extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

More detect cleanup

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5647 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-23 19:19:43 +00:00
parent a81c737fe4
commit b9a36331b4
2 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
New/Shorewall/Chains.pm
View File

@ -234,7 +234,9 @@ my $chainseq;
#
#
# Count of the number of unclosed loops in generated shell code
# Count of the number of unclosed loops in generated shell code. We insert shell code
# into the Chain tables 'rules' array (proceeded by '~'). create_netfilter_load()
# emits that code inline for execution at run-time.
#
my $loopcount = 0;
@ -250,6 +252,7 @@ sub add_command($$)
$slowstart = 1;
}
#
# Add a rule to a chain. Arguments are:
#
@ -957,11 +960,6 @@ sub expand_rule( $$$$$$$$$$ )
my ($chainref , $restriction, $rule, $source, $dest, $origdest, $target, $loglevel , $disposition, $exceptionrule ) = @_;
my ($iiface, $diface, $inets, $dnets, $iexcl, $dexcl, $onets , $oexcl );
my $chain = $chainref->{name};
sub finish_detect_loops( $$ ) {
my ( $chainref, $chain, $ruleref, $detectcount, $newchainneeded ) = @_;
}
#
# Handle Log Level
#
@ -971,7 +969,7 @@ sub expand_rule( $$$$$$$$$$ )
( $loglevel, $logtag ) = split /:/, $loglevel;
if ( $loglevel =~ /^none!?$/i ) {
return 1 if $disposition eq 'LOG';
return if $disposition eq 'LOG';
$loglevel = $logtag = '';
}
}
@ -1071,9 +1069,9 @@ sub expand_rule( $$$$$$$$$$ )
my @interfaces = split /\s+/, $1;
if ( @interfaces > 1 ) {
add_command $chainref, (' ' x $loopcount) . "addresses=";
add_command $chainref, 'addresses=';
for my $interface ( split /\s+/, $1 ) {
for my $interface ( @interfaces ) {
add_command $chainref , 'addresses="$addresses $(find_first_interface_address $interface)"';
add_command( $chainref , 'for address in $addresses; do' );
}
@ -1292,15 +1290,15 @@ sub create_netfilter_load() {
if ( $slowstart ) {
emit 'TEMPFILE=$(mktempfile)';
emit '[ -n "$TEMPFILE" ] || fatal_error "Cannot create temporary file in /tmp"';
emit '';
emit 'exec 3>>$TEMPFILE';
emit '';
} else {
emit 'iptables-restore << __EOF__';
$state = CAT_STATE;
}
emit '';
for my $table qw/raw nat mangle filter/ {
emitr "*$table";

7
New/Shorewall/Nat.pm
View File

@ -187,13 +187,14 @@ sub setup_one_masq($$$$$$)
$target .= "--to $addr ";
}
} elsif ( $addresses eq 'detect' ) {
$target = '-j SNAT $addrlist';
add_command( $chainref , "addresses=\$(find_interface_addresses $interface);" );
add_command( $chainref , qq([ -z "\$addresses" ] && fatal_error "Unable to determine the IP address(es) of $interface";) );
add_command( $chainref , 'addrlist=; \\' );
add_command( $chainref , 'addrlist=' );
add_command( $chainref , 'for address in $addresses; do' );
add_command( $chainref , ' addrlist="$addrlist --to-source $address";' );
add_command( $chainref , ' addrlist="$addrlist --to-source $address"' );
add_command( $chainref , 'done' );
$target = '-j SNAT $addrlist';
} else {
my $addrlist = '';
for my $addr ( split /,/, $addresses ) {