More code rationalization

2025-05-30 22:45:44 +02:00 · 2009-05-19 17:11:56 -07:00 · 2009-05-19 17:11:56 -07:00 · ad6b47d3bf
commit ad6b47d3bf
parent 2c25deeccf
1 changed files with 138 additions and 133 deletions
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@ -153,64 +153,10 @@ sub print_policy($$$$) {
    }
 }

-sub validate_policy()
-{
-    my %validpolicies = (
-			  ACCEPT => undef,
-			  REJECT => undef,
-			  DROP   => undef,
-			  CONTINUE => undef,
-			  QUEUE => undef,
-			  NFQUEUE => undef,
-			  NONE => undef
-			  );
+sub process_a_policy() {

-    my %map = ( DROP_DEFAULT    => 'DROP' ,
-		REJECT_DEFAULT  => 'REJECT' ,
-		ACCEPT_DEFAULT  => 'ACCEPT' ,
-		QUEUE_DEFAULT   => 'QUEUE' ,
-	        NFQUEUE_DEFAULT => 'NFQUEUE' );
-
-    my $zone;
-    my @zonelist = $config{EXPAND_POLICIES} ? all_zones : ( all_zones, 'all' );
-
-    for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ {
-	my $action = $config{$option};
-	next if $action eq 'none';
-	my $actiontype = $targets{$action};
-
-	if ( defined $actiontype ) {
-	    fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION;
-	} else {
-	    fatal_error "Default Action $option=$action not found";
-	}
-
-	unless ( $usedactions{$action} ) {
-	    $usedactions{$action} = 1;
-	    createactionchain $action;
-	}
-
-	$default_actions{$map{$option}} = $action;
-    }
-
-    for $zone ( all_zones ) {
-	push @policy_chains, ( new_policy_chain $zone, $zone, 'ACCEPT', OPTIONAL );
-
-	if ( $config{IMPLICIT_CONTINUE} && ( @{find_zone( $zone )->{parents}} ) ) {
-	    for my $zone1 ( all_zones ) {
-		unless( $zone eq $zone1 ) {
-		    add_or_modify_policy_chain( $zone, $zone1 );
-		    add_or_modify_policy_chain( $zone1, $zone );
-		}
-	    }
-	}
-    }
-
-    my $fn = open_file 'policy';
-
-    first_entry "$doing $fn...";
-
-    while ( read_a_line ) {
+    our %validpolicies;
+    our @zonelist;

    my ( $client, $server, $originalpolicy, $loglevel, $synparams, $connlimit ) = split_line 3, 6, 'policy file';

@ -337,6 +283,65 @@ sub validate_policy()
    }
 }

+sub validate_policy()
+{
+    our %validpolicies = (
+			  ACCEPT => undef,
+			  REJECT => undef,
+			  DROP   => undef,
+			  CONTINUE => undef,
+			  QUEUE => undef,
+			  NFQUEUE => undef,
+			  NONE => undef
+			  );
+
+    our %map = ( DROP_DEFAULT    => 'DROP' ,
+		 REJECT_DEFAULT  => 'REJECT' ,
+		 ACCEPT_DEFAULT  => 'ACCEPT' ,
+		 QUEUE_DEFAULT   => 'QUEUE' ,
+		 NFQUEUE_DEFAULT => 'NFQUEUE' );
+
+    my $zone;
+    our @zonelist = $config{EXPAND_POLICIES} ? all_zones : ( all_zones, 'all' );
+
+    for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ {
+	my $action = $config{$option};
+	next if $action eq 'none';
+	my $actiontype = $targets{$action};
+
+	if ( defined $actiontype ) {
+	    fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION;
+	} else {
+	    fatal_error "Default Action $option=$action not found";
+	}
+
+	unless ( $usedactions{$action} ) {
+	    $usedactions{$action} = 1;
+	    createactionchain $action;
+	}
+
+	$default_actions{$map{$option}} = $action;
+    }
+
+    for $zone ( all_zones ) {
+	push @policy_chains, ( new_policy_chain $zone, $zone, 'ACCEPT', OPTIONAL );
+
+	if ( $config{IMPLICIT_CONTINUE} && ( @{find_zone( $zone )->{parents}} ) ) {
+	    for my $zone1 ( all_zones ) {
+		unless( $zone eq $zone1 ) {
+		    add_or_modify_policy_chain( $zone, $zone1 );
+		    add_or_modify_policy_chain( $zone1, $zone );
+		}
+	    }
+	}
+    }
+
+    my $fn = open_file 'policy';
+
+    first_entry "$doing $fn...";
+
+    process_a_policy while read_a_line;
+
    for $zone ( all_zones ) {
 	for my $zone1 ( all_zones ) {
 	    fatal_error "No policy defined from zone $zone to zone $zone1" unless $filter_table->{"${zone}2${zone1}"}{policy};