Issue warning on missing IPSET

This commit is contained in:
Tom Eastep 2011-05-15 11:48:34 -07:00
parent 8904e772df
commit 30f2fbff60
2 changed files with 10 additions and 5 deletions

View File

@ -244,6 +244,7 @@ our $mangle_table;
our $filter_table; our $filter_table;
my $comment; my $comment;
my @comments; my @comments;
my $export;
# #
# Target Types # Target Types
@ -389,8 +390,8 @@ my %builtin_target = ( ACCEPT => 1,
# 2. The compiler can run multiple times in the same process so it has to be # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize its dependent modules' state. # able to re-initialize its dependent modules' state.
# #
sub initialize( $$ ) { sub initialize( $$$ ) {
( $family, my $hard ) = @_; ( $family, my $hard, $export ) = @_;
%chain_table = ( raw => {}, %chain_table = ( raw => {},
mangle => {}, mangle => {},
@ -2817,6 +2818,10 @@ sub get_set_flags( $$ ) {
$setname =~ s/^\+//; $setname =~ s/^\+//;
unless ( $export || $> != 0 ) {
warning_message "Ipset $setname does not exist" unless qt "ipset -L $setname";
}
fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/; fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/;
have_capability 'OLD_IPSET_MATCH' ? "--set $setname $options " : "--match-set $setname $options "; have_capability 'OLD_IPSET_MATCH' ? "--set $setname $options " : "--match-set $setname $options ";

View File

@ -54,7 +54,7 @@ my $family;
# #
sub initialize_package_globals() { sub initialize_package_globals() {
Shorewall::Config::initialize($family); Shorewall::Config::initialize($family);
Shorewall::Chains::initialize ($family, 1); Shorewall::Chains::initialize ($family, 1, $export );
Shorewall::Zones::initialize ($family); Shorewall::Zones::initialize ($family);
Shorewall::Nat::initialize; Shorewall::Nat::initialize;
Shorewall::Providers::initialize($family); Shorewall::Providers::initialize($family);
@ -817,7 +817,7 @@ sub compiler {
# We must reinitialize Shorewall::Chains before generating the iptables-restore input # We must reinitialize Shorewall::Chains before generating the iptables-restore input
# for stopping the firewall # for stopping the firewall
# #
Shorewall::Chains::initialize( $family, 0 ); Shorewall::Chains::initialize( $family, 0 , $export );
initialize_chain_table; initialize_chain_table;
# #
# S T O P _ F I R E W A L L # S T O P _ F I R E W A L L
@ -881,7 +881,7 @@ sub compiler {
# Re-initialize the chain table so that process_routestopped() has the same # Re-initialize the chain table so that process_routestopped() has the same
# environment that it would when called by compile_stop_firewall(). # environment that it would when called by compile_stop_firewall().
# #
Shorewall::Chains::initialize( $family , 0 ); Shorewall::Chains::initialize( $family , 0 , $export );
initialize_chain_table; initialize_chain_table;
if ( $debug ) { if ( $debug ) {