From 61b5dbbb95d61b89f142e5458e437b07c19cc820 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 20 May 2011 10:48:28 -0700 Subject: [PATCH] Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 53 ++++++++++++++----------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index fb693418e..b7050dce8 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -46,8 +46,7 @@ our @EXPORT = qw( save_policies ensure_rules_chain optimize_policy_chains - process_actions1 - process_actions2 + process_actions process_rules ); @@ -62,8 +61,6 @@ my $section; my @policy_chains; -my %policy_actions; - my %default_actions; my %macros; @@ -126,10 +123,6 @@ sub initialize( $ ) { # Chains created as a result of entries in the policy file @policy_chains = (); # - # Default Actions for policies - # - %policy_actions = (); - # # This is updated from the *_DEFAULT settings in shorewall.conf. Those settings were stored # in the %config hash when shorewall[6].conf was processed. # @@ -296,15 +289,7 @@ sub print_policy($$$$) { } } -# -# Add the passed action to %policy_actions -# -sub use_policy_action( $ ) { - my $action = shift; - - $policy_actions{$action} = 1; -} - +sub use_policy_action( $ ); # # Process an entry in the policy file. # @@ -357,8 +342,6 @@ sub process_a_policy() { $default = $default_actions{$policy} || ''; } - use_policy_action $policy if $auditactions{$policy}; - if ( defined $queue ) { fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE'; require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); @@ -1361,9 +1344,10 @@ my %builtinops = ( 'dropBcast' => \&dropBcast, # - Reads actions.std and actions (in that order) and for each entry: # o Adds the action to the target table # o Verifies that the corresponding action file exists +# o Creates action chains for config options that have audited settings. # -sub process_actions1() { +sub process_actions() { progress_message2 "Locating Action Files..."; # @@ -1398,6 +1382,13 @@ sub process_actions1() { fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; } } + + my $ref; + + for ( map normalize_action_name $_ , ( grep $auditactions{$_}, ( map $config{$_}, @auditoptions ) ) ) { + process_action( $ref ) if $ref = use_action($_); + } + } sub process_rule1 ( $$$$$$$$$$$$$$$$ ); @@ -1481,20 +1472,22 @@ sub process_action( $) { } # -# This function creates and populates the chains for the policy actions. +# Create a policy action if it doesn't already exist +# +sub use_policy_action( $ ) { + my $ref = use_action( normalize_action_name $_[0] ); + + process_action( $ref ) if $ref; +} + + + +# +# This function creates and populates the chains for config options with audited settings. # sub process_actions2 () { - progress_message2 "$doing policy actions..."; - my $ref; - for ( map normalize_action_name $_ , ( grep $auditactions{$_}, ( map $config{$_}, @auditoptions ) ) ) { - process_action( $ref ) if $ref = use_action($_); - } - - for ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) { - process_action( $ref ) if $ref = use_action($_); - } } ################################################################################