extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 03:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Retain shell variables during routestopped and blacklist conversions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-11-07 11:26:17 -08:00
parent 652bc75448
commit d989241712
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -216,6 +216,7 @@ sub convert_blacklist() {
my $audit = $disposition =~ /^A_/; my $audit = $disposition =~ /^A_/;
my $target = $disposition; my $target = $disposition;
my $orig_target = $target; my $orig_target = $target;
my $warnings = 0;
my @rules; my @rules;
if ( @$zones || @$zones1 ) { if ( @$zones || @$zones1 ) {
@ -237,12 +238,22 @@ sub convert_blacklist() {
return 0; return 0;
} }
directive_callback(
sub ()
{
warning_message "Omitted rules and compiler directives were not translated" unless $warnings++;
}
);
first_entry "Converting $fn..."; first_entry "Converting $fn...";
while ( read_a_line( NORMAL_READ ) ) { while ( read_a_line( NORMAL_READ ) ) {
my ( $networks, $protocol, $ports, $options ) = my ( $networks, $protocol, $ports, $options ) =
split_line( 'blacklist file', split_rawline2( 'blacklist file',
{ networks => 0, proto => 1, port => 2, options => 3 } ); { networks => 0, proto => 1, port => 2, options => 3 },
{},
4,
);
if ( $options eq '-' ) { if ( $options eq '-' ) {
$options = 'src'; $options = 'src';
@ -394,7 +405,8 @@ sub convert_routestopped() {
if ( my $fn = open_file 'routestopped' ) { if ( my $fn = open_file 'routestopped' ) {
my ( @allhosts, %source, %dest , %notrack, @rule ); my ( @allhosts, %source, %dest , %notrack, @rule );
my $seq = 0; my $seq = 0;
my $warnings = 0;
my $date = compiletime; my $date = compiletime;
my ( $stoppedrules, $fn1 ); my ( $stoppedrules, $fn1 );
@ -422,6 +434,13 @@ sub convert_routestopped() {
EOF EOF
} }
directive_callback(
sub ()
{
warning_message "Omitted rules and compiler directives were not translated" unless $warnings++;
}
);
first_entry( first_entry(
sub { sub {
my $date = compiletime; my $date = compiletime;
@ -436,13 +455,16 @@ EOF
while ( read_a_line ( NORMAL_READ ) ) { while ( read_a_line ( NORMAL_READ ) ) {
my ($interface, $hosts, $options , $proto, $ports, $sports ) = my ($interface, $hosts, $options , $proto, $ports, $sports ) =
split_line( 'routestopped file', split_rawline2( 'routestopped file',
{ interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 } ); { interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 },
{},
6,
0,
);
my $interfaceref; my $interfaceref;
fatal_error 'INTERFACE must be specified' if $interface eq '-'; fatal_error 'INTERFACE must be specified' if $interface eq '-';
fatal_error "Unknown interface ($interface)" unless $interfaceref = known_interface $interface;
$hosts = ALLIP unless $hosts && $hosts ne '-'; $hosts = ALLIP unless $hosts && $hosts ne '-';
my $routeback = 0; my $routeback = 0;
@ -456,8 +478,6 @@ EOF
$hosts = ALLIP if $hosts eq '-'; $hosts = ALLIP if $hosts eq '-';
for my $host ( split /,/, $hosts ) { for my $host ( split /,/, $hosts ) {
fatal_error "Ipsets not allowed with SAVE_IPSETS=Yes" if $host =~ /^!?\+/ && $config{SAVE_IPSETS};
validate_host $host, 1;
push @hosts, "$interface|$host|$seq"; push @hosts, "$interface|$host|$seq";
push @rule, $rule; push @rule, $rule;
} }