extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-16 11:20:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

More 'detect' fixes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5631 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-22 19:43:24 +00:00
parent 00ddbee0a5
commit 7146dc4942
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
New/Shorewall/Chains.pm
View File

@ -973,8 +973,8 @@ sub expand_rule( $$$$$$$$$$ )
fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface; fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface;
if ( $restriction == POSTROUTE_RESTRICT ) { if ( $restriction == POSTROUTE_RESTRICT ) {
add_command( $chainref , (' ' x $detectcount) . "sources=\$(get_routed_networks $iiface);" ); add_command( $chainref , (' ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" );
add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$sourcess" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"";) ); add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$sources" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"") );
add_command( $chainref , (' ' x $detectcount) . 'for source in $sources; do' ); add_command( $chainref , (' ' x $detectcount) . 'for source in $sources; do' );
$rule .= '-s $source'; $rule .= '-s $source';
$detectcount++; $detectcount++;
@ -1007,8 +1007,8 @@ sub expand_rule( $$$$$$$$$$ )
fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface; fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface;
if ( $restriction == PREROUTE_RESTRICT ) { if ( $restriction == PREROUTE_RESTRICT ) {
add_command( $chainref , (' ' x $detectcount) . "dests=\$(find_interface_addresses $diface);" ); add_command( $chainref , (' ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" );
add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\";") ); add_command( $chainref , (' ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"") );
add_command( $chainref , (' ' x $detectcount) . 'for dest in $dests; do' ); add_command( $chainref , (' ' x $detectcount) . 'for dest in $dests; do' );
$rule .= '-d $dest'; $rule .= '-d $dest';
@ -1023,7 +1023,7 @@ sub expand_rule( $$$$$$$$$$ )
if ( $detectcount ) { if ( $detectcount ) {
my $newchainref = new_anon_chain( $chainref ); my $newchainref = new_anon_chain( $chainref );
add_command $chainref, (' ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}";); add_command $chainref, (' ' x $detectcount) . qq(echo "-A $chain $rule -j $newchainref->{name}" >&3;);
while ( $detectcount-- ) { while ( $detectcount-- ) {
add_command( $chainref, (' ' x $detectcount) . 'done' ); add_command( $chainref, (' ' x $detectcount) . 'done' );
@ -1239,6 +1239,7 @@ sub emitr( $ ) {
emit $rule; emit $rule;
} else { } else {
unless ( $state == CAT_STATE ) { unless ( $state == CAT_STATE ) {
emit '';
emit 'cat >&3 << __EOF__'; emit 'cat >&3 << __EOF__';
$state = CAT_STATE; $state = CAT_STATE;
} }
@ -1299,7 +1300,7 @@ sub create_netfilter_load() {
emit_unindented '__EOF__' unless $state == CMD_STATE; emit_unindented '__EOF__' unless $state == CMD_STATE;
emit ''; emit '';
emit 'iptables-restore << $TEMPFILE' if $slowstart; emit 'iptables-restore < $TEMPFILE' if $slowstart;
emit 'if [ $? != 0 ]; then'; emit 'if [ $? != 0 ]; then';
emit ' fatal_error "iptables-restore Failed"'; emit ' fatal_error "iptables-restore Failed"';
emit "fi\n"; emit "fi\n";

9
New/Shorewall/Nat.pm
View File

@ -164,7 +164,6 @@ sub setup_one_masq($$$$$$)
# #
$networks = ALLIPv4 unless $networks; $networks = ALLIPv4 unless $networks;
$destnets = ALLIPv4 unless $destnets; $destnets = ALLIPv4 unless $destnets;
# #
# Handle Protocol and Ports # Handle Protocol and Ports
# #
@ -189,11 +188,11 @@ sub setup_one_masq($$$$$$)
} }
} elsif ( $addresses eq 'detect' ) { } elsif ( $addresses eq 'detect' ) {
$target = '-j SNAT $addrlist'; $target = '-j SNAT $addrlist';
add_command( $chainref , "addresses=\$(find_interface_addresses $interface); \\" ); add_command( $chainref , "addresses=\$(find_interface_addresses $interface);" );
add_command( $chainref , qq([ -z "\$addresses" ] && fatal_error "Unable to determine the IP address(es) of $interface"; \\) ); add_command( $chainref , qq([ -z "\$addresses" ] && fatal_error "Unable to determine the IP address(es) of $interface";) );
add_command( $chainref , 'addrlist=; \\' ); add_command( $chainref , 'addrlist=; \\' );
add_command( $chainref , 'for address in $addresses; do \\' ); add_command( $chainref , 'for address in $addresses; do' );
add_command( $chainref , ' addrlist="$addrlist --to-source $address \\";' ); add_command( $chainref , ' addrlist="$addrlist --to-source $address";' );
add_command( $chainref , 'done' ); add_command( $chainref , 'done' );
} else { } else {
my $addrlist = ''; my $addrlist = '';