extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-06 18:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

More IPv6

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-08 00:21:20 +00:00
parent 96af8e6a62
commit e8586bbdb9
7 changed files with 202 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
Shorewall-perl/Shorewall/Actions.pm
View File

@ -28,6 +28,7 @@ require Exporter;
use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Config qw(:DEFAULT :internal);
use Shorewall::Zones; use Shorewall::Zones;
use Shorewall::Chains qw(:DEFAULT :internal); use Shorewall::Chains qw(:DEFAULT :internal);
use Shorewall::IPAddrs;
use strict; use strict;
@ -48,11 +49,11 @@ our @EXPORT = qw( merge_levels
merge_macro_source_dest merge_macro_source_dest
merge_macro_column merge_macro_column
%usedactions $usedactions
%default_actions $default_actions
%actions $actions
%macros $macros
$macro_commands $macro_commands
); );
our @EXPORT_OK = qw( initialize ); our @EXPORT_OK = qw( initialize );
@ -61,11 +62,15 @@ our $VERSION = 4.1.1;
# #
# Used Actions. Each action that is actually used has an entry with value 1. # Used Actions. Each action that is actually used has an entry with value 1.
# #
our %usedactions; our %usedactions4;
our %usedactions6;
our $usedactions;
# #
# Default actions for each policy. # Default actions for each policy.
# #
our %default_actions; our %default_actions4;
our %default_actions6;
our $default_actions;
# Action Table # Action Table
# #
@ -75,19 +80,47 @@ our %default_actions;
# } , # } ,
# actchain => <action chain number> # Used for generating unique chain names for each <level>:<tag> pair. # actchain => <action chain number> # Used for generating unique chain names for each <level>:<tag> pair.
# #
our %actions; our %actions4;
our %actions6;
our $actions;
# #
# Contains an entry for each used <action>:<level>[:<tag>] that maps to the associated chain. # Contains an entry for each used <action>:<level>[:<tag>] that maps to the associated chain.
# #
our %logactionchains; our %logactionchains4;
our %logactionchains6;
our $logactionchains;
our %macros; our $action_prefix;
our %macros4;
our %macros6;
our $macros;
our $macro_prefix;
# #
# Commands that can be embedded in a macro file and how many total tokens on the line (0 => unlimited). # Commands that can be embedded in a macro file and how many total tokens on the line (0 => unlimited).
# #
our $macro_commands = { COMMENT => 0, FORMAT => 2 }; our $macro_commands = { COMMENT => 0, FORMAT => 2 };
sub use_ipv4_actions() {
$usedactions = \%usedactions4;
$default_actions = \%default_actions4;
$actions = \%actions4;
$macros = \%macros4;
$action_prefix = 'action4';
$macro_prefix = 'macro4';
}
sub use_ipv6_actions() {
$usedactions = \%usedactions6;
$default_actions = \%default_actions6;
$actions = \%actions6;
$macros = \%macros6;
$action_prefix = 'action6';
$macro_prefix = 'macro6';
}
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Initialize globals -- we take this novel approach to globals initialization to allow
# the compiler to run multiple times in the same process. The # the compiler to run multiple times in the same process. The
@ -98,14 +131,24 @@ our $macro_commands = { COMMENT => 0, FORMAT => 2 };
# #
sub initialize() { sub initialize() {
%usedactions = (); %usedactions4 = ();
%default_actions = ( DROP => 'none' , %usedactions6 = ();
REJECT => 'none' , %default_actions4 = ( DROP => 'none' ,
ACCEPT => 'none' , REJECT => 'none' ,
QUEUE => 'none' ); ACCEPT => 'none' ,
%actions = (); QUEUE => 'none' );
%logactionchains = (); %default_actions6 = ( DROP => 'none' ,
%macros = (); REJECT => 'none' ,
ACCEPT => 'none' ,
QUEUE => 'none' );
%actions4 = ();
%actions6 = ();
%logactionchains4 = ();
%logactionchains6 = ();
%macros4 = ();
%macros6 = ();
use_ipv4_actions;
} }
INIT { INIT {
@ -153,11 +196,13 @@ sub merge_levels ($$) {
sub find_macro( $ ) sub find_macro( $ )
{ {
my $macro = $_[0]; my $macro = $_[0];
my $macrofile = find_file "macro.$macro"; my $macrofile = find_file "${macro_prefix}.$macro";
$macrofile = find_file "macro.$macro" unless -f $macrofile;
if ( -f $macrofile ) { if ( -f $macrofile ) {
$macros{$macro} = $macrofile; $macros->{$macro} = $macrofile;
$targets{$macro} = MACRO; $targets->{$macro} = MACRO;
} else { } else {
0; 0;
} }
@ -252,7 +297,7 @@ sub new_action( $ ) {
my $action = $_[0]; my $action = $_[0];
$actions{$action} = { actchain => '', requires => {} }; $actions->{$action} = { actchain => '', requires => {} };
} }
# #
@ -260,7 +305,7 @@ sub new_action( $ ) {
# #
sub add_requiredby ( $$ ) { sub add_requiredby ( $$ ) {
my ($requiredby , $requires ) = @_; my ($requiredby , $requires ) = @_;
$actions{$requires}{requires}{$requiredby} = 1; $actions->{$requires}{requires}{$requiredby} = 1;
} }
# #
@ -280,7 +325,7 @@ sub add_requiredby ( $$ ) {
sub createlogactionchain( $$ ) { sub createlogactionchain( $$ ) {
my ( $action, $level ) = @_; my ( $action, $level ) = @_;
my $chain = $action; my $chain = $action;
my $actionref = $actions{$action}; my $actionref = $actions->{$action};
my $chainref; my $chainref;
my ($lev, $tag) = split ':', $level; my ($lev, $tag) = split ':', $level;
@ -293,15 +338,15 @@ sub createlogactionchain( $$ ) {
CHECKDUP: CHECKDUP:
{ {
$actionref->{actchain}++ while $chain_table{filter}{'%' . $chain . $actionref->{actchain}}; $actionref->{actchain}++ while $filter_table->{'%' . $chain . $actionref->{actchain}};
$chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28; $chain = substr( $chain, 0, 27 ), redo CHECKDUP if ( $actionref->{actchain} || 0 ) >= 10 and length $chain == 28;
} }
$logactionchains{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++; $logactionchains->{"$action:$level"} = $chainref = new_standard_chain '%' . $chain . $actionref->{actchain}++;
fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99; fatal_error "Too many invocations of Action $action" if $actionref->{actchain} > 99;
unless ( $targets{$action} & STANDARD ) { unless ( $targets->{$action} & STANDARD ) {
my $file = find_file $chain; my $file = find_file $chain;
@ -325,9 +370,9 @@ sub createsimpleactionchain( $ ) {
my $action = shift; my $action = shift;
my $chainref = new_standard_chain $action; my $chainref = new_standard_chain $action;
$logactionchains{"$action:none"} = $chainref; $logactionchains->{"$action:none"} = $chainref;
unless ( $targets{$action} & STANDARD ) { unless ( $targets->{$action} & STANDARD ) {
my $file = find_file $action; my $file = find_file $action;
@ -374,7 +419,7 @@ sub find_logactionchain( $ ) {
$level = 'none' unless $level; $level = 'none' unless $level;
fatal_error "Fatal error in find_logactionchain" unless $logactionchains{"$action:$level"}; fatal_error "Fatal error in find_logactionchain" unless $logactionchains->{"$action:$level"};
} }
# #
@ -416,7 +461,7 @@ sub process_macro1 ( $$ ) {
$mtarget = (split '/' , $mtarget)[0]; $mtarget = (split '/' , $mtarget)[0];
my $targettype = $targets{$mtarget}; my $targettype = $targets->{$mtarget};
$targettype = 0 unless defined $targettype; $targettype = 0 unless defined $targettype;
@ -436,7 +481,7 @@ sub process_action1 ( $$ ) {
$level = 'none' unless $level; $level = 'none' unless $level;
my $targettype = $targets{$target}; my $targettype = $targets->{$target};
if ( defined $targettype ) { if ( defined $targettype ) {
return if ( $targettype == STANDARD ) || ( $targettype & ( MACRO | LOGRULE | NFQ | CHAIN ) ); return if ( $targettype == STANDARD ) || ( $targettype & ( MACRO | LOGRULE | NFQ | CHAIN ) );
@ -454,7 +499,7 @@ sub process_action1 ( $$ ) {
return if $target eq 'NFQUEUE'; return if $target eq 'NFQUEUE';
if ( defined $param ) { if ( defined $param ) {
my $paramtype = $targets{$param} || 0; my $paramtype = $targets->{$param} || 0;
fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE; fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE;
} }
@ -462,7 +507,7 @@ sub process_action1 ( $$ ) {
fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target; fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target;
if ( find_macro $target ) { if ( find_macro $target ) {
process_macro1( $action, $macros{$target} ); process_macro1( $action, $macros->{$target} );
} else { } else {
fatal_error "Invalid TARGET ($target)"; fatal_error "Invalid TARGET ($target)";
} }
@ -473,7 +518,7 @@ sub process_actions1() {
progress_message2 "Preprocessing Action Files..."; progress_message2 "Preprocessing Action Files...";
for my $act ( grep $targets{$_} & ACTION , keys %targets ) { for my $act ( grep $targets->{$_} & ACTION , keys %{$targets} ) {
new_action $act; new_action $act;
} }
@ -490,18 +535,20 @@ sub process_actions1() {
next unless $action; next unless $action;
if ( $targets{$action} ) { if ( $targets->{$action} ) {
warning_message "Duplicate Action Name ($action) Ignored" unless $targets{$action} & ACTION; warning_message "Duplicate Action Name ($action) Ignored" unless $targets->{$action} & ACTION;
next; next;
} }
$targets{$action} = ACTION; $targets->{$action} = ACTION;
fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/; fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/;
new_action $action; new_action $action;
my $actionfile = find_file "action.$action"; my $actionfile = find_file "${action_prefix}.$action";
$actionfile = find_file "action.$action" unless -f $actionfile;
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
@ -529,14 +576,14 @@ sub process_actions2 () {
while ( $changed ) { while ( $changed ) {
$changed = 0; $changed = 0;
for my $target (keys %usedactions) { for my $target (keys %{$usedactions}) {
my ($action, $level) = split_action $target; my ($action, $level) = split_action $target;
my $actionref = $actions{$action}; my $actionref = $actions->{$action};
fatal_error "Null Action Reference in process_actions2" unless $actionref; fatal_error "Null Action Reference in process_actions2" unless $actionref;
for my $action1 ( keys %{$actionref->{requires}} ) { for my $action1 ( keys %{$actionref->{requires}} ) {
my $action2 = merge_levels $target, $action1; my $action2 = merge_levels $target, $action1;
unless ( $usedactions{ $action2 } ) { unless ( $usedactions->{ $action2 } ) {
$usedactions{ $action2 } = 1; $usedactions->{ $action2 } = 1;
createactionchain $action2; createactionchain $action2;
$changed = 1; $changed = 1;
} }
@ -588,7 +635,7 @@ sub process_macro3( $$$$$$$$$$$ ) {
macro_comment $macro; macro_comment $macro;
my $fn = $macros{$macro}; my $fn = $macros->{$macro};
progress_message "..Expanding Macro $fn..."; progress_message "..Expanding Macro $fn...";
@ -673,7 +720,9 @@ sub process_macro3( $$$$$$$$$$$ ) {
# #
sub process_action3( $$$$$ ) { sub process_action3( $$$$$ ) {
my ( $chainref, $wholeaction, $action, $level, $tag ) = @_; my ( $chainref, $wholeaction, $action, $level, $tag ) = @_;
my $actionfile = find_file "action.$action"; my $actionfile = find_file "${action_prefix}.$action";
$actionfile = find_file "action.$action" unless -f $actionfile;
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
@ -696,7 +745,7 @@ sub process_action3( $$$$$ ) {
( $action2 , my $param ) = get_target_param $action2; ( $action2 , my $param ) = get_target_param $action2;
my $action2type = $targets{$action2} || 0; my $action2type = $targets->{$action2} || 0;
unless ( $action2type == STANDARD ) { unless ( $action2type == STANDARD ) {
if ( $action2type & ACTION ) { if ( $action2type & ACTION ) {
@ -851,14 +900,14 @@ sub process_actions3 () {
'forwardUPnP' => \&forwardUPnP, 'forwardUPnP' => \&forwardUPnP,
'Limit' => \&Limit, ); 'Limit' => \&Limit, );
for my $wholeaction ( keys %usedactions ) { for my $wholeaction ( keys %{$usedactions} ) {
my $chainref = find_logactionchain $wholeaction; my $chainref = find_logactionchain $wholeaction;
my ( $action, $level, $tag ) = split /:/, $wholeaction; my ( $action, $level, $tag ) = split /:/, $wholeaction;
$level = '' unless defined $level; $level = '' unless defined $level;
$tag = '' unless defined $tag; $tag = '' unless defined $tag;
if ( $targets{$action} & BUILTIN ) { if ( $targets->{$action} & BUILTIN ) {
$level = '' if $level =~ /none!?/; $level = '' if $level =~ /none!?/;
$builtinops{$action}->($chainref, $level, $tag); $builtinops{$action}->($chainref, $level, $tag);
} else { } else {

107
Shorewall-perl/Shorewall/Chains.pm
View File

@ -50,6 +50,7 @@ our @EXPORT = qw(
$nat_table $nat_table
$mangle_table $mangle_table
$filter_table $filter_table
$targets
); );
our %EXPORT_TAGS = ( our %EXPORT_TAGS = (
@ -149,7 +150,7 @@ our %EXPORT_TAGS = (
create_chainlist_reload create_chainlist_reload
$section $section
%sections %sections
%targets $targets
) ], ) ],
); );
@ -231,7 +232,6 @@ use constant { STANDARD => 1, #defined by Netfilter
IPV4ONLY => 2048, #Not Available with IPV6 IPV4ONLY => 2048, #Not Available with IPV6
}; };
our %targets;
# #
# expand_rule() restrictions # expand_rule() restrictions
# #
@ -264,16 +264,22 @@ use constant { NULL_MODE => 0 , # Generating neither shell commands nor iptabl
our $mode; our $mode;
our %targets4;
our %targets6;
our $targets;
sub use_ipv4_chains() { sub use_ipv4_chains() {
$nat_table = $chain_table{nat}; $nat_table = $chain_table{nat};
$mangle_table = $chain_table{mangle}; $mangle_table = $chain_table{mangle};
$filter_table = $chain_table{filter}; $filter_table = $chain_table{filter};
$targets = \%targets4;
} }
sub use_ipv6_chains() { sub use_ipv6_chains() {
$nat_table = undef; $nat_table = undef;
$mangle_table = $chain_table{mangle6}; $mangle_table = $chain_table{mangle6};
$filter_table = $chain_table{filter6}; $filter_table = $chain_table{filter6};
$targets = \%targets6;
} }
# #
@ -318,40 +324,6 @@ sub initialize() {
# #
$comment = ''; $comment = '';
# #
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
#
%targets = ('ACCEPT' => STANDARD,
'ACCEPT+' => STANDARD + NONAT + IPV4ONLY,
'ACCEPT!' => STANDARD,
'NONAT' => STANDARD + NONAT + NATONLY + IPV4ONLY,
'DROP' => STANDARD,
'DROP!' => STANDARD,
'REJECT' => STANDARD,
'REJECT!' => STANDARD,
'DNAT' => NATRULE + IPV4ONLY,
'DNAT-' => NATRULE + NATONLY + IPV4ONLY,
'REDIRECT' => NATRULE + REDIRECT + IPV4ONLY,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY + IPV4ONLY,
'LOG' => STANDARD + LOGRULE,
'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD,
'QUEUE' => STANDARD,
'QUEUE!' => STANDARD,
'NFQUEUE' => STANDARD + NFQ,
'NFQUEUE!' => STANDARD + NFQ,
'SAME' => NATRULE + IPV4ONLY,
'SAME-' => NATRULE + NATONLY + IPV4ONLY,
'dropBcast' => BUILTIN + ACTION,
'allowBcast' => BUILTIN + ACTION,
'dropNotSyn' => BUILTIN + ACTION,
'rejNotSyn' => BUILTIN + ACTION,
'dropInvalid' => BUILTIN + ACTION,
'allowInvalid' => BUILTIN + ACTION,
'allowinUPnP' => BUILTIN + ACTION,
'forwardUPnP' => BUILTIN + ACTION,
'Limit' => BUILTIN + ACTION,
);
#
# Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ... # Used to sequence 'exclusion' chains with names 'excl0', 'excl1', ...
# #
$exclseq = 0; $exclseq = 0;
@ -374,6 +346,63 @@ sub initialize() {
%interfacegateways = (); %interfacegateways = ();
@ipv4tables = ( qw/ filter / ); @ipv4tables = ( qw/ filter / );
#
# As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
#
%targets4 = ('ACCEPT' => STANDARD,
'ACCEPT+' => STANDARD + NONAT,
'ACCEPT!' => STANDARD,
'NONAT' => STANDARD + NONAT + NATONLY,
'DROP' => STANDARD,
'DROP!' => STANDARD,
'REJECT' => STANDARD,
'REJECT!' => STANDARD,
'DNAT' => NATRULE,
'DNAT-' => NATRULE + NATONLY,
'REDIRECT' => NATRULE + REDIRECT,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'LOG' => STANDARD + LOGRULE,
'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD,
'QUEUE' => STANDARD,
'QUEUE!' => STANDARD,
'NFQUEUE' => STANDARD + NFQ,
'NFQUEUE!' => STANDARD + NFQ,
'SAME' => NATRULE,
'SAME-' => NATRULE + NATONLY,
'dropBcast' => BUILTIN + ACTION,
'allowBcast' => BUILTIN + ACTION,
'dropNotSyn' => BUILTIN + ACTION,
'rejNotSyn' => BUILTIN + ACTION,
'dropInvalid' => BUILTIN + ACTION,
'allowInvalid' => BUILTIN + ACTION,
'allowinUPnP' => BUILTIN + ACTION,
'forwardUPnP' => BUILTIN + ACTION,
'Limit' => BUILTIN + ACTION,
);
%targets6 = ('ACCEPT' => STANDARD,
'NONAT' => STANDARD + NONAT + NATONLY,
'DROP!' => STANDARD,
'LOG' => STANDARD + LOGRULE,
'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD,
'QUEUE' => STANDARD,
'QUEUE!' => STANDARD,
'NFQUEUE' => STANDARD + NFQ,
'NFQUEUE!' => STANDARD + NFQ,
'dropBcast' => BUILTIN + ACTION,
'allowBcast' => BUILTIN + ACTION,
'dropNotSyn' => BUILTIN + ACTION,
'rejNotSyn' => BUILTIN + ACTION,
'dropInvalid' => BUILTIN + ACTION,
'allowInvalid' => BUILTIN + ACTION,
'allowinUPnP' => BUILTIN + ACTION,
'forwardUPnP' => BUILTIN + ACTION,
'Limit' => BUILTIN + ACTION,
);
} }
INIT { INIT {
@ -557,7 +586,7 @@ sub add_jump( $$$;$ ) {
# #
# Ensure that we have the chain unless it is a builtin like 'ACCEPT' # Ensure that we have the chain unless it is a builtin like 'ACCEPT'
# #
$toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets{$to} || 0 ) & STANDARD; $toref = ensure_chain( $fromref->{table} , $to ) unless ( $targets->{$to} || 0 ) & STANDARD;
} }
# #
@ -933,8 +962,8 @@ sub new_nat_chain($) {
sub new_manual_chain($) { sub new_manual_chain($) {
my $chain = $_[0]; my $chain = $_[0];
fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain}; fatal_error "Duplicate Chain Name ($chain)" if $targets->{$chain} || $filter_table->{$chain};
$targets{$chain} = CHAIN; $targets->{$chain} = CHAIN;
( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1; ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
$chainref; $chainref;

19
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -37,6 +37,7 @@ use Shorewall::Accounting;
use Shorewall::Rules; use Shorewall::Rules;
use Shorewall::Proc; use Shorewall::Proc;
use Shorewall::Proxyarp; use Shorewall::Proxyarp;
use Shorewall::IPAddrs;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG ); our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG );
@ -49,6 +50,8 @@ our $test;
our $reused = 0; our $reused = 0;
our $family;
use constant { EXPORT => 0x01 , use constant { EXPORT => 0x01 ,
TIMESTAMP => 0x02 , TIMESTAMP => 0x02 ,
DEBUG => 0x04 }; DEBUG => 0x04 };
@ -68,6 +71,21 @@ sub reinitialize() {
Shorewall::Accounting::initialize; Shorewall::Accounting::initialize;
Shorewall::Rules::initialize; Shorewall::Rules::initialize;
Shorewall::Proxyarp::initialize; Shorewall::Proxyarp::initialize;
$family = 0;
}
sub use_ipv4() {
use_ipv4_addrs;
use_ipv4_interfaces;
use_ipv4_policies;
$family = F_INET;
}
sub use_ipv6() {
use_ipv6_addrs;
use_ipv6_interfaces;
use_ipv6_policies;
$family = F_INET;
} }
# #
@ -799,6 +817,7 @@ sub compiler {
# #
# Process the interfaces file(s). # Process the interfaces file(s).
# #
use_ipv4;
validate_interfaces_file ( 'interfaces', $export ); validate_interfaces_file ( 'interfaces', $export );
# #
# Process the hosts file. # Process the hosts file.

6
Shorewall-perl/Shorewall/IPAddrs.pm
View File

@ -89,7 +89,7 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
sub use_ipv4() { sub use_ipv4_addrs() {
$family = F_INET; $family = F_INET;
} }
@ -97,7 +97,7 @@ sub using_ipv4() {
$family == F_INET; $family == F_INET;
} }
sub use_ipv6() { sub use_ipv6_addrs() {
$family = F_INET6; $family = F_INET6;
} }
@ -115,7 +115,7 @@ sub using_ipv6() {
# #
sub initialize() { sub initialize() {
use_ipv4; use_ipv4_addrs;
} }
INIT { INIT {

16
Shorewall-perl/Shorewall/Policy.pm
View File

@ -194,7 +194,7 @@ sub validate_policy( $ )
for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ { for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ {
my $action = $config{$option}; my $action = $config{$option};
next if $action eq 'none'; next if $action eq 'none';
my $actiontype = $targets{$action}; my $actiontype = $targets->{$action};
if ( defined $actiontype ) { if ( defined $actiontype ) {
fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION; fatal_error "Invalid setting ($action) for $option" unless $actiontype & ACTION;
@ -202,12 +202,12 @@ sub validate_policy( $ )
fatal_error "Default Action $option=$action not found"; fatal_error "Default Action $option=$action not found";
} }
unless ( $usedactions{$action} ) { unless ( $usedactions->{$action} ) {
$usedactions{$action} = 1; $usedactions->{$action} = 1;
createactionchain $action; createactionchain $action;
} }
$default_actions{$map{$option}} = $action; $default_actions->{$map{$option}} = $action;
} }
for $zone ( all_zones ) { for $zone ( all_zones ) {
@ -255,11 +255,11 @@ sub validate_policy( $ )
if ( "\L$default" eq 'none' ) { if ( "\L$default" eq 'none' ) {
$default = 'none'; $default = 'none';
} else { } else {
my $defaulttype = $targets{$default} || 0; my $defaulttype = $targets->{$default} || 0;
if ( $defaulttype & ACTION ) { if ( $defaulttype & ACTION ) {
unless ( $usedactions{$default} ) { unless ( $usedactions->{$default} ) {
$usedactions{$default} = 1; $usedactions->{$default} = 1;
createactionchain $default; createactionchain $default;
} }
} else { } else {
@ -267,7 +267,7 @@ sub validate_policy( $ )
} }
} }
} else { } else {
$default = $default_actions{$policy} || ''; $default = $default_actions->{$policy} || '';
} }
fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy}; fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy};

10
Shorewall-perl/Shorewall/Rules.pm
View File

@ -827,7 +827,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) {
macro_comment $macro; macro_comment $macro;
my $macrofile = $macros{$macro}; my $macrofile = $macros->{$macro};
progress_message "..Expanding Macro $macrofile..."; progress_message "..Expanding Macro $macrofile...";
@ -867,7 +867,7 @@ sub process_macro ( $$$$$$$$$$$$$$$ ) {
fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action; fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action;
my $actiontype = $targets{$action} || find_macro( $action ); my $actiontype = $targets->{$action} || find_macro( $action );
fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO ); fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO );
@ -944,7 +944,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
# #
# Determine the validity of the action # Determine the validity of the action
# #
my $actiontype = $targets{$basictarget} || find_macro( $basictarget ); my $actiontype = $targets->{$basictarget} || find_macro( $basictarget );
fatal_error "Unknown action ($action)" unless $actiontype; fatal_error "Unknown action ($action)" unless $actiontype;
@ -997,8 +997,8 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
# Mark target as used # Mark target as used
# #
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
unless ( $usedactions{$target} ) { unless ( $usedactions->{$target} ) {
$usedactions{$target} = 1; $usedactions->{$target} = 1;
createactionchain $target; createactionchain $target;
} }
} }

3
Shorewall-perl/Shorewall/Zones.pm
View File

@ -37,6 +37,9 @@ our @EXPORT = qw( NOTHING
IPSECPROTO IPSECPROTO
IPSECMODE IPSECMODE
use_ipv4_interfaces
use_ipv6_interfaces
determine_zones determine_zones
zone_report zone_report
dump_zone_contents dump_zone_contents