mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-23 08:03:11 +01:00
Fix a parsing error; clean up output; disable TC and Multi-ISP in 6 for now
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
63f3b609f7
commit
71155835a1
@ -1982,7 +1982,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
} else {
|
||||
$iiface = $source;
|
||||
}
|
||||
} elsif ( $source =~ /^(.+?):\[(.+)\]\s+$/ ) {
|
||||
} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) {
|
||||
$iiface = $1;
|
||||
$inets = $2;
|
||||
} elsif ( $source =~ /:/ ) {
|
||||
@ -2065,7 +2065,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
||||
} else {
|
||||
$diface = $dest;
|
||||
}
|
||||
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s+$/ ) {
|
||||
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) {
|
||||
$diface = $1;
|
||||
$dnets = $2;
|
||||
} elsif ( $dest =~ /:/ ) {
|
||||
|
||||
@ -65,8 +65,8 @@ sub reinitialize() {
|
||||
Shorewall::Zones::initialize ($family);
|
||||
Shorewall::Policy::initialize;
|
||||
Shorewall::Nat::initialize;
|
||||
Shorewall::Providers::initialize;
|
||||
Shorewall::Tc::initialize;
|
||||
Shorewall::Providers::initialize($family);
|
||||
Shorewall::Tc::initialize($family);
|
||||
Shorewall::Actions::initialize;
|
||||
Shorewall::Accounting::initialize;
|
||||
Shorewall::Rules::initialize($family);
|
||||
|
||||
@ -46,6 +46,7 @@ our @EXPORT = qw(
|
||||
warning_message
|
||||
fatal_error
|
||||
progress_message
|
||||
progress_message_nocompress
|
||||
progress_message2
|
||||
progress_message3
|
||||
);
|
||||
@ -813,6 +814,24 @@ sub progress_message {
|
||||
}
|
||||
}
|
||||
|
||||
sub progress_message_nocompress {
|
||||
my $havelocaltime = 0;
|
||||
|
||||
if ( $verbose > 1 ) {
|
||||
timestamp, $havelocaltime = 1 if $timestamp;
|
||||
print "@_\n";
|
||||
}
|
||||
|
||||
if ( $log_verbose > 1 ) {
|
||||
our @localtime;
|
||||
|
||||
@localtime = localtime unless $havelocaltime;
|
||||
|
||||
printf $log '%s %2d %2d:%02d:%02d ', $abbr[$localtime[4]], @localtime[3,2,1,0];
|
||||
print $log "@_\n";
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Write a message if $verbose >= 1
|
||||
#
|
||||
|
||||
@ -528,7 +528,7 @@ sub validate_6net( $$ ) {
|
||||
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
|
||||
|
||||
if ( defined $vlsm ) {
|
||||
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 64;
|
||||
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;
|
||||
fatal_error "Invalid Network address ($_[0])" if defined $rest;
|
||||
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
|
||||
} else {
|
||||
|
||||
@ -149,7 +149,7 @@ sub print_policy($$$$) {
|
||||
my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) );
|
||||
warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} );
|
||||
}
|
||||
progress_message " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
|
||||
progress_message_nocompress " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
|
||||
}
|
||||
}
|
||||
|
||||
@ -362,7 +362,7 @@ sub policy_rules( $$$$$ ) {
|
||||
}
|
||||
|
||||
sub report_syn_flood_protection() {
|
||||
progress_message ' Enabled SYN flood protection';
|
||||
progress_message_nocompress ' Enabled SYN flood protection';
|
||||
}
|
||||
|
||||
sub default_policy( $$$ ) {
|
||||
@ -396,7 +396,7 @@ sub default_policy( $$$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
progress_message " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
|
||||
progress_message_nocompress " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -54,6 +54,8 @@ our %providers;
|
||||
|
||||
our @providers;
|
||||
|
||||
our $family;
|
||||
|
||||
|
||||
#
|
||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||
@ -64,7 +66,9 @@ our @providers;
|
||||
# the second and subsequent calls to that function.
|
||||
#
|
||||
|
||||
sub initialize() {
|
||||
sub initialize( $ ) {
|
||||
$family = shift;
|
||||
|
||||
@routemarked_providers = ();
|
||||
%routemarked_interfaces = ();
|
||||
@routemarked_interfaces = ();
|
||||
@ -79,7 +83,7 @@ sub initialize() {
|
||||
}
|
||||
|
||||
INIT {
|
||||
initialize;
|
||||
initialize( F_IPV4 );
|
||||
}
|
||||
|
||||
#
|
||||
@ -481,6 +485,8 @@ sub setup_providers() {
|
||||
while ( read_a_line ) {
|
||||
unless ( $providers ) {
|
||||
progress_message2 "$doing $fn ...";
|
||||
fatal_error "Multi-ISP support is not yet available in Shorewall6" if $family == F_IPV6;
|
||||
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
|
||||
|
||||
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
|
||||
|
||||
@ -128,7 +128,7 @@ sub process_tos() {
|
||||
if ( $family == F_IPV4 ) {
|
||||
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
|
||||
fatal_error 'Invalid SOURCE' if defined $remainder;
|
||||
} elsif ( $src =~ /^(.+?):\[(.*)]\s$/ ) {
|
||||
} elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) {
|
||||
$srczone = $1;
|
||||
$source = $2;
|
||||
} else {
|
||||
|
||||
@ -155,6 +155,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
|
||||
tcfor => NO_RESTRICT ,
|
||||
tcout => OUTPUT_RESTRICT );
|
||||
|
||||
our $family;
|
||||
|
||||
#
|
||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||
# the compiler to run multiple times in the same process. The
|
||||
@ -164,7 +166,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
|
||||
# the second and subsequent calls to that function.
|
||||
#
|
||||
|
||||
sub initialize() {
|
||||
sub initialize( $ ) {
|
||||
$family = shift;
|
||||
%classids = ();
|
||||
@deferred_rules = ();
|
||||
@tcdevices = ();
|
||||
@ -176,7 +179,7 @@ sub initialize() {
|
||||
}
|
||||
|
||||
INIT {
|
||||
initialize;
|
||||
initialize( F_IPV4 );
|
||||
}
|
||||
|
||||
sub process_tc_rule( $$$$$$$$$$$$ ) {
|
||||
@ -339,6 +342,8 @@ sub validate_tc_device( $$$$$ ) {
|
||||
|
||||
my $devnumber;
|
||||
|
||||
fatal_error "Traffic Shaping is not yet available in Shorewall6" if $family == F_IPV6;
|
||||
|
||||
if ( $device =~ /:/ ) {
|
||||
( my $number, $device, my $rest ) = split /:/, $device, 3;
|
||||
|
||||
|
||||
@ -374,7 +374,7 @@ sub zone_report()
|
||||
|
||||
$type = $ipzone if $type eq 'ip';
|
||||
|
||||
progress_message " $zone ($type)";
|
||||
progress_message_nocompress " $zone ($type)";
|
||||
|
||||
my $printed = 0;
|
||||
|
||||
@ -388,7 +388,11 @@ sub zone_report()
|
||||
my $hosts = $groupref->{hosts};
|
||||
if ( $hosts ) {
|
||||
my $grouplist = join ',', ( @$hosts );
|
||||
progress_message " $interface:$grouplist";
|
||||
if ( $family == F_IPV4 ) {
|
||||
progress_message_nocompress " $interface:$grouplist";
|
||||
} else {
|
||||
progress_message_nocompress " $interface:\[$grouplist\]";
|
||||
}
|
||||
$printed = 1;
|
||||
}
|
||||
}
|
||||
@ -443,7 +447,11 @@ sub dump_zone_contents()
|
||||
my $hosts = $groupref->{hosts};
|
||||
if ( $hosts ) {
|
||||
my $grouplist = join ',', ( @$hosts );
|
||||
$entry .= " $interface:$grouplist";
|
||||
if ( $family == F_IPV4 ) {
|
||||
$entry .= " $interface:$grouplist";
|
||||
} else {
|
||||
$entry .= " $interface:\[$grouplist\]";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user