainref, $command) = @_;
push @{$chainref->{rules}}, join ('', ' ' x $chainref->{cmdcount} , $command ); push @{$chainref->{rules}}, join ('', ' ' x $chainref->{cmdmode} , $command );
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
@ -358,7 +358,7 @@ sub add_commands {
my $chainref = shift @_; my $chainref = shift @_;
for my $command ( @_ ) { for my $command ( @_ ) {
push @{$chainref->{rules}}, join ('', ' ' x $chainref->{cmdcount} , $command ); push @{$chainref->{rules}}, join ('', ' ' x $chainref->{cmdmode} , $command );
} }
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
@ -407,7 +407,7 @@ sub add_rule($$)
$iprangematch = 0; $iprangematch = 0;
if ( $chainref->{cmdcount} ) { if ( $chainref->{cmdmode} ) {
$rule =~ s/"/\\"/g; #Must preserve quotes in the rule $rule =~ s/"/\\"/g; #Must preserve quotes in the rule
$rule .= " -m comment --comment \\\"$comment\\\"" if $comment; $rule .= " -m comment --comment \\\"$comment\\\"" if $comment;
add_command $chainref , qq(echo "-A $chainref->{name} $rule" >&3); add_command $chainref , qq(echo "-A $chainref->{name} $rule" >&3);
@ -427,7 +427,7 @@ sub insert_rule($$$)
{ {
my ($chainref, $number, $rule) = @_; my ($chainref, $number, $rule) = @_;
fatal_error 'Internal Error in insert_rule()' if $chainref->{cmdcount}; fatal_error 'Internal Error in insert_rule()' if $chainref->{cmdmode};
$rule .= "-m comment --comment \"$comment\"" if $comment; $rule .= "-m comment --comment \"$comment\"" if $comment;
@ -573,7 +573,7 @@ sub new_chain($$)
table => $table, table => $table,
loglevel => '', loglevel => '',
log => 1, log => 1,
cmdcount => 0 }; cmdmode => 0 };
} }
# #
@ -1468,8 +1468,7 @@ sub expand_rule( $$$$$$$$$$ )
my ($iiface, $diface, $inets, $dnets, $iexcl, $dexcl, $onets , $oexcl ); my ($iiface, $diface, $inets, $dnets, $iexcl, $dexcl, $onets , $oexcl );
my $chain = $chainref->{name}; my $chain = $chainref->{name};
my $initialcmdmode = $chainref->{cmdmode};
fatal_error "Internal error in expand_rule()" if $chainref->{cmdcount} > 0;
# #
# Handle Log Level # Handle Log Level
@ -1526,10 +1525,8 @@ sub expand_rule( $$$$$$$$$$ )
add_command( $chainref , join( '', 'for source in ', $networks, '; do' ) ); add_command( $chainref , join( '', 'for source in ', $networks, '; do' ) );
$rule .= '-s $source '; $rule .= '-s $source ';
#
# While $cmdcount > 0, calls to 'add_rule()' will be converted to calls to 'add_command()' push_cmd_mode $chainref;
#
$chainref->{cmdcount}++;
} else { } else {
fatal_error "Source Interface ($iiface) not allowed when the source zone is $firewall_zone" if $restriction & OUTPUT_RESTRICT; fatal_error "Source Interface ($iiface) not allowed when the source zone is $firewall_zone" if $restriction & OUTPUT_RESTRICT;
$rule .= match_source_dev( $iiface ); $rule .= match_source_dev( $iiface );
@ -1558,7 +1555,7 @@ sub expand_rule( $$$$$$$$$$ )
add_command( $chainref , "for address in $list; do" ); add_command( $chainref , "for address in $list; do" );
$rule .= '-d $address '; $rule .= '-d $address ';
$chainref->{cmdcount}++; push_cmd_mode $chainref;
} else { } else {
$rule .= join ( '', '-d ', get_interface_address( $interfaces[0] ), ' ' ); $rule .= join ( '', '-d ', get_interface_address( $interfaces[0] ), ' ' );
} }
@ -1589,7 +1586,7 @@ sub expand_rule( $$$$$$$$$$ )
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface ); fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' ); add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' );
$rule .= '-d $dest '; $rule .= '-d $dest ';
$chainref->{cmdcount}++; push_cmd_mode $chainref;
} else { } else {
fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface ); fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
fatal_error "Destination Interface ($diface) not allowed when the destination zone is $firewall_zone" if $restriction & INPUT_RESTRICT; fatal_error "Destination Interface ($diface) not allowed when the destination zone is $firewall_zone" if $restriction & INPUT_RESTRICT;
@ -1798,8 +1795,8 @@ sub expand_rule( $$$$$$$$$$ )
} }
} }
while ( $chainref->{cmdcount} > 0 ) { while ( $chainref->{cmdmode} > $initialcmdmode ) {
$chainref->{cmdcount}--; pop_cmd_mode $chainref;
add_command $chainref, 'done'; add_command $chainref, 'done';
} }