Issue Warning if blacklist file is non-empty and there are no 'blacklist' interfaces

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5774 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

New/Shorewall/Config.pm

@@ -34,6 +34,7 @@ our @EXPORT = qw(
                  find_file
                  split_line
                  open_file
+                 close_file
                  push_open
                  pop_open
                  read_a_line
@@ -255,9 +256,7 @@ sub find_file($)
 {
     my $filename=$_[0];
 
-    if ( $filename =~ '/.*' ) {
+    return $filename if $filename =~ '/.*';
-	return $filename;
-    }
 
     my $directory;
 
@@ -325,6 +324,25 @@ sub open_file( $ ) {
     }
 }
 
+#
+# This function is normally called in read_a_line() when EOF is reached. Clients of the 
+# module may also call the function to close the file before EOF
+#
+
+sub close_file() {
+    if ( $currentfile ) {
+	close $currentfile;
+	
+	my $arrayref = pop @openstack;
+
+	if ( $arrayref ) {
+	    ( $currentfile, $currentfilename, $currentlinenumber ) = @$arrayref;
+	} else {
+	    $currentfile = undef;
+	}
+    }
+}
+
 #
 # Allow nested opens
 #
@@ -402,6 +420,7 @@ sub read_a_line {
 		$currentfile = undef;
 		
 		open $currentfile, $filename or fatal_error "Unable to open $filename: $!";
+
 		$currentfilename   = $filename;
 		$currentlinenumber = 0;
 		$line              = '';
@@ -410,15 +429,7 @@ sub read_a_line {
 	    }
 	}
 	
-	close $currentfile;
+	close_file;
-	
-	my $arrayref = pop @openstack;
-
-	if ( $arrayref ) {
-	    ( $currentfile, $currentfilename, $currentlinenumber ) = @$arrayref;
-	} else {
-	    $currentfile = undef;
-	}
     }
 }
 
@@ -601,6 +612,9 @@ sub get_configuration( $ ) {
     default_yes_no 'HIGH_ROUTE_MARKS'           , '';
     default_yes_no 'TC_EXPERT'                  , '';
     default_yes_no 'USE_ACTIONS'                , 'Yes';
+
+    warning_message 'USE_ACTIONS=No is not supported by Shorewall-perl ' . $globals{VERSION} unless $config{USE_ACTIONS};
+
     default_yes_no 'EXPORTPARAMS'               , '';
     default_yes_no 'MARK_IN_FORWARD_CHAIN'      , '';
 
@@ -688,8 +702,7 @@ sub get_configuration( $ ) {
 
 	fatal_error "Invalid LOGFORMAT ($val)" if $@;
 
-	fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\"" 
+	fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\"" if length $result > 29;
-	    if length $result > 29;
 
 	$globals{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
     } else {

New/Shorewall/Interfaces.pm

@@ -51,6 +51,7 @@ our @VERSION = 1.00;
 #                                                    }
 #                                     zone        => <zone name>
 #                                   }
+#                 }
 #
 our @interfaces;
 our %interfaces;
@@ -164,10 +165,7 @@ sub validate_interfaces_file()
 
 	( $interfaces{$interface}{root} = $interface ) =~ s/\+$// ;
 
-	if ( $networks && $networks ne 'detect' )
+	warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks if $networks && $networks ne 'detect';
-	{
-	    warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks;
-	}
 
 	my $optionsref = {};
 

New/Shorewall/Rules.pm

@@ -256,25 +256,26 @@ sub setup_syn_flood_chains() {
 sub setup_blacklist() {
 
     my $hosts = find_hosts_by_option 'blacklist';
-
+    my $chainref;
-    if ( @$hosts ) {
-
     my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
-
-	new_standard_chain 'blacklst';
-
     my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
 
+    if ( @$hosts ) {
+	$chainref = new_standard_chain 'blacklst';
+
 	if ( $level ) {
-	    my $chainref = new_standard_chain 'blacklog';
+	    my $logchainref = new_standard_chain 'blacklog';
 
-	    log_rule_limit( $level , $chainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add',	'' );
+	    log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add',	'' );
 
-	    add_rule $chainref, "-j $target" ;
+	    add_rule $logchainref, "-j $target" ;
 
 	    $target = 'blacklog';
 	}
+    }
 
+  BLACKLIST:
+    {
 	if ( my $fn = open_file 'blacklist' ) {
 
 	    my $first_entry = 1;
@@ -284,12 +285,18 @@ sub setup_blacklist() {
 		my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file';
 
 		if ( $first_entry ) {
+		    unless  ( @$hosts ) {
+			warning_message "The entries in $fn have been ignored because there are no 'blacklist' interfaces";
+			close_file;
+			last BLACKLIST;
+		    }
+
 		    progress_message2 "$doing $fn...";
 		    $first_entry = 0;
 		}
 
-		expand_rule 
+		expand_rule( 
-		    ensure_filter_chain( 'blacklst' , 0 ) ,
+			    $chainref ,
 			    NO_RESTRICT ,
 			    do_proto( $protocol , $ports, '' ) ,
 			    $networks ,
@@ -298,7 +305,7 @@ sub setup_blacklist() {
 			    "-j $target" ,
 			    '' ,
 			    $disposition ,
-		    '';
+			    '' );
 	    
 		progress_message "         \"$line\" added to blacklist";
 	    }

New/releasenotes.txt

@@ -170,6 +170,9 @@ h) Line continuation (lines ending in '\' are concatinated with the next
    because it is combined with the preceding line; with the Perl-based
    compiler, it is processed normally.
 
+i) USE_ACTIONS=No is not supported. That option is intended to minimize
+   Shorewall's footprint in embedded applications. As a consequence,
+   Default Macros are not supported.
 
 Installation
 ------------