Cleanup in process_rule1(); cosmetic changes to global variable generation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Chains.pm

@@ -1716,23 +1716,34 @@ sub emitr( $ ) {
     }
 }
 
+my $emitted_comment = 0;
+
+sub emit_comment() {
+    unless ( $emitted_comment ) {
+	emitj ( '#',
+		'# Establish the values of shell variables used in the following function calls',
+		'#' );
+	$emitted_comment = 1;
+    }
+}
+
 #
-# Generate function that sets global variables
+# Generate setting of global variables
 #
 sub set_global_variables() {
 
-    #
-    # Establish the values of shell variables used in the following shell commands and/or 'here documents' input.
-    #
     for ( values %interfaceaddr ) {
+	emit_comment;
 	emit $_;
     }
 
     for ( values %interfaceaddrs ) {
+	emit_comment;
 	emit $_;
     }
 
     for ( values %interfacenets ) {
+	emit_comment;
 	emit $_;
     }
 

Shorewall-perl/Shorewall/Rules.pm

@@ -970,7 +970,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
     #
     $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) );
 
-    if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) {
+    unless ( $section eq 'NEW' ) {
 	fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
 	fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT;
 	$rule .= "-m state --state $section " 
@@ -1061,32 +1061,30 @@ sub process_rule1 ( $$$$$$$$$$ ) {
 	    $dest     = $server;
 	    $action   = 'ACCEPT';
 	}
-    } else {
+    } elsif ( $actiontype & NONAT ) {
-	if ( $actiontype & NONAT ) {
+	#
-	    #
+	# NONAT or ACCEPT+ -- May not specify a destination interface
-	    # NONAT or ACCEPT+ -- May not specify a destination interface
+	#
-	    #
+	fatal_error "Invalid DEST ($dest) in $action rule" if $dest =~ /:/;
-	    fatal_error "Invalid DEST ($dest) in $action rule" if $dest =~ /:/;
 
-	    $origdest = '' unless $origdest and $origdest ne '-';
+	$origdest = '' unless $origdest and $origdest ne '-';
 
-	    if ( $origdest eq 'detect' ) {
+	if ( $origdest eq 'detect' ) {
-		my $interfacesref = $zones{$sourcezone}{interfaces};
+	    my $interfacesref = $zones{$sourcezone}{interfaces};
-		my $interfaces = "@$interfacesref";
+	    my $interfaces = "@$interfacesref";
-		$origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
+	    $origdest = $interfaces ? "detect:$interfaces" : ALLIPv4;
-	    }
-
-	    expand_rule( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
-			 PREROUTE_RESTRICT ,
-			 $rule ,
-			 $source ,
-			 $dest ,
-			 $origdest ,
-			 '-j RETURN ' ,
-			 $loglevel ,
-			 $action ,
-			 '' );
 	}
+
+	expand_rule( ensure_chain ('nat' , $zones{$sourcezone}{type} eq 'firewall' ? 'OUTPUT' : dnat_chain $sourcezone) ,
+		     PREROUTE_RESTRICT ,
+		     $rule ,
+		     $source ,
+		     $dest ,
+		     $origdest ,
+		     '-j RETURN ' ,
+		     $loglevel ,
+		     $action ,
+		     '' );
     }
     #
     # Add filter table rule, unless this is a NATONLY rule type

Shorewall-perl/compiler.pl

@@ -584,14 +584,11 @@ sub generate_script_3() {
     emit 'define_firewall() {';
     push_indent;
 
-    emit '';
-
     set_global_variables;
 
     emit '';
 
     emit<<'EOF';
-
 setup_routing_and_traffic_shaping;
 
 if [ $COMMAND = restore ]; then