diff --git a/New/Shorewall/Actions.pm b/New/Shorewall/Actions.pm index e876c96b1..5375fd2bb 100644 --- a/New/Shorewall/Actions.pm +++ b/New/Shorewall/Actions.pm @@ -378,20 +378,15 @@ sub process_action3( $$$$$ ) { } my $actionfile = find_file "action.$action"; - my $standard = ( $actionfile =~ /^($env{SHAREDIR})/ ); - + my $standard = ( $actionfile =~ /^$env{SHAREDIR}/ ); + fatal_error "Missing Action File: $actionfile" unless -f $actionfile; - + progress_message2 "Processing $actionfile for chain $chainref->{name}..."; - open A, $actionfile or fatal_error "Unable to open $actionfile: $!"; + open_file $actionfile; - while ( $line = ) { - chomp $line; - next if $line =~ /^\s*#/; - next if $line =~ /^\s*$/; - $line =~ s/#.*$//; - $line = expand_shell_variables $line unless $standard; + while ( read_a_line ) { my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 8, 'action file'; @@ -423,15 +418,11 @@ sub process_action3( $$$$$ ) { progress_message "..Expanding Macro $fn..."; - open M, $fn or fatal_error "Can't open $fn: $!"; + push_open $fn; my $standard = ( $fn =~ /^($env{SHAREDIR})/ ); - while ( $line = ) { - next if $line =~ /^\s*#/; - next if $line =~ /^\s*$/; - $line =~ s/#.*$//; - $line = expand_shell_variables $line unless $standard; + while ( read_a_line ) { my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; @@ -477,7 +468,7 @@ sub process_action3( $$$$$ ) { process_action $chainref, $action, $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser; } - close M; + pop_open; progress_message '..End Macro' diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm index 3563d4887..7b7ede281 100644 --- a/New/Shorewall/Chains.pm +++ b/New/Shorewall/Chains.pm @@ -1447,7 +1447,7 @@ sub emitr( $ ) { $state = CMD_STATE; } - $rule =~ s/~//; + $rule = substr( $rule, 1 ); emit $rule; } else { diff --git a/New/Shorewall/Config.pm b/New/Shorewall/Config.pm index 454adcd88..e83fefd43 100644 --- a/New/Shorewall/Config.pm +++ b/New/Shorewall/Config.pm @@ -295,7 +295,7 @@ sub open_file( $ ) { fatal_error 'Internal Error in open_file()' if defined $currentfile; - if ( -f $fname ) { + if ( -f $fname && -s _ ) { open $currentfile, '<', $fname or fatal_error "Unable to open $fname: $!"; } } @@ -321,16 +321,35 @@ sub pop_open() { $currentfile = pop @openstack; } +# +# Read a line from the current open stack. +# +# - Ignore blank or comment-only lines. +# - Remove trailing comments. +# - Compress out extra whitespace. +# - Handle Line Continuation +# - Expand shell variables from $ENV. +# - Handle INCLUDE +# + sub read_a_line { while ( $currentfile ) { - while ( $line = <$currentfile> ) { - next if $line =~ /^\s*#/; - next if $line =~ /^\s*$/; - chomp $line; - $line =~ s/#.*$//; + $line = ''; + + while ( my $nextline = <$currentfile> ) { + next if $nextline =~ /^\s*#/; + next if $nextline =~ /^\s*$/; + $nextline =~ s/#.*$//; - expand_shell_variables( $line ); + chomp $nextline; + + if ( substr( $nextline, -1, 1 ) eq '\\' ) { + $line .= substr( $nextline, 0, -1 ); + next; + } + + $line = expand_shell_variables( $line ? $line . $nextline : $nextline ); if ( $line =~ /^\s*INCLUDE\s/ ) { diff --git a/New/Shorewall/Hosts.pm b/New/Shorewall/Hosts.pm index efc334f64..0cb2eac10 100644 --- a/New/Shorewall/Hosts.pm +++ b/New/Shorewall/Hosts.pm @@ -52,9 +52,9 @@ sub validate_hosts_file() my $ipsec = 0; - open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!"; + open_file 'hosts'; - while ( $line = ) { + while ( read_a_line ) { my ($zone, $hosts, $options ) = split_line 3, 'hosts file'; @@ -104,8 +104,6 @@ sub validate_hosts_file() progress_message " Host \"$line\" validated"; } - close HOSTS; - $capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec}; } # diff --git a/New/Shorewall/Interfaces.pm b/New/Shorewall/Interfaces.pm index db5db4216..df29ff0f6 100644 --- a/New/Shorewall/Interfaces.pm +++ b/New/Shorewall/Interfaces.pm @@ -132,9 +132,9 @@ sub validate_interfaces_file() upnp => 1, ); - open INTERFACES, "$ENV{TMP_DIR}/interfaces" or fatal_error "Unable to open stripped interfaces file: $!"; + open_file 'interfaces'; - while ( $line = ) { + while ( read_a_line ) { my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file'; my $zoneref; @@ -195,8 +195,6 @@ sub validate_interfaces_file() progress_message " Interface \"$line\" Validated"; } - - close INTERFACES; } # diff --git a/New/Shorewall/Nat.pm b/New/Shorewall/Nat.pm index be4b8e9d5..bbbc1530a 100644 --- a/New/Shorewall/Nat.pm +++ b/New/Shorewall/Nat.pm @@ -101,6 +101,7 @@ sub setup_one_masq($$$$$$) my $destnets = ''; my $target = '-j MASQUERADE '; + require_capability( 'NAT_ENABLED' , 'a non-empty masq file' ); # # Handle IPSEC options, if any # @@ -238,9 +239,9 @@ sub setup_one_masq($$$$$$) # sub setup_masq() { - open MASQ, "$ENV{TMP_DIR}/masq" or fatal_error "Unable to open stripped zones file: $!"; + open_file 'masq'; - while ( $line = ) { + while ( read_a_line ) { my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file'; @@ -256,8 +257,6 @@ sub setup_masq() } } - close MASQ; - $comment = ''; } @@ -300,6 +299,8 @@ sub do_one_nat( $$$$$ ) my $policyin = ''; my $policyout = ''; + require_capability( 'NAT_ENABLED' , 'a non-empty nat file' ); + if ( $capabilities{POLICY_MATCH} ) { $policyin = ' -m policy --pol none --dir in'; $policyout = '-m policy --pol none --dir out'; @@ -346,9 +347,9 @@ sub do_one_nat( $$$$$ ) # sub setup_nat() { - open NAT, "$ENV{TMP_DIR}/nat" or fatal_error "Unable to open stripped nat file: $!"; + open_file 'nat'; - while ( $line = ) { + while ( read_a_line ) { my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file'; @@ -365,8 +366,6 @@ sub setup_nat() { } - close NAT; - $comment = ''; } @@ -375,12 +374,14 @@ sub setup_nat() { # sub setup_netmap() { - open NM, "$ENV{TMP_DIR}/netmap" or fatal_error "Unable to open stripped netmap file: $!"; + open_file 'netmap'; - while ( $line = ) { + while ( read_a_line ) { my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file'; + require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' ); + if ( $type eq 'DNAT' ) { add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2"; } elsif ( $type eq 'SNAT' ) { @@ -393,7 +394,6 @@ sub setup_netmap() { } - close NM; } sub add_addresses () { diff --git a/New/Shorewall/Policy.pm b/New/Shorewall/Policy.pm index b3769744a..483a7261c 100644 --- a/New/Shorewall/Policy.pm +++ b/New/Shorewall/Policy.pm @@ -128,9 +128,9 @@ sub validate_policy() } } - open POLICY, "$ENV{TMP_DIR}/policy" or fatal_error "Unable to open stripped policy file: $!"; + open_file 'policy'; - while ( $line = ) { + while ( read_a_line ) { my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file'; @@ -226,8 +226,6 @@ sub validate_policy() print_policy $client, $server, $policy, $chain; } } - - close POLICY; } # diff --git a/New/Shorewall/Providers.pm b/New/Shorewall/Providers.pm index a900330b3..27cdea26a 100644 --- a/New/Shorewall/Providers.pm +++ b/New/Shorewall/Providers.pm @@ -343,38 +343,42 @@ sub setup_providers() { } # # Setup_Providers() Starts Here.... - # + # progress_message2 "$doing $fn ..."; - emit "\nif [ -z \"\$NOROUTES\" ]; then"; + open_file 'providers'; - push_indent; + while ( read_a_line ) { - emitj ( '#', - '# Undo any changes made since the last time that we [re]started -- this will not restore the default route', - '#', - 'undo_routing', - '#', - '# Save current routing table database so that it can be restored later', - '#', - 'cp /etc/iproute2/rt_tables ${VARDIR}/', - '#', - '# Capture the default route(s) if we don\'t have it (them) already.', - '#', - '[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route', - '#', - '# Initialize the file that holds \'undo\' commands', - '#', - '> ${VARDIR}/undo_routing' ); + unless ( $providers ) { + require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' ); + + emit "\nif [ -z \"\$NOROUTES\" ]; then"; - save_progress_message 'Adding Providers...'; + push_indent; - emit 'DEFAULT_ROUTE='; - - open PV, "$ENV{TMP_DIR}/providers" or fatal_error "Unable to open stripped providers file: $!"; - - while ( $line = ) { + emitj ( '#', + '# Undo any changes made since the last time that we [re]started -- this will not restore the default route', + '#', + 'undo_routing', + '#', + '# Save current routing table database so that it can be restored later', + '#', + 'cp /etc/iproute2/rt_tables ${VARDIR}/', + '#', + '# Capture the default route(s) if we don\'t have it (them) already.', + '#', + '[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route', + '#', + '# Initialize the file that holds \'undo\' commands', + '#', + '> ${VARDIR}/undo_routing' ); + + save_progress_message 'Adding Providers...'; + emit 'DEFAULT_ROUTE='; + } + my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 8, 'providers file'; add_a_provider( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ); @@ -387,8 +391,6 @@ sub setup_providers() { } - close PV; - if ( $providers ) { if ( $balance ) { emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then', @@ -427,30 +429,32 @@ sub setup_providers() { emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables"; } - if ( -s "$ENV{TMP_DIR}/route_rules" ) { - my $fn = find_file 'route_rules'; + my $fn = find_file 'route_rules'; + + if ( -f $fn ) { progress_message2 "$doing $fn..."; emit ''; - open RR, "$ENV{TMP_DIR}/route_rules" or fatal_error "Unable to open stripped route rules file: $!"; + open_file $fn; + + while ( read_a_line ) { - while ( $line = ) { my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file'; add_an_rtrule( $source, $dest, $provider , $priority ); } - - close RR; } + + emit "\nrun_ip route flush cache"; + pop_indent; + emit "fi\n"; + + setup_route_marking if @routemarked_interfaces; + } else { + emit "\nundo_routing"; + emit 'restore_default_route'; } - - emit "\nrun_ip route flush cache"; - pop_indent; - emit "fi\n"; - - setup_route_marking if @routemarked_interfaces; - } 1; diff --git a/New/Shorewall/Proxyarp.pm b/New/Shorewall/Proxyarp.pm index 07a85310a..2239ca27a 100644 --- a/New/Shorewall/Proxyarp.pm +++ b/New/Shorewall/Proxyarp.pm @@ -82,15 +82,13 @@ sub setup_proxy_arp() { my $interfaces= find_interfaces_by_option 'proxyarp'; - if ( @$interfaces || -s "$ENV{TMP_DIR}/proxyarp" ) { + if ( @$interfaces || open_file 'proxyarp' ) { save_progress_message "Setting up Proxy ARP..."; my ( %set, %reset ); - open PA, "$ENV{TMP_DIR}/proxyarp" or fatal_error "Unable to open stripped proxyarp file: $!"; - - while ( $line = ) { + while ( read_a_line ) { my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file'; @@ -100,8 +98,6 @@ sub setup_proxy_arp() { setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent ); } - close PA; - for my $interface ( keys %reset ) { emit "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" unless $set{interface}; } diff --git a/New/Shorewall/Rules.pm b/New/Shorewall/Rules.pm index 00454543c..0f8b0e81b 100644 --- a/New/Shorewall/Rules.pm +++ b/New/Shorewall/Rules.pm @@ -64,15 +64,13 @@ sub process_tos() { my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos'; my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING'; - if ( -s "$ENV{TMP_DIR}/tos" ) { + if ( open_file 'tos' ) { progress_message2 'Setting up TOS...'; my $pretosref = new_chain 'mangle' , $chain; my $outtosref = new_chain 'mangle' , 'outtos'; - open TOS, "$ENV{TMP_DIR}/tos" or fatal_error "Unable to open stripped tos file: $!"; - - while ( $line = ) { + while ( read_a_line ) { my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file'; @@ -108,8 +106,6 @@ sub process_tos() { ''; } - close TOS; - add_rule $mangle_table->{$stdchain}, "-j $chain"; add_rule $mangle_table->{OUTPUT}, "-j outtos"; } @@ -123,13 +119,11 @@ sub setup_ecn() my %interfaces; my @hosts; - if ( -s "$ENV{TMP_DIR}/ecn" ) { + if ( open_file 'ecn' ) { progress_message2 join( '' , '$doing ', find_file( 'ecn' ), '...' ); - open ECN, "$ENV{TMP_DIR}/ecn" or fatal_error "Unable to open stripped ecn file: $!"; - - while ( $line = ) { + while ( read_a_line ) { my ($interface, $hosts ) = split_line 2, 'ecn file'; @@ -144,8 +138,6 @@ sub setup_ecn() } } - close ECN; - if ( @hosts ) { my @interfaces = ( keys %interfaces ); @@ -189,9 +181,9 @@ sub setup_rfc1918_filteration( $ ) { $chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT}; - open RFC, "$ENV{TMP_DIR}/rfc1918" or fatal_error "Unable to open stripped rfc1918 file: $!"; + open_file 'rfc1918'; - while ( $line = ) { + while ( read_a_line ) { my ( $networks, $target ) = split_line 2, 'rfc1918 file'; @@ -214,8 +206,6 @@ sub setup_rfc1918_filteration( $ ) { } } - close RFC; - add_rule $norfc1918ref , '-j rfc1918d' if $config{RFC1918_STRICT}; for my $hostref ( @$listref ) { @@ -267,13 +257,11 @@ sub setup_blacklist() { $target = 'blacklog'; } - if ( -s "$ENV{TMP_DIR}/blacklist" ) { - - open BL, "$ENV{TMP_DIR}/blacklist" or fatal_error "Unable to open stripped blacklist file: $!"; + if ( open_file 'blacklist' ) { progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) ); - while ( $line = ) { + while ( read_a_line ) { my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file'; @@ -293,8 +281,6 @@ sub setup_blacklist() { } } - close BL; - my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : ''; for my $hostref ( @$hosts ) { @@ -320,9 +306,9 @@ sub process_criticalhosts() { @critical = (); - open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!"; + open_file $fn; - while ( $line = ) { + while ( read_a_line ) { my $routeback = 0; @@ -349,8 +335,6 @@ sub process_criticalhosts() { } } - close RS; - \@critical; } @@ -361,9 +345,9 @@ sub process_routestopped() { progress_message2 "$doing $fn..."; - open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!"; + open_file $fn; - while ( $line = ) { + while ( read_a_line ) { my $routeback = 0; @@ -409,8 +393,6 @@ sub process_routestopped() { push @allhosts, @hosts; } - close RS; - for my $host ( @allhosts ) { my ( $interface, $h ) = split /:/, $host; my $source = match_source_net $h; @@ -649,9 +631,9 @@ sub setup_mac_lists( $ ) { } } - open MAC, "$ENV{TMP_DIR}/maclist" or fatal_error "Unable to open stripped maclist file: $!"; + open_file 'maclist'; - while ( $line = ) { + while ( read_a_line ) { my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file'; @@ -695,8 +677,6 @@ sub setup_mac_lists( $ ) { } } - close MAC; - $comment = ''; # # Generate jumps from the input and forward chains @@ -758,14 +738,9 @@ sub process_macro ( $$$$$$$$$$$ ) { progress_message "..Expanding Macro $macrofile..."; - open M, $macrofile or fatal_error "Unable to open $macrofile: $!"; + push_open $macrofile; - while ( $line = ) { - chomp $line; - next if $line =~ /^\s*#/; - next if $line =~ /^\s*$/; - $line =~ s/#.*$//; - $line = expand_shell_variables $line unless $standard; + while ( read_a_line ) { my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; @@ -828,7 +803,7 @@ sub process_macro ( $$$$$$$$$$$ ) { progress_message " Rule \"$line\" $done"; } - close M; + pop_open; progress_message '..End Macro' } @@ -1186,9 +1161,9 @@ sub process_rule ( $$$$$$$$$ ) { # sub process_rules() { - open RULES, "$ENV{TMP_DIR}/rules" or fatal_error "Unable to open stripped rules file: $!"; + open_file 'rules'; - while ( $line = ) { + while ( read_a_line ) { my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file'; @@ -1220,8 +1195,6 @@ sub process_rules() { } } - close RULES; - $comment = ''; $section = 'DONE'; } diff --git a/New/Shorewall/Tc.pm b/New/Shorewall/Tc.pm index cbec34f3d..2843e5955 100644 --- a/New/Shorewall/Tc.pm +++ b/New/Shorewall/Tc.pm @@ -349,14 +349,16 @@ sub validate_tc_class( $$$$$$ ) { } sub setup_traffic_shaping() { - if ( -s "$ENV{TMP_DIR}/tcdevices" ) { - save_progress_message "Setting up Traffic Control..."; - my $fn = find_file 'tcdevices'; + save_progress_message "Setting up Traffic Control..."; + + my $fn = find_file 'tcdevices'; + + if ( -f $fn ) { progress_message2 "$doing $fn..."; - open TD, "$ENV{TMP_DIR}/tcdevices" or fatal_error "Unable to open stripped tcdevices file: $!"; + open_file $fn; - while ( $line = ) { + while ( read_a_line ) { my ( $device, $inband, $outband ) = split_line 3, 'tcdevices'; @@ -365,15 +367,14 @@ sub setup_traffic_shaping() { } } - close TD; + $fn = find_file 'tcclasses'; - if ( -s "$ENV{TMP_DIR}/tcclasses" ) { - my $fn = find_file 'tcdevices'; + if ( -f $fn ) { progress_message2 "$doing $fn..."; - open TC, "$ENV{TMP_DIR}/tcclasses" or fatal_error "Unable to open stripped tcclasses file: $!"; + open_file $fn; - while ( $line = ) { + while ( read_a_line ) { my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 6, 'tcclasses file'; @@ -381,8 +382,6 @@ sub setup_traffic_shaping() { } } - close TC; - my $devnum = 1; $prefix = '10' if @tcdevices > 10; @@ -496,13 +495,14 @@ sub setup_tc() { ensure_mangle_chain 'tcpost'; } - if ( -s "$ENV{TMP_DIR}/tcrules" ) { - require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' ); + my $fn = find_file 'tcrules'; - open TC, "$ENV{TMP_DIR}/tcrules" or fatal_error "Unable to open stripped tcrules file: $!"; + if ( -f $fn ) { - while ( $line = ) { + require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' ) if open_file $fn; + while ( read_a_line ) { + my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file'; if ( $mark eq 'COMMENT' ) { @@ -518,8 +518,6 @@ sub setup_tc() { } - close TC; - $comment = ''; } @@ -554,7 +552,7 @@ sub setup_tc() { save_progress_message 'Setting up Traffic Control...'; append_file $config{TC_SCRIPT}; } elsif ( $config{TC_ENABLED} eq 'Internal' ) { - setup_traffic_shaping if -s "$ENV{TMP_DIR}/tcdevices"; + setup_traffic_shaping; } } diff --git a/New/Shorewall/Tunnels.pm b/New/Shorewall/Tunnels.pm index a7720dcb9..f645bbe4c 100644 --- a/New/Shorewall/Tunnels.pm +++ b/New/Shorewall/Tunnels.pm @@ -230,9 +230,9 @@ sub setup_tunnels() { # # Setup_Tunnels() Starts Here # - open TUNNELS, "$ENV{TMP_DIR}/tunnels" or fatal_error "Unable to open stripped tunnels file: $!"; + open_file 'tunnels'; - while ( $line = ) { + while ( read_a_line ) { my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file'; @@ -248,8 +248,6 @@ sub setup_tunnels() { } } - close TUNNELS; - $comment = ''; } diff --git a/New/compiler.pl b/New/compiler.pl index 57f17923b..b97629e69 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -710,13 +710,7 @@ sub compiler( $ ) { # # [Re-]establish Routing # - if ( -s "$ENV{TMP_DIR}/providers" ) { - require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' ); - setup_providers; - } else { - emit "\nundo_routing"; - emit 'restore_default_route'; - } + setup_providers; # # TCRules and Traffic Shaping # @@ -733,11 +727,8 @@ sub compiler( $ ) { # # Setup Masquerading/SNAT # - if ( -s "$ENV{TMP_DIR}/masq" ) { - progress_message2 "$doing Masq file..."; - require_capability( 'NAT_ENABLED' , 'a non-empty masq file' ); - setup_masq; - } + progress_message2 "$doing Masq file..."; + setup_masq; # # MACLIST Filtration # @@ -771,19 +762,13 @@ sub compiler( $ ) { # # Setup Nat # - if ( -s "$ENV{TMP_DIR}/nat" ) { - progress_message2 "$doing one-to-one NAT..."; - require_capability( 'NAT_ENABLED' , 'a non-empty nat file' ); - setup_nat; - } + progress_message2 "$doing one-to-one NAT..."; + setup_nat; # # Setup NETMAP # - if ( -s "$ENV{TMP_DIR}/nat" ) { - progress_message2 "$doing NETMAP..."; - require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' ); - setup_netmap; - } + progress_message2 "$doing NETMAP..."; + setup_netmap; # # Accounting. #