extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 04:32:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow switch initialization.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-27 16:17:43 -08:00
parent e44acdc6af
commit 8006d150f1
8 changed files with 64 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -248,6 +248,7 @@ our %EXPORT_TAGS = (
preview_netfilter_load preview_netfilter_load
create_chainlist_reload create_chainlist_reload
create_stop_load create_stop_load
initialize_switches
%targets %targets
%dscpmap %dscpmap
%nfobjects %nfobjects
@ -603,6 +604,8 @@ my %isocodes;
use constant { ISODIR => '/usr/share/xt_geoip/LE' }; use constant { ISODIR => '/usr/share/xt_geoip/LE' };
my %switches;
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:
@ -663,6 +666,7 @@ sub initialize( $$$ ) {
%isocodes = (); %isocodes = ();
%nfobjects = (); %nfobjects = ();
%switches = ();
# #
# The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined. # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
@ -4644,6 +4648,10 @@ sub do_condition( $$ ) {
my $invert = $condition =~ s/^!// ? '! ' : ''; my $invert = $condition =~ s/^!// ? '! ' : '';
my $initialize;
$initialize = $1 if $condition =~ s/(?:=([01]))?$//;
require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's'; require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's';
if ( $condition =~ /@/ ) { if ( $condition =~ /@/ ) {
@ -4653,7 +4661,16 @@ sub do_condition( $$ ) {
fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30; fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30;
if ( defined $initialize ) {
if ( my $switchref = $switches{$condition} ) {
fatal_error "Switch $condition was previously initialized to $switchref->{setting} at $switchref->{where}" unless $switchref->{setting} == $initialize;
} else {
$switches{$condition} = { setting => $initialize, where => currentlineinfo };
}
}
"-m condition ${invert}--condition $condition " "-m condition ${invert}--condition $condition "
} }
# #
@ -7464,4 +7481,16 @@ sub create_stop_load( $ ) {
} }
sub initialize_switches() {
if ( keys %switches ) {
emit( ' if [ $COMMAND = start ]; then' );
push_indent;
while ( my ( $switch, $setting ) = each %switches ) {
emit " echo $setting->{setting} > /proc/net/nf_condition/$switch";
}
pop_indent;
emit " fi\n";
}
}
1; 1;

1
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -487,6 +487,7 @@ EOF
emit<<"EOF"; emit<<"EOF";
conditionally_flush_conntrack conditionally_flush_conntrack
EOF EOF
initialize_switches;
setup_forwarding( $family , 0 ); setup_forwarding( $family , 0 );
emit<<"EOF"; emit<<"EOF";

1
Shorewall/Perl/Shorewall/Config.pm
View File

@ -47,6 +47,7 @@ our @EXPORT = qw(
warning_message warning_message
fatal_error fatal_error
assert assert
currentlineinfo
progress_message progress_message
progress_message_nocompress progress_message_nocompress

7
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -386,7 +386,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">SWITCH - <term><emphasis role="bold">SWITCH -
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable>[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.5.10 and allows enabling and disabling <para>Added in Shorewall 4.5.10 and allows enabling and disabling
@ -419,6 +419,11 @@
<para>Switch settings are retained over <command>shorewall <para>Switch settings are retained over <command>shorewall
restart</command>.</para> restart</command>.</para>
<para>When the <replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the start command. Other
commands do not affect the switch setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

8
Shorewall/manpages/shorewall-masq.xml
View File

@ -461,7 +461,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">SWITCH - <term><emphasis role="bold">SWITCH -
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable>[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.5.1 and allows enabling and disabling the <para>Added in Shorewall 4.5.1 and allows enabling and disabling the
@ -493,6 +493,12 @@
<para>Switch settings are retained over <command>shorewall <para>Switch settings are retained over <command>shorewall
restart</command>.</para> restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the start command. Other
commands do not affect the switch setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

8
Shorewall/manpages/shorewall-rules.xml
View File

@ -1369,7 +1369,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">SWITCH - <term><emphasis role="bold">SWITCH -
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable>[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.24 and allows enabling and disabling <para>Added in Shorewall 4.4.24 and allows enabling and disabling
@ -1402,6 +1402,12 @@
<para>Switch settings are retained over <command>shorewall <para>Switch settings are retained over <command>shorewall
restart</command>.</para> restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the start command. Other
commands do not affect the switch setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

7
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -282,7 +282,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">SWITCH - <term><emphasis role="bold">SWITCH -
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable>[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall6 4.5.10 and allows enabling and disabling <para>Added in Shorewall6 4.5.10 and allows enabling and disabling
@ -315,6 +315,11 @@
<para>Switch settings are retained over <command>shorewall6 <para>Switch settings are retained over <command>shorewall6
restart</command>.</para> restart</command>.</para>
<para>When the <replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the start command. Other
commands do not affect the switch setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

8
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -1244,7 +1244,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">SWITCH - <term><emphasis role="bold">SWITCH -
[!]<replaceable>switch-name</replaceable></emphasis></term> [!]<replaceable>switch-name</replaceable>[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall6 4.4.24 and allows enabling and disabling <para>Added in Shorewall6 4.4.24 and allows enabling and disabling
@ -1277,6 +1277,12 @@
<para>Switch settings are retained over <command>shorewall6 <para>Switch settings are retained over <command>shorewall6
restart</command>.</para> restart</command>.</para>
<para>Beginning with Shoreawll 4.5.10, when the
<replaceable>switch-name</replaceable> is followed by
<option>=0</option> or <option>=1</option>, then the switch is
initialized to off or on respectively by the start command. Other
commands do not affect the switch setting.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>