mirror of
https://gitlab.com/shorewall/code.git
synced 2025-05-07 01:24:42 +02:00
Handle run-time extension scripts
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5888 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
737f7787b1
commit
6053ab4396
@ -49,6 +49,7 @@ our @EXPORT = qw( STANDARD
|
||||
ALL_RESTRICT
|
||||
|
||||
add_command
|
||||
add_file
|
||||
add_rule
|
||||
insert_rule
|
||||
chain_base
|
||||
@ -257,6 +258,30 @@ sub add_command($$)
|
||||
$chainref->{referenced} = 1;
|
||||
}
|
||||
|
||||
#
|
||||
# Copy a file into a chain's rules as a set of run-time commands
|
||||
#
|
||||
|
||||
sub add_file( $$ ) {
|
||||
my $chainref = $_[0];
|
||||
my $file = find_file $_[1];
|
||||
|
||||
if ( -f $file ) {
|
||||
open EF , '<', $file or fatal_error "Unable to open $file";
|
||||
|
||||
add_command $chainref, qq(progress_message "Processing $file...");
|
||||
add_command $chainref, '';
|
||||
|
||||
while ( $line = <EF> ) {
|
||||
add_command $chainref, $line;
|
||||
}
|
||||
|
||||
add_command $chainref, '';
|
||||
|
||||
close EF;
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Add a rule to a chain. Arguments are:
|
||||
#
|
||||
|
@ -945,7 +945,7 @@ sub run_user_exit( $ ) {
|
||||
if ( -f $file ) {
|
||||
progress_message "Processing $file...";
|
||||
|
||||
unless (my $return = do $file) {
|
||||
unless (my $return = eval `cat $file`) {
|
||||
fatal_error "Couldn't parse $file: $@" if $@;
|
||||
fatal_error "Couldn't do $file: $!" unless defined $return;
|
||||
fatal_error "Couldn't run $file" unless $return;
|
||||
|
@ -490,6 +490,8 @@ sub add_common_rules() {
|
||||
|
||||
new_standard_chain output_chain( $interface );
|
||||
}
|
||||
|
||||
add_file $filter_table->{INPUT}, 'initdone';
|
||||
|
||||
setup_blacklist;
|
||||
|
||||
@ -763,6 +765,8 @@ sub setup_mac_lists( $ ) {
|
||||
add_command $chainref, "fi\n";
|
||||
}
|
||||
|
||||
add_file $chainref, 'maclog';
|
||||
|
||||
log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', '';
|
||||
add_rule $chainref, "-j $target";
|
||||
}
|
||||
|
@ -80,18 +80,25 @@ e) Because the compiler is now written in Perl, your compile-time
|
||||
Perl code to see how the compiler operates internally. I will
|
||||
produce documentation before the first official release.
|
||||
Compile-time extension scripts are executed using the Perl
|
||||
'do FILE' mechanism.
|
||||
'eval `cat <file>`' mechanism.
|
||||
|
||||
f) The 'refresh' command is now synonymous with 'restart'.
|
||||
|
||||
g) Some run-time extension scripts are no longer supported because they
|
||||
make no sense (iptables-restore instantiates the new configuration
|
||||
atomically).
|
||||
g) Some run-time scripts will need to be converted to write their
|
||||
iptables commands to file descriptor 3 in iptables-restore format
|
||||
rather than running those commands.
|
||||
|
||||
continue
|
||||
initdone
|
||||
continue
|
||||
refresh
|
||||
maclog
|
||||
|
||||
Details to follow.
|
||||
|
||||
Some run-time scripts are simply eliminated because they no longer
|
||||
make any sense under Shorewall-perl:
|
||||
|
||||
continue - Under Shorewall-perl, nothing is done between
|
||||
'continue' and 'initdone'
|
||||
refresh - The 'refresh' command is the same as 'restart'
|
||||
refreshed
|
||||
|
||||
h) The /etc/shorewall/tos file now has zone-independent SOURCE and DEST
|
||||
|
Loading…
Reference in New Issue
Block a user