From e8586bbdb9ba2361d630cae063ae8529c864fb12 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 8 Dec 2008 00:21:20 +0000 Subject: [PATCH] More IPv6 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Actions.pm | 143 ++++++++++++++++++--------- Shorewall-perl/Shorewall/Chains.pm | 107 ++++++++++++-------- Shorewall-perl/Shorewall/Compiler.pm | 19 ++++ Shorewall-perl/Shorewall/IPAddrs.pm | 6 +- Shorewall-perl/Shorewall/Policy.pm | 16 +-- Shorewall-perl/Shorewall/Rules.pm | 10 +- Shorewall-perl/Shorewall/Zones.pm | 3 + 7 files changed, 202 insertions(+), 102 deletions(-) diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl/Shorewall/Actions.pm index fbf4b95c9..e8466c03b 100644 --- a/Shorewall-perl/Shorewall/Actions.pm +++ b/Shorewall-perl/Shorewall/Actions.pm @@ -28,6 +28,7 @@ require Exporter; use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Zones; use Shorewall::Chains qw(:DEFAULT :internal); +use Shorewall::IPAddrs; use strict; @@ -48,11 +49,11 @@ our @EXPORT = qw( merge_levels merge_macro_source_dest merge_macro_column - %usedactions - %default_actions - %actions + $usedactions + $default_actions + $actions - %macros + $macros $macro_commands ); our @EXPORT_OK = qw( initialize ); @@ -61,11 +62,15 @@ our $VERSION = 4.1.1; # # Used Actions. Each action that is actually used has an entry with value 1. # -our %usedactions; +our %usedactions4; +our %usedactions6; +our $usedactions; # # Default actions for each policy. # -our %default_actions; +our %default_actions4; +our %default_actions6; +our $default_actions; # Action Table # @@ -75,19 +80,47 @@ our %default_actions; # } , # actchain => # Used for generating unique chain names for each : pair. # -our %actions; +our %actions4; +our %actions6; +our $actions; # # Contains an entry for each used :[:] that maps to the associated chain. # -our %logactionchains; +our %logactionchains4; +our %logactionchains6; +our $logactionchains; -our %macros; +our $action_prefix; + +our %macros4; +our %macros6; +our $macros; + +our $macro_prefix; # # Commands that can be embedded in a macro file and how many total tokens on the line (0 => unlimited). # our $macro_commands = { COMMENT => 0, FORMAT => 2 }; +sub use_ipv4_actions() { + $usedactions = \%usedactions4; + $default_actions = \%default_actions4; + $actions = \%actions4; + $macros = \%macros4; + $action_prefix = 'action4'; + $macro_prefix = 'macro4'; +} + +sub use_ipv6_actions() { + $usedactions = \%usedactions6; + $default_actions = \%default_actions6; + $actions = \%actions6; + $macros = \%macros6; + $action_prefix = 'action6'; + $macro_prefix = 'macro6'; +} + # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -98,14 +131,24 @@ our $macro_commands = { COMMENT => 0, FORMAT => 2 }; # sub initialize() { - %usedactions = (); - %default_actions = ( DROP => 'none' , - REJECT => 'none' , - ACCEPT => 'none' , - QUEUE => 'none' ); - %actions = (); - %logactionchains = (); - %macros = (); + %usedactions4 = (); + %usedactions6 = (); + %default_actions4 = ( DROP => 'none' , + REJECT => 'none' , + ACCEPT => 'none' , + QUEUE => 'none' ); + %default_actions6 = ( DROP => 'none' , + REJECT => 'none' , + ACCEPT => 'none' , + QUEUE => 'none' ); + %actions4 = (); + %actions6 = (); + %logactionchains4 = (); + %logactionchains6 = (); + %macros4 = (); + %macros6 = (); + + use_ipv4_actions; } INIT { @@ -153,11 +196,13 @@ sub merge_levels ($$) { sub find_macro( $ ) { my $macro = $_[0]; - my $macrofile = find_file "macro.$macro"; + my $macrofile = find_file "${macro_prefix}.$macro"; + + $macrofile = find_file "macro.$macro" unless -f $macrofile; if ( -f $macrofile ) { - $macros{$macro} = $macrofile; - $targets{$macro} = MACRO; + $macros->{$macro} = $macrofile; + $targets->{$macro} = MACRO; } else { 0; } @@ -252,7 +297,7 @@ sub new_action( $ ) { my $action = $_[0]; - $actions{$action} = { actchain => '', requires => {} }; + $actions->{$action} = { actchain => '', requires => {} }; } # @@ -260,7 +305,7 @@ sub new_action( $ ) { # sub add_requiredby ( $$ ) { my ($requiredby , $requires ) = @_; - $actions{$requires}{requires}{$requiredby} = 1; + $actions->{$requires}{requires}{$requiredby} = 1; } # @@ -280,7 +325,7 @@ sub add_requiredby ( $$ ) { sub createlogactionchain( $$ ) { my ( $action, $level ) = @_; my $chain = $action; - my $actionref = $actions{$action}; + my $actionref = $actions->{$action}; my $chainref; my ($lev, $tag) = split ':', $level; @@ -293,15 +338,15 @@ sub createlogactionchain( $$ ) { CHECKDUP: { - $actionref->{actchain}++ while $chain_table{filter}{'%' . $chain . $actionref->{actchain}}; + $actionref->{actchain}++ while $filter_table->{'%' . $chain . $actionref->{actchain}}; $chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28; } - $logactionchains{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++; + $logactionchains->{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++; fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99; - unless ( $targets{$action} & STANDARD ) { + unless ( $targets->{$action} & STANDARD ) { my $file = find_file $chain; @@ -325,9 +370,9 @@ sub createsimpleactionchain( $ ) { my $action = shift; my $chainref = new_standard_chain $action; - $logactionchains{"$action:none"} = $chainref; + $logactionchains->{"$action:none"} = $chainref; - unless ( $targets{$action} & STANDARD ) { + unless ( $targets->{$action} & STANDARD ) { my $file = find_file $action; @@ -374,7 +419,7 @@ sub find_logactionchain( $ ) { $level = 'none' unless $level; - fatal_error "Fatal error in find_logactionchain" unless $logactionchains{"$action:$level"}; + fatal_error "Fatal error in find_logactionchain" unless $logactionchains->{"$action:$level"}; } # @@ -416,7 +461,7 @@ sub process_macro1 ( $$ ) { $mtarget = (split '/' , $mtarget)[0]; - my $targettype = $targets{$mtarget}; + my $targettype = $targets->{$mtarget}; $targettype = 0 unless defined $targettype; @@ -436,7 +481,7 @@ sub process_action1 ( $$ ) { $level = 'none' unless $level; - my $targettype = $targets{$target}; + my $targettype = $targets->{$target}; if ( defined $targettype ) { return if ( $targettype == STANDARD ) || ( $targettype & ( MACRO | LOGRULE | NFQ | CHAIN ) ); @@ -454,7 +499,7 @@ sub process_action1 ( $$ ) { return if $target eq 'NFQUEUE'; if ( defined $param ) { - my $paramtype = $targets{$param} || 0; + my $paramtype = $targets->{$param} || 0; fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE; } @@ -462,7 +507,7 @@ sub process_action1 ( $$ ) { fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target; if ( find_macro $target ) { - process_macro1( $action, $macros{$target} ); + process_macro1( $action, $macros->{$target} ); } else { fatal_error "Invalid TARGET ($target)"; } @@ -473,7 +518,7 @@ sub process_actions1() { progress_message2 "Preprocessing Action Files..."; - for my $act ( grep $targets{$_} & ACTION , keys %targets ) { + for my $act ( grep $targets->{$_} & ACTION , keys %{$targets} ) { new_action $act; } @@ -490,18 +535,20 @@ sub process_actions1() { next unless $action; - if ( $targets{$action} ) { - warning_message "Duplicate Action Name ($action) Ignored" unless $targets{$action} & ACTION; + if ( $targets->{$action} ) { + warning_message "Duplicate Action Name ($action) Ignored" unless $targets->{$action} & ACTION; next; } - $targets{$action} = ACTION; + $targets->{$action} = ACTION; fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/; new_action $action; - my $actionfile = find_file "action.$action"; + my $actionfile = find_file "${action_prefix}.$action"; + + $actionfile = find_file "action.$action" unless -f $actionfile; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; @@ -529,14 +576,14 @@ sub process_actions2 () { while ( $changed ) { $changed = 0; - for my $target (keys %usedactions) { + for my $target (keys %{$usedactions}) { my ($action, $level) = split_action $target; - my $actionref = $actions{$action}; + my $actionref = $actions->{$action}; fatal_error "Null Action Reference in process_actions2" unless $actionref; for my $action1 ( keys %{$actionref->{requires}} ) { my $action2 = merge_levels $target, $action1; - unless ( $usedactions{ $action2 } ) { - $usedactions{ $action2 } = 1; + unless ( $usedactions->{ $action2 } ) { + $usedactions->{ $action2 } = 1; createactionchain $action2; $changed = 1; } @@ -588,7 +635,7 @@ sub process_macro3( $$$$$$$$$$$ ) { macro_comment $macro; - my $fn = $macros{$macro}; + my $fn = $macros->{$macro}; progress_message "..Expanding Macro $fn..."; @@ -673,7 +720,9 @@ sub process_macro3( $$$$$$$$$$$ ) { # sub process_action3( $$$$$ ) { my ( $chainref, $wholeaction, $action, $level, $tag ) = @_; - my $actionfile = find_file "action.$action"; + my $actionfile = find_file "${action_prefix}.$action"; + + $actionfile = find_file "action.$action" unless -f $actionfile; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; @@ -696,7 +745,7 @@ sub process_action3( $$$$$ ) { ( $action2 , my $param ) = get_target_param $action2; - my $action2type = $targets{$action2} || 0; + my $action2type = $targets->{$action2} || 0; unless ( $action2type == STANDARD ) { if ( $action2type & ACTION ) { @@ -851,14 +900,14 @@ sub process_actions3 () { 'forwardUPnP' => \&forwardUPnP, 'Limit' => \&Limit, ); - for my $wholeaction ( keys %usedactions ) { + for my $wholeaction ( keys %{$usedactions} ) { my $chainref = find_logactionchain $wholeaction; my ( $action, $level, $tag ) = split /:/, $wholeaction; $level = '' unless defined $level; $tag = '' unless defined $tag; - if ( $targets{$action} & BUILTIN ) { + if ( $targets->{$action} & BUILTIN ) { $level = '' if $level =~ /none!?/; $builtinops{$action}->($chainref, $level, $tag); } else { diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 09317fcdd..031f0a413 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -50,6 +50,7 @@ our @EXPORT = qw( $nat_table $mangle_table $filter_table + $targets ); our %EXPORT_TAGS = ( @@ -149,7 +150,7 @@ our %EXPORT_TAGS = ( create_chainlist_reload $section %sections - %targets + $targets ) ], ); @@ -231,7 +232,6 @@ use constant { STANDARD => 1, #defined by Netfilter IPV4ONLY => 2048, #Not Available with IPV6 }; -our %targets; # # expand_rule() restrictions # @@ -264,16 +264,22 @@ use constant { NULL_MODE => 0 , # Generating neither shell commands nor iptabl our $mode; +our %targets4; +our %targets6; +our $targets; + sub use_ipv4_chains() { $nat_table = $chain_table{nat}; $mangle_table = $chain_table{mangle}; $filter_table = $chain_table{filter}; + $targets = \%targets4; } sub use_ipv6_chains() { $nat_table = undef; $mangle_table = $chain_table{mangle6}; $filter_table = $chain_table{filter6}; + $targets = \%targets6; } # @@ -318,40 +324,6 @@ sub initialize() { # $comment = ''; # - # As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table - # - %targets = ('ACCEPT' => STANDARD, - 'ACCEPT+' => STANDARD + NONAT + IPV4ONLY, - 'ACCEPT!' => STANDARD, - 'NONAT' => STANDARD + NONAT + NATONLY + IPV4ONLY, - 'DROP' => STANDARD, - 'DROP!' => STANDARD, - 'REJECT' => STANDARD, - 'REJECT!' => STANDARD, - 'DNAT' => NATRULE + IPV4ONLY, - 'DNAT-' => NATRULE + NATONLY + IPV4ONLY, - 'REDIRECT' => NATRULE + REDIRECT + IPV4ONLY, - 'REDIRECT-' => NATRULE + REDIRECT + NATONLY + IPV4ONLY, - 'LOG' => STANDARD + LOGRULE, - 'CONTINUE' => STANDARD, - 'CONTINUE!' => STANDARD, - 'QUEUE' => STANDARD, - 'QUEUE!' => STANDARD, - 'NFQUEUE' => STANDARD + NFQ, - 'NFQUEUE!' => STANDARD + NFQ, - 'SAME' => NATRULE + IPV4ONLY, - 'SAME-' => NATRULE + NATONLY + IPV4ONLY, - 'dropBcast' => BUILTIN + ACTION, - 'allowBcast' => BUILTIN + ACTION, - 'dropNotSyn' => BUILTIN + ACTION, - 'rejNotSyn' => BUILTIN + ACTION, - 'dropInvalid' => BUILTIN + ACTION, - 'allowInvalid' => BUILTIN + ACTION, - 'allowinUPnP' => BUILTIN + ACTION, - 'forwardUPnP' => BUILTIN + ACTION, - 'Limit' => BUILTIN + ACTION, - ); - # # Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ... # $exclseq = 0; @@ -374,6 +346,63 @@ sub initialize() { %interfacegateways = (); @ipv4tables = ( qw/ filter / ); + + # + # As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table + # + %targets4 = ('ACCEPT' => STANDARD, + 'ACCEPT+' => STANDARD + NONAT, + 'ACCEPT!' => STANDARD, + 'NONAT' => STANDARD + NONAT + NATONLY, + 'DROP' => STANDARD, + 'DROP!' => STANDARD, + 'REJECT' => STANDARD, + 'REJECT!' => STANDARD, + 'DNAT' => NATRULE, + 'DNAT-' => NATRULE + NATONLY, + 'REDIRECT' => NATRULE + REDIRECT, + 'REDIRECT-' => NATRULE + REDIRECT + NATONLY, + 'LOG' => STANDARD + LOGRULE, + 'CONTINUE' => STANDARD, + 'CONTINUE!' => STANDARD, + 'QUEUE' => STANDARD, + 'QUEUE!' => STANDARD, + 'NFQUEUE' => STANDARD + NFQ, + 'NFQUEUE!' => STANDARD + NFQ, + 'SAME' => NATRULE, + 'SAME-' => NATRULE + NATONLY, + 'dropBcast' => BUILTIN + ACTION, + 'allowBcast' => BUILTIN + ACTION, + 'dropNotSyn' => BUILTIN + ACTION, + 'rejNotSyn' => BUILTIN + ACTION, + 'dropInvalid' => BUILTIN + ACTION, + 'allowInvalid' => BUILTIN + ACTION, + 'allowinUPnP' => BUILTIN + ACTION, + 'forwardUPnP' => BUILTIN + ACTION, + 'Limit' => BUILTIN + ACTION, + ); + + %targets6 = ('ACCEPT' => STANDARD, + 'NONAT' => STANDARD + NONAT + NATONLY, + 'DROP!' => STANDARD, + 'LOG' => STANDARD + LOGRULE, + 'CONTINUE' => STANDARD, + 'CONTINUE!' => STANDARD, + 'QUEUE' => STANDARD, + 'QUEUE!' => STANDARD, + 'NFQUEUE' => STANDARD + NFQ, + 'NFQUEUE!' => STANDARD + NFQ, + 'dropBcast' => BUILTIN + ACTION, + 'allowBcast' => BUILTIN + ACTION, + 'dropNotSyn' => BUILTIN + ACTION, + 'rejNotSyn' => BUILTIN + ACTION, + 'dropInvalid' => BUILTIN + ACTION, + 'allowInvalid' => BUILTIN + ACTION, + 'allowinUPnP' => BUILTIN + ACTION, + 'forwardUPnP' => BUILTIN + ACTION, + 'Limit' => BUILTIN + ACTION, + ); + } INIT { @@ -557,7 +586,7 @@ sub add_jump( $$$;$ ) { # # Ensure that we have the chain unless it is a builtin like 'ACCEPT' # - $toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets{$to} || 0 ) & STANDARD; + $toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets->{$to} || 0 ) & STANDARD; } # @@ -933,8 +962,8 @@ sub new_nat_chain($) { sub new_manual_chain($) { my $chain = $_[0]; - fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain}; - $targets{$chain} = CHAIN; + fatal_error "Duplicate Chain Name ($chain)" if $targets->{$chain} || $filter_table->{$chain}; + $targets->{$chain} = CHAIN; ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1; $chainref->{referenced} = 1; $chainref; diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index e566d48c0..32b13474a 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -37,6 +37,7 @@ use Shorewall::Accounting; use Shorewall::Rules; use Shorewall::Proc; use Shorewall::Proxyarp; +use Shorewall::IPAddrs; our @ISA = qw(Exporter); our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG ); @@ -49,6 +50,8 @@ our $test; our $reused = 0; +our $family; + use constant { EXPORT => 0x01 , TIMESTAMP => 0x02 , DEBUG => 0x04 }; @@ -68,6 +71,21 @@ sub reinitialize() { Shorewall::Accounting::initialize; Shorewall::Rules::initialize; Shorewall::Proxyarp::initialize; + $family = 0; +} + +sub use_ipv4() { + use_ipv4_addrs; + use_ipv4_interfaces; + use_ipv4_policies; + $family = F_INET; +} + +sub use_ipv6() { + use_ipv6_addrs; + use_ipv6_interfaces; + use_ipv6_policies; + $family = F_INET; } # @@ -799,6 +817,7 @@ sub compiler { # # Process the interfaces file(s). # + use_ipv4; validate_interfaces_file ( 'interfaces', $export ); # # Process the hosts file. diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index d859731ac..8110eccdc 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -89,7 +89,7 @@ use constant { ALLIPv4 => '0.0.0.0/0' , our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); -sub use_ipv4() { +sub use_ipv4_addrs() { $family = F_INET; } @@ -97,7 +97,7 @@ sub using_ipv4() { $family == F_INET; } -sub use_ipv6() { +sub use_ipv6_addrs() { $family = F_INET6; } @@ -115,7 +115,7 @@ sub using_ipv6() { # sub initialize() { - use_ipv4; + use_ipv4_addrs; } INIT { diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 980777a9c..39b6da404 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -194,7 +194,7 @@ sub validate_policy( $ ) for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ { my $action = $config{$option}; next if $action eq 'none'; - my $actiontype = $targets{$action}; + my $actiontype = $targets->{$action}; if ( defined $actiontype ) { fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION; @@ -202,12 +202,12 @@ sub validate_policy( $ ) fatal_error "Default Action $option=$action not found"; } - unless ( $usedactions{$action} ) { - $usedactions{$action} = 1; + unless ( $usedactions->{$action} ) { + $usedactions->{$action} = 1; createactionchain $action; } - $default_actions{$map{$option}} = $action; + $default_actions->{$map{$option}} = $action; } for $zone ( all_zones ) { @@ -255,11 +255,11 @@ sub validate_policy( $ ) if ( "\L$default" eq 'none' ) { $default = 'none'; } else { - my $defaulttype = $targets{$default} || 0; + my $defaulttype = $targets->{$default} || 0; if ( $defaulttype & ACTION ) { - unless ( $usedactions{$default} ) { - $usedactions{$default} = 1; + unless ( $usedactions->{$default} ) { + $usedactions->{$default} = 1; createactionchain $default; } } else { @@ -267,7 +267,7 @@ sub validate_policy( $ ) } } } else { - $default = $default_actions{$policy} || ''; + $default = $default_actions->{$policy} || ''; } fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy}; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index dc96ea69f..ae04ddba7 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -827,7 +827,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) { macro_comment $macro; - my $macrofile = $macros{$macro}; + my $macrofile = $macros->{$macro}; progress_message "..Expanding Macro $macrofile..."; @@ -867,7 +867,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) { fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action; - my $actiontype = $targets{$action} || find_macro( $action ); + my $actiontype = $targets->{$action} || find_macro( $action ); fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO ); @@ -944,7 +944,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { # # Determine the validity of the action # - my $actiontype = $targets{$basictarget} || find_macro( $basictarget ); + my $actiontype = $targets->{$basictarget} || find_macro( $basictarget ); fatal_error "Unknown action ($action)" unless $actiontype; @@ -997,8 +997,8 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { # Mark target as used # if ( $actiontype & ACTION ) { - unless ( $usedactions{$target} ) { - $usedactions{$target} = 1; + unless ( $usedactions->{$target} ) { + $usedactions->{$target} = 1; createactionchain $target; } } diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index 4701cbcbf..7113e4062 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -37,6 +37,9 @@ our @EXPORT = qw( NOTHING IPSECPROTO IPSECMODE + use_ipv4_interfaces + use_ipv6_interfaces + determine_zones zone_report dump_zone_contents