extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add some capability tests

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5736 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-29 01:14:13 +00:00
parent 50195b17ce
commit 8fc53b3277
3 changed files with 54 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
New/Shorewall/Rules.pm
View File

@ -187,9 +187,7 @@ sub setup_rfc1918_filteration( $ ) {
add_rule $rfc1918ref , '-j DROP'; add_rule $rfc1918ref , '-j DROP';
if ( $config{RFC1918_STRICT} ) { $chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT};
$chainref = new_standard_chain 'rfc1918d';
}
open RFC, "$ENV{TMP_DIR}/rfc1918" or fatal_error "Unable to open stripped rfc1918 file: $!"; open RFC, "$ENV{TMP_DIR}/rfc1918" or fatal_error "Unable to open stripped rfc1918 file: $!";
@ -948,6 +946,7 @@ sub process_rule1 ( $$$$$$$$$ ) {
if ( $actiontype & NATRULE ) { if ( $actiontype & NATRULE ) {
my ( $server, $serverport , $natchain ); my ( $server, $serverport , $natchain );
fatal_error "$target rules not allowed in the $section SECTION" if $section ne 'NEW'; fatal_error "$target rules not allowed in the $section SECTION" if $section ne 'NEW';
require_capability( 'NAT_ENABLED' , "$basictarget rules" );
# #
# Isolate server port # Isolate server port
# #

7
New/Shorewall/Tc.pm
View File

@ -496,6 +496,9 @@ sub setup_tc() {
ensure_mangle_chain 'tcpost'; ensure_mangle_chain 'tcpost';
} }
if ( -s "$ENV{TMP_DIR}/tcrules" ) {
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' );
open TC, "$ENV{TMP_DIR}/tcrules" or fatal_error "Unable to open stripped tcrules file: $!"; open TC, "$ENV{TMP_DIR}/tcrules" or fatal_error "Unable to open stripped tcrules file: $!";
while ( $line = <TC> ) { while ( $line = <TC> ) {
@ -518,6 +521,9 @@ sub setup_tc() {
close TC; close TC;
$comment = ''; $comment = '';
}
if ( $capabilities{MANGLE_ENABLED} ) {
my $mark_part = ''; my $mark_part = '';
@ -542,6 +548,7 @@ sub setup_tc() {
insert_rule $mangle_table->{$chain}, 1, '-j MARK --and-mark -0xFF'; insert_rule $mangle_table->{$chain}, 1, '-j MARK --and-mark -0xFF';
} }
} }
}
if ( $config{TC_SCRIPT} ) { if ( $config{TC_SCRIPT} ) {
save_progress_message 'Setting up Traffic Control...'; save_progress_message 'Setting up Traffic Control...';

11
New/compiler.pl
View File

@ -641,6 +641,7 @@ sub compiler( $ ) {
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' ) if $config{MACLIST_TTL}; require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' ) if $config{HIGH_ROUTE_MARKS}; require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' ) if $config{HIGH_ROUTE_MARKS};
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' ) if $config{TC_ENABLED}; require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' ) if $config{TC_ENABLED};
require_capability( 'CONNTRACK_MATCH' , 'RFC1918_STRICT=Yes' ) if $config{RFC1918_STRICT};
( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile; ( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile;
@ -710,6 +711,7 @@ sub compiler( $ ) {
# [Re-]establish Routing # [Re-]establish Routing
# #
if ( -s "$ENV{TMP_DIR}/providers" ) { if ( -s "$ENV{TMP_DIR}/providers" ) {
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
setup_providers; setup_providers;
} else { } else {
emit "\nundo_routing"; emit "\nundo_routing";
@ -731,8 +733,11 @@ sub compiler( $ ) {
# #
# Setup Masquerading/SNAT # Setup Masquerading/SNAT
# #
if ( -s "$ENV{TMP_DIR}/masq" ) {
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
progress_message2 "$doing Masq file..."; progress_message2 "$doing Masq file...";
setup_masq; setup_masq;
}
# #
# MACLIST Filtration # MACLIST Filtration
# #
@ -766,13 +771,19 @@ sub compiler( $ ) {
# #
# Setup Nat # Setup Nat
# #
if ( -s "$ENV{TMP_DIR}/nat" ) {
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
progress_message2 "$doing one-to-one NAT..."; progress_message2 "$doing one-to-one NAT...";
setup_nat; setup_nat;
}
# #
# Setup NETMAP # Setup NETMAP
# #
if ( -s "$ENV{TMP_DIR}/nat" ) {
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
progress_message2 "$doing NETMAP..."; progress_message2 "$doing NETMAP...";
setup_netmap; setup_netmap;
}
# #
# Accounting. # Accounting.
# #