extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-07 17:44:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle run-time extension scripts

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5888 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-10 18:06:09 +00:00
parent 737f7787b1
commit 6053ab4396
4 changed files with 44 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall-perl/Shorewall/Chains.pm
View File

@ -49,6 +49,7 @@ our @EXPORT = qw( STANDARD
ALL_RESTRICT ALL_RESTRICT
add_command add_command
add_file
add_rule add_rule
insert_rule insert_rule
chain_base chain_base
@ -257,6 +258,30 @@ sub add_command($$)
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
#
# Copy a file into a chain's rules as a set of run-time commands
#
sub add_file( $$ ) {
my $chainref = $_[0];
my $file = find_file $_[1];
if ( -f $file ) {
open EF , '<', $file or fatal_error "Unable to open $file";
add_command $chainref, qq(progress_message "Processing $file...");
add_command $chainref, '';
while ( $line = <EF> ) {
add_command $chainref, $line;
}
add_command $chainref, '';
close EF;
}
}
# #
# Add a rule to a chain. Arguments are: # Add a rule to a chain. Arguments are:
# #

2
Shorewall-perl/Shorewall/Config.pm
View File

@ -945,7 +945,7 @@ sub run_user_exit( $ ) {
if ( -f $file ) { if ( -f $file ) {
progress_message "Processing $file..."; progress_message "Processing $file...";
unless (my $return = do $file) { unless (my $return = eval `cat $file`) {
fatal_error "Couldn't parse $file: $@" if $@; fatal_error "Couldn't parse $file: $@" if $@;
fatal_error "Couldn't do $file: $!" unless defined $return; fatal_error "Couldn't do $file: $!" unless defined $return;
fatal_error "Couldn't run $file" unless $return; fatal_error "Couldn't run $file" unless $return;

4
Shorewall-perl/Shorewall/Rules.pm
View File

@ -490,6 +490,8 @@ sub add_common_rules() {
new_standard_chain output_chain( $interface ); new_standard_chain output_chain( $interface );
} }
add_file $filter_table->{INPUT}, 'initdone';
setup_blacklist; setup_blacklist;
@ -763,6 +765,8 @@ sub setup_mac_lists( $ ) {
add_command $chainref, "fi\n"; add_command $chainref, "fi\n";
} }
add_file $chainref, 'maclog';
log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', ''; log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', '';
add_rule $chainref, "-j $target"; add_rule $chainref, "-j $target";
} }

21
Shorewall-perl/releasenotes.txt
View File

@ -80,18 +80,25 @@ e) Because the compiler is now written in Perl, your compile-time
Perl code to see how the compiler operates internally. I will Perl code to see how the compiler operates internally. I will
produce documentation before the first official release. produce documentation before the first official release.
Compile-time extension scripts are executed using the Perl Compile-time extension scripts are executed using the Perl
'do FILE' mechanism. 'eval `cat <file>`' mechanism.
f) The 'refresh' command is now synonymous with 'restart'. f) The 'refresh' command is now synonymous with 'restart'.
g) Some run-time extension scripts are no longer supported because they g) Some run-time scripts will need to be converted to write their
make no sense (iptables-restore instantiates the new configuration iptables commands to file descriptor 3 in iptables-restore format
atomically). rather than running those commands.
continue
initdone initdone
continue maclog
refresh
Details to follow.
Some run-time scripts are simply eliminated because they no longer
make any sense under Shorewall-perl:
continue - Under Shorewall-perl, nothing is done between
'continue' and 'initdone'
refresh - The 'refresh' command is the same as 'restart'
refreshed refreshed
h) The /etc/shorewall/tos file now has zone-independent SOURCE and DEST h) The /etc/shorewall/tos file now has zone-independent SOURCE and DEST