From 78594b2efddaca1d35166bbf1c037f687173960c Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 3 Nov 2006 17:14:23 +0000 Subject: [PATCH] Increment lib version (belatedly); some effeciency improvements git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4788 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/compiler | 72 +++++++++++++++++++--------------------------- Shorewall/lib.base | 2 +- 2 files changed, 30 insertions(+), 44 deletions(-) diff --git a/Shorewall/compiler b/Shorewall/compiler index 387877fe6..8a4e42658 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -1041,6 +1041,7 @@ compile_refresh_firewall() local INDENT="" local DOING="Compiling Refresh of" local DONE="Compiled" + local indent save_command "refresh_firewall()" save_command "{" @@ -1050,8 +1051,18 @@ compile_refresh_firewall() # # Blacklist - # - refresh_blacklist Yes + # + save_command "if chain_exists blacklst; then" + indent="$INDENT" + INDENT="$INDENT " + + save_command progress_message2 \"Refreshing Black List...\" + run_iptables -F blacklst + + save_command load_blacklist + + INDENT="$indent" + save_command "fi" ecn=$(find_file ecn) @@ -2857,12 +2868,13 @@ process_default_macro() # $1 = macro name local logtag= local excludesource= local target client server protocol port cport ratelimit userspec rule + local f=$(find_file macro.${macro}) havechain $macro && fatal_error "Illegal duplicate default macro name: $macro" createchain $macro no - strip_file macro.$macro - progress_message "..Expanding Default Macro $(find_file macro.${macro}) into chain $macro..." + strip_file macro.$macro $f + progress_message "..Expanding Default Macro $f into chain $macro..." while read target client server protocol port cport ratelimit userspec; do expandv target client server protocol port cport ratelimit userspec @@ -2878,13 +2890,13 @@ process_default_macro() # $1 = macro name ACCEPT|DROP|REJECT) ;; *) - if list_search $target $ACTIONS; then - if ! list_search $target $USEDACTIONS; then + if ! list_search $target $USEDACTIONS; then + if list_search $target $ACTIONS; then createactionchain $target USEDACTIONS="$USEDACTIONS $target" + else + fatal_error "Invalid target ($target) in default macro $macro" fi - else - fatal_error "Invalid target ($target) in default macro $macro" fi ;; esac @@ -3424,9 +3436,13 @@ process_blacklist_rec() { process_blacklist() { local disposition=$BLACKLIST_DISPOSITION + local f=$(find_file blacklist) [ "$disposition" = REJECT ] && disposition=reject + strip_file blacklist $f + progress_message2 "Compiling $f..." + cat >&3 << __EOF__ # # Load the blacklist @@ -3482,36 +3498,6 @@ setup_blacklist() { fi } -# -# Refresh the Black List -# -refresh_blacklist() # $1 = Yes means flush the blacklist -{ - local f=$(find_file blacklist) - local disposition=$BLACKLIST_DISPOSITION - local indent="$INDENT" - - strip_file blacklist $f - - [ "$disposition" = REJECT ] && disposition=reject - - save_command "if chain_exists blacklst; then" - INDENT="$INDENT " - - if [ "$1" = Yes ]; then - save_command progress_message2 \"Refreshing Black List...\" - run_iptables -F blacklst - else - save_command progress_message2 \"Loading Black List...\" - fi - - save_command load_blacklist - - INDENT="$indent" - save_command "fi" -} - - # Construct zone-independent rules # add_common_rules() { @@ -4424,7 +4410,7 @@ activate_rules() if [ -n "$exclusions1" ]; then # - # We handle exlusions in the dest zone by inserting RETURN rules at the front of + # We handle exclusions in the dest zone by inserting RETURN rules at the front of # each rules chain where the zone is the destination # case $chain in @@ -4500,7 +4486,6 @@ activate_rules() # # E N D F O R W A R D I N G # - # # Now add (an) unconditional jump(s) to the last unique policy-only chain determined above, if any # if [ -n "$last_chain" ]; then @@ -4564,7 +4549,7 @@ activate_rules() for table in mangle nat filter; do case $table in mangle) - chains="PREROUTING INPUT FORWARD POSTROUTING" + [ -n "$MANGLE_FORWARD" ] && chains="PREROUTING INPUT FORWARD POSTROUTING" || chains="PREROUTING INPUT" ;; nat) chains="PREROUTING POSTROUTING OUTPUT" @@ -5273,7 +5258,6 @@ __EOF__ fi if [ -n "$(find_hosts_by_option blacklist)" ]; then - strip_file blacklist process_blacklist fi @@ -5599,7 +5583,9 @@ __EOF__ append_file start if [ -n "$DELAYBLACKLISTLOAD" -a -s ${TMP_DIR}/blacklist ]; then - refresh_blacklist No + save_command + save_command progress_message2 \"Loading Black List...\" + save_command load_blacklist save_command fi diff --git a/Shorewall/lib.base b/Shorewall/lib.base index 8934c4bc6..b2b9f09f3 100644 --- a/Shorewall/lib.base +++ b/Shorewall/lib.base @@ -28,7 +28,7 @@ # and /usr/share/shorewall-lite/shorecap. # -SHOREWALL_LIBVERSION=30302 +SHOREWALL_LIBVERSION=30303 [ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]