diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl/Shorewall/Accounting.pm index 3096c273e..ab1575a5f 100644 --- a/Shorewall-perl/Shorewall/Accounting.pm +++ b/Shorewall-perl/Shorewall/Accounting.pm @@ -39,6 +39,15 @@ our @EXPORT = qw( setup_accounting ); our @EXPORT_OK = qw( ); our @VERSION = 1.00; +sub initialize() { + our $jumpchainref; + $jumpchainref = undef; +} + +INIT { + initialize; +} + # # Accounting # diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl/Shorewall/Actions.pm index 200ec7702..68275378f 100644 --- a/Shorewall-perl/Shorewall/Actions.pm +++ b/Shorewall-perl/Shorewall/Actions.pm @@ -48,20 +48,19 @@ our @EXPORT = qw( merge_levels %default_actions %actions ); -our @EXPORT_OK = qw( ); +our @EXPORT_OK = qw( initialize ); our @VERSION = 1.00; # # Used Actions. Each action that is actually used has an entry with value 1. # our %usedactions; +## Firewall to DMZ # + # Default actions for each policy. # -our %default_actions = ( DROP => 'none' , - REJECT => 'none' , - ACCEPT => 'none' , - QUEUE => 'none' ); +our %default_actions; # Action Table # @@ -82,6 +81,20 @@ my %logactionchains; # # This function determines the logging for a subordinate action or a rule within a superior action # + +sub initialize() { + %default_actions = ( DROP => 'none' , + REJECT => 'none' , + ACCEPT => 'none' , + QUEUE => 'none' ); + %actions = (); + %logactionchains = (); +} + +INIT { + initialize; +} + sub merge_levels ($$) { my ( $superior, $subordinate ) = @_; diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 15bcd6a01..5d9c61720 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -126,7 +126,7 @@ our @EXPORT = qw( STANDARD $comment %targets ); -our @EXPORT_OK = (); +our @EXPORT_OK = qw( initialize ); our @VERSION = 1.00; # @@ -163,32 +163,14 @@ our @VERSION = 1.00; # 'loglevel', 'synparams' and 'default' only apply to policy chains. # our @policy_chains; -our %chain_table = ( raw => {} , - mangle => {}, - nat => {}, - filter => {} ); - +our %chain_table; our $nat_table = $chain_table{nat}; our $mangle_table = $chain_table{mangle}; our $filter_table = $chain_table{filter}; - -# -# These get set to 1 as sections are encountered. -# -our %sections = ( ESTABLISHED => 0, - RELATED => 0, - NEW => 0 - ); -# -# Current rules file section. -# -our $section = 'ESTABLISHED'; -# -# Contents of last COMMENT line. -# +our %sections; +our $section; our $comment = ''; -# Target Table. Each entry maps a target to a set of flags defined as follows. -# + use constant { STANDARD => 1, #defined by Netfilter NATRULE => 2, #Involves NAT BUILTIN => 4, #A built-in action @@ -199,10 +181,51 @@ use constant { STANDARD => 1, #defined by Netfilter MACRO => 128, #A Macro LOGRULE => 256, #'LOG' }; +our %targets; # -# As new targets (Actions and Macros) are discovered, they are added to the table +# expand_rule() restrictions # -our %targets = ('ACCEPT' => STANDARD, +use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i and -o may be used in the rule + PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d
using main routing table + INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed + OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed + POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s
using main routing table + ALL_RESTRICT => 12 # fw->fw rule - neither -i nor -o allowed + }; +our $exclseq = 0; +our $iprangematch = 0; +our $chainseq; + +sub initialize() { + @policy_chains = (); + %chain_table = ( raw => {} , + mangle => {}, + nat => {}, + filter => {} ); + + $nat_table = $chain_table{nat}; + $mangle_table = $chain_table{mangle}; + $filter_table = $chain_table{filter}; + + # + # These get set to 1 as sections are encountered. + # + %sections = ( ESTABLISHED => 0, + RELATED => 0, + NEW => 0 + ); + # + # Current rules file section. + # + $section = 'ESTABLISHED'; + # + # Contents of last COMMENT line. + # + $comment = ''; + # + # As new targets (Actions and Macros) are discovered, they are added to the table + # + %targets = ('ACCEPT' => STANDARD, 'ACCEPT+' => STANDARD + NONAT, 'ACCEPT!' => STANDARD, 'NONAT' => STANDARD + NONAT + NATONLY, @@ -231,29 +254,24 @@ our %targets = ('ACCEPT' => STANDARD, 'forwardUPnP' => BUILTIN + ACTION, 'Limit' => BUILTIN + ACTION, ); + # + # Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ... + # + $exclseq = 0; + # + # Used to suppress duplicate match specifications. + # + $iprangematch = 0; + # + # Sequence for naming temporary chains + # + our $chainseq; +} + +INIT { + initialize; +} -# -# expand_rule() restrictions -# -use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i and -o may be used in the rule - PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d
using main routing table - INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed - OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed - POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s
using main routing table - ALL_RESTRICT => 12 # fw->fw rule - neither -i nor -o allowed - }; -# -# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ... -# -our $exclseq = 0; -# -# Used to suppress duplicate match specifications. -# -our $iprangematch = 0; -# -# Sequence for naming temporary chains -# -our $chainseq; # # Add a run-time command to a chain. Arguments are: # @@ -644,7 +662,7 @@ sub finish_chain_section ($$) { } } } else { - my $policychainref = $chainref->{policychain}; + my $policychainref = $filter_table->{$chainref->{policychain}}; if ( $policychainref->{synparams} ) { my $synchainref = ensure_chain 'filter', syn_chain $policychainref->{name}; add_rule $chainref, "-p tcp --syn -j $synchainref->{name}"; diff --git a/Shorewall-perl/Shorewall/Common.pm b/Shorewall-perl/Shorewall/Common.pm index 981ec34e6..0f27ed6e9 100644 --- a/Shorewall-perl/Shorewall/Common.pm +++ b/Shorewall-perl/Shorewall/Common.pm @@ -60,21 +60,37 @@ our @EXPORT = qw( $done $verbose ); -our @EXPORT_OK = qw( $timestamp ); +our @EXPORT_OK = qw( $timestamp initialize ); our @VERSION = 1.00; -our $line = ''; # Current config file line - -our ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion. - -our $verbose = 0; # Verbosity setting. 0 = almost silent, 1 = major progress messages only, 2 = all progress messages (very noisy) -our $timestamp = ''; # If true, we are to timestamp each progress message -our $object = 0; # Object (script) file Handle Reference -our $lastlineblank = 0; # Avoid extra blank lines in the output -our $indent = ''; # Current indentation +our $line; +our ($command, $doing, $done ); +our $verbose; +our $timestamp; +our $object; +our $lastlineblank; +our $indent; our ( $dir, $file ); # Object's Directory and File our $tempfile; # Temporary File Name +sub initialize() { + $line = ''; # Current config file line + + ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion. + + $verbose = 0; # Verbosity setting. 0 = almost silent, 1 = major progress messages only, 2 = all progress messages (very noisy) + $timestamp = ''; # If true, we are to timestamp each progress message + $object = 0; # Object (script) file Handle Reference + $lastlineblank = 0; # Avoid extra blank lines in the output + $indent = ''; # Current indentation + ( $dir, $file ) = ('',''); # Object's Directory and File + $tempfile = ''; # Temporary File Name +} + +INIT { + initialize; +} + # # Fatal Error # diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 27b7b2450..4c40e78b3 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -47,10 +47,27 @@ our @EXPORT = qw( compiler EXPORT TIMESTAMP ); our @EXPORT_OK = qw( $export ); our @VERSION = 1.00; -our $export = 0; +our $export; + +our $reused = 0; use constant { EXPORT => 0x01 , TIMESTAMP => 0x02 }; + +sub initialize() { + Shorewall::Common::initialize; + Shorewall::Config::initialize; + Shorewall::Chains::initialize; + Shorewall::Interfaces::initialize; + Shorewall::Accounting::initialize; + Shorewall::Actions::initialize; + Shorewall::Nat::initialize; + Shorewall::Providers::initialize; + Shorewall::Rules::initialize; + Shorewall::Tc::initialize; + Shorewall::Zones::initialize; +} + # # First stage of script generation. # @@ -656,6 +673,10 @@ sub compiler( $$$$ ) { my ( $objectfile, $directory, $verbosity, $options ) = @_; + $export = 0; + + initialize if $reused++; + if ( $directory ne '' ) { fatal_error "$directory is not an existing directory" unless -d $directory; set_shorewall_dir( $directory ); diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 486c2abce..453b6d6c8 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -64,13 +64,60 @@ our @EXPORT = qw( %protocols %services ); -our @EXPORT_OK = qw( $shorewall_dir ); +our @EXPORT_OK = qw( $shorewall_dir initialize ); our @VERSION = 1.00; # # Misc Globals # -our %globals = ( SHAREDIR => '/usr/share/shorewall' , +our %globals; +# +# From shorewall.conf file +# +our %config; +# +# Config options and global settings that are to be copied to object script +# +our @propagateconfig; +our @propagateenv; +# +# From parsing the capabilities file +# +our %capabilities; +# +# /etc/protocols and /etc/services +# +our %protocols; +our %services; + +# +# Capabilities +# +our %capdesc; +# +# Directories to search for configuration files +# +our @config_path; +# +# Stash away file references here when we encounter INCLUDE +# +our @includestack; +# +# Allow nested opens +# +our @openstack; + +our $currentfile; # File handle reference +our $currentfilename; # File NAME +our $currentlinenumber; # Line number + +our $shorewall_dir; #Shorewall Directory + +sub initialize() { + # + # Misc Globals + # + %globals = ( SHAREDIR => '/usr/share/shorewall' , CONFDIR => '/etc/shorewall', SHAREDIRPL => '/usr/share/shorewall-perl/', ORIGINAL_POLICY_MATCH => '', @@ -78,11 +125,10 @@ our %globals = ( SHAREDIR => '/usr/share/shorewall' , TC_SCRIPT => '', VERSION => '4.0.0-Beta4', ); - -# -# From shorewall.conf file -# -our %config = + # + # From shorewall.conf file + # + %config = ( STARTUP_ENABLED => undef, VERBOSITY => undef, # @@ -172,16 +218,16 @@ our %config = TCP_FLAGS_DISPOSITION => undef, BLACKLIST_DISPOSITION => undef, ); -# -# Config options and global settings that are to be copied to object script -# -our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE /; -our @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /; + # + # Config options and global settings that are to be copied to object script + # + @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE /; + @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /; -# -# From parsing the capabilities file -# -our %capabilities = + # + # From parsing the capabilities file + # + %capabilities = ( NAT_ENABLED => undef, MANGLE_ENABLED => undef, MULTIPORT => undef, @@ -210,16 +256,15 @@ our %capabilities = COMMENTS => undef, ADDRTYPE => undef, ); -# -# /etc/protocols and /etc/services -# -our %protocols; -our %services; - -# -# Capabilities -# -our %capdesc = ( NAT_ENABLED => 'NAT', + # + # /etc/protocols and /etc/services + # + %protocols = (); + %services = (); + # + # Capabilities + # + %capdesc = ( NAT_ENABLED => 'NAT', MANGLE_ENABLED => 'Packet Mangling', MULTIPORT => 'Multi-port Match' , XMULTIPORT => 'Extended Multi-port Match', @@ -247,24 +292,29 @@ our %capdesc = ( NAT_ENABLED => 'NAT', COMMENTS => 'Comments', ADDRTYPE => 'Address Type Match', ); -# -# Directories to search for configuration files -# -our @config_path; -# -# Stash away file references here when we encounter INCLUDE -# -our @includestack; -# -# Allow nested opens -# -our @openstack; + # + # Directories to search for configuration files + # + @config_path = (); + # + # Stash away file references here when we encounter INCLUDE + # + @includestack = (); + # + # Allow nested opens + # + @openstack = (); -our $currentfile; # File handle reference -our $currentfilename; # File NAME -our $currentlinenumber = 0; # Line number + $currentfile = undef; # File handle reference + $currentfilename = ''; # File NAME + $currentlinenumber = 0; # Line number -our $shorewall_dir = ''; #Shorewall Directory + $shorewall_dir = ''; #Shorewall Directory +} + +INIT { + initialize; +} # # Issue a Warning Message diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm index 0bbcdce50..a1dafd4a2 100644 --- a/Shorewall-perl/Shorewall/Interfaces.pm +++ b/Shorewall-perl/Shorewall/Interfaces.pm @@ -46,7 +46,7 @@ our @EXPORT = qw( add_group_to_zone @interfaces @bridges ); -our @EXPORT_OK = (); +our @EXPORT_OK = qw( initialize ); our @VERSION = 1.00; # @@ -67,6 +67,16 @@ our @interfaces; our %interfaces; our @bridges; +sub initialize() { + @interfaces = (); + %interfaces = (); + @bridges = (); +} + +INIT { + initialize; +} + sub add_group_to_zone($$$$$) { my ($zone, $type, $interface, $networks, $options) = @_; @@ -323,7 +333,7 @@ sub validate_interfaces_file( $ ) my @networks; if ( $options{detectnets} ) { - fatal_error "The 'detectnets' option is not allowed with multi-zone interface" unless $zone; + fatal_error "The 'detectnets' option is not allowed on a multi-zone interface" unless $zone; fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard; fatal_error "The 'detectnets' option may not be used with the '-e' compiler option" if $export; @networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' ); diff --git a/Shorewall-perl/Shorewall/Macros.pm b/Shorewall-perl/Shorewall/Macros.pm index fcb88acd3..646dd1fdb 100644 --- a/Shorewall-perl/Shorewall/Macros.pm +++ b/Shorewall-perl/Shorewall/Macros.pm @@ -45,6 +45,14 @@ our @VERSION = 1.00; our %macros; +sub initialize() { + %macros = (); +} + +INIT { + initialize; +} + # # Try to find a macro file -- RETURNS false if the file doesn't exist or MACRO if it does. # If the file exists, the macro is entered into the 'targets' table and the fully-qualified diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl/Shorewall/Nat.pm index 2c7a6d889..ee6768158 100644 --- a/Shorewall-perl/Shorewall/Nat.pm +++ b/Shorewall-perl/Shorewall/Nat.pm @@ -43,6 +43,15 @@ our @VERSION = 1.00; our @addresses_to_add; our %addresses_to_add; +sub initialize() { + @addresses_to_add = (); + %addresses_to_add = (); +} + +INIT { + initialize; +} + # # Handle IPSEC Options in a masq record # diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 159c99c55..7f39d6b2d 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -50,7 +50,9 @@ sub new_policy_chain($$$) $chainref->{is_policy} = 1; $chainref->{policy} = $policy; $chainref->{is_optional} = $optional; - $chainref->{policychain} = $chainref; + $chainref->{policychain} = $chain; + + $chainref; } # @@ -63,7 +65,7 @@ sub set_policy_chain($$$) my $chainref1 = $filter_table->{$chain1}; $chainref1 = new_chain 'filter', $chain1 unless $chainref1; unless ( $chainref1->{policychain} ) { - $chainref1->{policychain} = $chainref; + $chainref1->{policychain} = $chainref->{name}; $chainref1->{policy} = $policy; } } @@ -208,7 +210,7 @@ sub validate_policy() } else { $chainref->{is_policy} = 1; $chainref->{policy} = $policy; - $chainref->{policy_chain} = $chainref; + $chainref->{policychain} = $chain; push @policy_chains, ( $chainref ); } } else { @@ -266,7 +268,7 @@ sub report_syn_flood_protection() { sub default_policy( $$$ ) { my $chainref = $_[0]; - my $policyref = $chainref->{policychain}; + my $policyref = $filter_table->{$chainref->{policychain}}; my $synparams = $policyref->{synparams}; my $default = $policyref->{default}; my $policy = $policyref->{policy}; @@ -350,7 +352,7 @@ sub complete_standard_chain ( $$$ ) { my ( $policy, $loglevel, $default ) = ( 'DROP', 6, $config{DROP_DEFAULT} ); my $policychainref; - $policychainref = $ruleschainref->{policychain} if $ruleschainref; + $policychainref = $filter_table->{$ruleschainref->{policychain}} if $ruleschainref; ( $policy, $loglevel, $default ) = @{$policychainref}{'policy', 'loglevel', 'default' } if $policychainref; diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index d67bd5ef0..a2098968f 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -46,9 +46,6 @@ our @EXPORT = qw( our @EXPORT_OK = qw( ); our @VERSION = 1.00; - -our %macros; - # # ARP Filtering # diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 41a110d79..450ac3446 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -35,7 +35,7 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_providers @routemarked_interfaces); -our @EXPORT_OK = ( ); +our @EXPORT_OK = qw( initialize ); our @VERSION = 1.00; use constant { LOCAL_NUMBER => 255, @@ -47,16 +47,30 @@ use constant { LOCAL_NUMBER => 255, our %routemarked_interfaces; our @routemarked_interfaces; -my $balance = 0; -my $first_default_route = 1; +our $balance; +our $first_default_route; +our %providers; -my %providers = ( 'local' => { number => LOCAL_NUMBER , mark => 0 } , - main => { number => MAIN_NUMBER , mark => 0 } , - default => { number => DEFAULT_NUMBER , mark => 0 } , - unspec => { number => UNSPEC_NUMBER , mark => 0 } ); +our @providers; -my @providers; +sub initialize() { + @providers = (); + %routemarked_interfaces = (); + @routemarked_interfaces = (); + $balance = 0; + $first_default_route = 1; + + %providers = ( 'local' => { number => LOCAL_NUMBER , mark => 0 } , + main => { number => MAIN_NUMBER , mark => 0 } , + default => { number => DEFAULT_NUMBER , mark => 0 } , + unspec => { number => UNSPEC_NUMBER , mark => 0 } ); + @providers = (); +} + +INIT { + initialize; +} # # Set up marking for 'tracked' interfaces. Unlike in Shorewall 3.x, we add these rules unconditionally, even if the associated interface isn't up. diff --git a/Shorewall-perl/Shorewall/Proxyarp.pm b/Shorewall-perl/Shorewall/Proxyarp.pm index 098573a84..d4c95ec63 100644 --- a/Shorewall-perl/Shorewall/Proxyarp.pm +++ b/Shorewall-perl/Shorewall/Proxyarp.pm @@ -40,6 +40,10 @@ our @VERSION = 1.00; our @proxyarp; +sub initialize() { + @proxyarp = (); +} + sub setup_one_proxy_arp( $$$$$ ) { my ( $address, $interface, $external, $haveroute, $persistent) = @_; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index c4cea2281..b1093fb07 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -50,7 +50,7 @@ our @EXPORT = qw( process_tos setup_mss dump_rule_chains ); -our @EXPORT_OK = qw( process_rule process_rule1 ); +our @EXPORT_OK = qw( process_rule process_rule1 initialize ); our @VERSION = 1.00; # @@ -60,7 +60,16 @@ our @rule_chains; # # Set to one if we find a SECTION # -our $sectioned = 0; +our $sectioned; + +sub initialize() { + @rule_chains = (); + $sectioned = 0; +} + +INIT { + initialize; +} use constant { MAX_MACRO_NEST_LEVEL => 5 }; @@ -1007,7 +1016,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { # Handle Optimization # if ( $optimize > 0 ) { - my $loglevel = $chainref->{policychain}{loglevel}; + my $loglevel = $filter_table->{$chainref->{policychain}}{loglevel}; if ( $loglevel ne '' ) { return 1 if $target eq "${policy}:$loglevel}"; } else { @@ -1335,7 +1344,7 @@ sub generate_matrix() { return 'ACCEPT' if $zone eq $zone1; if ( $chainref->{policy} ne 'CONTINUE' ) { - my $policyref = $chainref->{policychain}; + my $policyref = $filter_table->{$chainref->{policychain}}; return $policyref->{name} if $policyref; fatal_error "No policy defined for zone $zone to zone $zone1"; } diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index a2e446920..aee6c2d01 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -40,7 +40,7 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_tc ); -our @EXPORT_OK = qw( process_tc_rule ); +our @EXPORT_OK = qw( process_tc_rule initialize ); our @VERSION = 1.00; our %tcs = ( T => { chain => 'tcpost', @@ -123,6 +123,11 @@ our %classids; our @deferred_rules; +sub initialize() { + %classids = (); + @deferred_rules = (); +} + sub process_tc_rule( $$$$$$$$$$ ) { my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_; diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index b93914416..44a916c4a 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( NOTHING $firewall_zone %interfaces ); -our @EXPORT_OK = (); +our @EXPORT_OK = qw( initialize ); our @VERSION = 1.00; # @@ -114,6 +114,16 @@ our %reservedName = ( all => 1, SOURCE => 1, DEST => 1 ); +sub initialize() { + @zones = (); + %zones = (); + %interfaces = (); +} + +INIT { + initialize; +} + # # Parse the passed option list and return a reference to a hash as follows: #