extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-09 23:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

"Fix" bashisms (at least they are bashims according to the Debian people)

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8289 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
el_cubano
2008-03-14 02:07:28 +00:00
parent b0a5c577f4
commit bbe6dfb5fd
32 changed files with 1816 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

367
Shorewall-shell/compiler
View File

@ -133,7 +133,8 @@ indent1() {
#
append_file() # $1 = File Name
{
local user_exit=$(find_file $1)
local user_exit
user_exit=$(find_file $1)
case $user_exit in
$SHAREDIR/*)
@ -215,7 +216,8 @@ run_tc() {
#
finish_chain_section() # $1 = canonical chain $2 = state list
{
local policy policychain
local policy
local policychain
[ -n "$FASTACCEPT" ] || run_iptables -A $1 -m state --state $2 -j ACCEPT
@ -246,7 +248,9 @@ finish_chain_section() # $1 = canonical chain $2 = state list
finish_section() # $1 = Section(s)
{
local zone zone1 chain
local zone
local zone1
local chain
for zone in $ZONES $FW; do
for zone1 in $ZONES $FW; do
@ -268,7 +272,8 @@ finish_section() # $1 = Section(s)
#
createchain() # $1 = chain name, $2 = If "yes", do section-end processing
{
local c=$(chain_base $1)
local c
c=$(chain_base $1)
run_iptables -N $1
@ -291,7 +296,8 @@ createchain() # $1 = chain name, $2 = If "yes", do section-end processing
#
createchain2() # $1 = chain name, $2 = If "yes", create default rules
{
local c=$(chain_base $1)
local c
c=$(chain_base $1)
ensurechain $1
@ -318,7 +324,8 @@ createchain2() # $1 = chain name, $2 = If "yes", create default rules
#
havechain() # $1 = name of chain
{
local c=$(chain_base $1)
local c
c=$(chain_base $1)
eval test \"\$exists_${c}\" = Yes
}
@ -724,16 +731,25 @@ disable_critical_hosts()
#
log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule
{
local level=$1
local chain=$2
local displayChain=$3
local disposition=$4
local rulenum=
local limit=
local tag=$6
local command=${7:--A}
local level
level=$1
local chain
chain=$2
local displayChain
displayChain=$3
local disposition
disposition=$4
local rulenum
rulenum=
local limit
limit=
local tag
tag=$6
local command
command=${7:--A}
local prefix
local base=$(chain_base $displayChain)
local base
base=$(chain_base $displayChain)
limit="${5:-$LOGLIMIT}" # Do this here rather than in the declaration above to appease /bin/ash.
@ -744,9 +760,12 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi
log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule
{
local level=$1
local chain=$2
local disposition=$3
local level
level=$1
local chain
chain=$2
local disposition
disposition=$3
shift 3
@ -761,9 +780,12 @@ setup_syn_flood_chain ()
# $2 = synparams
# $3 = loglevel
{
local chain=@$1
local limit=$2
local limit_burst=
local chain
chain=@$1
local limit
limit=$2
local limit_burst
limit_burst=
case $limit in
*:*)
@ -842,8 +864,10 @@ __EOF__
#
setup_ecn() # $1 = file name
{
local interfaces=""
local hosts=
local interfaces
interfaces=""
local hosts
hosts=
local h
if [ -s ${TMP_DIR}/ecn ]; then
@ -891,7 +915,8 @@ setup_ecn() # $1 = file name
#
build_exclusion_chain() # $1 = variable to store chain name into $2 = table, $3 = SOURCE exclusion list, $4 = DESTINATION exclusion list
{
local c=excl_${EXCLUSION_SEQ} net
local c
c=excl_${EXCLUSION_SEQ} net
EXCLUSION_SEQ=$(( $EXCLUSION_SEQ + 1 ))
@ -921,7 +946,10 @@ build_exclusion_chain() # $1 = variable to store chain name into $2 = table, $3
# Setup queuing and classes
#
setup_tc1() {
local mark_part= comment=
local mark_part
mark_part=
local comment
comment=
#
# Create the TC mangle chains
#
@ -1030,7 +1058,8 @@ __EOF__
#
refresh_tc() {
local comment=
local comment
comment=
if [ -n "$CLEAR_TC" ]; then
delete_tc
@ -1094,9 +1123,12 @@ __EOF__
#
compile_refresh_firewall()
{
local INDENT=""
local DOING="Compiling Refresh of"
local DONE="Compiled"
local INDENT
INDENT=""
local DOING
DOING="Compiling Refresh of"
local DONE
DONE="Compiled"
local indent
save_command "refresh_firewall()"
@ -1147,7 +1179,8 @@ compile_refresh_firewall()
process_action_file() # $1 = File Name
{
if ! list_search $1 $BUILTIN_ACTIONS; then
local user_exit=$(find_file $1)
local user_exit
user_exit=$(find_file $1)
if [ -f $user_exit ]; then
progress_message "Processing $user_exit ..."
@ -1178,7 +1211,12 @@ process_action_file() # $1 = File Name
createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
{
local actchain= action=$1 level=$2
local actchain
actchain=
local action
action=$1
local level
level=$2
eval actchain=\${${action}_actchain}
@ -1264,7 +1302,14 @@ createactionchain() # $1 = Action, including log level and tag if any
#
find_logactionchain() # $1 = Action, including log level and tag if any
{
local fullaction=$1 action=${1%%:*} level= chains=
local fullaction
fullaction=$1
local action
action=${1%%:*}
local level
level=
local chains
chains=
find_simpleaction() {
havechain $action || fatal_error "Fatal error in find_logactionchain"
@ -1307,7 +1352,10 @@ find_logactionchain() # $1 = Action, including log level and tag if any
#
merge_levels() # $1=level at which superior action is called, $2=level at which the subordinate rule is called
{
local superior=$1 subordinate=$2
local superior
superior=$1
local subordinate
subordinate=$2
set -- $(split $1)
@ -1384,7 +1432,9 @@ define_builtin_actions() {
#
map_old_action() # $1 = Potential Old Action
{
local macro= aktion
local macro
macro=
local aktion
if [ -n "$MAPOLDACTIONS" ]; then
case $1 in
@ -1437,7 +1487,8 @@ map_old_action() # $1 = Potential Old Action
#
substitute_action() # $1 = parameter, $2 = action
{
local logpart=${2#*:}
local logpart
logpart=${2#*:}
case $2 in
*:*)
@ -1635,7 +1686,8 @@ __EOF__
# policy = Applicable Policy
#
add_a_rule() {
local natrule=
local natrule
natrule=
do_ports() {
if [ -n "$port" ]; then
@ -2123,19 +2175,32 @@ process_rule() # $1 = target
# $9 = userspec
# $10= mark
{
local target="$1"
local clients="$2"
local servers="$3"
local protocol="$4"
local ports="$5"
local cports="$6"
local address="$7"
local ratelimit="$8"
local userspec="$9"
local mark="${10}"
local userandgroup=
local logtag=
local nonat=
local target
target="$1"
local clients
clients="$2"
local servers
servers="$3"
local protocol
protocol="$4"
local ports
ports="$5"
local cports
cports="$6"
local address
address="$7"
local ratelimit
ratelimit="$8"
local userspec
userspec="$9"
local mark
mark="${10}"
local userandgroup
userandgroup=
local logtag
logtag=
local nonat
nonat=
# # # # # F u n c t i o n B o d y # # # # #
@ -2488,17 +2553,28 @@ process_macro() # $1 = target
# $9 = userspec
# $10= mark
{
local itarget="$1"
local param="$2"
local iclients="$3"
local iservers="$4"
local iprotocol="$5"
local iports="$6"
local icports="$7"
local iaddress="$8"
local iratelimit="$9"
local iuserspec="${10}"
local imark="${11}"
local itarget
itarget="$1"
local param
param="$2"
local iclients
iclients="$3"
local iservers
iservers="$4"
local iprotocol
iprotocol="$5"
local iports
iports="$6"
local icports
icports="$7"
local iaddress
iaddress="$8"
local iratelimit
iratelimit="$9"
local iuserspec
iuserspec="${10}"
local imark
imark="${11}"
progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..."
@ -2583,13 +2659,19 @@ process_macro() # $1 = target
#
process_rules()
{
local comment= optimize
local comment
comment=
local optimize
#
# Process a rule where the source or destination is "all"
#
process_wildcard_rule() # $1 = Yes, if this is a macro, $2 = Yes if we want intrazone traffic
{
local yclients yservers ysourcezone ydestzone ypolicy
local yclients
local yservers
local ysourcezone
local ydestzone
local ypolicy
for yclients in $xclients; do
for yservers in $xservers; do
@ -2622,7 +2704,8 @@ process_rules()
do_it() # $1 = "Yes" if the target is a macro.
{
local intrazone=
local intrazone
intrazone=
if [ -z "$SECTIONS" ]; then
finish_section ESTABLISHED,RELATED
@ -2802,17 +2885,35 @@ process_rules()
#
process_default_macro() # $1 = macro name
{
local macro=$1
local address=
local multioption=
local servport=
local chain=$1
local logchain=$1
local userandgroup=
local logtag=
local excludesource=
local target client server protocol port cport ratelimit userspec rule
local f=$(find_file macro.${macro})
local macro
macro=$1
local address
address=
local multioption
multioption=
local servport
servport=
local chain
chain=$1
local logchain
logchain=$1
local userandgroup
userandgroup=
local logtag
logtag=
local excludesource
excludesource=
local target
local client
local server
local protocol
local port
local cport
local ratelimit
local userspec
local rule
local f
f=$(find_file macro.${macro})
havechain $macro && fatal_error "Illegal duplicate default macro name: $macro"
@ -3070,7 +3171,10 @@ process_tos_rule() {
#
process_tos() # $1 = name of tos file
{
local chain=pretos stdchain=PREROUTING
local chain
chain=pretos
local stdchain
stdchain=PREROUTING
if [ -n "$MANGLE_FORWARD" ]; then
chain=fortos
@ -3101,8 +3205,10 @@ policy_rules() # $1 = chain to add rules to
# $3 = loglevel
# $4 = Default Action/Macro
{
local target="$2"
local default="$4"
local target
target="$2"
local default
default="$4"
if [ -n "$default" ]; then
[ "$default" = none ] || run_iptables -A $1 -j $default
@ -3139,9 +3245,12 @@ policy_rules() # $1 = chain to add rules to
#
default_policy() # $1 = client $2 = server
{
local chain="${1}2${2}"
local policy=
local loglevel=
local chain
chain="${1}2${2}"
local policy
policy=
local loglevel
loglevel=
local chain1
jump_to_policy_chain() {
@ -3243,10 +3352,14 @@ default_policy() # $1 = client $2 = server
#
complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
{
local policy=
local loglevel=
local policychain=
local default=
local policy
policy=
local loglevel
loglevel=
local policychain
policychain=
local default
default=
run_user_exit $1
@ -3275,7 +3388,8 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
#
rules_chain() # $1 = source zone, $2 = destination zone
{
local chain=${1}2${2} local policy
local chain
chain=${1}2${2} local policy
havechain $chain && { echo $chain; return; }
@ -3384,8 +3498,10 @@ process_blacklist_rec() {
process_blacklist()
{
local disposition=$BLACKLIST_DISPOSITION
local f=$(find_file blacklist)
local disposition
disposition=$BLACKLIST_DISPOSITION
local f
f=$(find_file blacklist)
local target
if [ -s $TMP_DIR/blacklist ]; then
@ -3419,8 +3535,10 @@ __EOF__
# Setup the Black List
#
setup_blacklist() {
local hosts="$(find_hosts_by_option blacklist)"
local ipsec policy
local hosts
hosts="$(find_hosts_by_option blacklist)"
local ipsec
local policy
if [ -n "$hosts" -a -s ${TMP_DIR}/blacklist ]; then
progress_message2 "$DOING Blacklisting..."
@ -3465,8 +3583,10 @@ setup_blacklist() {
# Construct zone-independent rules
#
add_common_rules() {
local savelogparms="$LOGPARMS"
local broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4"
local savelogparms
savelogparms="$LOGPARMS"
local broadcasts
broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4"
#
# Populate the smurf chain
#
@ -3997,14 +4117,19 @@ apply_policy_rules() {
#
activate_rules()
{
local PREROUTING_rule=1
local POSTROUTING_rule=1
local PREROUTING_rule
PREROUTING_rule=1
local POSTROUTING_rule
POSTROUTING_rule=1
#
# Jump to a NAT chain from one of the builtin nat chains
#
addnatjump() # $1 = BUILTIN chain, $2 = user chain, $3 - * other arguments
{
local sourcechain=$1 destchain=$2
local sourcechain
sourcechain=$1
local destchain
destchain=$2
shift
shift
@ -4022,7 +4147,10 @@ activate_rules()
#
addrulejump() # $1 = BUILTIN chain, $2 = user chain, $3 - * other arguments
{
local sourcechain=$1 destchain=$2
local sourcechain
sourcechain=$1
local destchain
destchain=$2
shift
shift
@ -4050,7 +4178,15 @@ activate_rules()
#
insert_exclusions() # $1 = table $2 = chain name, $3 - $n = exclusions
{
local t=$1 c=$2 num=0 host1 interface1 networks1
local t
t=$1
local c
c=$2
local num
num=0
local host1
local interface1
local networks1
shift 2
@ -4066,7 +4202,13 @@ activate_rules()
#
add_exclusions() # $1 = table $2 = chain name, $3 - $n = exclusions
{
local t=$1 c=$2 host1 interface1 networks1
local t
t=$1
local c
c=$2
local host1
local interface1
local networks1
shift 2
@ -4114,7 +4256,8 @@ activate_rules()
eval exclusions=\"\$${zone}_exclusions\"
if [ -n "$exclusions" ]; then
local num=1
local num
num=1
in_chain=${zone}_input
out_chain=${zone}_output
createchain $in_chain No
@ -4562,8 +4705,10 @@ activate_rules()
# from that script are available here
#
compile_stop_firewall() {
local IPTABLES_COMMAND="\$IPTABLES"
local INDENT=" "
local IPTABLES_COMMAND
IPTABLES_COMMAND="\$IPTABLES"
local INDENT
INDENT=" "
cat >&3 << __EOF__
@ -4907,10 +5052,18 @@ mycat()
#
compile_firewall() # $1 = File Name
{
local IPTABLES_COMMAND=run_iptables
local INDENT=""
local checking= outfile=$1 dir=
local match=
local IPTABLES_COMMAND
IPTABLES_COMMAND=run_iptables
local INDENT
INDENT=""
local checking
checking=
local outfile
outfile=$1
local dir
dir=
local match
match=
setup_mss()
{
@ -5158,7 +5311,8 @@ __EOF__
fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget "-e" when you compiled?)"
fi
local version=\$(cat \${SHAREDIR}/version)
local version
version=\$(cat \${SHAREDIR}/version)
if [ \${SHOREWALL_LIBVERSION:-0} -lt 30203 ]; then
fatal_error "This script requires Shorewall version 3.3.3 or later; current version is \$version"
@ -5298,7 +5452,8 @@ __EOF__
# Start/Restart/Reload the firewall
#
define_firewall() {
local restore_file=\$1
local restore_file
restore_file=\$1
__EOF__
INDENT=" "