Handle run-time extension scripts

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5888 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-05-07 01:24:42 +02:00 · 2007-04-10 18:06:09 +00:00 · 2007-04-10 18:06:09 +00:00 · 6053ab4396
commit 6053ab4396
parent 737f7787b1
4 changed files with 44 additions and 8 deletions
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -49,6 +49,7 @@ our @EXPORT = qw( STANDARD
 		  ALL_RESTRICT

 		  add_command
+		  add_file
 		  add_rule
 		  insert_rule
 		  chain_base
@ -257,6 +258,30 @@ sub add_command($$)
    $chainref->{referenced} = 1;
 }

+#
+# Copy a file into a chain's rules as a set of run-time commands
+#
+
+sub add_file( $$ ) {
+    my $chainref = $_[0];
+    my $file     = find_file $_[1];
+
+    if ( -f $file ) {
+	open EF , '<', $file or fatal_error "Unable to open $file";
+
+	add_command $chainref, qq(progress_message "Processing $file...");
+	add_command $chainref, '';
+
+	while ( $line = <EF> ) {
+	    add_command $chainref, $line;
+	}
+
+	add_command $chainref, '';
+
+	close EF;
+    }
+}    
+
 #
 # Add a rule to a chain. Arguments are:
 #
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -945,7 +945,7 @@ sub run_user_exit( $ ) {
    if ( -f $file ) {
 	progress_message "Processing $file...";

-	unless (my $return = do $file) {
+	unless (my $return = eval `cat $file`) {
 	    fatal_error "Couldn't parse $file: $@" if $@;
 	    fatal_error "Couldn't do $file: $!"    unless defined $return;
 	    fatal_error "Couldn't run $file"       unless $return;
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -490,6 +490,8 @@ sub add_common_rules() {

 	new_standard_chain output_chain( $interface );
    }
+    
+    add_file $filter_table->{INPUT}, 'initdone';

    setup_blacklist;

@ -763,6 +765,8 @@ sub setup_mac_lists( $ ) {
 		add_command $chainref, "fi\n";
 	    }

+	    add_file $chainref, 'maclog';
+
 	    log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', '';
 	    add_rule $chainref, "-j $target";
 	}
--- a/Shorewall-perl/releasenotes.txt
+++ b/Shorewall-perl/releasenotes.txt
@ -80,18 +80,25 @@ e) Because the compiler is now written in Perl, your compile-time
   Perl code to see how the compiler operates internally. I will
   produce documentation before the first official release.
   Compile-time extension scripts are executed using the Perl
-   'do FILE' mechanism.
+   'eval `cat <file>`' mechanism.

 f) The 'refresh' command is now synonymous with 'restart'.

-g) Some run-time extension scripts are no longer supported because they
-   make no sense (iptables-restore instantiates the new configuration
-   atomically).
+g) Some run-time scripts will need to be converted to write their
+   iptables commands to file descriptor 3 in iptables-restore format
+   rather than running those commands.

-	continue
 	initdone
-	continue
-	refresh
+	maclog
+
+   Details to follow.
+
+   Some run-time scripts are simply eliminated because they no longer
+   make any sense under Shorewall-perl:
+
+	continue  - Under Shorewall-perl, nothing is done between
+		    'continue' and 'initdone'
+	refresh   - The 'refresh' command is the same as 'restart'
 	refreshed

 h) The /etc/shorewall/tos file now has zone-independent SOURCE and DEST