From 45a1f9df4fcd73f40165d6dffb78a2da1c2e93f1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 1 Feb 2012 10:25:26 -0800 Subject: [PATCH] Streamline exclusion of the %vserver% pseudo-interface. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 4 ++-- Shorewall/Perl/Shorewall/Misc.pm | 7 ++++--- Shorewall/Perl/Shorewall/Zones.pm | 8 ++++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 940366521..21ce3618e 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -5864,7 +5864,7 @@ sub add_interface_options( $ ) { my %input_chains; my %forward_chains; - for my $interface ( grep $_ ne '%vserver%', all_interfaces ) { + for my $interface ( all_real_interfaces ) { $input_chains{$interface} = $filter_table->{input_option_chain $interface}; $forward_chains{$interface} = $filter_table->{forward_option_chain $interface}; } @@ -5983,7 +5983,7 @@ sub add_interface_options( $ ) { # # Simply move the option chain rules to the interface chains # - for my $interface ( grep $_ ne '%vserver%', all_interfaces ) { + for my $interface ( all_real_interfaces ) { my $chainref; my $chain1ref; diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index ead235c17..60ffe34a2 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -752,7 +752,7 @@ sub add_common_rules ( $ ) { $target1 = $target; } - for $interface ( grep $_ ne '%vserver%', all_interfaces ) { + for $interface ( all_real_interfaces ) { ensure_chain( 'filter', $_ ) for first_chains( $interface ), output_chain( $interface ), option_chains( $interface ), output_option_chain( $interface ); my $interfaceref = find_interface $interface; @@ -1367,6 +1367,7 @@ sub add_interface_jumps { our %output_jump_added; our %forward_jump_added; my $lo_jump_added = 0; + my @interfaces = grep $_ ne '%vserver%', @_; # # Add Nat jumps # @@ -1378,7 +1379,7 @@ sub add_interface_jumps { addnatjump 'POSTROUTING' , 'nat_out'; addnatjump 'PREROUTING', 'dnat'; - for my $interface ( grep $_ ne '%vserver%', @_ ) { + for my $interface ( @interfaces ) { addnatjump 'PREROUTING' , input_chain( $interface ) , imatch_source_dev( $interface ); addnatjump 'POSTROUTING' , output_chain( $interface ) , imatch_dest_dev( $interface ); addnatjump 'POSTROUTING' , masq_chain( $interface ) , imatch_dest_dev( $interface ); @@ -1392,7 +1393,7 @@ sub add_interface_jumps { # # Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT # - for my $interface ( grep $_ ne '%vserver%', @_ ) { + for my $interface ( @interfaces ) { my $forwardref = $filter_table->{forward_chain $interface}; my $inputref = $filter_table->{input_chain $interface}; my $outputref = $filter_table->{output_chain $interface}; diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index cae1615e9..72af2d9d1 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -61,6 +61,7 @@ our @EXPORT = qw( NOTHING chain_base validate_interfaces_file all_interfaces + all_real_interfaces all_bridges interface_number find_interface @@ -1305,6 +1306,13 @@ sub all_interfaces() { @interfaces; } +# +# Return all non-vserver interfaces +# +sub all_real_interfaces() { + grep $_ ne '%vserver%', @interfaces; +} + # # Return a list of bridges #