extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-26 20:51:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Create 'add_commands'; revise handling of 'detect' in the masq ADDRESSES column

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6135 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-27 16:18:42 +00:00
parent 69be038583
commit da503e4b07
3 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Shorewall-perl/Shorewall/Chains.pm
View File

@ -52,6 +52,7 @@ our @EXPORT = qw( STANDARD
ALL_RESTRICT ALL_RESTRICT
add_command add_command
add_commands
add_file add_file
add_rule add_rule
insert_rule insert_rule
@ -261,6 +262,17 @@ sub add_command($$)
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
sub add_commands {
my $chainref = shift @_;
for my $command ( @_ ) {
push @{$chainref->{rules}}, join ('', '~', ' ' x $loopcount, $command );
}
$chainref->{referenced} = 1;
}
# #
# Copy a file into a chain's rules as a set of run-time commands # Copy a file into a chain's rules as a set of run-time commands
# #
@ -272,8 +284,9 @@ sub add_file( $$ ) {
if ( -f $file ) { if ( -f $file ) {
open EF , '<', $file or fatal_error "Unable to open $file"; open EF , '<', $file or fatal_error "Unable to open $file";
add_command $chainref, qq(progress_message "Processing $file..."); add_commands( $chainref,
add_command $chainref, ''; qq(progress_message "Processing $file..."),
'' );
while ( $line = <EF> ) { while ( $line = <EF> ) {
chomp $line; chomp $line;
@ -1335,9 +1348,7 @@ sub expand_rule( $$$$$$$$$$ )
# #
# ADDRESS 'detect' in the masq file. # ADDRESS 'detect' in the masq file.
# #
add_command $chainref , "dests=\$(find_interface_addresses $diface)"; add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' );
add_command $chainref , qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"");
add_command $chainref , 'for dest in $dests; do';
$rule .= '-d $dest'; $rule .= '-d $dest';
$loopcount++; $loopcount++;
} else { } else {

10
Shorewall-perl/Shorewall/Nat.pm
View File

@ -184,11 +184,11 @@ sub setup_one_masq($$$$$$)
$target .= "--to $addr "; $target .= "--to $addr ";
} }
} elsif ( $addresses eq 'detect' ) { } elsif ( $addresses eq 'detect' ) {
add_command( $chainref , 'addrlist=' ); add_commands( $chainref ,
add_command( $chainref , join( '', 'for address in ' , get_interface_addresses( $interface ), '; do' ) ); 'addrlist=',
add_command( $chainref , ' addrlist="$addrlist --to-source $address"' ); join( '', 'for address in ' , get_interface_addresses( $interface ), '; do' ),
add_command( $chainref , 'done' ); ' addrlist="$addrlist --to-source $address"',
'done' );
$target = '-j SNAT $addrlist'; $target = '-j SNAT $addrlist';
} else { } else {
my $addrlist = ''; my $addrlist = '';

9
Shorewall-perl/Shorewall/Rules.pm
View File

@ -753,10 +753,11 @@ sub setup_mac_lists( $ ) {
if ( $level ne '' || $disposition ne 'ACCEPT' ) { if ( $level ne '' || $disposition ne 'ACCEPT' ) {
my $variable = get_interface_addresses $interface; my $variable = get_interface_addresses $interface;
add_command $chainref, "for address in $variable; do"; add_commands( $chainref,
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3"; "for address in $variable; do",
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3"; " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3",
add_command $chainref, 'done'; " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3",
'done' );
} }
add_file $chainref, 'maclog'; add_file $chainref, 'maclog';