mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-30 01:19:36 +01:00
More micro optimizations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5694 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
c2140b4923
commit
9f8dbf120d
120
New/compiler.pl
120
New/compiler.pl
@ -58,7 +58,11 @@ use Shorewall::Accounting;
|
|||||||
use Shorewall::Rules;
|
use Shorewall::Rules;
|
||||||
use Shorewall::Proc;
|
use Shorewall::Proc;
|
||||||
use Shorewall::Proxyarp;
|
use Shorewall::Proxyarp;
|
||||||
|
#
|
||||||
|
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
|
||||||
|
# (it basically doesn't understand it at all and gets lost). So I use a number of rather
|
||||||
|
# awkward styles in place of 'here docs'.
|
||||||
|
#
|
||||||
sub generate_script_1 {
|
sub generate_script_1 {
|
||||||
copy $env{SHAREDIRPL} . 'prog.header';
|
copy $env{SHAREDIRPL} . 'prog.header';
|
||||||
|
|
||||||
@ -67,22 +71,25 @@ sub generate_script_1 {
|
|||||||
emit join ( '', "#\n# Compiled firewall script generated by Shorewall-pl ", $env{VERSION}, " - $date\n#" );
|
emit join ( '', "#\n# Compiled firewall script generated by Shorewall-pl ", $env{VERSION}, " - $date\n#" );
|
||||||
|
|
||||||
if ( $ENV{EXPORT} ) {
|
if ( $ENV{EXPORT} ) {
|
||||||
emit 'SHAREDIR=/usr/share/shorewall-lite';
|
emit join ( "\n",
|
||||||
emit 'CONFDIR=/etc/shorewall-lite';
|
'SHAREDIR=/usr/share/shorewall-lite',
|
||||||
emit 'VARDIR=/var/lib/shorewall-lite';
|
'CONFDIR=/etc/shorewall-lite',
|
||||||
emit 'PRODUCT="Shorewall Lite"';
|
'VARDIR=/var/lib/shorewall-lite',
|
||||||
|
'PRODUCT="Shorewall Lite"' );
|
||||||
|
|
||||||
copy "$env{SHAREDIR}/lib.base";
|
copy "$env{SHAREDIR}/lib.base";
|
||||||
|
|
||||||
emit '################################################################################';
|
emit join ( "\n",
|
||||||
emit '# End of /usr/share/shorewall/lib.base';
|
'################################################################################',
|
||||||
emit '################################################################################';
|
'# End of /usr/share/shorewall/lib.base',
|
||||||
|
'################################################################################' );
|
||||||
} else {
|
} else {
|
||||||
emit 'SHAREDIR=/usr/share/shorewall';
|
emit join ( "\n",
|
||||||
emit 'CONFDIR=/etc/shorewall';
|
'SHAREDIR=/usr/share/shorewall',
|
||||||
emit 'VARDIR=/var/lib/shorewall';
|
'CONFDIR=/etc/shorewall',
|
||||||
emit 'PRODUCT=\'Shorewall\'';
|
'VARDIR=/var/lib/shorewall',
|
||||||
emit '. /usr/share/shorewall/lib.base';
|
'PRODUCT=\'Shorewall\'',
|
||||||
|
'. /usr/share/shorewall/lib.base' );
|
||||||
}
|
}
|
||||||
|
|
||||||
emit 'TEMPFILE=';
|
emit 'TEMPFILE=';
|
||||||
@ -103,35 +110,38 @@ sub generate_script_1 {
|
|||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
if ( $ENV{EXPORT} ) {
|
if ( $ENV{EXPORT} ) {
|
||||||
emit '#';
|
emit join ( "\n",
|
||||||
emit '# These variables are required by the library functions called in this script';
|
'#',
|
||||||
emit '#';
|
'# These variables are required by the library functions called in this script',
|
||||||
emit 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"';
|
'#',
|
||||||
|
'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' );
|
||||||
} else {
|
} else {
|
||||||
emit 'if [ ! -f ${SHAREDIR}/version ]; then';
|
emit join ( "\n",
|
||||||
emit ' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"';
|
'if [ ! -f ${SHAREDIR}/version ]; then',
|
||||||
emit 'fi';
|
' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"',
|
||||||
emit '';
|
'fi',
|
||||||
emit 'local version=$(cat ${SHAREDIR}/version)';
|
'',
|
||||||
emit '';
|
'local version=$(cat ${SHAREDIR}/version)',
|
||||||
emit 'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then';
|
'',
|
||||||
emit ' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"';
|
'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then',
|
||||||
emit 'fi';
|
' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"',
|
||||||
emit '#';
|
'fi',
|
||||||
emit '# These variables are required by the library functions called in this script';
|
'#',
|
||||||
emit '#';
|
'# These variables are required by the library functions called in this script',
|
||||||
emit "CONFIG_PATH=\"$config{CONFIG_PATH}\"";
|
'#',
|
||||||
|
"CONFIG_PATH=\"$config{CONFIG_PATH}\"" );
|
||||||
}
|
}
|
||||||
|
|
||||||
propagateconfig;
|
propagateconfig;
|
||||||
|
|
||||||
emit '[ -n "${COMMAND:=restart}" ]';
|
emit join ( "\n" ,
|
||||||
emit '[ -n "${VERBOSE:=0}" ]';
|
'[ -n "${COMMAND:=restart}" ]',
|
||||||
emit '[ -n "${RESTOREFILE:=$RESTOREFILE}" ]';
|
'[ -n "${VERBOSE:=0}" ]',
|
||||||
emit '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"';
|
'[ -n "${RESTOREFILE:=$RESTOREFILE}" ]',
|
||||||
emit join( '', 'VERSION="', $env{VERSION}, '"' );
|
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
|
||||||
emit "PATH=\"$config{PATH}\"";
|
emit join( '', 'VERSION="', $env{VERSION}, '"' ) ,
|
||||||
emit 'TERMINATOR=fatal_error';
|
"PATH=\"$config{PATH}\"" ,
|
||||||
|
'TERMINATOR=fatal_error' );
|
||||||
|
|
||||||
if ( $config{IPTABLES} ) {
|
if ( $config{IPTABLES} ) {
|
||||||
emit "IPTABLES=\"$config{IPTABLES}\"\n";
|
emit "IPTABLES=\"$config{IPTABLES}\"\n";
|
||||||
@ -144,13 +154,14 @@ sub generate_script_1 {
|
|||||||
|
|
||||||
append_file 'params' if $config{EXPORTPARAMS};
|
append_file 'params' if $config{EXPORTPARAMS};
|
||||||
|
|
||||||
emit '';
|
emit join ( "\n",
|
||||||
emit "STOPPING=";
|
'',
|
||||||
emit "COMMENT=\n"; # Fixme -- eventually this goes but it's ok now to maintain compability with lib.base
|
"STOPPING=",
|
||||||
emit '#';
|
"COMMENT=\n", # Maintain compability with lib.base
|
||||||
emit '# The library requires that ${VARDIR} exist';
|
'#',
|
||||||
emit '#';
|
'# The library requires that ${VARDIR} exist',
|
||||||
emit '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}';
|
'#',
|
||||||
|
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' );
|
||||||
|
|
||||||
pop_indent;
|
pop_indent;
|
||||||
|
|
||||||
@ -159,11 +170,7 @@ sub generate_script_1 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub compile_stop_firewall() {
|
sub compile_stop_firewall() {
|
||||||
#
|
|
||||||
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
|
|
||||||
# (it basically doesn't understand it at all and gets lost). So we use the following rather
|
|
||||||
# awkward style in place of 'here docs'.
|
|
||||||
#
|
|
||||||
emit "
|
emit "
|
||||||
#
|
#
|
||||||
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
||||||
@ -312,14 +319,13 @@ stop_firewall() {
|
|||||||
|
|
||||||
if ( @$criticalhosts ) {
|
if ( @$criticalhosts ) {
|
||||||
if ( $config{ADMINISABSENTMINDED} ) {
|
if ( $config{ADMINISABSENTMINDED} ) {
|
||||||
emit ' for chain in INPUT OUTPUT; do';
|
emit join ( "\n",
|
||||||
emit ' setpolicy $chain ACCEPT';
|
' for chain in INPUT OUTPUT; do',
|
||||||
emit " done\n";
|
' setpolicy $chain ACCEPT',
|
||||||
|
" done\n",
|
||||||
emit " setpolicy FORWARD DROP\n";
|
" setpolicy FORWARD DROP\n",
|
||||||
|
' deleteallchains',
|
||||||
emit ' deleteallchains';
|
'' );
|
||||||
emit '';
|
|
||||||
|
|
||||||
for my $hosts ( @$criticalhosts ) {
|
for my $hosts ( @$criticalhosts ) {
|
||||||
my ( $interface, $host ) = ( split /:/, $hosts );
|
my ( $interface, $host ) = ( split /:/, $hosts );
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user