extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-19 11:11:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow reuse of compiler in a single process

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6538 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-13 23:02:39 +00:00
parent a2d51eb156
commit 980ec224a2
16 changed files with 325 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall-perl/Shorewall/Accounting.pm
View File

@ -39,6 +39,15 @@ our @EXPORT = qw( setup_accounting );
our @EXPORT_OK = qw( ); our @EXPORT_OK = qw( );
our @VERSION = 1.00; our @VERSION = 1.00;
sub initialize() {
our $jumpchainref;
$jumpchainref = undef;
}
INIT {
initialize;
}
# #
# Accounting # Accounting
# #

23
Shorewall-perl/Shorewall/Actions.pm
View File

@ -48,20 +48,19 @@ our @EXPORT = qw( merge_levels
%default_actions %default_actions
%actions %actions
); );
our @EXPORT_OK = qw( ); our @EXPORT_OK = qw( initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
# Used Actions. Each action that is actually used has an entry with value 1. # Used Actions. Each action that is actually used has an entry with value 1.
# #
our %usedactions; our %usedactions;
## Firewall to DMZ
# #
# Default actions for each policy. # Default actions for each policy.
# #
our %default_actions = ( DROP => 'none' , our %default_actions;
REJECT => 'none' ,
ACCEPT => 'none' ,
QUEUE => 'none' );
# Action Table # Action Table
# #
@ -82,6 +81,20 @@ my %logactionchains;
# #
# This function determines the logging for a subordinate action or a rule within a superior action # This function determines the logging for a subordinate action or a rule within a superior action
# #
sub initialize() {
%default_actions = ( DROP => 'none' ,
REJECT => 'none' ,
ACCEPT => 'none' ,
QUEUE => 'none' );
%actions = ();
%logactionchains = ();
}
INIT {
initialize;
}
sub merge_levels ($$) { sub merge_levels ($$) {
my ( $superior, $subordinate ) = @_; my ( $superior, $subordinate ) = @_;

114
Shorewall-perl/Shorewall/Chains.pm
View File

@ -126,7 +126,7 @@ our @EXPORT = qw( STANDARD
$comment $comment
%targets %targets
); );
our @EXPORT_OK = (); our @EXPORT_OK = qw( initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
@ -163,32 +163,14 @@ our @VERSION = 1.00;
# 'loglevel', 'synparams' and 'default' only apply to policy chains. # 'loglevel', 'synparams' and 'default' only apply to policy chains.
# #
our @policy_chains; our @policy_chains;
our %chain_table = ( raw => {} , our %chain_table;
mangle => {},
nat => {},
filter => {} );
our $nat_table = $chain_table{nat}; our $nat_table = $chain_table{nat};
our $mangle_table = $chain_table{mangle}; our $mangle_table = $chain_table{mangle};
our $filter_table = $chain_table{filter}; our $filter_table = $chain_table{filter};
our %sections;
# our $section;
# These get set to 1 as sections are encountered.
#
our %sections = ( ESTABLISHED => 0,
RELATED => 0,
NEW => 0
);
#
# Current rules file section.
#
our $section = 'ESTABLISHED';
#
# Contents of last COMMENT line.
#
our $comment = ''; our $comment = '';
# Target Table. Each entry maps a target to a set of flags defined as follows.
#
use constant { STANDARD => 1, #defined by Netfilter use constant { STANDARD => 1, #defined by Netfilter
NATRULE => 2, #Involves NAT NATRULE => 2, #Involves NAT
BUILTIN => 4, #A built-in action BUILTIN => 4, #A built-in action
@ -199,10 +181,51 @@ use constant { STANDARD => 1, #defined by Netfilter
MACRO => 128, #A Macro MACRO => 128, #A Macro
LOGRULE => 256, #'LOG' LOGRULE => 256, #'LOG'
}; };
our %targets;
# #
# As new targets (Actions and Macros) are discovered, they are added to the table # expand_rule() restrictions
# #
our %targets = ('ACCEPT' => STANDARD, use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i and -o may be used in the rule
PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d <address list> using main routing table
INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed
OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed
POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table
ALL_RESTRICT => 12 # fw->fw rule - neither -i nor -o allowed
};
our $exclseq = 0;
our $iprangematch = 0;
our $chainseq;
sub initialize() {
@policy_chains = ();
%chain_table = ( raw => {} ,
mangle => {},
nat => {},
filter => {} );
$nat_table = $chain_table{nat};
$mangle_table = $chain_table{mangle};
$filter_table = $chain_table{filter};
#
# These get set to 1 as sections are encountered.
#
%sections = ( ESTABLISHED => 0,
RELATED => 0,
NEW => 0
);
#
# Current rules file section.
#
$section = 'ESTABLISHED';
#
# Contents of last COMMENT line.
#
$comment = '';
#
# As new targets (Actions and Macros) are discovered, they are added to the table
#
%targets = ('ACCEPT' => STANDARD,
'ACCEPT+' => STANDARD + NONAT, 'ACCEPT+' => STANDARD + NONAT,
'ACCEPT!' => STANDARD, 'ACCEPT!' => STANDARD,
'NONAT' => STANDARD + NONAT + NATONLY, 'NONAT' => STANDARD + NONAT + NATONLY,
@ -231,29 +254,24 @@ our %targets = ('ACCEPT' => STANDARD,
'forwardUPnP' => BUILTIN + ACTION, 'forwardUPnP' => BUILTIN + ACTION,
'Limit' => BUILTIN + ACTION, 'Limit' => BUILTIN + ACTION,
); );
#
# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...
#
$exclseq = 0;
#
# Used to suppress duplicate match specifications.
#
$iprangematch = 0;
#
# Sequence for naming temporary chains
#
our $chainseq;
}
INIT {
initialize;
}
#
# expand_rule() restrictions
#
use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i and -o may be used in the rule
PREROUTE_RESTRICT => 1, # PREROUTING chain rule - -o converted to -d <address list> using main routing table
INPUT_RESTRICT => 4, # INPUT chain rule - -o not allowed
OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed
POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table
ALL_RESTRICT => 12 # fw->fw rule - neither -i nor -o allowed
};
#
# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...
#
our $exclseq = 0;
#
# Used to suppress duplicate match specifications.
#
our $iprangematch = 0;
#
# Sequence for naming temporary chains
#
our $chainseq;
# #
# Add a run-time command to a chain. Arguments are: # Add a run-time command to a chain. Arguments are:
# #
@ -644,7 +662,7 @@ sub finish_chain_section ($$) {
} }
} }
} else { } else {
my $policychainref = $chainref->{policychain}; my $policychainref = $filter_table->{$chainref->{policychain}};
if ( $policychainref->{synparams} ) { if ( $policychainref->{synparams} ) {
my $synchainref = ensure_chain 'filter', syn_chain $policychainref->{name}; my $synchainref = ensure_chain 'filter', syn_chain $policychainref->{name};
add_rule $chainref, "-p tcp --syn -j $synchainref->{name}"; add_rule $chainref, "-p tcp --syn -j $synchainref->{name}";

36
Shorewall-perl/Shorewall/Common.pm
View File

@ -60,21 +60,37 @@ our @EXPORT = qw(
$done $done
$verbose $verbose
); );
our @EXPORT_OK = qw( $timestamp ); our @EXPORT_OK = qw( $timestamp initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
our $line = ''; # Current config file line our $line;
our ($command, $doing, $done );
our ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion. our $verbose;
our $timestamp;
our $verbose = 0; # Verbosity setting. 0 = almost silent, 1 = major progress messages only, 2 = all progress messages (very noisy) our $object;
our $timestamp = ''; # If true, we are to timestamp each progress message our $lastlineblank;
our $object = 0; # Object (script) file Handle Reference our $indent;
our $lastlineblank = 0; # Avoid extra blank lines in the output
our $indent = ''; # Current indentation
our ( $dir, $file ); # Object's Directory and File our ( $dir, $file ); # Object's Directory and File
our $tempfile; # Temporary File Name our $tempfile; # Temporary File Name
sub initialize() {
$line = ''; # Current config file line
( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion.
$verbose = 0; # Verbosity setting. 0 = almost silent, 1 = major progress messages only, 2 = all progress messages (very noisy)
$timestamp = ''; # If true, we are to timestamp each progress message
$object = 0; # Object (script) file Handle Reference
$lastlineblank = 0; # Avoid extra blank lines in the output
$indent = ''; # Current indentation
( $dir, $file ) = ('',''); # Object's Directory and File
$tempfile = ''; # Temporary File Name
}
INIT {
initialize;
}
# #
# Fatal Error # Fatal Error
# #

23
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -47,10 +47,27 @@ our @EXPORT = qw( compiler EXPORT TIMESTAMP );
our @EXPORT_OK = qw( $export ); our @EXPORT_OK = qw( $export );
our @VERSION = 1.00; our @VERSION = 1.00;
our $export = 0; our $export;
our $reused = 0;
use constant { EXPORT => 0x01 , use constant { EXPORT => 0x01 ,
TIMESTAMP => 0x02 }; TIMESTAMP => 0x02 };
sub initialize() {
Shorewall::Common::initialize;
Shorewall::Config::initialize;
Shorewall::Chains::initialize;
Shorewall::Interfaces::initialize;
Shorewall::Accounting::initialize;
Shorewall::Actions::initialize;
Shorewall::Nat::initialize;
Shorewall::Providers::initialize;
Shorewall::Rules::initialize;
Shorewall::Tc::initialize;
Shorewall::Zones::initialize;
}
# #
# First stage of script generation. # First stage of script generation.
# #
@ -656,6 +673,10 @@ sub compiler( $$$$ ) {
my ( $objectfile, $directory, $verbosity, $options ) = @_; my ( $objectfile, $directory, $verbosity, $options ) = @_;
$export = 0;
initialize if $reused++;
if ( $directory ne '' ) { if ( $directory ne '' ) {
fatal_error "$directory is not an existing directory" unless -d $directory; fatal_error "$directory is not an existing directory" unless -d $directory;
set_shorewall_dir( $directory ); set_shorewall_dir( $directory );

134
Shorewall-perl/Shorewall/Config.pm
View File

@ -64,13 +64,60 @@ our @EXPORT = qw(
%protocols %protocols
%services ); %services );
our @EXPORT_OK = qw( $shorewall_dir ); our @EXPORT_OK = qw( $shorewall_dir initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
# Misc Globals # Misc Globals
# #
our %globals = ( SHAREDIR => '/usr/share/shorewall' , our %globals;
#
# From shorewall.conf file
#
our %config;
#
# Config options and global settings that are to be copied to object script
#
our @propagateconfig;
our @propagateenv;
#
# From parsing the capabilities file
#
our %capabilities;
#
# /etc/protocols and /etc/services
#
our %protocols;
our %services;
#
# Capabilities
#
our %capdesc;
#
# Directories to search for configuration files
#
our @config_path;
#
# Stash away file references here when we encounter INCLUDE
#
our @includestack;
#
# Allow nested opens
#
our @openstack;
our $currentfile; # File handle reference
our $currentfilename; # File NAME
our $currentlinenumber; # Line number
our $shorewall_dir; #Shorewall Directory
sub initialize() {
#
# Misc Globals
#
%globals = ( SHAREDIR => '/usr/share/shorewall' ,
CONFDIR => '/etc/shorewall', CONFDIR => '/etc/shorewall',
SHAREDIRPL => '/usr/share/shorewall-perl/', SHAREDIRPL => '/usr/share/shorewall-perl/',
ORIGINAL_POLICY_MATCH => '', ORIGINAL_POLICY_MATCH => '',
@ -78,11 +125,10 @@ our %globals = ( SHAREDIR => '/usr/share/shorewall' ,
TC_SCRIPT => '', TC_SCRIPT => '',
VERSION => '4.0.0-Beta4', VERSION => '4.0.0-Beta4',
); );
#
# # From shorewall.conf file
# From shorewall.conf file #
# %config =
our %config =
( STARTUP_ENABLED => undef, ( STARTUP_ENABLED => undef,
VERBOSITY => undef, VERBOSITY => undef,
# #
@ -172,16 +218,16 @@ our %config =
TCP_FLAGS_DISPOSITION => undef, TCP_FLAGS_DISPOSITION => undef,
BLACKLIST_DISPOSITION => undef, BLACKLIST_DISPOSITION => undef,
); );
# #
# Config options and global settings that are to be copied to object script # Config options and global settings that are to be copied to object script
# #
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE /; @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE /;
our @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /; @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /;
# #
# From parsing the capabilities file # From parsing the capabilities file
# #
our %capabilities = %capabilities =
( NAT_ENABLED => undef, ( NAT_ENABLED => undef,
MANGLE_ENABLED => undef, MANGLE_ENABLED => undef,
MULTIPORT => undef, MULTIPORT => undef,
@ -210,16 +256,15 @@ our %capabilities =
COMMENTS => undef, COMMENTS => undef,
ADDRTYPE => undef, ADDRTYPE => undef,
); );
# #
# /etc/protocols and /etc/services # /etc/protocols and /etc/services
# #
our %protocols; %protocols = ();
our %services; %services = ();
#
# # Capabilities
# Capabilities #
# %capdesc = ( NAT_ENABLED => 'NAT',
our %capdesc = ( NAT_ENABLED => 'NAT',
MANGLE_ENABLED => 'Packet Mangling', MANGLE_ENABLED => 'Packet Mangling',
MULTIPORT => 'Multi-port Match' , MULTIPORT => 'Multi-port Match' ,
XMULTIPORT => 'Extended Multi-port Match', XMULTIPORT => 'Extended Multi-port Match',
@ -247,24 +292,29 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
COMMENTS => 'Comments', COMMENTS => 'Comments',
ADDRTYPE => 'Address Type Match', ADDRTYPE => 'Address Type Match',
); );
# #
# Directories to search for configuration files # Directories to search for configuration files
# #
our @config_path; @config_path = ();
# #
# Stash away file references here when we encounter INCLUDE # Stash away file references here when we encounter INCLUDE
# #
our @includestack; @includestack = ();
# #
# Allow nested opens # Allow nested opens
# #
our @openstack; @openstack = ();
our $currentfile; # File handle reference $currentfile = undef; # File handle reference
our $currentfilename; # File NAME $currentfilename = ''; # File NAME
our $currentlinenumber = 0; # Line number $currentlinenumber = 0; # Line number
our $shorewall_dir = ''; #Shorewall Directory $shorewall_dir = ''; #Shorewall Directory
}
INIT {
initialize;
}
# #
# Issue a Warning Message # Issue a Warning Message

14
Shorewall-perl/Shorewall/Interfaces.pm
View File

@ -46,7 +46,7 @@ our @EXPORT = qw( add_group_to_zone
@interfaces @interfaces
@bridges ); @bridges );
our @EXPORT_OK = (); our @EXPORT_OK = qw( initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
@ -67,6 +67,16 @@ our @interfaces;
our %interfaces; our %interfaces;
our @bridges; our @bridges;
sub initialize() {
@interfaces = ();
%interfaces = ();
@bridges = ();
}
INIT {
initialize;
}
sub add_group_to_zone($$$$$) sub add_group_to_zone($$$$$)
{ {
my ($zone, $type, $interface, $networks, $options) = @_; my ($zone, $type, $interface, $networks, $options) = @_;
@ -323,7 +333,7 @@ sub validate_interfaces_file( $ )
my @networks; my @networks;
if ( $options{detectnets} ) { if ( $options{detectnets} ) {
fatal_error "The 'detectnets' option is not allowed with multi-zone interface" unless $zone; fatal_error "The 'detectnets' option is not allowed on a multi-zone interface" unless $zone;
fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard; fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard;
fatal_error "The 'detectnets' option may not be used with the '-e' compiler option" if $export; fatal_error "The 'detectnets' option may not be used with the '-e' compiler option" if $export;
@networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' ); @networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' );

8
Shorewall-perl/Shorewall/Macros.pm
View File

@ -45,6 +45,14 @@ our @VERSION = 1.00;
our %macros; our %macros;
sub initialize() {
%macros = ();
}
INIT {
initialize;
}
# #
# Try to find a macro file -- RETURNS false if the file doesn't exist or MACRO if it does. # Try to find a macro file -- RETURNS false if the file doesn't exist or MACRO if it does.
# If the file exists, the macro is entered into the 'targets' table and the fully-qualified # If the file exists, the macro is entered into the 'targets' table and the fully-qualified

9
Shorewall-perl/Shorewall/Nat.pm
View File

@ -43,6 +43,15 @@ our @VERSION = 1.00;
our @addresses_to_add; our @addresses_to_add;
our %addresses_to_add; our %addresses_to_add;
sub initialize() {
@addresses_to_add = ();
%addresses_to_add = ();
}
INIT {
initialize;
}
# #
# Handle IPSEC Options in a masq record # Handle IPSEC Options in a masq record
# #

12
Shorewall-perl/Shorewall/Policy.pm
View File

@ -50,7 +50,9 @@ sub new_policy_chain($$$)
$chainref->{is_policy} = 1; $chainref->{is_policy} = 1;
$chainref->{policy} = $policy; $chainref->{policy} = $policy;
$chainref->{is_optional} = $optional; $chainref->{is_optional} = $optional;
$chainref->{policychain} = $chainref; $chainref->{policychain} = $chain;
$chainref;
} }
# #
@ -63,7 +65,7 @@ sub set_policy_chain($$$)
my $chainref1 = $filter_table->{$chain1}; my $chainref1 = $filter_table->{$chain1};
$chainref1 = new_chain 'filter', $chain1 unless $chainref1; $chainref1 = new_chain 'filter', $chain1 unless $chainref1;
unless ( $chainref1->{policychain} ) { unless ( $chainref1->{policychain} ) {
$chainref1->{policychain} = $chainref; $chainref1->{policychain} = $chainref->{name};
$chainref1->{policy} = $policy; $chainref1->{policy} = $policy;
} }
} }
@ -208,7 +210,7 @@ sub validate_policy()
} else { } else {
$chainref->{is_policy} = 1; $chainref->{is_policy} = 1;
$chainref->{policy} = $policy; $chainref->{policy} = $policy;
$chainref->{policy_chain} = $chainref; $chainref->{policychain} = $chain;
push @policy_chains, ( $chainref ); push @policy_chains, ( $chainref );
} }
} else { } else {
@ -266,7 +268,7 @@ sub report_syn_flood_protection() {
sub default_policy( $$$ ) { sub default_policy( $$$ ) {
my $chainref = $_[0]; my $chainref = $_[0];
my $policyref = $chainref->{policychain}; my $policyref = $filter_table->{$chainref->{policychain}};
my $synparams = $policyref->{synparams}; my $synparams = $policyref->{synparams};
my $default = $policyref->{default}; my $default = $policyref->{default};
my $policy = $policyref->{policy}; my $policy = $policyref->{policy};
@ -350,7 +352,7 @@ sub complete_standard_chain ( $$$ ) {
my ( $policy, $loglevel, $default ) = ( 'DROP', 6, $config{DROP_DEFAULT} ); my ( $policy, $loglevel, $default ) = ( 'DROP', 6, $config{DROP_DEFAULT} );
my $policychainref; my $policychainref;
$policychainref = $ruleschainref->{policychain} if $ruleschainref; $policychainref = $filter_table->{$ruleschainref->{policychain}} if $ruleschainref;
( $policy, $loglevel, $default ) = @{$policychainref}{'policy', 'loglevel', 'default' } if $policychainref; ( $policy, $loglevel, $default ) = @{$policychainref}{'policy', 'loglevel', 'default' } if $policychainref;

3
Shorewall-perl/Shorewall/Proc.pm
View File

@ -46,9 +46,6 @@ our @EXPORT = qw(
our @EXPORT_OK = qw( ); our @EXPORT_OK = qw( );
our @VERSION = 1.00; our @VERSION = 1.00;
our %macros;
# #
# ARP Filtering # ARP Filtering
# #

30
Shorewall-perl/Shorewall/Providers.pm
View File

@ -35,7 +35,7 @@ use strict;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( setup_providers @routemarked_interfaces); our @EXPORT = qw( setup_providers @routemarked_interfaces);
our @EXPORT_OK = ( ); our @EXPORT_OK = qw( initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
use constant { LOCAL_NUMBER => 255, use constant { LOCAL_NUMBER => 255,
@ -47,16 +47,30 @@ use constant { LOCAL_NUMBER => 255,
our %routemarked_interfaces; our %routemarked_interfaces;
our @routemarked_interfaces; our @routemarked_interfaces;
my $balance = 0; our $balance;
my $first_default_route = 1; our $first_default_route;
our %providers;
my %providers = ( 'local' => { number => LOCAL_NUMBER , mark => 0 } , our @providers;
main => { number => MAIN_NUMBER , mark => 0 } ,
default => { number => DEFAULT_NUMBER , mark => 0 } ,
unspec => { number => UNSPEC_NUMBER , mark => 0 } );
my @providers; sub initialize() {
@providers = ();
%routemarked_interfaces = ();
@routemarked_interfaces = ();
$balance = 0;
$first_default_route = 1;
%providers = ( 'local' => { number => LOCAL_NUMBER , mark => 0 } ,
main => { number => MAIN_NUMBER , mark => 0 } ,
default => { number => DEFAULT_NUMBER , mark => 0 } ,
unspec => { number => UNSPEC_NUMBER , mark => 0 } );
@providers = ();
}
INIT {
initialize;
}
# #
# Set up marking for 'tracked' interfaces. Unlike in Shorewall 3.x, we add these rules unconditionally, even if the associated interface isn't up. # Set up marking for 'tracked' interfaces. Unlike in Shorewall 3.x, we add these rules unconditionally, even if the associated interface isn't up.

4
Shorewall-perl/Shorewall/Proxyarp.pm
View File

@ -40,6 +40,10 @@ our @VERSION = 1.00;
our @proxyarp; our @proxyarp;
sub initialize() {
@proxyarp = ();
}
sub setup_one_proxy_arp( $$$$$ ) { sub setup_one_proxy_arp( $$$$$ ) {
my ( $address, $interface, $external, $haveroute, $persistent) = @_; my ( $address, $interface, $external, $haveroute, $persistent) = @_;

17
Shorewall-perl/Shorewall/Rules.pm
View File

@ -50,7 +50,7 @@ our @EXPORT = qw( process_tos
setup_mss setup_mss
dump_rule_chains dump_rule_chains
); );
our @EXPORT_OK = qw( process_rule process_rule1 ); our @EXPORT_OK = qw( process_rule process_rule1 initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
@ -60,7 +60,16 @@ our @rule_chains;
# #
# Set to one if we find a SECTION # Set to one if we find a SECTION
# #
our $sectioned = 0; our $sectioned;
sub initialize() {
@rule_chains = ();
$sectioned = 0;
}
INIT {
initialize;
}
use constant { MAX_MACRO_NEST_LEVEL => 5 }; use constant { MAX_MACRO_NEST_LEVEL => 5 };
@ -1007,7 +1016,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) {
# Handle Optimization # Handle Optimization
# #
if ( $optimize > 0 ) { if ( $optimize > 0 ) {
my $loglevel = $chainref->{policychain}{loglevel}; my $loglevel = $filter_table->{$chainref->{policychain}}{loglevel};
if ( $loglevel ne '' ) { if ( $loglevel ne '' ) {
return 1 if $target eq "${policy}:$loglevel}"; return 1 if $target eq "${policy}:$loglevel}";
} else { } else {
@ -1335,7 +1344,7 @@ sub generate_matrix() {
return 'ACCEPT' if $zone eq $zone1; return 'ACCEPT' if $zone eq $zone1;
if ( $chainref->{policy} ne 'CONTINUE' ) { if ( $chainref->{policy} ne 'CONTINUE' ) {
my $policyref = $chainref->{policychain}; my $policyref = $filter_table->{$chainref->{policychain}};
return $policyref->{name} if $policyref; return $policyref->{name} if $policyref;
fatal_error "No policy defined for zone $zone to zone $zone1"; fatal_error "No policy defined for zone $zone to zone $zone1";
} }

7
Shorewall-perl/Shorewall/Tc.pm
View File

@ -40,7 +40,7 @@ use strict;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( setup_tc ); our @EXPORT = qw( setup_tc );
our @EXPORT_OK = qw( process_tc_rule ); our @EXPORT_OK = qw( process_tc_rule initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
our %tcs = ( T => { chain => 'tcpost', our %tcs = ( T => { chain => 'tcpost',
@ -123,6 +123,11 @@ our %classids;
our @deferred_rules; our @deferred_rules;
sub initialize() {
%classids = ();
@deferred_rules = ();
}
sub process_tc_rule( $$$$$$$$$$ ) { sub process_tc_rule( $$$$$$$$$$ ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_; my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;

12
Shorewall-perl/Shorewall/Zones.pm
View File

@ -47,7 +47,7 @@ our @EXPORT = qw( NOTHING
$firewall_zone $firewall_zone
%interfaces ); %interfaces );
our @EXPORT_OK = (); our @EXPORT_OK = qw( initialize );
our @VERSION = 1.00; our @VERSION = 1.00;
# #
@ -114,6 +114,16 @@ our %reservedName = ( all => 1,
SOURCE => 1, SOURCE => 1,
DEST => 1 ); DEST => 1 );
sub initialize() {
@zones = ();
%zones = ();
%interfaces = ();
}
INIT {
initialize;
}
# #
# Parse the passed option list and return a reference to a hash as follows: # Parse the passed option list and return a reference to a hash as follows:
# #