From 6053ab4396dbb346e2a74d884326fb8fdfeae1df Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 10 Apr 2007 18:06:09 +0000 Subject: [PATCH] Handle run-time extension scripts git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5888 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 25 +++++++++++++++++++++++++ Shorewall-perl/Shorewall/Config.pm | 2 +- Shorewall-perl/Shorewall/Rules.pm | 4 ++++ Shorewall-perl/releasenotes.txt | 21 ++++++++++++++------- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 16d3be080..e66adb438 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -49,6 +49,7 @@ our @EXPORT = qw( STANDARD ALL_RESTRICT add_command + add_file add_rule insert_rule chain_base @@ -257,6 +258,30 @@ sub add_command($$) $chainref->{referenced} = 1; } +# +# Copy a file into a chain's rules as a set of run-time commands +# + +sub add_file( $$ ) { + my $chainref = $_[0]; + my $file = find_file $_[1]; + + if ( -f $file ) { + open EF , '<', $file or fatal_error "Unable to open $file"; + + add_command $chainref, qq(progress_message "Processing $file..."); + add_command $chainref, ''; + + while ( $line = ) { + add_command $chainref, $line; + } + + add_command $chainref, ''; + + close EF; + } +} + # # Add a rule to a chain. Arguments are: # diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 6a32bb86f..2eb7b69f2 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -945,7 +945,7 @@ sub run_user_exit( $ ) { if ( -f $file ) { progress_message "Processing $file..."; - unless (my $return = do $file) { + unless (my $return = eval `cat $file`) { fatal_error "Couldn't parse $file: $@" if $@; fatal_error "Couldn't do $file: $!" unless defined $return; fatal_error "Couldn't run $file" unless $return; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 2202267bc..96543982a 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -490,6 +490,8 @@ sub add_common_rules() { new_standard_chain output_chain( $interface ); } + + add_file $filter_table->{INPUT}, 'initdone'; setup_blacklist; @@ -763,6 +765,8 @@ sub setup_mac_lists( $ ) { add_command $chainref, "fi\n"; } + add_file $chainref, 'maclog'; + log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', ''; add_rule $chainref, "-j $target"; } diff --git a/Shorewall-perl/releasenotes.txt b/Shorewall-perl/releasenotes.txt index 5b4f093e7..03968e001 100644 --- a/Shorewall-perl/releasenotes.txt +++ b/Shorewall-perl/releasenotes.txt @@ -80,18 +80,25 @@ e) Because the compiler is now written in Perl, your compile-time Perl code to see how the compiler operates internally. I will produce documentation before the first official release. Compile-time extension scripts are executed using the Perl - 'do FILE' mechanism. + 'eval `cat `' mechanism. f) The 'refresh' command is now synonymous with 'restart'. -g) Some run-time extension scripts are no longer supported because they - make no sense (iptables-restore instantiates the new configuration - atomically). +g) Some run-time scripts will need to be converted to write their + iptables commands to file descriptor 3 in iptables-restore format + rather than running those commands. - continue initdone - continue - refresh + maclog + + Details to follow. + + Some run-time scripts are simply eliminated because they no longer + make any sense under Shorewall-perl: + + continue - Under Shorewall-perl, nothing is done between + 'continue' and 'initdone' + refresh - The 'refresh' command is the same as 'restart' refreshed h) The /etc/shorewall/tos file now has zone-independent SOURCE and DEST