From b721749a3ef2aa8f198e7ba705c032ac2f3a43f5 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 21 Jul 2007 15:13:50 +0000 Subject: [PATCH] Remove an unneeded error check; eliminate syntax that confuses emacs git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6921 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 18 ++++++++++++------ Shorewall-perl/Shorewall/Rules.pm | 5 +++-- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 717a03a79..269dd65d3 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -168,8 +168,14 @@ our %chain_table; our $nat_table; our $mangle_table; our $filter_table; +# +# It is a layer violation to keep information about the rules file sections in this module but in Shorewall, the rules file +# and the filter table are very closely tied. By keeping the information here, we avoid making several other modules dependent +# in Shorewall::Rules. +# our %sections; our $section; + our $comment; use constant { STANDARD => 1, #defined by Netfilter @@ -653,24 +659,24 @@ sub new_standard_chain($) { # sub initialize_chain_table() { - for my $chain qw/OUTPUT PREROUTING/ { + for my $chain qw(OUTPUT PREROUTING) { new_builtin_chain 'raw', $chain, 'ACCEPT'; } - for my $chain qw/INPUT OUTPUT FORWARD/ { + for my $chain qw(INPUT OUTPUT FORWARD) { new_builtin_chain 'filter', $chain, 'DROP'; } - for my $chain qw/PREROUTING POSTROUTING OUTPUT/ { + for my $chain qw(PREROUTING POSTROUTING OUTPUT) { new_builtin_chain 'nat', $chain, 'ACCEPT'; } - for my $chain qw/PREROUTING INPUT FORWARD OUTPUT POSTROUTING/ { + for my $chain qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING) { new_builtin_chain 'mangle', $chain, 'ACCEPT'; } if ( $capabilities{MANGLE_FORWARD} ) { - for my $chain qw/ FORWARD POSTROUTING / { + for my $chain qw( FORWARD POSTROUTING ) { new_builtin_chain 'mangle', $chain, 'ACCEPT'; } } @@ -1968,7 +1974,7 @@ sub create_netfilter_load() { } # -# Generate the netfilter input +# Generate the netfilter input for refreshing the blacklist # sub create_blacklist_reload() { diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index a691f0cbc..e7c48d74b 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -1299,9 +1299,11 @@ sub process_rules() { if ( $target eq 'COMMENT' ) { process_comment; } elsif ( $target eq 'SECTION' ) { + # + # read_a_line has already verified that there are exactly two tokens on the line + # fatal_error "Invalid SECTION $source" unless defined $sections{$source}; fatal_error "Duplicate or out of order SECTION $source" if $sections{$source}; - fatal_error "Invalid Section $source $dest" if $dest; $sectioned = 1; $sections{$source} = 1; @@ -1549,7 +1551,6 @@ sub generate_matrix() { } } - if ( $chain1 ) { for my $interface ( keys %needbroadcast ) { add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";