extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-19 12:50:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid processing blacklist twice

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-02 00:48:59 +00:00
parent 4bc13dd2d8
commit 31232b5e82
1 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
Shorewall/compiler
View File

@ -3421,6 +3421,27 @@ process_blacklist_rec() {
done done
} }
process_blacklist()
{
cat >&3 << __EOF__
#
# Load the blacklist
#
load_blacklist()
{
__EOF__
INDENT=" "
while read networks protocol ports; do
expandv networks protocol ports
process_blacklist_rec
done < $TMP_DIR/blacklist
INDENT=
save_command "}"
save_command
}
# #
# Setup the Black List # Setup the Black List
# #
@ -3430,11 +3451,9 @@ setup_blacklist() {
local disposition=$BLACKLIST_DISPOSITION local disposition=$BLACKLIST_DISPOSITION
local ipsec policy local ipsec policy
if [ -n "$hosts" -a -f $f ]; then if [ -n "$hosts" -a -s ${TMP_DIR}/blacklist ]; then
progress_message2 "$DOING Blacklisting..." progress_message2 "$DOING Blacklisting..."
strip_file blacklist $f
createchain blacklst no createchain blacklst no
[ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state= [ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state=
@ -3457,11 +3476,8 @@ setup_blacklist() {
[ "$disposition" = REJECT ] && disposition=reject [ "$disposition" = REJECT ] && disposition=reject
if [ -z "$DELAYBLACKLISTLOAD" ]; then if [ -z "$DELAYBLACKLISTLOAD" -a -s ${TMP_DIR}/blacklist ]; then
while read networks protocol ports; do save_command load_blacklist
expandv networks protocol ports
process_blacklist_rec
done < $TMP_DIR/blacklist
fi fi
fi fi
} }
@ -3486,35 +3502,13 @@ refresh_blacklist() {
run_iptables -F blacklst run_iptables -F blacklst
while read networks protocol ports; do save_command load_blacklist
expandv networks protocol ports
process_blacklist_rec
done < $TMP_DIR/blacklist
INDENT="$indent" INDENT="$indent"
save_command "fi" save_command "fi"
} }
#
# Verify the Black List
#
validate_blacklist() {
local f=$(find_file blacklist)
local disposition=$BLACKLIST_DISPOSITION
progress_message2 "Checking Black List..."
strip_file blacklist $f
[ "$disposition" = REJECT ] && disposition=reject
while read networks protocol ports; do
expandv networks protocol ports
process_blacklist_rec
done < $TMP_DIR/blacklist
}
#
# Construct zone-independent rules # Construct zone-independent rules
# #
add_common_rules() { add_common_rules() {
@ -5264,6 +5258,7 @@ __EOF__
determine_hosts determine_hosts
if strip_file_and_lib_load tcrules tcrules; then if strip_file_and_lib_load tcrules tcrules; then
progress_message2 "Compiling $(find_file tcrules)..."
process_tc_rules process_tc_rules
fi fi
@ -5274,6 +5269,11 @@ __EOF__
[ -n "$LIB_tc_LOADED" ] && setup_traffic_shaping [ -n "$LIB_tc_LOADED" ] && setup_traffic_shaping
fi fi
if [ -n "$(find_hosts_by_option blacklist)" ]; then
strip_file blacklist
process_blacklist
fi
cat >&3 << __EOF__ cat >&3 << __EOF__
# #
@ -5595,7 +5595,7 @@ __EOF__
append_file start append_file start
if [ -n "$DELAYBLACKLISTLOAD" ]; then if [ -n "$DELAYBLACKLISTLOAD" -a -s ${TMP_DIR}/blacklist ]; then
refresh_blacklist refresh_blacklist
save_command save_command
fi fi