Cleanup in process_rule1(); cosmetic changes to global variable generation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-15 01:09:30 +01:00 · 2007-05-08 22:28:48 +00:00 · 2007-05-08 22:28:48 +00:00 · 6d20c6672d
commit 6d20c6672d
parent e131aef733
3 changed files with 37 additions and 31 deletions
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -1716,23 +1716,34 @@ sub emitr( $ ) {
    }
 }

+my $emitted_comment = 0;
+
+sub emit_comment() {
+    unless ( $emitted_comment ) {
+	emitj ( '#',
+		'# Establish the values of shell variables used in the following function calls',
+		'#' );
+	$emitted_comment = 1;
+    }
+}
+
 #
-# Generate function that sets global variables
+# Generate setting of global variables
 #
 sub set_global_variables() {

-    #
-    # Establish the values of shell variables used in the following shell commands and/or 'here documents' input.
-    #
    for ( values %interfaceaddr ) {
+	emit_comment;
 	emit $_;
    }

    for ( values %interfaceaddrs ) {
+	emit_comment;
 	emit $_;
    }

    for ( values %interfacenets ) {
+	emit_comment;
 	emit $_;
    }

--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -970,7 +970,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
    #
    $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) );

-    if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) {
+    unless ( $section eq 'NEW' ) {
 	fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
 	fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT;
 	$rule .= "-m state --state $section " 
@ -1061,32 +1061,30 @@ sub process_rule1 ( $$$$$$$$$$ ) {
 	    $dest     = $server;
 	    $action   = 'ACCEPT';
 	}
-    } else {
-	if ( $actiontype & NONAT ) {
-	    #
-	    # NONAT or ACCEPT+ -- May not specify a destination interface
-	    #
-	    fatal_error "Invalid DEST ($dest) in $action rule" if $dest =~ /:/;
+    } elsif ( $actiontype & NONAT ) {
+	#
+	# NONAT or ACCEPT+ -- May not specify a destination interface
+	#
+	fatal_error "Invalid DEST ($dest) in $action rule" if $dest =~ /:/;

-	    $origdest = '' unless $origdest and $origdest ne '-';
+	$origdest = '' unless $origdest and $origdest ne '-';

-	    if ( $origdest eq 'detect' ) {
-		my $interfacesref = $zones{$sourcezone}{interfaces};
-		my $interfaces = "@$interfacesref";
-		$origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
-	    }
-
-	    expand_rule( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
-			 PREROUTE_RESTRICT ,
-			 $rule ,
-			 $source ,
-			 $dest ,
-			 $origdest ,
-			 '-j RETURN ' ,
-			 $loglevel ,
-			 $action ,
-			 '' );
+	if ( $origdest eq 'detect' ) {
+	    my $interfacesref = $zones{$sourcezone}{interfaces};
+	    my $interfaces = "@$interfacesref";
+	    $origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
 	}
+
+	expand_rule( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
+		     PREROUTE_RESTRICT ,
+		     $rule ,
+		     $source ,
+		     $dest ,
+		     $origdest ,
+		     '-j RETURN ' ,
+		     $loglevel ,
+		     $action ,
+		     '' );
    }
    #
    # Add filter table rule, unless this is a NATONLY rule type
--- a/Shorewall-perl/compiler.pl
+++ b/Shorewall-perl/compiler.pl
@ -584,14 +584,11 @@ sub generate_script_3() {
    emit 'define_firewall() {';
    push_indent;

-    emit '';
-
    set_global_variables;

    emit '';

    emit<<'EOF';
-
 setup_routing_and_traffic_shaping;

 if [ $COMMAND = restore ]; then