Ok -- so I lied...

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5716 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-29 00:49:34 +01:00 · 2007-03-27 05:07:57 +00:00 · 2007-03-27 05:07:57 +00:00 · b522fb46a2
commit b522fb46a2
parent dd98eab8ee
1 changed files with 54 additions and 55 deletions
--- a/New/compiler.pl
+++ b/New/compiler.pl
@ -336,6 +336,8 @@ stop_firewall() {
    rm -f \${VARDIR}/proxyarp
 ";

+    push_indent;
+
    emit 'delete_tc1' if $config{CLEAR_TC};

    emitj( 'undo_routing',
@ -366,21 +368,21 @@ stop_firewall() {
 		       );
 	    }

-	    emit "
-    for chain in INPUT OUTPUT; do
-	setpolicy \$chain DROP
-    done
-";
+	    emitj( '',
+		   'for chain in INPUT OUTPUT; do',
+		   '    setpolicy $chain DROP',
+		   "done\n"
+		   );
 	  } else {
-	    emit "
-    for chain in INPUT OUTPUT; do
-	setpolicy \$chain ACCEPT
-    done
-
-    setpolicy FORWARD DROP
-
-    deleteallchains
-";
+	    emitj( '',
+		   'for chain in INPUT OUTPUT; do',
+		   '    setpolicy \$chain ACCEPT',
+		   'done',
+		   '',
+		   'setpolicy FORWARD DROP',
+		   '',
+		   "deleteallchains\n"
+		   );

 	    for my $hosts ( @$criticalhosts ) {
                my ( $interface, $host ) = ( split /:/, $hosts );
@ -392,44 +394,41 @@ stop_firewall() {
 		       );
 	    }

-	    emit "
-
-    setpolicy INPUT DROP
-
-    for chain in INPUT FORWARD; do
-	setcontinue \$chain
-    done
-";
+	    emitj ( "\nsetpolicy INPUT DROP",
+		    '',
+		    'for chain in INPUT FORWARD; do',
+		    '    setcontinue $chain',
+		    "done\n"
+		    );
 	}
    } elsif ( ! $config{ADMINISABSENTMINDED} ) {
-	emit "for chain in INPUT OUTPUT FORWARD; do
-	setpolicy \$chain DROP
-    done
-
-    deleteallchains
-"
+	emitj( 'for chain in INPUT OUTPUT FORWARD; do',
+	       '    setpolicy $chain DROP',
+	       'done',
+	       '',
+	       "deleteallchains\n"
+	       );
    } else {
-	    emit "for chain in INPUT FORWARD; do
-	setpolicy \$chain DROP
-    done
-
-    setpolicy OUTPUT ACCEPT
-
-    deleteallchains
-
-    for chain in INPUT FORWARD; do
-	setcontinue \$chain
-    done
-";
+	    emitj( 'for chain in INPUT FORWARD; do',
+		   '    setpolicy $chain DROP',
+		   'done',
+		   '',
+		   'setpolicy OUTPUT ACCEPT',
+		   '',
+		   'deleteallchains',
+		   '',
+		   'for chain in INPUT FORWARD; do',
+		   '    setcontinue $chain',
+		   "done\n",
+		   );
 	}

-    push_indent;
-
    process_routestopped;

    emitj( '$IPTABLES -A INPUT  -i lo -j ACCEPT',
 	   '$IPTABLES -A OUTPUT -o lo -j ACCEPT'
 	   );
+
    emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED};

    my $interfaces = find_interfaces_by_option 'dhcp';