From c4e6a75eea250129458cbf844c85620ceedf0fe0 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 12 Mar 2007 02:59:12 +0000 Subject: [PATCH] More object generation changes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5504 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/compiler.pl | 25 +++++++++++++------------ New/prog.functions | 26 ++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/New/compiler.pl b/New/compiler.pl index ff5374dbf..68aa7012e 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -5190,10 +5190,10 @@ sub create_iptables_restore_file() { } emit 'COMMIT'; - emit '__EOF__'; } - emit '}'; + emit '__EOF__'; + emit "}\n"; } # @@ -5458,6 +5458,8 @@ sub setup_forwarding() { emit 'echo 0 > /proc/sys/net/ipv4/ip_forward'; emit 'progress_message2 IP Forwarding Disabled!'; } + + emit ''; } sub generate_object () { @@ -5562,7 +5564,10 @@ sub generate_object () { emit "}\n"; copy find_file 'prog.functions'; - progress_message2 "Creating iptables-restore input..."; create_iptables_restore_file; + + progress_message2 "Creating iptables-restore input..."; + + create_iptables_restore_file; emit '#'; emit '# Start/Restart/Reload the firewall'; @@ -5610,7 +5615,7 @@ sub generate_object () { emit " startup_error \"The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface\""; emit ' fi'; emit ' done'; - emit 'fi'; + emit "fi\n"; } emit "run_init_exit\n"; @@ -5624,17 +5629,13 @@ sub generate_object () { emit "f=\$(find_file ipsets)\n"; - emit 'if [ -f $f ]; then'; - emit ' progress_message2 "Restoring IPSETS...'; - emit ' ipset -U :all: :all:'; - emit ' ipset -F'; - emit ' ipset -X'; - emit ' ipset -R < $f'; - emit "fi\n"; - emit "disable_ipv6\n" if $config{DISABLE_IPV6}; setup_forwarding; + + emit "restore_iptables\n"; + + emit "restore_dynamic_rules\n"; $indent = ''; diff --git a/New/prog.functions b/New/prog.functions index 4e4a31d7e..2c44424ba 100644 --- a/New/prog.functions +++ b/New/prog.functions @@ -383,3 +383,29 @@ ensure_and_save_command() { eval $@ || fatal_error "Command \"$@\" failed" } +restore_dynamic_rules() { + if [ -f ${VARDIR}/save ]; then + progress_message2 "Setting up dynamic rules..." + rangematch='source IP range' + while read target ignore1 ignore2 address ignore3 rest; do + case $target in + DROP|reject|logdrop|logreject) + case $rest in + $rangematch*) + run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target + ;; + *) + if [ -z "$rest" ]; then + run_iptables -A dynamic -s $address -j $target + else + error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\"" + fi + ;; + esac + ;; + esac + done < ${VARDIR}/save + fi +} + +