mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-17 11:51:20 +01:00
More IPv6
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
96af8e6a62
commit
e8586bbdb9
@ -28,6 +28,7 @@ require Exporter;
|
||||
use Shorewall::Config qw(:DEFAULT :internal);
|
||||
use Shorewall::Zones;
|
||||
use Shorewall::Chains qw(:DEFAULT :internal);
|
||||
use Shorewall::IPAddrs;
|
||||
|
||||
use strict;
|
||||
|
||||
@ -48,11 +49,11 @@ our @EXPORT = qw( merge_levels
|
||||
merge_macro_source_dest
|
||||
merge_macro_column
|
||||
|
||||
%usedactions
|
||||
%default_actions
|
||||
%actions
|
||||
$usedactions
|
||||
$default_actions
|
||||
$actions
|
||||
|
||||
%macros
|
||||
$macros
|
||||
$macro_commands
|
||||
);
|
||||
our @EXPORT_OK = qw( initialize );
|
||||
@ -61,11 +62,15 @@ our $VERSION = 4.1.1;
|
||||
#
|
||||
# Used Actions. Each action that is actually used has an entry with value 1.
|
||||
#
|
||||
our %usedactions;
|
||||
our %usedactions4;
|
||||
our %usedactions6;
|
||||
our $usedactions;
|
||||
#
|
||||
# Default actions for each policy.
|
||||
#
|
||||
our %default_actions;
|
||||
our %default_actions4;
|
||||
our %default_actions6;
|
||||
our $default_actions;
|
||||
|
||||
# Action Table
|
||||
#
|
||||
@ -75,19 +80,47 @@ our %default_actions;
|
||||
# } ,
|
||||
# actchain => <action chain number> # Used for generating unique chain names for each <level>:<tag> pair.
|
||||
#
|
||||
our %actions;
|
||||
our %actions4;
|
||||
our %actions6;
|
||||
our $actions;
|
||||
#
|
||||
# Contains an entry for each used <action>:<level>[:<tag>] that maps to the associated chain.
|
||||
#
|
||||
our %logactionchains;
|
||||
our %logactionchains4;
|
||||
our %logactionchains6;
|
||||
our $logactionchains;
|
||||
|
||||
our %macros;
|
||||
our $action_prefix;
|
||||
|
||||
our %macros4;
|
||||
our %macros6;
|
||||
our $macros;
|
||||
|
||||
our $macro_prefix;
|
||||
|
||||
#
|
||||
# Commands that can be embedded in a macro file and how many total tokens on the line (0 => unlimited).
|
||||
#
|
||||
our $macro_commands = { COMMENT => 0, FORMAT => 2 };
|
||||
|
||||
sub use_ipv4_actions() {
|
||||
$usedactions = \%usedactions4;
|
||||
$default_actions = \%default_actions4;
|
||||
$actions = \%actions4;
|
||||
$macros = \%macros4;
|
||||
$action_prefix = 'action4';
|
||||
$macro_prefix = 'macro4';
|
||||
}
|
||||
|
||||
sub use_ipv6_actions() {
|
||||
$usedactions = \%usedactions6;
|
||||
$default_actions = \%default_actions6;
|
||||
$actions = \%actions6;
|
||||
$macros = \%macros6;
|
||||
$action_prefix = 'action6';
|
||||
$macro_prefix = 'macro6';
|
||||
}
|
||||
|
||||
#
|
||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||
# the compiler to run multiple times in the same process. The
|
||||
@ -98,14 +131,24 @@ our $macro_commands = { COMMENT => 0, FORMAT => 2 };
|
||||
#
|
||||
|
||||
sub initialize() {
|
||||
%usedactions = ();
|
||||
%default_actions = ( DROP => 'none' ,
|
||||
REJECT => 'none' ,
|
||||
ACCEPT => 'none' ,
|
||||
QUEUE => 'none' );
|
||||
%actions = ();
|
||||
%logactionchains = ();
|
||||
%macros = ();
|
||||
%usedactions4 = ();
|
||||
%usedactions6 = ();
|
||||
%default_actions4 = ( DROP => 'none' ,
|
||||
REJECT => 'none' ,
|
||||
ACCEPT => 'none' ,
|
||||
QUEUE => 'none' );
|
||||
%default_actions6 = ( DROP => 'none' ,
|
||||
REJECT => 'none' ,
|
||||
ACCEPT => 'none' ,
|
||||
QUEUE => 'none' );
|
||||
%actions4 = ();
|
||||
%actions6 = ();
|
||||
%logactionchains4 = ();
|
||||
%logactionchains6 = ();
|
||||
%macros4 = ();
|
||||
%macros6 = ();
|
||||
|
||||
use_ipv4_actions;
|
||||
}
|
||||
|
||||
INIT {
|
||||
@ -153,11 +196,13 @@ sub merge_levels ($$) {
|
||||
sub find_macro( $ )
|
||||
{
|
||||
my $macro = $_[0];
|
||||
my $macrofile = find_file "macro.$macro";
|
||||
my $macrofile = find_file "${macro_prefix}.$macro";
|
||||
|
||||
$macrofile = find_file "macro.$macro" unless -f $macrofile;
|
||||
|
||||
if ( -f $macrofile ) {
|
||||
$macros{$macro} = $macrofile;
|
||||
$targets{$macro} = MACRO;
|
||||
$macros->{$macro} = $macrofile;
|
||||
$targets->{$macro} = MACRO;
|
||||
} else {
|
||||
0;
|
||||
}
|
||||
@ -252,7 +297,7 @@ sub new_action( $ ) {
|
||||
|
||||
my $action = $_[0];
|
||||
|
||||
$actions{$action} = { actchain => '', requires => {} };
|
||||
$actions->{$action} = { actchain => '', requires => {} };
|
||||
}
|
||||
|
||||
#
|
||||
@ -260,7 +305,7 @@ sub new_action( $ ) {
|
||||
#
|
||||
sub add_requiredby ( $$ ) {
|
||||
my ($requiredby , $requires ) = @_;
|
||||
$actions{$requires}{requires}{$requiredby} = 1;
|
||||
$actions->{$requires}{requires}{$requiredby} = 1;
|
||||
}
|
||||
|
||||
#
|
||||
@ -280,7 +325,7 @@ sub add_requiredby ( $$ ) {
|
||||
sub createlogactionchain( $$ ) {
|
||||
my ( $action, $level ) = @_;
|
||||
my $chain = $action;
|
||||
my $actionref = $actions{$action};
|
||||
my $actionref = $actions->{$action};
|
||||
my $chainref;
|
||||
|
||||
my ($lev, $tag) = split ':', $level;
|
||||
@ -293,15 +338,15 @@ sub createlogactionchain( $$ ) {
|
||||
|
||||
CHECKDUP:
|
||||
{
|
||||
$actionref->{actchain}++ while $chain_table{filter}{'%' . $chain . $actionref->{actchain}};
|
||||
$actionref->{actchain}++ while $filter_table->{'%' . $chain . $actionref->{actchain}};
|
||||
$chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28;
|
||||
}
|
||||
|
||||
$logactionchains{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++;
|
||||
$logactionchains->{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++;
|
||||
|
||||
fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99;
|
||||
|
||||
unless ( $targets{$action} & STANDARD ) {
|
||||
unless ( $targets->{$action} & STANDARD ) {
|
||||
|
||||
my $file = find_file $chain;
|
||||
|
||||
@ -325,9 +370,9 @@ sub createsimpleactionchain( $ ) {
|
||||
my $action = shift;
|
||||
my $chainref = new_standard_chain $action;
|
||||
|
||||
$logactionchains{"$action:none"} = $chainref;
|
||||
$logactionchains->{"$action:none"} = $chainref;
|
||||
|
||||
unless ( $targets{$action} & STANDARD ) {
|
||||
unless ( $targets->{$action} & STANDARD ) {
|
||||
|
||||
my $file = find_file $action;
|
||||
|
||||
@ -374,7 +419,7 @@ sub find_logactionchain( $ ) {
|
||||
|
||||
$level = 'none' unless $level;
|
||||
|
||||
fatal_error "Fatal error in find_logactionchain" unless $logactionchains{"$action:$level"};
|
||||
fatal_error "Fatal error in find_logactionchain" unless $logactionchains->{"$action:$level"};
|
||||
}
|
||||
|
||||
#
|
||||
@ -416,7 +461,7 @@ sub process_macro1 ( $$ ) {
|
||||
|
||||
$mtarget = (split '/' , $mtarget)[0];
|
||||
|
||||
my $targettype = $targets{$mtarget};
|
||||
my $targettype = $targets->{$mtarget};
|
||||
|
||||
$targettype = 0 unless defined $targettype;
|
||||
|
||||
@ -436,7 +481,7 @@ sub process_action1 ( $$ ) {
|
||||
|
||||
$level = 'none' unless $level;
|
||||
|
||||
my $targettype = $targets{$target};
|
||||
my $targettype = $targets->{$target};
|
||||
|
||||
if ( defined $targettype ) {
|
||||
return if ( $targettype == STANDARD ) || ( $targettype & ( MACRO | LOGRULE | NFQ | CHAIN ) );
|
||||
@ -454,7 +499,7 @@ sub process_action1 ( $$ ) {
|
||||
return if $target eq 'NFQUEUE';
|
||||
|
||||
if ( defined $param ) {
|
||||
my $paramtype = $targets{$param} || 0;
|
||||
my $paramtype = $targets->{$param} || 0;
|
||||
|
||||
fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE;
|
||||
}
|
||||
@ -462,7 +507,7 @@ sub process_action1 ( $$ ) {
|
||||
fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target;
|
||||
|
||||
if ( find_macro $target ) {
|
||||
process_macro1( $action, $macros{$target} );
|
||||
process_macro1( $action, $macros->{$target} );
|
||||
} else {
|
||||
fatal_error "Invalid TARGET ($target)";
|
||||
}
|
||||
@ -473,7 +518,7 @@ sub process_actions1() {
|
||||
|
||||
progress_message2 "Preprocessing Action Files...";
|
||||
|
||||
for my $act ( grep $targets{$_} & ACTION , keys %targets ) {
|
||||
for my $act ( grep $targets->{$_} & ACTION , keys %{$targets} ) {
|
||||
new_action $act;
|
||||
}
|
||||
|
||||
@ -490,18 +535,20 @@ sub process_actions1() {
|
||||
|
||||
next unless $action;
|
||||
|
||||
if ( $targets{$action} ) {
|
||||
warning_message "Duplicate Action Name ($action) Ignored" unless $targets{$action} & ACTION;
|
||||
if ( $targets->{$action} ) {
|
||||
warning_message "Duplicate Action Name ($action) Ignored" unless $targets->{$action} & ACTION;
|
||||
next;
|
||||
}
|
||||
|
||||
$targets{$action} = ACTION;
|
||||
$targets->{$action} = ACTION;
|
||||
|
||||
fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/;
|
||||
|
||||
new_action $action;
|
||||
|
||||
my $actionfile = find_file "action.$action";
|
||||
my $actionfile = find_file "${action_prefix}.$action";
|
||||
|
||||
$actionfile = find_file "action.$action" unless -f $actionfile;
|
||||
|
||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||
|
||||
@ -529,14 +576,14 @@ sub process_actions2 () {
|
||||
|
||||
while ( $changed ) {
|
||||
$changed = 0;
|
||||
for my $target (keys %usedactions) {
|
||||
for my $target (keys %{$usedactions}) {
|
||||
my ($action, $level) = split_action $target;
|
||||
my $actionref = $actions{$action};
|
||||
my $actionref = $actions->{$action};
|
||||
fatal_error "Null Action Reference in process_actions2" unless $actionref;
|
||||
for my $action1 ( keys %{$actionref->{requires}} ) {
|
||||
my $action2 = merge_levels $target, $action1;
|
||||
unless ( $usedactions{ $action2 } ) {
|
||||
$usedactions{ $action2 } = 1;
|
||||
unless ( $usedactions->{ $action2 } ) {
|
||||
$usedactions->{ $action2 } = 1;
|
||||
createactionchain $action2;
|
||||
$changed = 1;
|
||||
}
|
||||
@ -588,7 +635,7 @@ sub process_macro3( $$$$$$$$$$$ ) {
|
||||
|
||||
macro_comment $macro;
|
||||
|
||||
my $fn = $macros{$macro};
|
||||
my $fn = $macros->{$macro};
|
||||
|
||||
progress_message "..Expanding Macro $fn...";
|
||||
|
||||
@ -673,7 +720,9 @@ sub process_macro3( $$$$$$$$$$$ ) {
|
||||
#
|
||||
sub process_action3( $$$$$ ) {
|
||||
my ( $chainref, $wholeaction, $action, $level, $tag ) = @_;
|
||||
my $actionfile = find_file "action.$action";
|
||||
my $actionfile = find_file "${action_prefix}.$action";
|
||||
|
||||
$actionfile = find_file "action.$action" unless -f $actionfile;
|
||||
|
||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||
|
||||
@ -696,7 +745,7 @@ sub process_action3( $$$$$ ) {
|
||||
|
||||
( $action2 , my $param ) = get_target_param $action2;
|
||||
|
||||
my $action2type = $targets{$action2} || 0;
|
||||
my $action2type = $targets->{$action2} || 0;
|
||||
|
||||
unless ( $action2type == STANDARD ) {
|
||||
if ( $action2type & ACTION ) {
|
||||
@ -851,14 +900,14 @@ sub process_actions3 () {
|
||||
'forwardUPnP' => \&forwardUPnP,
|
||||
'Limit' => \&Limit, );
|
||||
|
||||
for my $wholeaction ( keys %usedactions ) {
|
||||
for my $wholeaction ( keys %{$usedactions} ) {
|
||||
my $chainref = find_logactionchain $wholeaction;
|
||||
my ( $action, $level, $tag ) = split /:/, $wholeaction;
|
||||
|
||||
$level = '' unless defined $level;
|
||||
$tag = '' unless defined $tag;
|
||||
|
||||
if ( $targets{$action} & BUILTIN ) {
|
||||
if ( $targets->{$action} & BUILTIN ) {
|
||||
$level = '' if $level =~ /none!?/;
|
||||
$builtinops{$action}->($chainref, $level, $tag);
|
||||
} else {
|
||||
|
@ -50,6 +50,7 @@ our @EXPORT = qw(
|
||||
$nat_table
|
||||
$mangle_table
|
||||
$filter_table
|
||||
$targets
|
||||
);
|
||||
|
||||
our %EXPORT_TAGS = (
|
||||
@ -149,7 +150,7 @@ our %EXPORT_TAGS = (
|
||||
create_chainlist_reload
|
||||
$section
|
||||
%sections
|
||||
%targets
|
||||
$targets
|
||||
) ],
|
||||
);
|
||||
|
||||
@ -231,7 +232,6 @@ use constant { STANDARD => 1, #defined by Netfilter
|
||||
IPV4ONLY => 2048, #Not Available with IPV6
|
||||
};
|
||||
|
||||
our %targets;
|
||||
#
|
||||
# expand_rule() restrictions
|
||||
#
|
||||
@ -264,16 +264,22 @@ use constant { NULL_MODE => 0 , # Generating neither shell commands nor iptabl
|
||||
|
||||
our $mode;
|
||||
|
||||
our %targets4;
|
||||
our %targets6;
|
||||
our $targets;
|
||||
|
||||
sub use_ipv4_chains() {
|
||||
$nat_table = $chain_table{nat};
|
||||
$mangle_table = $chain_table{mangle};
|
||||
$filter_table = $chain_table{filter};
|
||||
$targets = \%targets4;
|
||||
}
|
||||
|
||||
sub use_ipv6_chains() {
|
||||
$nat_table = undef;
|
||||
$mangle_table = $chain_table{mangle6};
|
||||
$filter_table = $chain_table{filter6};
|
||||
$targets = \%targets6;
|
||||
}
|
||||
|
||||
#
|
||||
@ -318,40 +324,6 @@ sub initialize() {
|
||||
#
|
||||
$comment = '';
|
||||
#
|
||||
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
|
||||
#
|
||||
%targets = ('ACCEPT' => STANDARD,
|
||||
'ACCEPT+' => STANDARD + NONAT + IPV4ONLY,
|
||||
'ACCEPT!' => STANDARD,
|
||||
'NONAT' => STANDARD + NONAT + NATONLY + IPV4ONLY,
|
||||
'DROP' => STANDARD,
|
||||
'DROP!' => STANDARD,
|
||||
'REJECT' => STANDARD,
|
||||
'REJECT!' => STANDARD,
|
||||
'DNAT' => NATRULE + IPV4ONLY,
|
||||
'DNAT-' => NATRULE + NATONLY + IPV4ONLY,
|
||||
'REDIRECT' => NATRULE + REDIRECT + IPV4ONLY,
|
||||
'REDIRECT-' => NATRULE + REDIRECT + NATONLY + IPV4ONLY,
|
||||
'LOG' => STANDARD + LOGRULE,
|
||||
'CONTINUE' => STANDARD,
|
||||
'CONTINUE!' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'QUEUE!' => STANDARD,
|
||||
'NFQUEUE' => STANDARD + NFQ,
|
||||
'NFQUEUE!' => STANDARD + NFQ,
|
||||
'SAME' => NATRULE + IPV4ONLY,
|
||||
'SAME-' => NATRULE + NATONLY + IPV4ONLY,
|
||||
'dropBcast' => BUILTIN + ACTION,
|
||||
'allowBcast' => BUILTIN + ACTION,
|
||||
'dropNotSyn' => BUILTIN + ACTION,
|
||||
'rejNotSyn' => BUILTIN + ACTION,
|
||||
'dropInvalid' => BUILTIN + ACTION,
|
||||
'allowInvalid' => BUILTIN + ACTION,
|
||||
'allowinUPnP' => BUILTIN + ACTION,
|
||||
'forwardUPnP' => BUILTIN + ACTION,
|
||||
'Limit' => BUILTIN + ACTION,
|
||||
);
|
||||
#
|
||||
# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...
|
||||
#
|
||||
$exclseq = 0;
|
||||
@ -374,6 +346,63 @@ sub initialize() {
|
||||
%interfacegateways = ();
|
||||
|
||||
@ipv4tables = ( qw/ filter / );
|
||||
|
||||
#
|
||||
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
|
||||
#
|
||||
%targets4 = ('ACCEPT' => STANDARD,
|
||||
'ACCEPT+' => STANDARD + NONAT,
|
||||
'ACCEPT!' => STANDARD,
|
||||
'NONAT' => STANDARD + NONAT + NATONLY,
|
||||
'DROP' => STANDARD,
|
||||
'DROP!' => STANDARD,
|
||||
'REJECT' => STANDARD,
|
||||
'REJECT!' => STANDARD,
|
||||
'DNAT' => NATRULE,
|
||||
'DNAT-' => NATRULE + NATONLY,
|
||||
'REDIRECT' => NATRULE + REDIRECT,
|
||||
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
|
||||
'LOG' => STANDARD + LOGRULE,
|
||||
'CONTINUE' => STANDARD,
|
||||
'CONTINUE!' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'QUEUE!' => STANDARD,
|
||||
'NFQUEUE' => STANDARD + NFQ,
|
||||
'NFQUEUE!' => STANDARD + NFQ,
|
||||
'SAME' => NATRULE,
|
||||
'SAME-' => NATRULE + NATONLY,
|
||||
'dropBcast' => BUILTIN + ACTION,
|
||||
'allowBcast' => BUILTIN + ACTION,
|
||||
'dropNotSyn' => BUILTIN + ACTION,
|
||||
'rejNotSyn' => BUILTIN + ACTION,
|
||||
'dropInvalid' => BUILTIN + ACTION,
|
||||
'allowInvalid' => BUILTIN + ACTION,
|
||||
'allowinUPnP' => BUILTIN + ACTION,
|
||||
'forwardUPnP' => BUILTIN + ACTION,
|
||||
'Limit' => BUILTIN + ACTION,
|
||||
);
|
||||
|
||||
%targets6 = ('ACCEPT' => STANDARD,
|
||||
'NONAT' => STANDARD + NONAT + NATONLY,
|
||||
'DROP!' => STANDARD,
|
||||
'LOG' => STANDARD + LOGRULE,
|
||||
'CONTINUE' => STANDARD,
|
||||
'CONTINUE!' => STANDARD,
|
||||
'QUEUE' => STANDARD,
|
||||
'QUEUE!' => STANDARD,
|
||||
'NFQUEUE' => STANDARD + NFQ,
|
||||
'NFQUEUE!' => STANDARD + NFQ,
|
||||
'dropBcast' => BUILTIN + ACTION,
|
||||
'allowBcast' => BUILTIN + ACTION,
|
||||
'dropNotSyn' => BUILTIN + ACTION,
|
||||
'rejNotSyn' => BUILTIN + ACTION,
|
||||
'dropInvalid' => BUILTIN + ACTION,
|
||||
'allowInvalid' => BUILTIN + ACTION,
|
||||
'allowinUPnP' => BUILTIN + ACTION,
|
||||
'forwardUPnP' => BUILTIN + ACTION,
|
||||
'Limit' => BUILTIN + ACTION,
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
INIT {
|
||||
@ -557,7 +586,7 @@ sub add_jump( $$$;$ ) {
|
||||
#
|
||||
# Ensure that we have the chain unless it is a builtin like 'ACCEPT'
|
||||
#
|
||||
$toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets{$to} || 0 ) & STANDARD;
|
||||
$toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets->{$to} || 0 ) & STANDARD;
|
||||
}
|
||||
|
||||
#
|
||||
@ -933,8 +962,8 @@ sub new_nat_chain($) {
|
||||
|
||||
sub new_manual_chain($) {
|
||||
my $chain = $_[0];
|
||||
fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
|
||||
$targets{$chain} = CHAIN;
|
||||
fatal_error "Duplicate Chain Name ($chain)" if $targets->{$chain} || $filter_table->{$chain};
|
||||
$targets->{$chain} = CHAIN;
|
||||
( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
|
||||
$chainref->{referenced} = 1;
|
||||
$chainref;
|
||||
|
@ -37,6 +37,7 @@ use Shorewall::Accounting;
|
||||
use Shorewall::Rules;
|
||||
use Shorewall::Proc;
|
||||
use Shorewall::Proxyarp;
|
||||
use Shorewall::IPAddrs;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG );
|
||||
@ -49,6 +50,8 @@ our $test;
|
||||
|
||||
our $reused = 0;
|
||||
|
||||
our $family;
|
||||
|
||||
use constant { EXPORT => 0x01 ,
|
||||
TIMESTAMP => 0x02 ,
|
||||
DEBUG => 0x04 };
|
||||
@ -68,6 +71,21 @@ sub reinitialize() {
|
||||
Shorewall::Accounting::initialize;
|
||||
Shorewall::Rules::initialize;
|
||||
Shorewall::Proxyarp::initialize;
|
||||
$family = 0;
|
||||
}
|
||||
|
||||
sub use_ipv4() {
|
||||
use_ipv4_addrs;
|
||||
use_ipv4_interfaces;
|
||||
use_ipv4_policies;
|
||||
$family = F_INET;
|
||||
}
|
||||
|
||||
sub use_ipv6() {
|
||||
use_ipv6_addrs;
|
||||
use_ipv6_interfaces;
|
||||
use_ipv6_policies;
|
||||
$family = F_INET;
|
||||
}
|
||||
|
||||
#
|
||||
@ -799,6 +817,7 @@ sub compiler {
|
||||
#
|
||||
# Process the interfaces file(s).
|
||||
#
|
||||
use_ipv4;
|
||||
validate_interfaces_file ( 'interfaces', $export );
|
||||
#
|
||||
# Process the hosts file.
|
||||
|
@ -89,7 +89,7 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
|
||||
|
||||
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
|
||||
|
||||
sub use_ipv4() {
|
||||
sub use_ipv4_addrs() {
|
||||
$family = F_INET;
|
||||
}
|
||||
|
||||
@ -97,7 +97,7 @@ sub using_ipv4() {
|
||||
$family == F_INET;
|
||||
}
|
||||
|
||||
sub use_ipv6() {
|
||||
sub use_ipv6_addrs() {
|
||||
$family = F_INET6;
|
||||
}
|
||||
|
||||
@ -115,7 +115,7 @@ sub using_ipv6() {
|
||||
#
|
||||
|
||||
sub initialize() {
|
||||
use_ipv4;
|
||||
use_ipv4_addrs;
|
||||
}
|
||||
|
||||
INIT {
|
||||
|
@ -194,7 +194,7 @@ sub validate_policy( $ )
|
||||
for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ {
|
||||
my $action = $config{$option};
|
||||
next if $action eq 'none';
|
||||
my $actiontype = $targets{$action};
|
||||
my $actiontype = $targets->{$action};
|
||||
|
||||
if ( defined $actiontype ) {
|
||||
fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION;
|
||||
@ -202,12 +202,12 @@ sub validate_policy( $ )
|
||||
fatal_error "Default Action $option=$action not found";
|
||||
}
|
||||
|
||||
unless ( $usedactions{$action} ) {
|
||||
$usedactions{$action} = 1;
|
||||
unless ( $usedactions->{$action} ) {
|
||||
$usedactions->{$action} = 1;
|
||||
createactionchain $action;
|
||||
}
|
||||
|
||||
$default_actions{$map{$option}} = $action;
|
||||
$default_actions->{$map{$option}} = $action;
|
||||
}
|
||||
|
||||
for $zone ( all_zones ) {
|
||||
@ -255,11 +255,11 @@ sub validate_policy( $ )
|
||||
if ( "\L$default" eq 'none' ) {
|
||||
$default = 'none';
|
||||
} else {
|
||||
my $defaulttype = $targets{$default} || 0;
|
||||
my $defaulttype = $targets->{$default} || 0;
|
||||
|
||||
if ( $defaulttype & ACTION ) {
|
||||
unless ( $usedactions{$default} ) {
|
||||
$usedactions{$default} = 1;
|
||||
unless ( $usedactions->{$default} ) {
|
||||
$usedactions->{$default} = 1;
|
||||
createactionchain $default;
|
||||
}
|
||||
} else {
|
||||
@ -267,7 +267,7 @@ sub validate_policy( $ )
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$default = $default_actions{$policy} || '';
|
||||
$default = $default_actions->{$policy} || '';
|
||||
}
|
||||
|
||||
fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy};
|
||||
|
@ -827,7 +827,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) {
|
||||
|
||||
macro_comment $macro;
|
||||
|
||||
my $macrofile = $macros{$macro};
|
||||
my $macrofile = $macros->{$macro};
|
||||
|
||||
progress_message "..Expanding Macro $macrofile...";
|
||||
|
||||
@ -867,7 +867,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) {
|
||||
|
||||
fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action;
|
||||
|
||||
my $actiontype = $targets{$action} || find_macro( $action );
|
||||
my $actiontype = $targets->{$action} || find_macro( $action );
|
||||
|
||||
fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO );
|
||||
|
||||
@ -944,7 +944,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
#
|
||||
# Determine the validity of the action
|
||||
#
|
||||
my $actiontype = $targets{$basictarget} || find_macro( $basictarget );
|
||||
my $actiontype = $targets->{$basictarget} || find_macro( $basictarget );
|
||||
|
||||
fatal_error "Unknown action ($action)" unless $actiontype;
|
||||
|
||||
@ -997,8 +997,8 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
|
||||
# Mark target as used
|
||||
#
|
||||
if ( $actiontype & ACTION ) {
|
||||
unless ( $usedactions{$target} ) {
|
||||
$usedactions{$target} = 1;
|
||||
unless ( $usedactions->{$target} ) {
|
||||
$usedactions->{$target} = 1;
|
||||
createactionchain $target;
|
||||
}
|
||||
}
|
||||
|
@ -37,6 +37,9 @@ our @EXPORT = qw( NOTHING
|
||||
IPSECPROTO
|
||||
IPSECMODE
|
||||
|
||||
use_ipv4_interfaces
|
||||
use_ipv6_interfaces
|
||||
|
||||
determine_zones
|
||||
zone_report
|
||||
dump_zone_contents
|
||||
|
Loading…
Reference in New Issue
Block a user