Cleanup in process_rule1(); cosmetic changes to global variable generation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-15 09:19:28 +01:00 · 2007-05-08 22:28:48 +00:00 · 2007-05-08 22:28:48 +00:00 · 6d20c6672d
commit 6d20c6672d
parent e131aef733
3 changed files with 37 additions and 31 deletions
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -1716,23 +1716,34 @@ sub emitr( $ ) {
    }
 }

+my $emitted_comment = 0;
+
+sub emit_comment() {
+    unless ( $emitted_comment ) {
+	emitj ( '#',
+		'# Establish the values of shell variables used in the following function calls',
+		'#' );
+	$emitted_comment = 1;
+    }
+}
+
 #
-# Generate function that sets global variables
+# Generate setting of global variables
 #
 sub set_global_variables() {

-    #
-    # Establish the values of shell variables used in the following shell commands and/or 'here documents' input.
-    #
    for ( values %interfaceaddr ) {
+	emit_comment;
 	emit $_;
    }

    for ( values %interfaceaddrs ) {
+	emit_comment;
 	emit $_;
    }

    for ( values %interfacenets ) {
+	emit_comment;
 	emit $_;
    }

--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -970,7 +970,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
    #
    $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) );

-    if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) {
+    unless ( $section eq 'NEW' ) {
 	fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
 	fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT;
 	$rule .= "-m state --state $section " 
@ -1061,8 +1061,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
 	    $dest     = $server;
 	    $action   = 'ACCEPT';
 	}
-    } else {
-	if ( $actiontype & NONAT ) {
+    } elsif ( $actiontype & NONAT ) {
 	#
 	# NONAT or ACCEPT+ -- May not specify a destination interface
 	#
@ -1087,7 +1086,6 @@ sub process_rule1 ( $$$$$$$$$$ ) {
 		     $action ,
 		     '' );
    }
-    }
    #
    # Add filter table rule, unless this is a NATONLY rule type
    #
--- a/Shorewall-perl/compiler.pl
+++ b/Shorewall-perl/compiler.pl
@ -584,14 +584,11 @@ sub generate_script_3() {
    emit 'define_firewall() {';
    push_indent;

-    emit '';
-
    set_global_variables;

    emit '';

    emit<<'EOF';
-
 setup_routing_and_traffic_shaping;

 if [ $COMMAND = restore ]; then