extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Increment lib version (belatedly); some effeciency improvements

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4788 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-03 17:14:23 +00:00
parent d6d7e890fe
commit 78594b2efd
2 changed files with 30 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Shorewall/compiler
View File

@ -1041,6 +1041,7 @@ compile_refresh_firewall()
local INDENT="" local INDENT=""
local DOING="Compiling Refresh of" local DOING="Compiling Refresh of"
local DONE="Compiled" local DONE="Compiled"
local indent
save_command "refresh_firewall()" save_command "refresh_firewall()"
save_command "{" save_command "{"
@ -1051,7 +1052,17 @@ compile_refresh_firewall()
# #
# Blacklist # Blacklist
# #
refresh_blacklist Yes save_command "if chain_exists blacklst; then"
indent="$INDENT"
INDENT="$INDENT "
save_command progress_message2 \"Refreshing Black List...\"
run_iptables -F blacklst
save_command load_blacklist
INDENT="$indent"
save_command "fi"
ecn=$(find_file ecn) ecn=$(find_file ecn)
@ -2857,12 +2868,13 @@ process_default_macro() # $1 = macro name
local logtag= local logtag=
local excludesource= local excludesource=
local target client server protocol port cport ratelimit userspec rule local target client server protocol port cport ratelimit userspec rule
local f=$(find_file macro.${macro})
havechain $macro && fatal_error "Illegal duplicate default macro name: $macro" havechain $macro && fatal_error "Illegal duplicate default macro name: $macro"
createchain $macro no createchain $macro no
strip_file macro.$macro strip_file macro.$macro $f
progress_message "..Expanding Default Macro $(find_file macro.${macro}) into chain $macro..." progress_message "..Expanding Default Macro $f into chain $macro..."
while read target client server protocol port cport ratelimit userspec; do while read target client server protocol port cport ratelimit userspec; do
expandv target client server protocol port cport ratelimit userspec expandv target client server protocol port cport ratelimit userspec
@ -2878,13 +2890,13 @@ process_default_macro() # $1 = macro name
ACCEPT|DROP|REJECT) ACCEPT|DROP|REJECT)
;; ;;
*) *)
if list_search $target $ACTIONS; then if ! list_search $target $USEDACTIONS; then
if ! list_search $target $USEDACTIONS; then if list_search $target $ACTIONS; then
createactionchain $target createactionchain $target
USEDACTIONS="$USEDACTIONS $target" USEDACTIONS="$USEDACTIONS $target"
else
fatal_error "Invalid target ($target) in default macro $macro"
fi fi
else
fatal_error "Invalid target ($target) in default macro $macro"
fi fi
;; ;;
esac esac
@ -3424,9 +3436,13 @@ process_blacklist_rec() {
process_blacklist() process_blacklist()
{ {
local disposition=$BLACKLIST_DISPOSITION local disposition=$BLACKLIST_DISPOSITION
local f=$(find_file blacklist)
[ "$disposition" = REJECT ] && disposition=reject [ "$disposition" = REJECT ] && disposition=reject
strip_file blacklist $f
progress_message2 "Compiling $f..."
cat >&3 << __EOF__ cat >&3 << __EOF__
# #
# Load the blacklist # Load the blacklist
@ -3482,36 +3498,6 @@ setup_blacklist() {
fi fi
} }
#
# Refresh the Black List
#
refresh_blacklist() # $1 = Yes means flush the blacklist
{
local f=$(find_file blacklist)
local disposition=$BLACKLIST_DISPOSITION
local indent="$INDENT"
strip_file blacklist $f
[ "$disposition" = REJECT ] && disposition=reject
save_command "if chain_exists blacklst; then"
INDENT="$INDENT "
if [ "$1" = Yes ]; then
save_command progress_message2 \"Refreshing Black List...\"
run_iptables -F blacklst
else
save_command progress_message2 \"Loading Black List...\"
fi
save_command load_blacklist
INDENT="$indent"
save_command "fi"
}
# Construct zone-independent rules # Construct zone-independent rules
# #
add_common_rules() { add_common_rules() {
@ -4424,7 +4410,7 @@ activate_rules()
if [ -n "$exclusions1" ]; then if [ -n "$exclusions1" ]; then
# #
# We handle exlusions in the dest zone by inserting RETURN rules at the front of # We handle exclusions in the dest zone by inserting RETURN rules at the front of
# each rules chain where the zone is the destination # each rules chain where the zone is the destination
# #
case $chain in case $chain in
@ -4500,7 +4486,6 @@ activate_rules()
# #
# E N D F O R W A R D I N G # E N D F O R W A R D I N G
# #
#
# Now add (an) unconditional jump(s) to the last unique policy-only chain determined above, if any # Now add (an) unconditional jump(s) to the last unique policy-only chain determined above, if any
# #
if [ -n "$last_chain" ]; then if [ -n "$last_chain" ]; then
@ -4564,7 +4549,7 @@ activate_rules()
for table in mangle nat filter; do for table in mangle nat filter; do
case $table in case $table in
mangle) mangle)
chains="PREROUTING INPUT FORWARD POSTROUTING" [ -n "$MANGLE_FORWARD" ] && chains="PREROUTING INPUT FORWARD POSTROUTING" || chains="PREROUTING INPUT"
;; ;;
nat) nat)
chains="PREROUTING POSTROUTING OUTPUT" chains="PREROUTING POSTROUTING OUTPUT"
@ -5273,7 +5258,6 @@ __EOF__
fi fi
if [ -n "$(find_hosts_by_option blacklist)" ]; then if [ -n "$(find_hosts_by_option blacklist)" ]; then
strip_file blacklist
process_blacklist process_blacklist
fi fi
@ -5599,7 +5583,9 @@ __EOF__
append_file start append_file start
if [ -n "$DELAYBLACKLISTLOAD" -a -s ${TMP_DIR}/blacklist ]; then if [ -n "$DELAYBLACKLISTLOAD" -a -s ${TMP_DIR}/blacklist ]; then
refresh_blacklist No save_command
save_command progress_message2 \"Loading Black List...\"
save_command load_blacklist
save_command save_command
fi fi

2
Shorewall/lib.base
View File

@ -28,7 +28,7 @@
# and /usr/share/shorewall-lite/shorecap. # and /usr/share/shorewall-lite/shorecap.
# #
SHOREWALL_LIBVERSION=30302 SHOREWALL_LIBVERSION=30303
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]