extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Periodic removal of trailing white space

Browse Source
This commit is contained in:
Tom Eastep 2010-06-07 07:30:56 -07:00
parent 04de6fac6d
commit 3467969c26
11 changed files with 121 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -777,7 +777,7 @@ sub dropBcast( $$$ ) {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ';
} else {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d ff00::/10 -j DROP ';
}
}
}
add_rule $chainref, '-m addrtype --dst-type BROADCAST -j DROP';

60
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -211,7 +211,7 @@ our $VERSION = '4.4_11';
# }
#
# 'provisional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
# replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1 as are intra-zone
# replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1 as are intra-zone
# ACCEPT policies.
#
# Only 'referenced' chains get written to the iptables-restore input.
@ -629,7 +629,7 @@ sub insert_rule($$$) {
# the target in the second argument. The third argument determines if a GOTO may be
# used rather than a jump. The optional fourth argument specifies any matches to be
# included in the rule and must end with a space character if it is non-null. The
# optional 5th argument causes long port lists to be split. The optional 6th
# optional 5th argument causes long port lists to be split. The optional 6th
# argument, if passed, gives the 0-relative index where the jump is to be inserted.
#
sub add_jump( $$$;$$$ ) {
@ -648,7 +648,7 @@ sub add_jump( $$$;$$$ ) {
#
# Ensure that we have the chain unless it is a builtin like 'ACCEPT'
#
$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / --/; #If the target has options, it must be a builtin.
$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / --/; #If the target has options, it must be a builtin.
}
#
@ -759,7 +759,7 @@ sub move_rules( $$ ) {
my $name2 = $chain2->{name};
my $rules = $chain2->{rules};
my $count = @{$chain1->{rules}};
my $tableref = $chain_table{$chain1->{table}};
my $tableref = $chain_table{$chain1->{table}};
#
# We allow '+' in chain names and '+' is an RE meta-character. Escape it.
#
@ -767,7 +767,7 @@ sub move_rules( $$ ) {
for ( @{$chain1->{rules}} ) {
adjust_reference_counts( $tableref->{$1}, $name1, $name2 ) if / -[jg] ([^\s]+)/;
}
}
if ( $debug ) {
my $rule = @{$chain1->{rules}};
@ -828,7 +828,7 @@ sub copy_rules( $$ ) {
delete $chain1->{references}{$name2};
unless ( keys %{$chain1->{references}} ) {
delete_chain $chain1;
}
}
}
}
@ -1411,8 +1411,8 @@ sub optimize_chain( $ ) {
if ( $chainref->{referenced} ) {
my $rules = $chainref->{rules};
my $count = 0;
pop @$rules; # Pop the plain -j ACCEPT rule at the end of the chain
pop @$rules; # Pop the plain -j ACCEPT rule at the end of the chain
pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT(?:$|\s)/;
@ -1439,7 +1439,7 @@ sub optimize_chain( $ ) {
$count++;
trace( $chainref, 'R', $rule, $_ ) if $debug;
}
}
}
}
progress_message " $count references to ACCEPT policy chain $chainref->{name} replaced";
@ -1499,7 +1499,7 @@ sub replace_references( $$ ) {
$count++;
trace( $fromref, 'R', $rule, $_ ) if $debug;
}
}
}
}
}
@ -1539,7 +1539,7 @@ sub replace_references1( $$$ ) {
#
# The caller has ensured that $matches does not contain /! -[piosd] /
#
my $hasp = $matches =~ / -p /;
my $hasp = $matches =~ / -p /;
my $hasi = $matches =~ / -i /;
my $haso = $matches =~ / -o /;
my $hass = $matches =~ / -s /;
@ -1606,7 +1606,7 @@ sub replace_references1( $$$ ) {
}
}
progress_message " $count references to chain $chainref->{name} replaced" if $count;
@ -1614,7 +1614,7 @@ sub replace_references1( $$$ ) {
}
#
# The passed builtin chain has a single rule. If the target is a user chain without 'dont"move', copy the rules from the
# The passed builtin chain has a single rule. If the target is a user chain without 'dont"move', copy the rules from the
# chain to the builtin and return true; otherwise, do nothing and return false.
#
sub conditionally_copy_rules( $$ ) {
@ -1626,7 +1626,7 @@ sub conditionally_copy_rules( $$ ) {
#
my $basictarget = $1;
my $targetref = $chain_table{$chainref->{table}}{$basictarget};
if ( $targetref && ! $targetref->{dont_move} ) {
#
# Move is safe -- start with an empty rule list
@ -1689,10 +1689,10 @@ sub optimize_ruleset() {
delete_chain $chainref;
next;
}
unless ( $chainref->{dont_optimize} ) {
my $numrules = @{$chainref->{rules}};
if ( $numrules == 0 ) {
#
# No rules in this chain
@ -1763,25 +1763,25 @@ sub optimize_ruleset() {
}
}
}
#
# In this loop, we look for chains that end in an unconditional jump. If the target of the jump
# is subject to deletion (dont_delete = false), the jump is replaced by target's rules.
#
$progress = 1;
while ( $progress ) {
$progress = 0;
$passes++;
for my $chainref ( grep $_->{referenced}, values %{$chain_table{$table}} ) {
my $lastrule = $chainref->{rules}[-1];
if ( defined $lastrule && $lastrule =~ /^-A -[jg] (.*)$/ ) {
#
# Last rule is a simple branch
my $targetref = $chain_table{$table}{$1};
if ( $targetref && ! ( $targetref->{builtin} || $targetref->{dont_move} ) ) {
copy_rules( $targetref, $chainref );
$progress = 1;
@ -1806,11 +1806,11 @@ sub optimize_ruleset() {
my $rules1 = $chainref1->{rules};
next if @$rules != @$rules1;
next if $chainref1->{dont_delete};
for ( my $i = 0; $i <= $#$rules; $i++ ) {
next CHAIN unless $rules->[$i] eq $rules1->[$i];
}
replace_references1 $chainref1, $chainref->{name}, '';
}
}
@ -1901,12 +1901,12 @@ sub logchain( $$$$$$ ) {
$logtag,
'add',
'' );
add_rule( $logchainref, $exceptionrule . $target );
}
$logchainref;
}
}
sub newnonatchain() {
my $seq = $chainseq++;
@ -2224,7 +2224,7 @@ sub do_ratelimit( $$ ) {
}
$limit .= "--hashlimit-htable-expire $expire ";
}
}
$limit;
} elsif ( $rate =~ /^(\d+(\/(sec|min|hour|day))?):(\d+)$/ ) {
@ -3109,7 +3109,7 @@ sub expand_rule( $$$$$$$$$$;$ )
if ( $target =~ /-[jg]\s+([^\s]+)/ ) {
my $targetref = $chain_table{$chainref->{table}}{$1};
if ( $targetref ) {
$targetref->{referenced} = 1;
$targetref->{referenced} = 1;
add_reference $chainref, $targetref;
}
}
@ -3448,9 +3448,9 @@ sub expand_rule( $$$$$$$$$$;$ )
# Find/Create a chain that both logs and applies the target action
# and jump to the log chain if all of the rule's conditions are met
#
add_jump( $chainref,
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $target ),
$builtin_target{$disposition},
add_jump( $chainref,
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $target ),
$builtin_target{$disposition},
$matches,
1 );
} else {

18
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -87,22 +87,22 @@ sub generate_script_1( $ ) {
emit "#!/bin/sh\n#\n# Compiled firewall script generated by Shorewall-perl\n#";
} else {
my $date = localtime;
emit "#!/bin/sh\n#\n# Compiled firewall script generated by Shorewall $globals{VERSION} - $date\n#";
if ( $family == F_IPV4 ) {
copy $globals{SHAREDIRPL} . 'prog.header';
} else {
copy $globals{SHAREDIRPL} . 'prog.header6';
}
copy2 $globals{SHAREDIR} . '/lib.common', 0;
}
}
my $lib = find_file 'lib.private';
copy2( $lib, $debug ) if -f $lib;
emit <<'EOF';
@ -256,7 +256,7 @@ sub generate_script_2() {
push_indent;
if ( $global_variables ) {
emit( 'case $COMMAND in' );
push_indent;
@ -300,7 +300,7 @@ sub generate_script_2() {
pop_indent;
emit "\n}\n"; # End of detect_configuration()
}
#
@ -342,7 +342,7 @@ sub save_dynamic_chains() {
pop_indent;
emit ( 'else' );
push_indent;
emit ( 'rm -f ${VARDIR}/UPnP' );
emit ( 'rm -f ${VARDIR}/forwardUPnP' );
emit ( 'rm -f ${VARDIR}/dynamic' );
@ -500,7 +500,7 @@ sub generate_script_3($) {
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
} else {
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'' );
save_dynamic_chains;
mark_firewall_not_started;

34
Shorewall/Perl/Shorewall/Config.pm
View File

@ -1181,7 +1181,7 @@ sub copy1( $ ) {
print $script $here_documents if $here_documents;
print $script "\n";
}
if ( $debug ) {
print "GS-----> $here_documents" if $here_documents;
print "GS----->\n";
@ -1281,7 +1281,7 @@ EOF
s/^(\s*)/$indent1$1$indent2/;
s/ /\t/ if $indent2;
}
if ( $script ) {
print $script $_;
print $script "\n";
@ -1295,9 +1295,9 @@ EOF
$lastlineblank = 0;
}
}
close IF;
unless ( $lastlineblank ) {
print $script "\n" if $script;
print "GS----->\n" if $trace;
@ -1924,7 +1924,7 @@ sub numeric_option( $$$ ) {
my $value = $config{$option};
my $val = $default;
if ( defined $value && $value ne '' ) {
$val = numeric_value $value;
fatal_error "Invalid value ($value) for '$option'" unless defined $val && $val <= 32;
@ -1937,7 +1937,7 @@ sub numeric_option( $$$ ) {
sub make_mask( $ ) {
0xffffffff >> ( 32 - $_[0] );
}
}
my @suffixes = qw(group range threshold nlgroup cprange qthreshold);
@ -2183,14 +2183,14 @@ sub Persistent_Snat() {
$result = qt1( "$iptables -t nat -A $sillyname -j SNAT --to-source 1.2.3.4 --persistent" );
qt1( "$iptables -t nat -F $sillyname" );
qt1( "$iptables -t nat -X $sillyname" );
}
$result;
}
sub Mangle_Enabled() {
if ( qt1( "$iptables -t mangle -L -n" ) ) {
if ( qt1( "$iptables -t mangle -L -n" ) ) {
system( "$iptables -t mangle -N $sillyname" ) == 0 || fatal_error "Cannot Create Mangle chain $sillyname";
}
}
@ -2484,7 +2484,7 @@ sub have_capability( $ ) {
$capabilities{ $capability } = detect_capability( $capability ) unless defined $capabilities{ $capability };
$capabilities{ $capability };
$capabilities{ $capability };
}
#
@ -2505,11 +2505,11 @@ sub determine_capabilities() {
qt1( "$iptables -N $sillyname1" );
fatal_error 'Your kernel/iptables do not include state match support. No version of Shorewall will run on this system'
unless
unless
qt1( "$iptables -A $sillyname -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT") ||
qt1( "$iptables -A $sillyname -m state --state ESTABLISHED,RELATED -j ACCEPT");;
unless ( $config{ LOAD_HELPERS_ONLY } ) {
#
# Using 'detect_capability()' is a bit less efficient than calling the individual detection
@ -2518,7 +2518,7 @@ sub determine_capabilities() {
$capabilities{NAT_ENABLED} = detect_capability( 'NAT_ENABLED' );
$capabilities{PERSISTENT_SNAT} = detect_capability( 'PERSISTENT_SNAT' );
$capabilities{MANGLE_ENABLED} = detect_capability( 'MANGLE_ENABLED' );
if ( $capabilities{CONNTRACK_MATCH} = detect_capability( 'CONNTRACK_MATCH' ) ) {
$capabilities{NEW_CONNTRACK_MATCH} = detect_capability( 'NEW_CONNTRACK_MATCH' );
$capabilities{OLD_CONNTRACK_MATCH} = detect_capability( 'OLD_CONNTRACK_MATCH' );
@ -2531,7 +2531,7 @@ sub determine_capabilities() {
$capabilities{KLUDGEFREE} = Kludgefree1;
}
$capabilities{XMULTIPORT} = detect_capability( 'XMULTIPORT' );
$capabilities{XMULTIPORT} = detect_capability( 'XMULTIPORT' );
$capabilities{POLICY_MATCH} = detect_capability( 'POLICY_MATCH' );
if ( $capabilities{PHYSDEV_MATCH} = detect_capability( 'PHYSDEV_MATCH' ) ) {
@ -2837,7 +2837,7 @@ sub get_configuration( $ ) {
}
check_trivalue ( 'IP_FORWARDING', 'on' );
my $val;
if ( have_capability( 'KERNELVERSION' ) < 20631 ) {
@ -2856,7 +2856,7 @@ sub get_configuration( $ ) {
}
if ( $family == F_IPV6 ) {
$val = $config{ROUTE_FILTER};
$val = $config{ROUTE_FILTER};
fatal_error "ROUTE_FILTER=$val is not supported in IPv6" if $val && $val ne 'off';
}
@ -2955,7 +2955,7 @@ sub get_configuration( $ ) {
numeric_option 'MASK_BITS', $config{WIDE_TC_MARKS} ? 16 : 8, $config{TC_BITS};
numeric_option 'PROVIDER_BITS' , 8, 0;
numeric_option 'PROVIDER_OFFSET' , $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? 16 : 8 : 0, 0;
if ( $config{PROVIDER_OFFSET} ) {
$config{PROVIDER_OFFSET} = $config{MASK_BITS} if $config{PROVIDER_OFFSET} < $config{MASK_BITS};
fatal_error 'PROVIDER_BITS + PROVIDER_OFFSET > 32' if $config{PROVIDER_BITS} + $config{PROVIDER_OFFSET} > 32;

4
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -501,7 +501,7 @@ sub valid_6address( $ ) {
unless ( $address =~ /::$/ ) {
return 0 if $address =~ /:$/;
}
for my $a ( @address ) {
return 0 unless $a eq '' || ( $a =~ /^[a-fA-f\d]+$/ && length $a < 5 );
}
@ -570,7 +570,7 @@ sub normalize_6addr( $ ) {
1 while $addr =~ s/::/:0:/;
$addr =~ s/^0+:/0:/;
$addr;
}
}

2
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -286,7 +286,7 @@ sub save_policies() {
}
}
}
}
}
sub validate_policy()
{

8
Shorewall/Perl/Shorewall/Proc.pm
View File

@ -58,7 +58,7 @@ sub setup_arp_filtering() {
for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'arp_filter';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter";
@ -74,7 +74,7 @@ sub setup_arp_filtering() {
for my $interface ( @$interfaces1 ) {
my $value = get_interface_option $interface, 'arp_ignore';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_ignore";
@ -118,7 +118,7 @@ sub setup_route_filtering() {
for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'routefilter';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
@ -169,7 +169,7 @@ sub setup_martian_logging() {
for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'logmartians';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";

14
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -158,7 +158,7 @@ sub copy_and_edit_table( $$$$ ) {
my ( $duplicate, $number, $copy, $realm) = @_;
#
# Hack to work around problem in iproute
#
#
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
#
# Map physical names in $copy to logical names
@ -295,7 +295,7 @@ sub add_a_provider( ) {
$gateway = '';
}
my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $local ) =
my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $local ) =
(0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' , 0 );
unless ( $options eq '-' ) {
@ -340,7 +340,7 @@ sub add_a_provider( ) {
} elsif ( $option eq 'local' ) {
$local = 1;
$track = 0 if $config{TRACK_PROVIDERS};
$default_balance = 0 if$config{USE_DEFAULT_RT};
$default_balance = 0 if$config{USE_DEFAULT_RT};
} else {
fatal_error "Invalid option ($option)";
}
@ -546,7 +546,7 @@ sub start_new_if( $ ) {
emit ( '', qq(if [ -n "\$SW_${current_if}_IS_USABLE" ]; then) );
push_indent;
}
#
# Complete any current 'if' statement in the output script
#
@ -846,7 +846,7 @@ sub handle_optional_interfaces( $ ) {
my $returnvalue = verify_required_interfaces( shift );
#
# find_interfaces_by_option1() does not return wildcard interfaces. If an interface is defined
# as a wildcard in /etc/shorewall/interfaces, then only specific interfaces matching that
# as a wildcard in /etc/shorewall/interfaces, then only specific interfaces matching that
# wildcard are returned.
#
my $interfaces = find_interfaces_by_option1 'optional';
@ -891,7 +891,7 @@ sub handle_optional_interfaces( $ ) {
}
if ( $config{REQUIRE_INTERFACE} ) {
emit( '',
emit( '',
'if [ -z "$HAVE_INTERFACE" ]; then' ,
' case "$COMMAND" in',
' start|restart|restore|refresh)'
@ -902,7 +902,7 @@ sub handle_optional_interfaces( $ ) {
} else {
emit( ' if shorewall6_is_started; then' );
}
emit( ' fatal_error "No network interface available"',
' else',
' startup_error "No network interface available',

24
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -370,8 +370,8 @@ sub process_routestopped() {
my $chainref = $filter_table->{FORWARD};
for my $host ( split /,/, $hosts ) {
add_rule( $chainref ,
match_source_dev( $interface ) .
add_rule( $chainref ,
match_source_dev( $interface ) .
match_dest_dev( $interface ) .
match_source_net( $host ) .
match_dest_net( $host ) );
@ -466,18 +466,18 @@ sub add_common_rules() {
progress_message2 'Adding Anti-smurf Rules';
$chainref = new_standard_chain 'smurfs';
my $smurfdest;
if ( defined $config{SMURF_LOG_LEVEL} && $config{SMURF_LOG_LEVEL} ne '' ) {
my $smurfref = new_chain( 'filter', $smurfdest = 'smurflog' );
log_rule_limit( $config{SMURF_LOG_LEVEL},
$smurfref,
'smurfs' ,
'DROP',
$globals{LOGLIMIT},
'',
'',
'add',
'' );
add_rule( $smurfref, '-j DROP' );
@ -499,7 +499,7 @@ sub add_common_rules() {
} else {
add_commands $chainref, 'for address in $ALL_ACASTS; do';
}
incr_cmd_level $chainref;
add_jump( $chainref, $smurfdest, 1, '-s $address ' );
decr_cmd_level $chainref;
@ -582,7 +582,7 @@ sub add_common_rules() {
add_rule $filter_table->{$chain} , "-p udp --dport $ports -j ACCEPT";
}
add_rule( $filter_table->{forward_chain $interface} ,
add_rule( $filter_table->{forward_chain $interface} ,
"-p udp " .
match_dest_dev( $interface ) .
"--dport $ports -j ACCEPT" )
@ -1199,14 +1199,14 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
#
# Either a DNAT, REDIRECT or ACCEPT+ rule; don't apply rate limiting twice
#
$rule = join( '',
$rule = join( '',
do_proto($proto, $ports, $sports),
do_user( $user ) ,
do_test( $mark , $globals{TC_MASK} ) ,
do_connlimit( $connlimit ),
do_time( $time ) );
} else {
$rule = join( '',
$rule = join( '',
do_proto($proto, $ports, $sports),
do_ratelimit( $ratelimit, $basictarget ) ,
do_user( $user ) ,
@ -1290,7 +1290,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
$origdest = ALLIP;
}
}
} else {
} else {
if ( $server eq '' ) {
fatal_error "A server and/or port must be specified in the DEST column in $action rules" unless $serverport;
} elsif ( $server =~ /^(.+)-(.+)$/ ) {
@ -1652,7 +1652,7 @@ sub rules_target( $$ ) {
my ( $zone, $zone1 ) = @_;
my $chain = rules_chain( ${zone}, ${zone1} );
my $chainref = $filter_table->{$chain};
return $chain if $chainref && $chainref->{referenced};
return 'ACCEPT' if $zone eq $zone1;
@ -2272,7 +2272,7 @@ EOF
if [ -x $g_restorepath ]; then
echo Restoring ${g_product:=Shorewall}...
g_recovering=Yes
if run_it $g_restorepath restore; then

28
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -317,7 +317,7 @@ sub process_tc_rule( ) {
require_capability( 'TPROXY_TARGET', 'Use of TPROXY', 's');
fatal_error "Invalid TPROXY specification( $cmd/$rest )" if $rest;
$chain = 'tcpre';
$cmd =~ /TPROXY\((.+?)\)$/;
@ -337,15 +337,15 @@ sub process_tc_rule( ) {
}
$target .= "--on-port $port";
if ( defined $ip && $ip ne '' ) {
validate_address $ip, 1;
$target .= " --on-ip $ip";
}
$target .= ' --tproxy-mark';
$target .= ' --tproxy-mark';
}
if ( $rest ) {
fatal_error "Invalid MARK ($originalmark)" if $marktype == NOMARK;
@ -471,13 +471,13 @@ sub process_simple_device() {
emit ( "${dev}_exists=Yes",
"qt \$TC qdisc del dev $physical root",
"qt \$TC qdisc del dev $physical ingress\n"
"qt \$TC qdisc del dev $physical ingress\n"
);
emit ( "run_tc qdisc add dev $physical handle ffff: ingress",
"run_tc filter add dev $physical parent ffff: protocol all prio 10 u32 match ip src 0.0.0.0/0 police rate ${bandwidth}kbit burst 10k drop flowid :1\n"
) if $bandwidth;
emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
for ( my $i = 1; $i <= 3; $i++ ) {
@ -488,7 +488,7 @@ sub process_simple_device() {
}
save_progress_message_short qq(" TC Device $physical defined.");
pop_indent;
emit 'else';
push_indent;
@ -497,9 +497,9 @@ sub process_simple_device() {
emit "${dev}_exists=";
pop_indent;
emit "fi\n";
progress_message " Simple tcdevice \"$currentline\" $done.";
}
}
sub validate_tc_device( ) {
my ( $device, $inband, $outband , $options , $redirected ) = split_line 3, 5, 'tcdevices';
@ -1094,14 +1094,14 @@ sub process_tc_priority() {
1 );
} else {
my $postref = $mangle_table->{tcpost};
if ( $address ne '-' ) {
fatal_error "Invalid combination of columns" unless $proto eq '-' && $ports eq '-';
add_rule( $postref ,
join( '', match_source_net( $address) , $rule ) ,
1 );
} else {
add_rule( $postref ,
add_rule( $postref ,
join( '', do_proto( $proto, $ports, '-' , 0 ) , $rule ) ,
1 );
@ -1113,7 +1113,7 @@ sub process_tc_priority() {
$ipp2p = 1;
}
add_rule( $postref ,
add_rule( $postref ,
join( '' , do_proto( $proto, '-', $ports, 0 ) , $rule ) ,
1 )
unless $proto =~ /^ipp2p/ || $protocol == ICMP || $protocol == IPv6_ICMP;
@ -1139,8 +1139,8 @@ sub setup_simple_traffic_shaping() {
my $fn1 = open_file 'tcpri';
if ( $fn1 ) {
first_entry
sub {
first_entry
sub {
progress_message2 "$doing $fn1...";
warning_message "There are entries in $fn1 but $fn was empty" unless $interfaces;
};

48
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -524,7 +524,7 @@ sub zone_report()
my $grouplist = join ',', ( @$hosts );
my $exclusions = join ',', @{$groupref->{exclusions}};
$grouplist = join '!', ( $grouplist, $exclusions) if $exclusions;
if ( $family == F_IPV4 ) {
progress_message_nocompress " $iref->{physical}:$grouplist";
} else {
@ -734,7 +734,7 @@ sub firewall_zone() {
#
sub is_a_bridge( $ ) {
which 'brctl' && qt( "brctl show | tail -n+2 | grep -q '^$_[0]\[\[:space:\]\]'" );
}
}
#
# Transform the passed interface name into a legal shell variable name.
@ -960,7 +960,7 @@ sub process_interface( $$ ) {
# No options specified -- auto-detect bridge
#
$hostoptionsref->{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export;
}
}
$physical{$physical} = $interfaces{$interface} = { name => $interface ,
bridge => $bridge ,
@ -976,12 +976,12 @@ sub process_interface( $$ ) {
if ( $zone ) {
$netsref ||= [ allip ];
add_group_to_zone( $zone, $zoneref->{type}, $interface, $netsref, $hostoptionsref );
add_group_to_zone( $zone,
$zoneref->{type},
$interface,
[ IPv4_MULTICAST ],
add_group_to_zone( $zone,
$zoneref->{type},
$interface,
[ IPv4_MULTICAST ],
{ destonly => 1 } ) if $hostoptionsref->{multicast} && $interfaces{$interface}{zone} ne $zone;
}
}
progress_message " Interface \"$currentline\" Validated";
@ -1034,13 +1034,13 @@ sub validate_interfaces_file( $ ) {
sub map_physical( $$ ) {
my ( $name, $interfaceref ) = @_;
my $physical = $interfaceref->{physical};
return $physical if $name eq $interfaceref->{name};
$physical =~ s/\+$//;
$physical . substr( $name, length $interfaceref->{root} );
}
}
#
# Returns true if passed interface matches an entry in /etc/shorewall/interfaces
@ -1061,9 +1061,9 @@ sub known_interface($)
#
# Cache this result for future reference. We set the 'name' to the name of the entry that appears in /etc/shorewall/interfaces and we do not set the root;
#
return $interfaces{$interface} = { options => $interfaceref->{options},
bridge => $interfaceref->{bridge} ,
name => $i ,
return $interfaces{$interface} = { options => $interfaceref->{options},
bridge => $interfaceref->{bridge} ,
name => $i ,
number => $interfaceref->{number} ,
physical => map_physical( $interface, $interfaceref )
};
@ -1164,7 +1164,7 @@ sub find_interfaces_by_option( $ ) {
for my $interface ( @interfaces ) {
my $interfaceref = $interfaces{$interface};
next unless $interfaceref->{root};
my $optionsref = $interfaceref->{options};
@ -1222,9 +1222,9 @@ sub set_interface_option( $$$ ) {
sub verify_required_interfaces( $ ) {
my $generate_case = shift;
my $returnvalue = 0;
my $interfaces = find_interfaces_by_option 'wait';
if ( @$interfaces ) {
@ -1235,7 +1235,7 @@ sub verify_required_interfaces( $ ) {
if ( $wait ) {
my $physical = get_physical $interface;
if ( $physical =~ /\+$/ ) {
my $base = uc chain_base $physical;
@ -1309,7 +1309,7 @@ sub verify_required_interfaces( $ ) {
emit qq(fi\n);
}
}
if ( $generate_case ) {
emit( ';;' );
pop_indent;
@ -1404,19 +1404,19 @@ sub compile_updown() {
emit( ' detect_configuration',
' define_firewall' );
if ( $wildcard ) {
emit( ' elif [ "$state" = started ]; then',
' COMMAND=restart',
' detect_configuration',
' define_firewall' );
} else {
emit( ' else',
emit( ' else',
' COMMAND=stop',
' detect_configuration',
' stop_firewall' );
}
emit( ' fi',
' ;;'
);
@ -1454,11 +1454,11 @@ sub compile_updown() {
' detect_configuration',
' define_firewall',
' ;;',
' esac',
' esac',
);
pop_indent;
emit( 'esac' );
pop_indent;
@ -1466,7 +1466,7 @@ sub compile_updown() {
emit( '}',
'',
);
}
}
#
# Process a record in the hosts file