extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix several bugs and whitespace differences from previous versions

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9013 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-13 00:27:26 +00:00
parent 1a7854b7fc
commit 2e8224e5ca
4 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -265,14 +265,14 @@ sub compile_stop_firewall() {
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
#
stop_firewall() {
deletechain() {
EOF
if ( $family == F_IPV4 ) {
emit ' qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1';
emit( ' deletechain() {',
' qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1' );
} else {
emit ' qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1';
emit( ' deletechain() {',
' qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1' );
}
emit <<'EOF';
@ -382,19 +382,23 @@ EOF
}
if ( $capabilities{RAW_TABLE} ) {
emit <<'EOF';
if ( $family == F_IPV4 ) {
emit <<'EOF';
run_iptables -t raw -F
run_iptables -t raw -X
for chain in PREROUTING OUTPUT; do
qt1 $IPTABLES -t raw -P $chain ACCEPT
done
EOF
if ( $family == F_IPV4 ) {
emit ' qt1 $IPTABLES -t raw -P $chain ACCEPT';
} else {
emit ' qt1 $IP6TABLES -t raw -P $chain ACCEPT';
emit <<'EOF';
run_iptables -t raw -F
run_iptables -t raw -X
for chain in PREROUTING OUTPUT; do
qt1 $IP6TABLES -t raw -P $chain ACCEPT
done
EOF
}
emit ' done';
}
if ( $capabilities{NAT_ENABLED} ) {
@ -531,6 +535,8 @@ EOF
}
}
emit '';
if ( $family == F_IPV4 ) {
if ( $config{IP_FORWARDING} eq 'on' ) {
emit( 'echo 1 > /proc/sys/net/ipv4/ip_forward',

8
Shorewall-perl/Shorewall/Proc.pm
View File

@ -207,8 +207,9 @@ sub setup_forwarding( $ ) {
} elsif ( $config{IP_FORWARDING} eq 'off' ) {
emit ' echo 0 > /proc/sys/net/ipv4/ip_forward';
emit ' progress_message2 IPv4 Forwarding Disabled!';
emit '';
}
emit '';
} else {
if ( $config{IP_FORWARDING} eq 'on' ) {
emit ' echo 1 > /proc/sys/net/ipv6/conf/all/forwarding';
@ -216,9 +217,10 @@ sub setup_forwarding( $ ) {
} elsif ( $config{IP_FORWARDING} eq 'off' ) {
emit ' echo 0 > /proc/sys/net/ipv6/conf/all/forwarding';
emit ' progress_message2 IPv6 Forwarding Disabled!';
emit '';
}
emit '';
my $interfaces = find_interfaces_by_option 'forward';
if ( @$interfaces ) {

4
Shorewall-perl/Shorewall/Providers.pm
View File

@ -366,7 +366,7 @@ sub add_a_provider( $$$$$$$$ ) {
}
} elsif ( $shared ) {
emit "qt ip -$family rule del from $address" if $config{DELETE_THEN_ADD};
emit( "run_ip -$family rule add from $address pref 20000 table $number" ,
emit( "run_ip rule add from $address pref 20000 table $number" ,
"echo \"qt ip -$family rule del from $address\" >> \${VARDIR}/undo_routing" );
} else {
my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
@ -457,7 +457,7 @@ sub add_an_rtrule( $$$$ ) {
push_indent;
}
emit ( "run_ip -$family rule add $source $dest $priority table $number",
emit ( "run_ip rule add $source $dest $priority table $number",
"echo \"qt ip -$family rule del $source $dest $priority\" >> \${VARDIR}/undo_routing" );
pop_indent, emit ( "fi\n" ) if $optional;

2
Shorewall-perl/Shorewall/Rules.pm
View File

@ -443,7 +443,7 @@ sub process_routestopped() {
}
} elsif ( $option eq 'dest' ) {
for my $host ( split /,/, $hosts ) {
$dest{"$interface|host"} = 1;
$dest{"$interface|$host"} = 1;
}
} else {
warning_message "Unknown routestopped option ( $option ) ignored" unless $option eq 'critical';