mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 11:20:53 +01:00
Correct grammar in messages produced by 'require_capability'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6231 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
14a66a102e
commit
e7b4985784
@ -600,7 +600,7 @@ sub process_actions3 () {
|
|||||||
my $set = $tag[0];
|
my $set = $tag[0];
|
||||||
my $count = $tag[1] + 1;
|
my $count = $tag[1] + 1;
|
||||||
|
|
||||||
require_capability( 'RECENT_MATCH' , 'Limit rules' );
|
require_capability( 'RECENT_MATCH' , 'Limit rules' , '' );
|
||||||
|
|
||||||
add_rule $chainref, "-m recent --name $set --set";
|
add_rule $chainref, "-m recent --name $set --set";
|
||||||
|
|
||||||
|
@ -827,7 +827,7 @@ sub do_proto( $$$ )
|
|||||||
|
|
||||||
fatal_error 'SOURCE PORT(S) not permitted with ICMP' if $sports ne '';
|
fatal_error 'SOURCE PORT(S) not permitted with ICMP' if $sports ne '';
|
||||||
} elsif ( $proto =~ /^(ipp2p(:(tcp|udp|all))?)$/i ) {
|
} elsif ( $proto =~ /^(ipp2p(:(tcp|udp|all))?)$/i ) {
|
||||||
require_capability( 'IPP2P_MATCH' , 'PROTO = ipp2p' );
|
require_capability( 'IPP2P_MATCH' , 'PROTO = ipp2p' , 's' );
|
||||||
$proto = $2 ? $3 : 'tcp';
|
$proto = $2 ? $3 : 'tcp';
|
||||||
$ports = 'ipp2p' unless $ports;
|
$ports = 'ipp2p' unless $ports;
|
||||||
$output .= "-p $proto -m ipp2p --$ports ";
|
$output .= "-p $proto -m ipp2p --$ports ";
|
||||||
@ -972,7 +972,7 @@ sub do_tos( $ ) {
|
|||||||
sub iprange_match() {
|
sub iprange_match() {
|
||||||
my $match = '';
|
my $match = '';
|
||||||
|
|
||||||
require_capability( 'IPRANGE_MATCH' , 'Address Ranges' );
|
require_capability( 'IPRANGE_MATCH' , 'Address Ranges' , '' );
|
||||||
unless ( $iprangematch ) {
|
unless ( $iprangematch ) {
|
||||||
$match = '-m iprange ';
|
$match = '-m iprange ';
|
||||||
$iprangematch = 1 unless $capabilities{KLUDGEFREE};
|
$iprangematch = 1 unless $capabilities{KLUDGEFREE};
|
||||||
@ -1018,7 +1018,7 @@ sub match_source_net( $ ) {
|
|||||||
my $invert = $1 ? '! ' : '';
|
my $invert = $1 ? '! ' : '';
|
||||||
"-m mac --mac-source ${invert}$net ";
|
"-m mac --mac-source ${invert}$net ";
|
||||||
} elsif ( $net =~ /^(!?)\+/ ) {
|
} elsif ( $net =~ /^(!?)\+/ ) {
|
||||||
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' );
|
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '' );
|
||||||
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
|
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'src' ) );
|
||||||
} elsif ( $net =~ /^!/ ) {
|
} elsif ( $net =~ /^!/ ) {
|
||||||
$net =~ s/!//;
|
$net =~ s/!//;
|
||||||
@ -1038,7 +1038,7 @@ sub match_dest_net( $ ) {
|
|||||||
$net =~ s/!// if my $invert = $1 ? '! ' : '';
|
$net =~ s/!// if my $invert = $1 ? '! ' : '';
|
||||||
iprange_match . "${invert}--dst-range $net ";
|
iprange_match . "${invert}--dst-range $net ";
|
||||||
} elsif ( $net =~ /^(!?)\+/ ) {
|
} elsif ( $net =~ /^(!?)\+/ ) {
|
||||||
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' );
|
require_capability( 'IPSET_MATCH' , 'ipset names in Shorewall configuration files' , '');
|
||||||
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'dst' ) );
|
join( '', '-m set ', $1 ? '! ' : '', get_set_flags( $net, 'dst' ) );
|
||||||
} elsif ( $net =~ /^!/ ) {
|
} elsif ( $net =~ /^!/ ) {
|
||||||
$net =~ s/!//;
|
$net =~ s/!//;
|
||||||
|
@ -734,10 +734,10 @@ sub determine_capabilities() {
|
|||||||
#
|
#
|
||||||
# Require the passed capability
|
# Require the passed capability
|
||||||
#
|
#
|
||||||
sub require_capability( $$ ) {
|
sub require_capability( $$$ ) {
|
||||||
my ( $capability, $description ) = @_;
|
my ( $capability, $description, $singular ) = @_;
|
||||||
|
|
||||||
fatal_error "$description requires $capdesc{$capability} in your kernel and iptables"
|
fatal_error "$description require${singular} $capdesc{$capability} in your kernel and iptables"
|
||||||
unless $capabilities{$capability};
|
unless $capabilities{$capability};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -266,7 +266,7 @@ sub setup_masq()
|
|||||||
|
|
||||||
if ( $first_entry ) {
|
if ( $first_entry ) {
|
||||||
progress_message2 "$doing $fn...";
|
progress_message2 "$doing $fn...";
|
||||||
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
|
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' , 's' );
|
||||||
$first_entry = 0;
|
$first_entry = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -380,7 +380,7 @@ sub setup_nat() {
|
|||||||
|
|
||||||
if ( $first_entry ) {
|
if ( $first_entry ) {
|
||||||
progress_message2 "$doing $fn...";
|
progress_message2 "$doing $fn...";
|
||||||
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
|
require_capability( 'NAT_ENABLED' , 'a non-empty nat file', 's' );
|
||||||
$first_entry = 0;
|
$first_entry = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -415,7 +415,7 @@ sub setup_netmap() {
|
|||||||
|
|
||||||
if ( $first_entry ) {
|
if ( $first_entry ) {
|
||||||
progress_message2 "$doing $fn...";
|
progress_message2 "$doing $fn...";
|
||||||
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
|
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' , 's' );
|
||||||
$first_entry = 0;
|
$first_entry = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,8 +64,8 @@ sub setup_route_marking() {
|
|||||||
my $mask = $config{HIGH_ROUTE_MARKS} ? '0xFF00' : '0xFF';
|
my $mask = $config{HIGH_ROUTE_MARKS} ? '0xFF00' : '0xFF';
|
||||||
my $mark_op = $config{HIGH_ROUTE_MARKS} ? '--or-mark' : '--set-mark';
|
my $mark_op = $config{HIGH_ROUTE_MARKS} ? '--or-mark' : '--set-mark';
|
||||||
|
|
||||||
require_capability( 'CONNMARK_MATCH' , 'the provider \'track\' option' );
|
require_capability( 'CONNMARK_MATCH' , 'the provider \'track\' option' , 's' );
|
||||||
require_capability( 'CONNMARK' , 'the provider \'track\' option' );
|
require_capability( 'CONNMARK' , 'the provider \'track\' option' , 's' );
|
||||||
|
|
||||||
add_rule $mangle_table->{PREROUTING} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask";
|
add_rule $mangle_table->{PREROUTING} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask";
|
||||||
add_rule $mangle_table->{OUTPUT} , " -m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask";
|
add_rule $mangle_table->{OUTPUT} , " -m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask";
|
||||||
@ -334,7 +334,7 @@ sub setup_providers() {
|
|||||||
while ( read_a_line ) {
|
while ( read_a_line ) {
|
||||||
unless ( $providers ) {
|
unless ( $providers ) {
|
||||||
progress_message2 "$doing $fn ...";
|
progress_message2 "$doing $fn ...";
|
||||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
|
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
|
||||||
|
|
||||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
||||||
|
|
||||||
|
@ -981,9 +981,9 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
# Generate NAT rule(s), if any
|
# Generate NAT rule(s), if any
|
||||||
#
|
#
|
||||||
if ( $actiontype & NATRULE ) {
|
if ( $actiontype & NATRULE ) {
|
||||||
my ( $server, $serverport , $natchain );
|
my ( $server, $serverport );
|
||||||
fatal_error "$target rules not allowed in the $section SECTION" if $section ne 'NEW';
|
fatal_error "$target rules not allowed in the $section SECTION" if $section ne 'NEW';
|
||||||
require_capability( 'NAT_ENABLED' , "$basictarget rules" );
|
require_capability( 'NAT_ENABLED' , "$basictarget rules", '' );
|
||||||
#
|
#
|
||||||
# Isolate server port
|
# Isolate server port
|
||||||
#
|
#
|
||||||
@ -1100,7 +1100,7 @@ sub process_rule1 ( $$$$$$$$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
unless ( $origdest eq '-' ) {
|
unless ( $origdest eq '-' ) {
|
||||||
require_capability( 'CONNTRACK_MATCH', 'ORIGINAL DEST in non-NAT rule' ) unless $actiontype & NATRULE;
|
require_capability( 'CONNTRACK_MATCH', 'ORIGINAL DEST in a non-NAT rule', 's' ) unless $actiontype & NATRULE;
|
||||||
} else {
|
} else {
|
||||||
$origdest = '';
|
$origdest = '';
|
||||||
}
|
}
|
||||||
|
@ -528,7 +528,7 @@ sub setup_tc() {
|
|||||||
|
|
||||||
if ( $first_entry ) {
|
if ( $first_entry ) {
|
||||||
progress_message2 "$doing $fn...";
|
progress_message2 "$doing $fn...";
|
||||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' );
|
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' , 's' );
|
||||||
$first_entry = 0;
|
$first_entry = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -643,12 +643,12 @@ sub compiler( $ ) {
|
|||||||
|
|
||||||
report_capabilities if $verbose > 1;
|
report_capabilities if $verbose > 1;
|
||||||
|
|
||||||
require_capability( 'MULTIPORT' , "Shorewall-perl $globals{VERSION}" );
|
require_capability( 'MULTIPORT' , "Shorewall-perl $globals{VERSION}" , 's' );
|
||||||
require_capability( 'ADDRTYPE' , "Shorewall-perl $globals{VERSION}" );
|
require_capability( 'ADDRTYPE' , "Shorewall-perl $globals{VERSION}" , 's' );
|
||||||
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' ) if $config{MACLIST_TTL};
|
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL};
|
||||||
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' ) if $config{HIGH_ROUTE_MARKS};
|
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{HIGH_ROUTE_MARKS};
|
||||||
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' ) if $config{TC_ENABLED};
|
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED};
|
||||||
require_capability( 'CONNTRACK_MATCH' , 'RFC1918_STRICT=Yes' ) if $config{RFC1918_STRICT};
|
require_capability( 'CONNTRACK_MATCH' , 'RFC1918_STRICT=Yes' , 's' ) if $config{RFC1918_STRICT};
|
||||||
|
|
||||||
( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile;
|
( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user