extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Minor cleanup in the Rules module

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-08-31 13:01:49 -07:00
parent 4ec2c2087d
commit bb8af36d3f
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 60 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -295,7 +295,7 @@ our %validstates = ( NEW => 0,
# known until the compiler has started. # known until the compiler has started.
# #
# 2. The compiler can run multiple times in the same process so it has to be # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize its dependent modules' state. # able to re-initialize the state of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@ -345,11 +345,11 @@ sub initialize( $ ) {
# #
$macro_nest_level = 0; $macro_nest_level = 0;
# #
# All builtin actions plus those mentioned in /etc/shorewall[6]/actions and /usr/share/shorewall[6]/actions # All builtin actions plus those mentioned in /etc/shorewall[6]/actions and /usr/share/shorewall[6]/actions.std
# #
%actions = (); %actions = ();
# #
# Action variants actually used. Key is <action>:<loglevel>:<tag>:<params>; value is corresponding chain name # Action variants actually used. Key is <action>:<loglevel>:<tag>:<caller>:<params>; value is corresponding chain name
# #
%usedactions = (); %usedactions = ();
@ -650,7 +650,7 @@ sub process_a_policy() {
fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client ); fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
my $serverwild = ( "\L$server" =~ /^all(\+)?/ ); my $serverwild = ( "\L$server" =~ /^all(\+)?/ );
$intrazone ||= $serverwild && $1; $intrazone ||= ( $serverwild && $1 );
fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server ); fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server );
@ -1352,7 +1352,7 @@ sub new_action( $$$$$ ) {
# Create and record a log action chain -- Log action chains have names # Create and record a log action chain -- Log action chains have names
# that are formed from the action name by prepending a "%" and appending # that are formed from the action name by prepending a "%" and appending
# a 1- or 2-digit sequence number. In the functions that follow, # a 1- or 2-digit sequence number. In the functions that follow,
# the $chain, $level and $tag variable serves as arguments to the user's # the $chain, $level and $tag variables serve as arguments to the user's
# exit. We call the exit corresponding to the name of the action but we # exit. We call the exit corresponding to the name of the action but we
# set $chain to the name of the iptables chain where rules are to be added. # set $chain to the name of the iptables chain where rules are to be added.
# Similarly, $level and $tag contain the log level and log tag respectively. # Similarly, $level and $tag contain the log level and log tag respectively.
@ -1533,7 +1533,7 @@ sub find_macro( $ )
{ {
my $macro = $_[0]; my $macro = $_[0];
$macro =~ s/^macro.//; $macro =~ s/^macro\.//;
my $macrofile = find_file "macro.$macro"; my $macrofile = find_file "macro.$macro";
@ -2957,8 +2957,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# And we need the dest zone for local/loopback/off-firewall/destonly checks # And we need the dest zone for local/loopback/off-firewall/destonly checks
# #
$destref = find_zone( $chainref->{destzone} ) if $chainref->{destzone}; $destref = find_zone( $chainref->{destzone} ) if $chainref->{destzone};
} else { } elsif ( ! ( $actiontype & NATONLY ) ) {
unless ( $actiontype & NATONLY ) {
# #
# Check for illegal bridge port rule # Check for illegal bridge port rule
# #
@ -3017,7 +3016,6 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
$chainref = $auxref; $chainref = $auxref;
} }
} }
}
# #
# Handle 'local/loopback' warnings # Handle 'local/loopback' warnings
# #
@ -3033,7 +3031,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# #
# Handle actions # Handle actions
# #
my $actionchain; #Name of the action chain my $actionchain; # Name of the action chain
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
# #
@ -3562,7 +3560,7 @@ sub perl_action_tcp_helper($$) {
sub process_section ($) { sub process_section ($) {
my $sect = shift; my $sect = shift;
# #
# split_line1 has already verified that there are exactly two tokens on the line # split_line2 has already verified that there are exactly two tokens on the line
# #
fatal_error "Invalid SECTION ($sect)" unless defined $sections{$sect}; fatal_error "Invalid SECTION ($sect)" unless defined $sections{$sect};
fatal_error "Duplicate or out of order SECTION $sect" if $sections{$sect}; fatal_error "Duplicate or out of order SECTION $sect" if $sections{$sect};
@ -3706,7 +3704,7 @@ sub process_raw_rule ( ) {
fatal_error "Invalid or missing ACTION ($target)" unless defined $action; fatal_error "Invalid or missing ACTION ($target)" unless defined $action;
if ( @protos > 1 ) { if ( @protos > 1 ) {
fatal_error "Inversion not allowed in a PROTO list" if $protos =~ tr/!/!/; fatal_error "Inversion not allowed in a PROTO list" if $protos =~ /!/;
} }
for $source ( @source ) { for $source ( @source ) {