More 'update' fixes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-25 15:55:49 -07:00
parent dc73832570
commit 7a98c7b9e5

View File

@ -4777,8 +4777,6 @@ sub update_config_file( $$ ) {
if ( supplied $config{LOGRATE} ) { if ( supplied $config{LOGRATE} ) {
fatal_error"Invalid LOGRATE ($config{LOGRATE})" unless $config{LOGRATE} =~ /^\d+\/(second|minute)$/; fatal_error"Invalid LOGRATE ($config{LOGRATE})" unless $config{LOGRATE} =~ /^\d+\/(second|minute)$/;
$limit = $config{LOGRATE}; $limit = $config{LOGRATE};
$limit =~ s/second/sec/;
$limit =~ s/minute/min/;
} }
if ( supplied $config{LOGBURST} ) { if ( supplied $config{LOGBURST} ) {
@ -4790,6 +4788,21 @@ sub update_config_file( $$ ) {
} }
} }
unless ( supplied $config{BLACKLIST} ) {
if ( $config{BLACKLISTNEWONLY} ) {
default_yes_no 'BLACKLISTNEWONLY' , '';
fatal_error "BLACKLISTNEWONLY=No may not be specified with FASTACCEPT=Yes" if $config{FASTACCEPT} && ! $config{BLACKLISTNEWONLY};
if ( have_capability 'RAW_TABLE' ) {
$globals{BLACKLIST_STATES} = $config{BLACKLISTNEWONLY} ? 'NEW,INVALID,UNTRACKED' : 'NEW,ESTABLISHED,INVALID,UNTRACKED';
} else {
$globals{BLACKLIST_STATES} = $config{BLACKLISTNEWONLY} ? 'NEW,INVALID' : 'NEW,ESTABLISHED,INVALID';
}
$config{BLACKLIST} = $globals{BLACKLIST_STATES};
}
}
my $fn; my $fn;
unless ( -d "$globals{SHAREDIR}/configfiles/" ) { unless ( -d "$globals{SHAREDIR}/configfiles/" ) {
@ -5482,7 +5495,7 @@ sub get_configuration( $$$$$ ) {
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto'; my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
my $units; my $units;
if ( $rate =~ /^[sd]:((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) { if ( $rate =~ /^[sd]:((\d+)(\/(sec|min|second|minute|hour|day))):(\d+)$/ ) {
fatal_error "Invalid rate ($1)" unless $2; fatal_error "Invalid rate ($1)" unless $2;
fatal_error "Invalid burst value ($5)" unless $5; fatal_error "Invalid burst value ($5)" unless $5;
@ -5508,7 +5521,7 @@ sub get_configuration( $$$$$ ) {
$limit .= "--hashlimit-htable-expire $expire "; $limit .= "--hashlimit-htable-expire $expire ";
} }
} elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) { } elsif ( $rate =~ /^((\d+)(\/(sec|min|second|minute|hour|day))):(\d+)$/ ) {
fatal_error "Invalid rate ($1)" unless $2; fatal_error "Invalid rate ($1)" unless $2;
fatal_error "Invalid burst value ($5)" unless $5; fatal_error "Invalid burst value ($5)" unless $5;
$limit = "-m limit --limit $1 --limit-burst $5 "; $limit = "-m limit --limit $1 --limit-burst $5 ";
@ -5653,15 +5666,6 @@ sub get_configuration( $$$$$ ) {
$globals{BLACKLIST_STATES} = join ',', @states; $globals{BLACKLIST_STATES} = join ',', @states;
} }
} elsif ( supplied $config{BLACKLISTNEWONLY} ) {
default_yes_no 'BLACKLISTNEWONLY' , '';
fatal_error "BLACKLISTNEWONLY=No may not be specified with FASTACCEPT=Yes" if $config{FASTACCEPT} && ! $config{BLACKLISTNEWONLY};
if ( have_capability 'RAW_TABLE' ) {
$globals{BLACKLIST_STATES} = $config{BLACKLISTNEWONLY} ? 'NEW,INVALID,UNTRACKED' : 'NEW,ESTABLISHED,INVALID,UNTRACKED';
} else {
$globals{BLACKLIST_STATES} = $config{BLACKLISTNEWONLY} ? 'NEW,INVALID' : 'NEW,ESTABLISHED,INVALID';
}
} else { } else {
if ( have_capability 'RAW_TABLE' ) { if ( have_capability 'RAW_TABLE' ) {
$globals{BLACKLIST_STATES} = $config{FASTACCEPT} ? 'NEW,INVALID,UNTRACKED' : 'NEW,ESTABLISHED,INVALID,UNTRACKED'; $globals{BLACKLIST_STATES} = $config{FASTACCEPT} ? 'NEW,INVALID,UNTRACKED' : 'NEW,ESTABLISHED,INVALID,UNTRACKED';
@ -5706,11 +5710,7 @@ sub get_configuration( $$$$$ ) {
default_yes_no 'USE_DEFAULT_RT' , ''; default_yes_no 'USE_DEFAULT_RT' , '';
default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes'; default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes';
default_yes_no 'AUTOMAKE' , ''; default_yes_no 'AUTOMAKE' , '';
default_yes_no 'TRACK_PROVIDERS' , '';
if ($update) {
default_yes_no 'WIDE_TC_MARKS' , '';
default_yes_no 'TRACK_PROVIDERS' , '';
}
unless ( ( $config{NULL_ROUTE_RFC1918} || '' ) =~ /^(?:blackhole|unreachable|prohibit)$/ ) { unless ( ( $config{NULL_ROUTE_RFC1918} || '' ) =~ /^(?:blackhole|unreachable|prohibit)$/ ) {
default_yes_no( 'NULL_ROUTE_RFC1918', '' ); default_yes_no( 'NULL_ROUTE_RFC1918', '' );
@ -5744,17 +5744,9 @@ sub get_configuration( $$$$$ ) {
require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK}; require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
if ( $update ) { numeric_option 'TC_BITS' , 8, 0;
numeric_option 'TC_BITS', $config{WIDE_TC_MARKS} ? 14 : 8 , 0; numeric_option 'MASK_BITS' , 8, 0;
numeric_option 'MASK_BITS', $config{WIDE_TC_MARKS} ? 16 : 8, $config{TC_BITS}; numeric_option 'PROVIDER_OFFSET' , 0, 0;
numeric_option 'PROVIDER_BITS' , 8, 0;
numeric_option 'PROVIDER_OFFSET' , $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? 16 : 8 : 0, 0;
} else {
numeric_option 'TC_BITS' , 8, 0;
numeric_option 'MASK_BITS' , 8, 0;
numeric_option 'PROVIDER_OFFSET' , 8, 0;
}
numeric_option 'PROVIDER_BITS' , 8, 0; numeric_option 'PROVIDER_BITS' , 8, 0;
numeric_option 'ZONE_BITS' , 0, 0; numeric_option 'ZONE_BITS' , 0, 0;