From d989241712188bba6b56907d9ed7175d77aee648 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 7 Nov 2016 11:26:17 -0800 Subject: [PATCH] Retain shell variables during routestopped and blacklist conversions Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 36 +++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 5e785ebf2..a186103c3 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -216,6 +216,7 @@ sub convert_blacklist() { my $audit = $disposition =~ /^A_/; my $target = $disposition; my $orig_target = $target; + my $warnings = 0; my @rules; if ( @$zones || @$zones1 ) { @@ -237,12 +238,22 @@ sub convert_blacklist() { return 0; } + directive_callback( + sub () + { + warning_message "Omitted rules and compiler directives were not translated" unless $warnings++; + } + ); + first_entry "Converting $fn..."; while ( read_a_line( NORMAL_READ ) ) { my ( $networks, $protocol, $ports, $options ) = - split_line( 'blacklist file', - { networks => 0, proto => 1, port => 2, options => 3 } ); + split_rawline2( 'blacklist file', + { networks => 0, proto => 1, port => 2, options => 3 }, + {}, + 4, + ); if ( $options eq '-' ) { $options = 'src'; @@ -394,7 +405,8 @@ sub convert_routestopped() { if ( my $fn = open_file 'routestopped' ) { my ( @allhosts, %source, %dest , %notrack, @rule ); - my $seq = 0; + my $seq = 0; + my $warnings = 0; my $date = compiletime; my ( $stoppedrules, $fn1 ); @@ -422,6 +434,13 @@ sub convert_routestopped() { EOF } + directive_callback( + sub () + { + warning_message "Omitted rules and compiler directives were not translated" unless $warnings++; + } + ); + first_entry( sub { my $date = compiletime; @@ -436,13 +455,16 @@ EOF while ( read_a_line ( NORMAL_READ ) ) { my ($interface, $hosts, $options , $proto, $ports, $sports ) = - split_line( 'routestopped file', - { interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 } ); + split_rawline2( 'routestopped file', + { interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 }, + {}, + 6, + 0, + ); my $interfaceref; fatal_error 'INTERFACE must be specified' if $interface eq '-'; - fatal_error "Unknown interface ($interface)" unless $interfaceref = known_interface $interface; $hosts = ALLIP unless $hosts && $hosts ne '-'; my $routeback = 0; @@ -456,8 +478,6 @@ EOF $hosts = ALLIP if $hosts eq '-'; for my $host ( split /,/, $hosts ) { - fatal_error "Ipsets not allowed with SAVE_IPSETS=Yes" if $host =~ /^!?\+/ && $config{SAVE_IPSETS}; - validate_host $host, 1; push @hosts, "$interface|$host|$seq"; push @rule, $rule; }