extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-19 04:41:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Fold some long lines"

Browse Source 
This reverts commit 3674cfd387.
This commit is contained in:
Tom Eastep 2011-04-10 11:20:50 -07:00
parent 6e7a7b7f39
commit 512008170d
1 changed files with 19 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -507,9 +507,7 @@ sub decr_cmd_level( $ ) {
sub trace( $$$$ ) { sub trace( $$$$ ) {
my ($chainref, $action, $rulenum, $message) = @_; my ($chainref, $action, $rulenum, $message) = @_;
my $heading = $rulenum ? my $heading = $rulenum ? sprintf "NF-(%s)-> %s:%s:%d", $action, $chainref->{table}, $chainref->{name}, $rulenum : sprintf "NF-(%s)-> %s:%s", $action, $chainref->{table}, $chainref->{name};
sprintf "NF-(%s)-> %s:%s:%d", $action, $chainref->{table}, $chainref->{name}, $rulenum :
sprintf "NF-(%s)-> %s:%s", $action, $chainref->{table}, $chainref->{name};
my $length = length $heading; my $length = length $heading;
@ -1256,8 +1254,7 @@ sub add_jump( $$$;$$$ ) {
# #
# Ensure that we have the chain unless it is a builtin like 'ACCEPT' # Ensure that we have the chain unless it is a builtin like 'ACCEPT'
# #
$toref = ensure_chain( $fromref->{table} , $to ) $toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / --/; #If the target has options, it must be a builtin.
unless $builtin_target{$to} || $to =~ / --/; #If the target has options, it must be a builtin.
} }
# #
@ -1389,13 +1386,11 @@ sub ensure_accounting_chain( $$$ )
my $chainref = $filter_table->{$chain}; my $chainref = $filter_table->{$chain};
if ( $chainref ) { if ( $chainref ) {
fatal_error "Non-accounting chain ($chain) used in an accounting rule" fatal_error "Non-accounting chain ($chain) used in an accounting rule" unless $chainref->{accounting};
unless $chainref->{accounting};
$chainref->{restriction} |= $restriction; $chainref->{restriction} |= $restriction;
} else { } else {
fatal_error "Chain name ($chain) too long" if length $chain > 29; fatal_error "Chain name ($chain) too long" if length $chain > 29;
fatal_error "Invalid Chain name ($chain)" fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
$chainref = new_chain 'filter' , $chain; $chainref = new_chain 'filter' , $chain;
$chainref->{accounting} = 1; $chainref->{accounting} = 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
@ -1486,8 +1481,7 @@ sub new_nat_chain($) {
sub new_manual_chain($) { sub new_manual_chain($) {
my $chain = $_[0]; my $chain = $_[0];
fatal_error "Chain name ($chain) too long" if length $chain > 29; fatal_error "Chain name ($chain) too long" if length $chain > 29;
fatal_error "Invalid Chain name ($chain)" fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
unless $chain =~ /^[-\w]+$/ && ! ( $builtin_target{$chain} || $config_files{$chain} );
fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain}; fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
$targets{$chain} = CHAIN; $targets{$chain} = CHAIN;
( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1; ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
@ -2242,23 +2236,17 @@ sub do_proto( $$$;$ )
$output = "-p $proto --syn "; $output = "-p $proto --syn ";
} }
fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO !$pname" fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO !$pname" if $invert && ($ports ne '' || $sports ne '');
if $invert && ($ports ne '' || $sports ne '');
PROTO: PROTO:
{ {
if ( $proto == TCP || if ( $proto == TCP || $proto == UDP || $proto == SCTP || $proto == DCCP || $proto == UDPLITE ) {
$proto == UDP ||
$proto == SCTP ||
$proto == DCCP ||
$proto == UDPLITE ) {
my $multiport = 0; my $multiport = 0;
if ( $ports ne '' ) { if ( $ports ne '' ) {
$invert = $ports =~ s/^!// ? '! ' : ''; $invert = $ports =~ s/^!// ? '! ' : '';
if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 || $proto == UDPLITE ) { if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 || $proto == UDPLITE ) {
fatal_error "Port lists require Multiport support in your kernel/iptables" fatal_error "Port lists require Multiport support in your kernel/iptables" unless have_capability( 'MULTIPORT' );
unless have_capability( 'MULTIPORT' );
fatal_error "Multiple ports not supported with SCTP" if $proto == SCTP; fatal_error "Multiple ports not supported with SCTP" if $proto == SCTP;
if ( port_count ( $ports ) > 15 ) { if ( port_count ( $ports ) > 15 ) {
@ -2303,8 +2291,7 @@ sub do_proto( $$$;$ )
last PROTO; } last PROTO; }
if ( $proto == ICMP ) { if ( $proto == ICMP ) {
fatal_error "ICMP not permitted in an IPv6 configuration" fatal_error "ICMP not permitted in an IPv6 configuration" if $family == F_IPV6; #User specified proto 1 rather than 'icmp'
if $family == F_IPV6; #User specified proto 1 rather than 'icmp'
if ( $ports ne '' ) { if ( $ports ne '' ) {
$invert = $ports =~ s/^!// ? '! ' : ''; $invert = $ports =~ s/^!// ? '! ' : '';
@ -2328,8 +2315,7 @@ sub do_proto( $$$;$ )
last PROTO; } last PROTO; }
if ( $proto == IPv6_ICMP ) { if ( $proto == IPv6_ICMP ) {
fatal_error "IPv6_ICMP not permitted in an IPv4 configuration" fatal_error "IPv6_ICMP not permitted in an IPv4 configuration" if $family == F_IPV4;
if $family == F_IPV4;
if ( $ports ne '' ) { if ( $ports ne '' ) {
$invert = $ports =~ s/^!// ? '! ' : ''; $invert = $ports =~ s/^!// ? '! ' : '';
@ -2353,8 +2339,7 @@ sub do_proto( $$$;$ )
last PROTO; } last PROTO; }
fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO $pname" fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO $pname" if $ports ne '' || $sports ne '';
if $ports ne '' || $sports ne '';
} # PROTO } # PROTO
@ -2372,10 +2357,7 @@ sub do_proto( $$$;$ )
$options .= " --$_" for split /,/, $ports; $options .= " --$_" for split /,/, $ports;
} }
$options = have_capability( 'OLD_IPP2P_MATCH' ) ? $options = have_capability( 'OLD_IPP2P_MATCH' ) ? ' --ipp2p' : ' --edk --kazaa --gnu --dc' unless $options;
' --ipp2p' :
' --edk --kazaa --gnu --dc'
unless $options;
$output .= "${proto}-m ipp2p${options} "; $output .= "${proto}-m ipp2p${options} ";
} else { } else {
@ -2386,8 +2368,7 @@ sub do_proto( $$$;$ )
# #
# No protocol # No protocol
# #
fatal_error "SOURCE/DEST PORT(S) not allowed without PROTO" fatal_error "SOURCE/DEST PORT(S) not allowed without PROTO" if $ports ne '' || $sports ne '';
if $ports ne '' || $sports ne '';
} }
$output; $output;
@ -2400,8 +2381,7 @@ sub mac_match( $ ) {
my $invert = ( $1 ? '! ' : ''); my $invert = ( $1 ? '! ' : '');
$mac =~ tr/-/:/; $mac =~ tr/-/:/;
fatal_error "Invalid MAC address ($mac)" fatal_error "Invalid MAC address ($mac)" unless $mac =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
unless $mac =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
"--match mac ${invert}--mac-source $mac "; "--match mac ${invert}--mac-source $mac ";
} }
@ -2422,16 +2402,13 @@ sub verify_mark( $ ) {
# #
# Not a valid TC mark -- must be a provider mark or a user mark # Not a valid TC mark -- must be a provider mark or a user mark
# #
fatal_error "Invalid Mark or Mask value ($mark)" fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value || ( $value & $globals{USER_MASK} ) == $value;
unless ( $value & $globals{PROVIDER_MASK} ) == $value ||
( $value & $globals{USER_MASK} ) == $value;
} }
} }
sub verify_small_mark( $ ) { sub verify_small_mark( $ ) {
verify_mark ( (my $mark) = $_[0] ); verify_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
if numeric_value( $mark ) > $globals{TC_MAX};
} }
sub validate_mark( $ ) { sub validate_mark( $ ) {
@ -2462,9 +2439,7 @@ sub do_test ( $$ )
$mask = '' unless defined $mask; $mask = '' unless defined $mask;
my $invert = $testval =~ s/^!// ? '! ' : ''; my $invert = $testval =~ s/^!// ? '! ' : '';
my $match = $testval =~ s/:C$// ? my $match = $testval =~ s/:C$// ? "-m connmark ${invert}--mark" : "-m mark ${invert}--mark";
"-m connmark ${invert}--mark" :
"-m mark ${invert}--mark";
fatal_error "Invalid MARK value ($originaltestval)" if $testval eq '/'; fatal_error "Invalid MARK value ($originaltestval)" if $testval eq '/';
@ -2578,16 +2553,13 @@ sub do_time( $ ) {
} elsif ( $element =~ /^weekdays=(.*)$/ ) { } elsif ( $element =~ /^weekdays=(.*)$/ ) {
my $days = $1; my $days = $1;
for my $day ( split /,/, $days ) { for my $day ( split /,/, $days ) {
fatal_error "Invalid weekday ($day)" fatal_error "Invalid weekday ($day)" unless $day =~ /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun)$/ || ( $day =~ /^\d$/ && $day && $day <= 7);
unless $day =~ /^(Mon|Tue|Wed|Thu|Fri|Sat|Sun)$/ ||
( $day =~ /^\d$/ && $day && $day <= 7);
} }
$result .= "--weekday $days "; $result .= "--weekday $days ";
} elsif ( $element =~ /^monthdays=(.*)$/ ) { } elsif ( $element =~ /^monthdays=(.*)$/ ) {
my $days = $1; my $days = $1;
for my $day ( split /,/, $days ) { for my $day ( split /,/, $days ) {
fatal_error "Invalid day of the month ($day)" fatal_error "Invalid day of the month ($day)" unless $day =~ /^\d{1,2}$/ && $day && $day <= 31;
unless $day =~ /^\d{1,2}$/ && $day && $day <= 31;
} }
} elsif ( $element =~ /^(datestart|datestop)=(\d{4}(-\d{2}(-\d{2}(T\d{1,2}(:\d{1,2}){0,2})?)?)?)$/ ) { } elsif ( $element =~ /^(datestart|datestop)=(\d{4}(-\d{2}(-\d{2}(T\d{1,2}(:\d{1,2}){0,2})?)?)?)$/ ) {
$result .= "--$1 $2 "; $result .= "--$1 $2 ";