mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-15 19:01:19 +01:00
Rename %env to %globals
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5773 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
505f1ba3e0
commit
5abdc94ff6
@ -378,7 +378,7 @@ sub process_action3( $$$$$ ) {
|
||||
}
|
||||
|
||||
my $actionfile = find_file "action.$action";
|
||||
my $standard = ( $actionfile =~ /^$env{SHAREDIR}/ );
|
||||
my $standard = ( $actionfile =~ /^$globals{SHAREDIR}/ );
|
||||
|
||||
fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
|
||||
|
||||
@ -420,7 +420,7 @@ sub process_action3( $$$$$ ) {
|
||||
|
||||
push_open $fn;
|
||||
|
||||
my $standard = ( $fn =~ /^($env{SHAREDIR})/ );
|
||||
my $standard = ( $fn =~ /^($globals{SHAREDIR})/ );
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
|
@ -431,7 +431,7 @@ sub new_chain($$)
|
||||
my @rules;
|
||||
|
||||
$ch{name} = $chain;
|
||||
$ch{log} = 1 if $env{LOGRULENUMBERS};
|
||||
$ch{log} = 1 if $globals{LOGRULENUMBERS};
|
||||
$ch{rules} = \@rules;
|
||||
$ch{table} = $table;
|
||||
$chain_table{$table}{$chain} = \%ch;
|
||||
@ -937,7 +937,7 @@ sub log_rule_limit( $$$$$$$$ ) {
|
||||
|
||||
my $prefix;
|
||||
|
||||
$limit = $env{LOGLIMIT} unless $limit;
|
||||
$limit = $globals{LOGLIMIT} unless $limit;
|
||||
|
||||
if ( $tag ) {
|
||||
if ( $config{LOGTAGONLY} ) {
|
||||
@ -950,7 +950,7 @@ sub log_rule_limit( $$$$$$$$ ) {
|
||||
$tag = '' unless defined $tag;
|
||||
}
|
||||
|
||||
if ( $env{LOGRULENUMBERS} ) {
|
||||
if ( $globals{LOGRULENUMBERS} ) {
|
||||
$prefix = (sprintf $config{LOGFORMAT} , $chain , $chainref->{log}++, $disposition ) . $tag;
|
||||
} else {
|
||||
$prefix = (sprintf $config{LOGFORMAT} , $chain , $disposition) . $tag;
|
||||
@ -962,9 +962,9 @@ sub log_rule_limit( $$$$$$$$ ) {
|
||||
}
|
||||
|
||||
if ( $level eq 'ULOG' ) {
|
||||
$prefix = "-j ULOG $env{LOGPARMS} --ulog-prefix \"$prefix\" ";
|
||||
$prefix = "-j ULOG $globals{LOGPARMS} --ulog-prefix \"$prefix\" ";
|
||||
} else {
|
||||
$prefix = "-j LOG $env{LOGPARMS} --log-level $level --log-prefix \"$prefix\" ";
|
||||
$prefix = "-j LOG $globals{LOGPARMS} --log-level $level --log-prefix \"$prefix\" ";
|
||||
}
|
||||
|
||||
if ( $command eq 'add' ) {
|
||||
@ -977,7 +977,7 @@ sub log_rule_limit( $$$$$$$$ ) {
|
||||
sub log_rule( $$$$ ) {
|
||||
my ( $level, $chainref, $disposition, $predicates ) = @_;
|
||||
|
||||
log_rule_limit $level, $chainref, $chainref->{name} , $disposition, $env{LOGLIMIT}, '', 'add', $predicates;
|
||||
log_rule_limit $level, $chainref, $chainref->{name} , $disposition, $globals{LOGLIMIT}, '', 'add', $predicates;
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -47,7 +47,7 @@ our @EXPORT = qw(
|
||||
generate_aux_config
|
||||
|
||||
%config
|
||||
%env
|
||||
%globals
|
||||
%capabilities );
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
@ -55,12 +55,12 @@ our @VERSION = 1.00;
|
||||
#
|
||||
# Misc Globals
|
||||
#
|
||||
our %env = ( SHAREDIR => '/usr/share/shorewall' ,
|
||||
CONFDIR => '/etc/shorewall',
|
||||
SHAREDIRPL => '/usr/share/shorewall-perl/',
|
||||
LOGPARMS => '',
|
||||
VERSION => '3.9.0-1',
|
||||
);
|
||||
our %globals = ( SHAREDIR => '/usr/share/shorewall' ,
|
||||
CONFDIR => '/etc/shorewall',
|
||||
SHAREDIRPL => '/usr/share/shorewall-perl/',
|
||||
LOGPARMS => '',
|
||||
VERSION => '3.9.0-1',
|
||||
);
|
||||
|
||||
#
|
||||
# From shorewall.conf file
|
||||
@ -266,7 +266,7 @@ sub find_file($)
|
||||
return $file if -f $file;
|
||||
}
|
||||
|
||||
"$env{CONFDIR}/$filename";
|
||||
"$globals{CONFDIR}/$filename";
|
||||
}
|
||||
|
||||
#
|
||||
@ -468,9 +468,11 @@ sub require_capability( $$ ) {
|
||||
#
|
||||
# - Read the shorewall.conf file
|
||||
# - Read the capabilities file created by the compiler front-end
|
||||
# - establish global hashes %config , %env and %capabilities
|
||||
# - establish global hashes %config , %globals and %capabilities
|
||||
#
|
||||
sub get_configuration() {
|
||||
sub get_configuration( $ ) {
|
||||
|
||||
my $export = $_[0];
|
||||
|
||||
@config_path = split /:/, $ENV{CONFIG_PATH};
|
||||
|
||||
@ -537,16 +539,16 @@ sub get_configuration() {
|
||||
fatal_error "$file does not exist!";
|
||||
}
|
||||
|
||||
$env{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
|
||||
$globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
|
||||
|
||||
default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';
|
||||
|
||||
if ( $config{LOGRATE} || $config{LOGBURST} ) {
|
||||
$env{LOGLIMIT} = '-m limit';
|
||||
$env{LOGLIMIT} .= " --limit $config{LOGRATE}" if $config{LOGRATE};
|
||||
$env{LOGLIMIT} .= " --limit-burst $config{LOGBURST}" if $config{LOGBURST};
|
||||
$globals{LOGLIMIT} = '-m limit';
|
||||
$globals{LOGLIMIT} .= " --limit $config{LOGRATE}" if $config{LOGRATE};
|
||||
$globals{LOGLIMIT} .= " --limit-burst $config{LOGBURST}" if $config{LOGBURST};
|
||||
} else {
|
||||
$env{LOGLIMIT} = '';
|
||||
$globals{LOGLIMIT} = '';
|
||||
}
|
||||
|
||||
if ( $config{IP_FORWARDING} ) {
|
||||
@ -576,11 +578,11 @@ sub get_configuration() {
|
||||
default_yes_no 'DISABLE_IPV6' , '';
|
||||
default_yes_no 'DYNAMIC_ZONES' , '';
|
||||
|
||||
fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" if $config{DYNAMIC_ZONES} and $ENV{EXPORT};
|
||||
fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" if $config{DYNAMIC_ZONES} && $export;
|
||||
|
||||
default_yes_no 'BRIDGING' , '';
|
||||
|
||||
fatal_error 'BRIDGING=Yes is not supported by Shorewall-perl' . $env{VERSION} if $config{BRIDGING};
|
||||
fatal_error 'BRIDGING=Yes is not supported by Shorewall-perl' . $globals{VERSION} if $config{BRIDGING};
|
||||
|
||||
default_yes_no 'STARTUP_ENABLED' , 'Yes';
|
||||
default_yes_no 'DELAYBLACKLISTLOAD' , '';
|
||||
@ -588,11 +590,11 @@ sub get_configuration() {
|
||||
default_yes_no 'RFC1918_STRICT' , '';
|
||||
default_yes_no 'SAVE_IPSETS' , '';
|
||||
|
||||
warning_message 'SAVE_IPSETS=Yes is not supported by Shorewall-perl ' . $env{VERSION} if $config{SAVE_IPSETS};
|
||||
warning_message 'SAVE_IPSETS=Yes is not supported by Shorewall-perl ' . $globals{VERSION} if $config{SAVE_IPSETS};
|
||||
|
||||
default_yes_no 'MAPOLDACTIONS' , '';
|
||||
|
||||
warning_message 'MAPOLDACTIONS=Yes is not supported by Shorewall-perl ' . $env{VERSION} if $config{MAPOLDACTIONS};
|
||||
warning_message 'MAPOLDACTIONS=Yes is not supported by Shorewall-perl ' . $globals{VERSION} if $config{MAPOLDACTIONS};
|
||||
|
||||
default_yes_no 'FASTACCEPT' , '';
|
||||
default_yes_no 'IMPLICIT_CONTINUE' , '';
|
||||
@ -608,14 +610,14 @@ sub get_configuration() {
|
||||
|
||||
my $val;
|
||||
|
||||
$env{MACLIST_TARGET} = 'reject';
|
||||
$globals{MACLIST_TARGET} = 'reject';
|
||||
|
||||
if ( $val = $config{MACLIST_DISPOSITION} ) {
|
||||
unless ( $val eq 'REJECT' ) {
|
||||
if ( $val eq 'DROP' ) {
|
||||
$env{MACLIST_TARGET} = 'DROP';
|
||||
$globals{MACLIST_TARGET} = 'DROP';
|
||||
} elsif ( $val eq 'ACCEPT' ) {
|
||||
$env{MACLIST_TARGET} = 'RETURN';
|
||||
$globals{MACLIST_TARGET} = 'RETURN';
|
||||
} else {
|
||||
fatal_error "Invalid value ( $config{MACLIST_DISPOSITION} ) for MACLIST_DISPOSITION"
|
||||
}
|
||||
@ -640,7 +642,7 @@ sub get_configuration() {
|
||||
$config{TCP_FLAGS_DISPOSITION} = 'DROP';
|
||||
}
|
||||
|
||||
$env{TC_SCRIPT} = '';
|
||||
$globals{TC_SCRIPT} = '';
|
||||
|
||||
if ( $val = "\L$config{TC_ENABLED}" ) {
|
||||
if ( $val eq 'yes' ) {
|
||||
@ -670,14 +672,14 @@ sub get_configuration() {
|
||||
|
||||
fatal_error "Invalid IPSECFILE value ($config{IPSECFILE}" unless $config{IPSECFILE} eq 'zones';
|
||||
|
||||
$env{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';
|
||||
$globals{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';
|
||||
|
||||
if ( $val = $config{LOGFORMAT} ) {
|
||||
my $result;
|
||||
|
||||
eval {
|
||||
if ( $val =~ /%d/ ) {
|
||||
$env{LOGRULENUMBERS} = 'Yes';
|
||||
$globals{LOGRULENUMBERS} = 'Yes';
|
||||
$result = sprintf "$val", 'fooxx2barxx', 1, 'ACCEPT';
|
||||
} else {
|
||||
$result = sprintf "$val", 'fooxx2barxx', 'ACCEPT';
|
||||
@ -689,10 +691,10 @@ sub get_configuration() {
|
||||
fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\""
|
||||
if length $result > 29;
|
||||
|
||||
$env{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
|
||||
$globals{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
|
||||
} else {
|
||||
$env{LOGFORMAT}='Shorewall:%s:%s:';
|
||||
$env{MAXZONENAMELENGTH} = 5;
|
||||
$globals{LOGFORMAT}='Shorewall:%s:%s:';
|
||||
$globals{MAXZONENAMELENGTH} = 5;
|
||||
}
|
||||
|
||||
}
|
||||
@ -704,7 +706,7 @@ sub propagateconfig() {
|
||||
}
|
||||
|
||||
for my $option ( @Shorewall::Config::propagateenv ) {
|
||||
my $value = $env{$option} || '';
|
||||
my $value = $globals{$option} || '';
|
||||
emit "$option=\"$value\"";
|
||||
}
|
||||
}
|
||||
@ -712,7 +714,7 @@ sub propagateconfig() {
|
||||
sub append_file( $ ) {
|
||||
my $user_exit = find_file $_[0];
|
||||
|
||||
unless ( $user_exit =~ /$env{SHAREDIR}/ ) {
|
||||
unless ( $user_exit =~ /$globals{SHAREDIR}/ ) {
|
||||
if ( -f $user_exit ) {
|
||||
save_progress_message "Processing $user_exit ...";
|
||||
copy1 $user_exit;
|
||||
@ -757,7 +759,7 @@ sub generate_aux_config() {
|
||||
|
||||
create_temp_aux_config;
|
||||
|
||||
emit( "#\n# Shorewall auxiliary configuration file created by Shorewall-perl version " . $env{VERSION} . ' - ' . ( localtime ) . "\n#" );
|
||||
emit( "#\n# Shorewall auxiliary configuration file created by Shorewall-perl version " . $globals{VERSION} . ' - ' . ( localtime ) . "\n#" );
|
||||
|
||||
for my $option qw(VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE SAVE_IPSETS) {
|
||||
conditionally_add_option $option;
|
||||
|
@ -105,7 +105,7 @@ sub setup_one_masq($$$$$$)
|
||||
# Handle IPSEC options, if any
|
||||
#
|
||||
if ( $ipsec ne '-' ) {
|
||||
fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless $env{ORIGINAL_POLICY_MATCH};
|
||||
fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless $globals{ORIGINAL_POLICY_MATCH};
|
||||
|
||||
if ( $ipsec =~ /^yes$/i ) {
|
||||
$rule .= '-m policy --pol ipsec --dir out ';
|
||||
|
@ -268,7 +268,7 @@ sub setup_blacklist() {
|
||||
if ( $level ) {
|
||||
my $chainref = new_standard_chain 'blacklog';
|
||||
|
||||
log_rule_limit( $level , $chainref , 'blacklst' , $disposition , "$env{LOGLIMIT}" , '', 'add', '' );
|
||||
log_rule_limit( $level , $chainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add', '' );
|
||||
|
||||
add_rule $chainref, "-j $target" ;
|
||||
|
||||
@ -467,7 +467,7 @@ sub add_common_rules() {
|
||||
|
||||
my $rejectref = new_standard_chain 'reject';
|
||||
|
||||
$level = $env{BLACKLIST_LOG_LEVEL} || 'info';
|
||||
$level = $globals{BLACKLIST_LOG_LEVEL} || 'info';
|
||||
|
||||
add_rule_pair new_standard_chain( 'logdrop' ), ' ' , 'DROP' , $level ;
|
||||
add_rule_pair new_standard_chain( 'logreject' ), ' ' , 'REJECT' , $level ;
|
||||
@ -554,13 +554,13 @@ sub add_common_rules() {
|
||||
if ( $config{TCP_FLAGS_LOG_LEVEL} ) {
|
||||
my $logflagsref = new_standard_chain 'logflags';
|
||||
|
||||
my $savelogparms = $env{LOGPARMS};
|
||||
my $savelogparms = $globals{LOGPARMS};
|
||||
|
||||
$env{LOGPARMS} = "$env{LOGPARMS} --log-ip-options" unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG';
|
||||
$globals{LOGPARMS} = "$globals{LOGPARMS} --log-ip-options" unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG';
|
||||
|
||||
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
|
||||
|
||||
$env{LOGPARMS} = $savelogparms;
|
||||
$globals{LOGPARMS} = $savelogparms;
|
||||
|
||||
if ( $config{TCP_FLAGS_DISPOSITION} eq 'REJECT' ) {
|
||||
add_rule $logflagsref , '-j REJECT --reject-with tcp-reset';
|
||||
@ -732,7 +732,7 @@ sub setup_mac_lists( $ ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
my $target = $env{MACLIST_TARGET};
|
||||
my $target = $globals{MACLIST_TARGET};
|
||||
my $level = $config{MACLIST_LOG_LEVEL};
|
||||
my $disposition = $config{MACLIST_DISPOSITION};
|
||||
|
||||
@ -770,7 +770,7 @@ sub process_rule1 ( $$$$$$$$$ );
|
||||
sub process_macro ( $$$$$$$$$$$ ) {
|
||||
my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user) = @_;
|
||||
|
||||
my $standard = ( $macrofile =~ /^($env{SHAREDIR})/ );
|
||||
my $standard = ( $macrofile =~ /^($globals{SHAREDIR})/ );
|
||||
|
||||
progress_message "..Expanding Macro $macrofile...";
|
||||
|
||||
|
@ -125,7 +125,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
||||
|
||||
( $mark, my $designator ) = split /:/, $mark;
|
||||
|
||||
my $chain = $env{MARKING_CHAIN};
|
||||
my $chain = $globals{MARKING_CHAIN};
|
||||
my $target = 'MARK --set-mark';
|
||||
my $tcsref;
|
||||
my $connmark = 0;
|
||||
|
@ -207,7 +207,7 @@ sub determine_zones()
|
||||
}
|
||||
}
|
||||
|
||||
fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $env{MAXZONENAMELENGTH};
|
||||
fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH};
|
||||
fatal_error "Invalid zone name: $zone" if $zone =~ /^all2|2all$/;
|
||||
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};
|
||||
|
||||
|
@ -75,11 +75,11 @@ BEGIN {
|
||||
#
|
||||
|
||||
sub generate_script_1 {
|
||||
copy $env{SHAREDIRPL} . 'prog.header';
|
||||
copy $globals{SHAREDIRPL} . 'prog.header';
|
||||
|
||||
my $date = localtime;
|
||||
|
||||
emit "#\n# Compiled firewall script generated by Shorewall-perl $env{VERSION} - $date\n#";
|
||||
emit "#\n# Compiled firewall script generated by Shorewall-perl $globals{VERSION} - $date\n#";
|
||||
|
||||
if ( $export ) {
|
||||
emitj ( 'SHAREDIR=/usr/share/shorewall-lite',
|
||||
@ -88,7 +88,7 @@ sub generate_script_1 {
|
||||
'PRODUCT="Shorewall Lite"'
|
||||
);
|
||||
|
||||
copy "$env{SHAREDIR}/lib.base";
|
||||
copy "$globals{SHAREDIR}/lib.base";
|
||||
|
||||
emitj ( '################################################################################',
|
||||
'# End of /usr/share/shorewall/lib.base',
|
||||
@ -147,7 +147,7 @@ sub generate_script_1 {
|
||||
'[ -n "${VERBOSE:=0}" ]',
|
||||
qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]),
|
||||
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
|
||||
qq(VERSION="$env{VERSION}") ,
|
||||
qq(VERSION="$globals{VERSION}") ,
|
||||
qq(PATH="$config{PATH}") ,
|
||||
'TERMINATOR=fatal_error'
|
||||
);
|
||||
@ -478,7 +478,7 @@ EOF
|
||||
#
|
||||
sub generate_script_2 () {
|
||||
|
||||
copy $env{SHAREDIRPL} . 'prog.functions';
|
||||
copy $globals{SHAREDIRPL} . 'prog.functions';
|
||||
|
||||
emitj( '#',
|
||||
'# Setup Routing and Traffic Shaping',
|
||||
@ -495,7 +495,7 @@ sub generate_script_2 () {
|
||||
if ( $export ) {
|
||||
my $mf = find_file 'modules';
|
||||
|
||||
if ( $mf ne "$env{SHAREDIR}/module" && -f $mf ) {
|
||||
if ( $mf ne "$globals{SHAREDIR}/module" && -f $mf ) {
|
||||
|
||||
emitj( 'echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir',
|
||||
'cat > ${VARDIR}/.modules << EOF'
|
||||
@ -628,7 +628,7 @@ EOF
|
||||
|
||||
emit "}\n";
|
||||
|
||||
copy $env{SHAREDIRPL} . 'prog.footer';
|
||||
copy $globals{SHAREDIRPL} . 'prog.footer';
|
||||
}
|
||||
|
||||
#
|
||||
@ -643,8 +643,8 @@ sub compiler( $ ) {
|
||||
|
||||
report_capabilities if $verbose > 1;
|
||||
|
||||
require_capability( 'MULTIPORT' , "Shorewall-perl $env{VERSION}" );
|
||||
require_capability( 'ADDRTYPE' , "Shorewall-perl $env{VERSION}" );
|
||||
require_capability( 'MULTIPORT' , "Shorewall-perl $globals{VERSION}" );
|
||||
require_capability( 'ADDRTYPE' , "Shorewall-perl $globals{VERSION}" );
|
||||
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' ) if $config{MACLIST_TTL};
|
||||
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' ) if $config{HIGH_ROUTE_MARKS};
|
||||
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' ) if $config{TC_ENABLED};
|
||||
@ -795,7 +795,7 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Get shorewall.conf and capabilities.
|
||||
#
|
||||
get_configuration;
|
||||
get_configuration( $export );
|
||||
#
|
||||
# Compile/Check the configuration.
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user