mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-11 08:08:12 +01:00
Revert "Sort specific hash keys and values if -e"
This reverts commit 5e648a9379
.
This commit is contained in:
parent
92b25d88b0
commit
6dc99e77ae
@ -37,7 +37,6 @@ use Shorewall::Config qw(:DEFAULT :internal);
|
|||||||
use Shorewall::Zones;
|
use Shorewall::Zones;
|
||||||
use Shorewall::IPAddrs;
|
use Shorewall::IPAddrs;
|
||||||
use strict;
|
use strict;
|
||||||
use sort 'stable';
|
|
||||||
|
|
||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = ( qw(
|
our @EXPORT = ( qw(
|
||||||
@ -3707,24 +3706,6 @@ sub optimize_level0() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Conditionally sort a list of chain table entry references by name, if -t was specified
|
|
||||||
#
|
|
||||||
|
|
||||||
sub keysort(\%) {
|
|
||||||
my $hashref = shift;
|
|
||||||
|
|
||||||
return sort { $a->{name} cmp $b->{name} } keys %$hashref if $test;
|
|
||||||
return keys %$hashref;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub valuesort(\%) {
|
|
||||||
my $hashref = shift;
|
|
||||||
|
|
||||||
return sort { $a->{name} cmp $b->{name} } values %$hashref if $test;
|
|
||||||
return values %$hashref;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub optimize_level4( $$ ) {
|
sub optimize_level4( $$ ) {
|
||||||
my ( $table, $tableref ) = @_;
|
my ( $table, $tableref ) = @_;
|
||||||
my $progress = 1;
|
my $progress = 1;
|
||||||
@ -3946,7 +3927,7 @@ sub optimize_level4( $$ ) {
|
|||||||
my @chains = grep ( $_->{referenced} &&
|
my @chains = grep ( $_->{referenced} &&
|
||||||
! $_->{optflags} &&
|
! $_->{optflags} &&
|
||||||
@{$_->{rules}} < 4 &&
|
@{$_->{rules}} < 4 &&
|
||||||
keys %{$_->{references}} == 1 , valuesort %$tableref );
|
keys %{$_->{references}} == 1 , values %$tableref );
|
||||||
|
|
||||||
if ( my $chains = @chains ) {
|
if ( my $chains = @chains ) {
|
||||||
$passes++;
|
$passes++;
|
||||||
@ -3955,7 +3936,7 @@ sub optimize_level4( $$ ) {
|
|||||||
|
|
||||||
for my $chainref ( @chains ) {
|
for my $chainref ( @chains ) {
|
||||||
my $name = $chainref->{name};
|
my $name = $chainref->{name};
|
||||||
for my $sourceref ( map $tableref->{$_}, sortkeysiftest %{$chainref->{references}} ) {
|
for my $sourceref ( map $tableref->{$_}, keys %{$chainref->{references}} ) {
|
||||||
my $name1 = $sourceref->{name};
|
my $name1 = $sourceref->{name};
|
||||||
|
|
||||||
if ( $chainref->{references}{$name1} == 1 ) {
|
if ( $chainref->{references}{$name1} == 1 ) {
|
||||||
@ -4085,7 +4066,7 @@ sub optimize_level8( $$$ ) {
|
|||||||
#
|
#
|
||||||
# First create aliases for each renamed chain and change the {name} member.
|
# First create aliases for each renamed chain and change the {name} member.
|
||||||
#
|
#
|
||||||
for my $oldname ( sortiftest @rename ) {
|
for my $oldname ( @rename ) {
|
||||||
my $newname = $renamed{ $oldname } = $rename{ $oldname } . $chainseq++;
|
my $newname = $renamed{ $oldname } = $rename{ $oldname } . $chainseq++;
|
||||||
|
|
||||||
trace( $tableref->{$oldname}, 'RN', 0, " Renamed $newname" ) if $debug;
|
trace( $tableref->{$oldname}, 'RN', 0, " Renamed $newname" ) if $debug;
|
||||||
@ -4598,7 +4579,7 @@ sub combine_states {
|
|||||||
|
|
||||||
sub optimize_level16( $$$ ) {
|
sub optimize_level16( $$$ ) {
|
||||||
my ( $table, $tableref , $passes ) = @_;
|
my ( $table, $tableref , $passes ) = @_;
|
||||||
my @chains = ( grep $_->{referenced}, valuesort %{$tableref} );
|
my @chains = ( grep $_->{referenced}, values %{$tableref} );
|
||||||
my @chains1 = @chains;
|
my @chains1 = @chains;
|
||||||
my $chains = @chains;
|
my $chains = @chains;
|
||||||
|
|
||||||
@ -4715,7 +4696,7 @@ sub setup_zone_mss() {
|
|||||||
|
|
||||||
my $hosts = find_zone_hosts_by_option( $zone, 'mss' );
|
my $hosts = find_zone_hosts_by_option( $zone, 'mss' );
|
||||||
|
|
||||||
for my $hostref ( $test ? sort { $a->[0] cmp $b->[0] } @$hosts : @$hosts ) {
|
for my $hostref ( @$hosts ) {
|
||||||
my $mss = $hostref->[4];
|
my $mss = $hostref->[4];
|
||||||
my @mssmatch = have_capability( 'TCPMSS_MATCH' ) ? ( tcpmss => "--mss $mss:" ) : ();
|
my @mssmatch = have_capability( 'TCPMSS_MATCH' ) ? ( tcpmss => "--mss $mss:" ) : ();
|
||||||
my @sourcedev = imatch_source_dev $hostref->[0];
|
my @sourcedev = imatch_source_dev $hostref->[0];
|
||||||
@ -7474,13 +7455,13 @@ sub set_global_variables( $$ ) {
|
|||||||
if ( $conditional ) {
|
if ( $conditional ) {
|
||||||
my ( $interface, @interfaces );
|
my ( $interface, @interfaces );
|
||||||
|
|
||||||
@interfaces = sortkeysiftest %interfaceaddr;
|
@interfaces = keys %interfaceaddr;
|
||||||
|
|
||||||
for $interface ( @interfaces ) {
|
for $interface ( @interfaces ) {
|
||||||
emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfaceaddr{$interface}) );
|
emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfaceaddr{$interface}) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@interfaces = sortkeysiftest %interfacegateways;
|
@interfaces = keys %interfacegateways;
|
||||||
|
|
||||||
for $interface ( @interfaces ) {
|
for $interface ( @interfaces ) {
|
||||||
emit( qq(if [ -z "\$interface" -o "\$interface" = "$interface" ]; then) );
|
emit( qq(if [ -z "\$interface" -o "\$interface" = "$interface" ]; then) );
|
||||||
@ -7490,29 +7471,29 @@ sub set_global_variables( $$ ) {
|
|||||||
emit( qq(fi\n) );
|
emit( qq(fi\n) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@interfaces = sortkeysiftest %interfacemacs;
|
@interfaces = keys %interfacemacs;
|
||||||
|
|
||||||
for $interface ( @interfaces ) {
|
for $interface ( @interfaces ) {
|
||||||
emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfacemacs{$interface}) );
|
emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfacemacs{$interface}) );
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
emit $interfaceaddr{$_} for sortkeysiftest %interfaceaddr;
|
emit $_ for values %interfaceaddr;
|
||||||
emit "$interfacegateways{$_}\n" for sortkeysiftest %interfacegateways;
|
emit "$_\n" for values %interfacegateways;
|
||||||
emit $interfacemacs{$_} for sortkeysiftest %interfacemacs;
|
emit $_ for values %interfacemacs;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $setall ) {
|
if ( $setall ) {
|
||||||
emit $interfaceaddr{$_} for sortkeysiftest %interfaceaddr;
|
emit $_ for values %interfaceaddrs;
|
||||||
emit $interfacenets{$_} for sortkeysiftest %interfacenets;
|
emit $_ for values %interfacenets;
|
||||||
|
|
||||||
unless ( have_capability( 'ADDRTYPE' ) ) {
|
unless ( have_capability( 'ADDRTYPE' ) ) {
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
emit 'ALL_BCASTS="$(get_all_bcasts) 255.255.255.255"';
|
emit 'ALL_BCASTS="$(get_all_bcasts) 255.255.255.255"';
|
||||||
emit $interfacebcasts{$_} for sortkeysiftest %interfacebcasts;
|
emit $_ for values %interfacebcasts;
|
||||||
} else {
|
} else {
|
||||||
emit 'ALL_ACASTS="$(get_all_acasts)"';
|
emit 'ALL_ACASTS="$(get_all_acasts)"';
|
||||||
emit $interfaceacasts{$_} for sortkeysiftest %interfaceacasts;
|
emit $_ for values %interfaceacasts;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -8476,7 +8457,7 @@ sub add_interface_options( $ ) {
|
|||||||
# Insert jumps to the interface chains into the rules chains
|
# Insert jumps to the interface chains into the rules chains
|
||||||
#
|
#
|
||||||
for my $zone1 ( off_firewall_zones ) {
|
for my $zone1 ( off_firewall_zones ) {
|
||||||
my @input_interfaces = sortkeysiftest %{zone_interfaces( $zone1 )};
|
my @input_interfaces = keys %{zone_interfaces( $zone1 )};
|
||||||
my @forward_interfaces = @input_interfaces;
|
my @forward_interfaces = @input_interfaces;
|
||||||
|
|
||||||
if ( @input_interfaces > 1 ) {
|
if ( @input_interfaces > 1 ) {
|
||||||
@ -8562,7 +8543,7 @@ sub add_interface_options( $ ) {
|
|||||||
for my $zone1 ( firewall_zone, vserver_zones ) {
|
for my $zone1 ( firewall_zone, vserver_zones ) {
|
||||||
for my $zone2 ( off_firewall_zones ) {
|
for my $zone2 ( off_firewall_zones ) {
|
||||||
my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )};
|
my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )};
|
||||||
my @interfaces = sortkeysiftest %{zone_interfaces( $zone2 )};
|
my @interfaces = keys %{zone_interfaces( $zone2 )};
|
||||||
my $chain1ref;
|
my $chain1ref;
|
||||||
|
|
||||||
for my $interface ( @interfaces ) {
|
for my $interface ( @interfaces ) {
|
||||||
@ -9003,7 +8984,7 @@ sub create_save_ipsets() {
|
|||||||
#
|
#
|
||||||
$ipsets{$_} = 1 for ( @ipsets, @{$globals{SAVED_IPSETS}} );
|
$ipsets{$_} = 1 for ( @ipsets, @{$globals{SAVED_IPSETS}} );
|
||||||
|
|
||||||
my @sets = sortkeysiftest %ipsets;
|
my @sets = keys %ipsets;
|
||||||
|
|
||||||
emit( '' ,
|
emit( '' ,
|
||||||
' rm -f $file' ,
|
' rm -f $file' ,
|
||||||
@ -9172,7 +9153,7 @@ sub create_load_ipsets() {
|
|||||||
#
|
#
|
||||||
sub create_nfobjects() {
|
sub create_nfobjects() {
|
||||||
|
|
||||||
my @objects = ( sortkeysiftest %nfobjects );
|
my @objects = ( keys %nfobjects );
|
||||||
|
|
||||||
if ( @objects ) {
|
if ( @objects ) {
|
||||||
if ( $config{NFACCT} ) {
|
if ( $config{NFACCT} ) {
|
||||||
@ -9187,7 +9168,7 @@ sub create_nfobjects() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for ( @objects ) {
|
for ( keys %nfobjects ) {
|
||||||
emit( qq(if ! qt \$NFACCT get $_; then),
|
emit( qq(if ! qt \$NFACCT get $_; then),
|
||||||
qq( \$NFACCT add $_),
|
qq( \$NFACCT add $_),
|
||||||
qq(fi\n) );
|
qq(fi\n) );
|
||||||
@ -9560,7 +9541,7 @@ sub create_stop_load( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub initialize_switches() {
|
sub initialize_switches() {
|
||||||
if ( sortkeysiftest %switches ) {
|
if ( keys %switches ) {
|
||||||
emit( 'if [ $COMMAND = start ]; then' );
|
emit( 'if [ $COMMAND = start ]; then' );
|
||||||
push_indent;
|
push_indent;
|
||||||
for my $switch ( keys %switches ) {
|
for my $switch ( keys %switches ) {
|
||||||
|
@ -49,6 +49,8 @@ our $VERSION = 'MODULEVERSION';
|
|||||||
|
|
||||||
our $export; # True when compiling for export
|
our $export; # True when compiling for export
|
||||||
|
|
||||||
|
our $test; # True when running regression tests
|
||||||
|
|
||||||
our $family; # IP address family (4 or 6)
|
our $family; # IP address family (4 or 6)
|
||||||
|
|
||||||
our $have_arptables; # True if we have arptables rules
|
our $have_arptables; # True if we have arptables rules
|
||||||
@ -56,8 +58,8 @@ our $have_arptables; # True if we have arptables rules
|
|||||||
#
|
#
|
||||||
# Initilize the package-globals in the other modules
|
# Initilize the package-globals in the other modules
|
||||||
#
|
#
|
||||||
sub initialize_package_globals( $$$$ ) {
|
sub initialize_package_globals( $$$ ) {
|
||||||
Shorewall::Config::initialize($family, $export, $_[1], $_[2], $_[3]);
|
Shorewall::Config::initialize($family, $export, $_[1], $_[2]);
|
||||||
Shorewall::Chains::initialize ($family, 1, $export );
|
Shorewall::Chains::initialize ($family, 1, $export );
|
||||||
Shorewall::Zones::initialize ($family, $_[0]);
|
Shorewall::Zones::initialize ($family, $_[0]);
|
||||||
Shorewall::Nat::initialize($family);
|
Shorewall::Nat::initialize($family);
|
||||||
@ -586,7 +588,7 @@ sub compiler {
|
|||||||
( '', '', -1, '', 0, '', -1, 0, 0, 0, 0, , '' , '/usr/share/shorewall/shorewallrc', '' );
|
( '', '', -1, '', 0, '', -1, 0, 0, 0, 0, , '' , '/usr/share/shorewall/shorewallrc', '' );
|
||||||
|
|
||||||
$export = 0;
|
$export = 0;
|
||||||
my $test = 0;
|
$test = 0;
|
||||||
$have_arptables = 0;
|
$have_arptables = 0;
|
||||||
|
|
||||||
sub validate_boolean( $ ) {
|
sub validate_boolean( $ ) {
|
||||||
@ -639,19 +641,18 @@ sub compiler {
|
|||||||
#
|
#
|
||||||
# Now that we know the address family (IPv4/IPv6), we can initialize the other modules' globals
|
# Now that we know the address family (IPv4/IPv6), we can initialize the other modules' globals
|
||||||
#
|
#
|
||||||
initialize_package_globals( $update, $test, $shorewallrc, $shorewallrc1 );
|
initialize_package_globals( $update, $shorewallrc, $shorewallrc1 );
|
||||||
#
|
|
||||||
# Rather than continuing to extend the argument list of Config::initialize(),
|
|
||||||
# we use a set of small functions to export settings to the Config module.
|
|
||||||
#
|
|
||||||
set_config_path( $config_path ) if $config_path;
|
set_config_path( $config_path ) if $config_path;
|
||||||
|
|
||||||
set_shorewall_dir( $directory ) if $directory ne '';
|
set_shorewall_dir( $directory ) if $directory ne '';
|
||||||
|
|
||||||
$verbosity = 1 if $debug && $verbosity < 1;
|
$verbosity = 1 if $debug && $verbosity < 1;
|
||||||
|
|
||||||
set_verbosity( $verbosity );
|
set_verbosity( $verbosity );
|
||||||
set_log($log, $log_verbosity) if $log;
|
set_log($log, $log_verbosity) if $log;
|
||||||
set_timestamp( $timestamp );
|
set_timestamp( $timestamp );
|
||||||
set_debug( $debug , $confess );
|
set_debug( $debug , $confess );
|
||||||
set_command( 'compile', 'Compiling', 'Compiled' );
|
|
||||||
#
|
#
|
||||||
# S H O R E W A L L R C ,
|
# S H O R E W A L L R C ,
|
||||||
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
|
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
|
||||||
@ -669,7 +670,12 @@ sub compiler {
|
|||||||
#
|
#
|
||||||
# Create a temp file to hold the script
|
# Create a temp file to hold the script
|
||||||
#
|
#
|
||||||
create_temp_script( $scriptfilename , $export ) if $scriptfilename;
|
if ( $scriptfilename ) {
|
||||||
|
set_command( 'compile', 'Compiling', 'Compiled' );
|
||||||
|
create_temp_script( $scriptfilename , $export );
|
||||||
|
} else {
|
||||||
|
set_command( 'check', 'Checking', 'Checked' );
|
||||||
|
}
|
||||||
#
|
#
|
||||||
# Z O N E D E F I N I T I O N
|
# Z O N E D E F I N I T I O N
|
||||||
# (Produces no output to the compiled script)
|
# (Produces no output to the compiled script)
|
||||||
|
@ -166,11 +166,7 @@ our @EXPORT = qw(
|
|||||||
report_used_capabilities
|
report_used_capabilities
|
||||||
kernel_version
|
kernel_version
|
||||||
|
|
||||||
compiletime
|
compiletime
|
||||||
|
|
||||||
sortkeysiftest
|
|
||||||
sortvaluesiftest
|
|
||||||
sortiftest
|
|
||||||
|
|
||||||
F_IPV4
|
F_IPV4
|
||||||
F_IPV6
|
F_IPV6
|
||||||
@ -268,7 +264,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
|||||||
$debug
|
$debug
|
||||||
$file_format
|
$file_format
|
||||||
$comment
|
$comment
|
||||||
$test
|
|
||||||
|
|
||||||
%config
|
%config
|
||||||
%origin
|
%origin
|
||||||
@ -798,8 +793,6 @@ our %filecache;
|
|||||||
|
|
||||||
our $compiletime;
|
our $compiletime;
|
||||||
|
|
||||||
our $test;
|
|
||||||
|
|
||||||
sub process_shorewallrc($$);
|
sub process_shorewallrc($$);
|
||||||
sub add_variables( \% );
|
sub add_variables( \% );
|
||||||
#
|
#
|
||||||
@ -811,12 +804,9 @@ sub add_variables( \% );
|
|||||||
#
|
#
|
||||||
# 2. The compiler can run multiple times in the same process so it has to be
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
# able to re-initialize its dependent modules' state.
|
# able to re-initialize its dependent modules' state.
|
||||||
####################################################################################################
|
#
|
||||||
# Do not change the required part of this prototype unless you want to take on a lot of additional
|
sub initialize($;$$$) {
|
||||||
# work (This function is called from build).
|
( $family, $export, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
|
||||||
####################################################################################################
|
|
||||||
sub initialize($;$$$$) {
|
|
||||||
( $family, $export, $test, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
|
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
|
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
|
||||||
@ -861,7 +851,7 @@ sub initialize($;$$$$) {
|
|||||||
TC_SCRIPT => '',
|
TC_SCRIPT => '',
|
||||||
EXPORT => 0,
|
EXPORT => 0,
|
||||||
KLUDGEFREE => '',
|
KLUDGEFREE => '',
|
||||||
VERSION => '5.2.4.1',
|
VERSION => '5.2.0-Beta1',
|
||||||
CAPVERSION => 50200 ,
|
CAPVERSION => 50200 ,
|
||||||
BLACKLIST_LOG_TAG => '',
|
BLACKLIST_LOG_TAG => '',
|
||||||
RELATED_LOG_TAG => '',
|
RELATED_LOG_TAG => '',
|
||||||
@ -1838,30 +1828,6 @@ sub set_command( $$$ ) {
|
|||||||
($command, $doing, $done) = @_;
|
($command, $doing, $done) = @_;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Return the keys or values of the passed hash. If $test, the keys/values will be sorted by their own values
|
|
||||||
#
|
|
||||||
sub sortkeysiftest(\%) {
|
|
||||||
my ( $hashref ) = @_;
|
|
||||||
|
|
||||||
return sort keys %$hashref if $test;
|
|
||||||
return keys %$hashref;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub sortvaluesiftest(\%) {
|
|
||||||
my ( $hashref ) = @_;
|
|
||||||
|
|
||||||
return sort values %$hashref if $test;
|
|
||||||
return keys %$hashref;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Sort a list by the list elements if $test
|
|
||||||
#
|
|
||||||
sub sortiftest(@) {
|
|
||||||
return $test ? sort @_ : @_;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Print the current TOD to STDOUT.
|
# Print the current TOD to STDOUT.
|
||||||
#
|
#
|
||||||
|
@ -34,7 +34,6 @@ use Shorewall::Zones;
|
|||||||
use Shorewall::Chains qw(:DEFAULT :internal);
|
use Shorewall::Chains qw(:DEFAULT :internal);
|
||||||
use Shorewall::Rules;
|
use Shorewall::Rules;
|
||||||
use Shorewall::Proc;
|
use Shorewall::Proc;
|
||||||
use sort 'stable';
|
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
@ -131,7 +130,7 @@ sub setup_ecn()
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( @hosts ) {
|
if ( @hosts ) {
|
||||||
my @interfaces = ( sortkeysiftest %interfaces );
|
my @interfaces = ( keys %interfaces );
|
||||||
|
|
||||||
progress_message "$doing ECN control on @interfaces...";
|
progress_message "$doing ECN control on @interfaces...";
|
||||||
|
|
||||||
@ -1323,7 +1322,7 @@ sub setup_mac_lists( $ ) {
|
|||||||
$maclist_interfaces{ $hostref->[0] } = 1;
|
$maclist_interfaces{ $hostref->[0] } = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
my @maclist_interfaces = ( sortkeysiftest %maclist_interfaces );
|
my @maclist_interfaces = ( keys %maclist_interfaces );
|
||||||
|
|
||||||
if ( $phase == 1 ) {
|
if ( $phase == 1 ) {
|
||||||
|
|
||||||
@ -1409,7 +1408,7 @@ sub setup_mac_lists( $ ) {
|
|||||||
#
|
#
|
||||||
# Generate jumps from the input and forward chains
|
# Generate jumps from the input and forward chains
|
||||||
#
|
#
|
||||||
for my $hostref ( $test ? sort { $a->[0] cmp $b->[0] } @$maclist_hosts : @$maclist_hosts ) {
|
for my $hostref ( @$maclist_hosts ) {
|
||||||
my $interface = $hostref->[0];
|
my $interface = $hostref->[0];
|
||||||
my $ipsec = $hostref->[1];
|
my $ipsec = $hostref->[1];
|
||||||
my @policy = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
|
my @policy = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : ();
|
||||||
@ -1802,7 +1801,7 @@ sub handle_complex_zone( $$ ) {
|
|||||||
my $type = $zoneref->{type};
|
my $type = $zoneref->{type};
|
||||||
my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
|
my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {};
|
||||||
|
|
||||||
for my $interface ( sortkeysiftest %$source_ref ) {
|
for my $interface ( keys %$source_ref ) {
|
||||||
my $sourcechainref = $filter_table->{forward_chain $interface};
|
my $sourcechainref = $filter_table->{forward_chain $interface};
|
||||||
my @interfacematch;
|
my @interfacematch;
|
||||||
my $interfaceref = find_interface $interface;
|
my $interfaceref = find_interface $interface;
|
||||||
@ -1942,7 +1941,7 @@ sub add_output_jumps( $$$$$$$$ ) {
|
|||||||
my $use_output = 0;
|
my $use_output = 0;
|
||||||
my @dest = imatch_dest_net $net;
|
my @dest = imatch_dest_net $net;
|
||||||
my @ipsec_out_match = match_ipsec_out $zone , $hostref;
|
my @ipsec_out_match = match_ipsec_out $zone , $hostref;
|
||||||
my @zone_interfaces = sortkeysiftest %{zone_interfaces( $zone )};
|
my @zone_interfaces = keys %{zone_interfaces( $zone )};
|
||||||
|
|
||||||
if ( @vservers || use_interface_chain( $interface, 'use_output_chain' ) || ( @{$interfacechainref->{rules}} && ! $chain1ref ) || @zone_interfaces > 1 ) {
|
if ( @vservers || use_interface_chain( $interface, 'use_output_chain' ) || ( @{$interfacechainref->{rules}} && ! $chain1ref ) || @zone_interfaces > 1 ) {
|
||||||
#
|
#
|
||||||
@ -2314,9 +2313,9 @@ sub generate_matrix() {
|
|||||||
#
|
#
|
||||||
# Take care of PREROUTING, INPUT and OUTPUT jumps
|
# Take care of PREROUTING, INPUT and OUTPUT jumps
|
||||||
#
|
#
|
||||||
for my $type ( sortkeysiftest %$source_hosts_ref ) {
|
for my $type ( keys %$source_hosts_ref ) {
|
||||||
my $typeref = $source_hosts_ref->{$type};
|
my $typeref = $source_hosts_ref->{$type};
|
||||||
for my $interface ( sortkeysiftest %$typeref ) {
|
for my $interface ( keys %$typeref ) {
|
||||||
if ( get_physical( $interface ) eq '+' ) {
|
if ( get_physical( $interface ) eq '+' ) {
|
||||||
#
|
#
|
||||||
# Insert the interface-specific jumps before this one which is not interface-specific
|
# Insert the interface-specific jumps before this one which is not interface-specific
|
||||||
@ -2401,9 +2400,9 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
my $chainref = $filter_table->{$chain}; #Will be null if $chain is a Netfilter Built-in target like ACCEPT
|
my $chainref = $filter_table->{$chain}; #Will be null if $chain is a Netfilter Built-in target like ACCEPT
|
||||||
|
|
||||||
for my $type ( sortkeysiftest %{$zone1ref->{hosts}} ) {
|
for my $type ( keys %{$zone1ref->{hosts}} ) {
|
||||||
my $typeref = $zone1ref->{hosts}{$type};
|
my $typeref = $zone1ref->{hosts}{$type};
|
||||||
for my $interface ( sortkeysiftest %$typeref ) {
|
for my $interface ( keys %$typeref ) {
|
||||||
for my $hostref ( @{$typeref->{$interface}} ) {
|
for my $hostref ( @{$typeref->{$interface}} ) {
|
||||||
next if $hostref->{options}{sourceonly};
|
next if $hostref->{options}{sourceonly};
|
||||||
if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) {
|
if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) {
|
||||||
|
@ -1892,8 +1892,8 @@ sub map_provider_to_interface() {
|
|||||||
|
|
||||||
my $haveoptional;
|
my $haveoptional;
|
||||||
|
|
||||||
for my $provider ( @providers ) {
|
for my $providerref ( values %providers ) {
|
||||||
if ( ( my $providerref=$providers{$provider} )->{optional} ) {
|
if ( $providerref->{optional} ) {
|
||||||
unless ( $haveoptional++ ) {
|
unless ( $haveoptional++ ) {
|
||||||
emit( 'if [ -n "$interface" ]; then',
|
emit( 'if [ -n "$interface" ]; then',
|
||||||
' case $interface in' );
|
' case $interface in' );
|
||||||
@ -2054,7 +2054,8 @@ sub compile_updown() {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
my @nonshared = ( grep $providers{$_}->{optional}, sortvaluesiftest %provider_interfaces );
|
my @nonshared = ( grep $providers{$_}->{optional},
|
||||||
|
values %provider_interfaces );
|
||||||
|
|
||||||
if ( @nonshared ) {
|
if ( @nonshared ) {
|
||||||
my $interfaces = join( '|', map $providers{$_}->{physical}, @nonshared );
|
my $interfaces = join( '|', map $providers{$_}->{physical}, @nonshared );
|
||||||
@ -2245,11 +2246,9 @@ sub handle_optional_interfaces() {
|
|||||||
# names but they might derive from wildcard interface entries. Optional interfaces which do not have
|
# names but they might derive from wildcard interface entries. Optional interfaces which do not have
|
||||||
# wildcard physical names are also included in the providers table.
|
# wildcard physical names are also included in the providers table.
|
||||||
#
|
#
|
||||||
for my $provider ( @providers ) {
|
for my $providerref ( grep $_->{optional} , values %providers ) {
|
||||||
if ( ( my $providerref = $providers{$provider} )->{optional} ) {
|
push @interfaces, $providerref->{interface};
|
||||||
push @interfaces, $providerref->{interface};
|
$wildcards ||= $providerref->{wildcard};
|
||||||
$wildcards ||= $providerref->{wildcard};
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -2297,7 +2296,17 @@ sub handle_optional_interfaces() {
|
|||||||
|
|
||||||
emit( "$physical)" ), push_indent if $wildcards;
|
emit( "$physical)" ), push_indent if $wildcards;
|
||||||
|
|
||||||
emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then);
|
if ( $provider eq $physical ) {
|
||||||
|
#
|
||||||
|
# Just an optional interface, or provider and interface are the same
|
||||||
|
#
|
||||||
|
emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then);
|
||||||
|
} else {
|
||||||
|
#
|
||||||
|
# Provider
|
||||||
|
#
|
||||||
|
emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then);
|
||||||
|
}
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ sub setup_proxy_arp() {
|
|||||||
|
|
||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
for my $interface ( sortkeysiftest %reset ) {
|
for my $interface ( keys %reset ) {
|
||||||
unless ( $set{interface} ) {
|
unless ( $set{interface} ) {
|
||||||
my $physical = get_physical $interface;
|
my $physical = get_physical $interface;
|
||||||
emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" ,
|
emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" ,
|
||||||
@ -164,7 +164,7 @@ sub setup_proxy_arp() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for my $interface ( sortkeysiftest %set ) {
|
for my $interface ( keys %set ) {
|
||||||
my $physical = get_physical $interface;
|
my $physical = get_physical $interface;
|
||||||
emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" ,
|
emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" ,
|
||||||
" echo 1 > /proc/sys/net/ipv$family/conf/$physical/$proc_file" );
|
" echo 1 > /proc/sys/net/ipv$family/conf/$physical/$proc_file" );
|
||||||
|
@ -29,7 +29,6 @@ package Shorewall::Zones;
|
|||||||
require Exporter;
|
require Exporter;
|
||||||
use Shorewall::Config qw(:DEFAULT :internal);
|
use Shorewall::Config qw(:DEFAULT :internal);
|
||||||
use Shorewall::IPAddrs;
|
use Shorewall::IPAddrs;
|
||||||
use sort 'stable';
|
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
@ -848,10 +847,10 @@ sub dump_zone_contents() {
|
|||||||
$entry .= ( " mark=" . in_hex( $zoneref->{mark} ) ) if exists $zoneref->{mark};
|
$entry .= ( " mark=" . in_hex( $zoneref->{mark} ) ) if exists $zoneref->{mark};
|
||||||
|
|
||||||
if ( $hostref ) {
|
if ( $hostref ) {
|
||||||
for my $type ( sortkeysiftest %$hostref ) {
|
for my $type ( keys %$hostref ) {
|
||||||
my $interfaceref = $hostref->{$type};
|
my $interfaceref = $hostref->{$type};
|
||||||
|
|
||||||
for my $interface ( sortkeysiftest %$interfaceref ) {
|
for my $interface ( keys %$interfaceref ) {
|
||||||
my $iref = $interfaces{$interface};
|
my $iref = $interfaces{$interface};
|
||||||
my $arrayref = $interfaceref->{$interface};
|
my $arrayref = $interfaceref->{$interface};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user