extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-28 00:19:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

A little cleanup

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-07-24 16:17:22 -07:00
parent 703bc88bfd
commit 215e923562
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -245,6 +245,8 @@ our $VERSION = 'MODULEVERSION';
# restriction => Restrictions on further rules in this chain. # restriction => Restrictions on further rules in this chain.
# audit => Audit the result. # audit => Audit the result.
# filtered => Number of filter rules at the front of an interface forward chain # filtered => Number of filter rules at the front of an interface forward chain
# digest => string representation of the chain's rules for use in optimization
# level 8.
# } , # } ,
# <chain2> => ... # <chain2> => ...
# } # }
@ -418,10 +420,10 @@ my %ipset_exists;
# cmdlevel => nesting level within loops and conditional blocks. # cmdlevel => nesting level within loops and conditional blocks.
# determines indentation # determines indentation
# simple => true|false. If true, there are no matches or options # simple => true|false. If true, there are no matches or options
# jump => 'j', 'g' or '' (determines whether '-j' or '-g' is included # jump => 'j' or 'g' (determines whether '-j' or '-g' is included)
# Omitted, if target is ''.
# target => Rule target, if jump is 'j' or 'g'. # target => Rule target, if jump is 'j' or 'g'.
# targetopts => Target options. Only included if non-empty # targetopts => Target options. Only included if non-empty
# rule => String representation of rule for comparison
# <option> => iptables/ip6tables -A options (e.g., i => eth0) # <option> => iptables/ip6tables -A options (e.g., i => eth0)
# <match> => iptables match. Value may be a scalar or array. # <match> => iptables match. Value may be a scalar or array.
# if an array, multiple "-m <match>"s will be generated # if an array, multiple "-m <match>"s will be generated
@ -656,7 +658,6 @@ sub transform_rule( $ ) {
} elsif ( $input =~ s/^(!\s+)?--([^\s]+)\s*// ) { } elsif ( $input =~ s/^(!\s+)?--([^\s]+)\s*// ) {
$invert = '!' if $1; $invert = '!' if $1;
my $opt = $option = $2; my $opt = $option = $2;
fatal_error "Unrecognized iptables option ($opt}" unless $option = $aliases{$option}; fatal_error "Unrecognized iptables option ($opt}" unless $option = $aliases{$option};
} else { } else {
fatal_error "Unrecognized iptables option string ($input)"; fatal_error "Unrecognized iptables option string ($input)";
@ -2254,9 +2255,9 @@ sub initialize_chain_table($) {
if ( $full ) { if ( $full ) {
# #
# Create these chains early in case they are needed by Policy actions # Create this chain early in case it is needed by Policy actions
# #
dont_move new_standard_chain 'reject'; dont_move new_standard_chain 'reject';
} }
} }
@ -2613,17 +2614,23 @@ sub optimize_level8( $$$ ) {
my %renamed; my %renamed;
$passes++; $passes++;
progress_message "\n Table $table pass $passes, $chains referenced user chains, level 8..."; progress_message "\n Table $table pass $passes, $chains referenced user chains, level 8...";
for my $chainref ( @chains ) { for my $chainref ( @chains ) {
my $digest = '|'; my $digest = '';
$digest .= ' |' . format_rule( $chainref, $_, 1 ) for @{$chainref->{rules}};
for ( @{$chainref->{rules}} ) {
if ( $digest ) {
$digest .= ' |' . format_rule( $chainref, $_, 1 );
} else {
$digest = format_rule( $chainref, $_, 1 );
}
}
$chainref->{digest} = $digest; $chainref->{digest} = $digest;
} }
for my $chainref ( @chains ) { for my $chainref ( @chains ) {
my $rules = $chainref->{rules}; my $rules = $chainref->{rules};
# #