From a4bf11c7d5e5aaba723bf6a168afbf49fc6c51b5 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 28 Dec 2010 17:18:43 -0800 Subject: [PATCH] Some cosmetic cleanup --- Shorewall/Perl/Shorewall/Misc.pm | 6 ++++-- Shorewall/Perl/Shorewall/Rules.pm | 13 +++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index ec48419cf..d97c955b2 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -20,7 +20,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -# This module contains those routines that don't seem to fit well elsewhere. +# This module contains those routines that don't seem to fit well elsewhere. It +# was carved from the Rules module in 4.4.16. # package Shorewall::Misc; require Exporter; @@ -1055,7 +1056,8 @@ sub add_interface_jumps { # The biggest disadvantage of the zone-policy-rule model used by Shorewall is that it doesn't scale well as the number of zones increases (Order N**2 where N = number of zones). # A major goal of the rewrite of the compiler in Perl was to restrict those scaling effects to this function and the rules that it generates. # -# The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table rules. +# The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table and +# nat-table rules. # sub generate_matrix() { my @interfaces = ( all_interfaces ); diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index c32fb8d14..1104ec248 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -23,6 +23,8 @@ # This module contains process_rule() and it's associated helpers for handling # Actions and Macros. # +# This module combines the former Rules and Actions modules. +# package Shorewall::Rules; require Exporter; use Shorewall::Config qw(:DEFAULT :internal); @@ -447,8 +449,6 @@ sub map_old_actions( $ ) { # processed once for each unique [:level[:tag]][:param] applied to an invocation of the action. # -sub process_rule_common ( $$$$$$$$$$$$$$$$ ); - sub process_actions1() { progress_message2 "Locating Action Files..."; @@ -513,6 +513,8 @@ sub merge_action_levels( $$ ) { join ':', $action, $sublevel, $subtag, $subparam; } +sub process_rule_common ( $$$$$$$$$$$$$$$$ ); + sub process_action2( $ ) { my $wholeaction = shift; my ( $action , $level, $tag, $param ) = split /:/, $wholeaction; @@ -567,10 +569,10 @@ sub process_action2( $ ) { } sub process_actions2 () { - progress_message2 "Pre-processing default actions..."; + progress_message2 "Pre-processing policy actions..."; - for my $action ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) { - process_action2( $action ) if use_action( $action ); + for ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) { + process_action2( $_ ) if use_action( $_ ); } } @@ -668,7 +670,6 @@ sub dropBcast( $$$ ) { log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne ''; } - if ( $family == F_IPV4 ) { add_rule $chainref, '-d 224.0.0.0/4 -j DROP'; } else {