extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finish switch to INCLUDE-aware read routines

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5744 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-29 17:02:13 +00:00
parent 2de234316b
commit eb3ef2e636
13 changed files with 143 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
New/Shorewall/Actions.pm
View File

@ -378,20 +378,15 @@ sub process_action3( $$$$$ ) {
} }
my $actionfile = find_file "action.$action"; my $actionfile = find_file "action.$action";
my $standard = ( $actionfile =~ /^($env{SHAREDIR})/ ); my $standard = ( $actionfile =~ /^$env{SHAREDIR}/ );
fatal_error "Missing Action File: $actionfile" unless -f $actionfile; fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
progress_message2 "Processing $actionfile for chain $chainref->{name}..."; progress_message2 "Processing $actionfile for chain $chainref->{name}...";
open A, $actionfile or fatal_error "Unable to open $actionfile: $!"; open_file $actionfile;
while ( $line = <A> ) { while ( read_a_line ) {
chomp $line;
next if $line =~ /^\s*#/;
next if $line =~ /^\s*$/;
$line =~ s/#.*$//;
$line = expand_shell_variables $line unless $standard;
my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 8, 'action file'; my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 8, 'action file';
@ -423,15 +418,11 @@ sub process_action3( $$$$$ ) {
progress_message "..Expanding Macro $fn..."; progress_message "..Expanding Macro $fn...";
open M, $fn or fatal_error "Can't open $fn: $!"; push_open $fn;
my $standard = ( $fn =~ /^($env{SHAREDIR})/ ); my $standard = ( $fn =~ /^($env{SHAREDIR})/ );
while ( $line = <M> ) { while ( read_a_line ) {
next if $line =~ /^\s*#/;
next if $line =~ /^\s*$/;
$line =~ s/#.*$//;
$line = expand_shell_variables $line unless $standard;
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file';
@ -477,7 +468,7 @@ sub process_action3( $$$$$ ) {
process_action $chainref, $action, $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser; process_action $chainref, $action, $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser;
} }
close M; pop_open;
progress_message '..End Macro' progress_message '..End Macro'

2
New/Shorewall/Chains.pm
View File

@ -1447,7 +1447,7 @@ sub emitr( $ ) {
$state = CMD_STATE; $state = CMD_STATE;
} }
$rule =~ s/~//; $rule = substr( $rule, 1 );
emit $rule; emit $rule;
} else { } else {

33
New/Shorewall/Config.pm
View File

@ -295,7 +295,7 @@ sub open_file( $ ) {
fatal_error 'Internal Error in open_file()' if defined $currentfile; fatal_error 'Internal Error in open_file()' if defined $currentfile;
if ( -f $fname ) { if ( -f $fname && -s _ ) {
open $currentfile, '<', $fname or fatal_error "Unable to open $fname: $!"; open $currentfile, '<', $fname or fatal_error "Unable to open $fname: $!";
} }
} }
@ -321,16 +321,35 @@ sub pop_open() {
$currentfile = pop @openstack; $currentfile = pop @openstack;
} }
#
# Read a line from the current open stack.
#
# - Ignore blank or comment-only lines.
# - Remove trailing comments.
# - Compress out extra whitespace.
# - Handle Line Continuation
# - Expand shell variables from $ENV.
# - Handle INCLUDE <filename>
#
sub read_a_line { sub read_a_line {
while ( $currentfile ) { while ( $currentfile ) {
while ( $line = <$currentfile> ) {
next if $line =~ /^\s*#/;
next if $line =~ /^\s*$/;
chomp $line;
$line =~ s/#.*$//; $line = '';
expand_shell_variables( $line ); while ( my $nextline = <$currentfile> ) {
next if $nextline =~ /^\s*#/;
next if $nextline =~ /^\s*$/;
$nextline =~ s/#.*$//;
chomp $nextline;
if ( substr( $nextline, -1, 1 ) eq '\\' ) {
$line .= substr( $nextline, 0, -1 );
next;
}
$line = expand_shell_variables( $line ? $line . $nextline : $nextline );
if ( $line =~ /^\s*INCLUDE\s/ ) { if ( $line =~ /^\s*INCLUDE\s/ ) {

6
New/Shorewall/Hosts.pm
View File

@ -52,9 +52,9 @@ sub validate_hosts_file()
my $ipsec = 0; my $ipsec = 0;
open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!"; open_file 'hosts';
while ( $line = <HOSTS> ) { while ( read_a_line ) {
my ($zone, $hosts, $options ) = split_line 3, 'hosts file'; my ($zone, $hosts, $options ) = split_line 3, 'hosts file';
@ -104,8 +104,6 @@ sub validate_hosts_file()
progress_message " Host \"$line\" validated"; progress_message " Host \"$line\" validated";
} }
close HOSTS;
$capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec}; $capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec};
} }
# #

6
New/Shorewall/Interfaces.pm
View File

@ -132,9 +132,9 @@ sub validate_interfaces_file()
upnp => 1, upnp => 1,
); );
open INTERFACES, "$ENV{TMP_DIR}/interfaces" or fatal_error "Unable to open stripped interfaces file: $!"; open_file 'interfaces';
while ( $line = <INTERFACES> ) { while ( read_a_line ) {
my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file'; my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file';
my $zoneref; my $zoneref;
@ -195,8 +195,6 @@ sub validate_interfaces_file()
progress_message " Interface \"$line\" Validated"; progress_message " Interface \"$line\" Validated";
} }
close INTERFACES;
} }
# #

22
New/Shorewall/Nat.pm
View File

@ -101,6 +101,7 @@ sub setup_one_masq($$$$$$)
my $destnets = ''; my $destnets = '';
my $target = '-j MASQUERADE '; my $target = '-j MASQUERADE ';
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
# #
# Handle IPSEC options, if any # Handle IPSEC options, if any
# #
@ -238,9 +239,9 @@ sub setup_one_masq($$$$$$)
# #
sub setup_masq() sub setup_masq()
{ {
open MASQ, "$ENV{TMP_DIR}/masq" or fatal_error "Unable to open stripped zones file: $!"; open_file 'masq';
while ( $line = <MASQ> ) { while ( read_a_line ) {
my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file'; my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file';
@ -256,8 +257,6 @@ sub setup_masq()
} }
} }
close MASQ;
$comment = ''; $comment = '';
} }
@ -300,6 +299,8 @@ sub do_one_nat( $$$$$ )
my $policyin = ''; my $policyin = '';
my $policyout = ''; my $policyout = '';
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
if ( $capabilities{POLICY_MATCH} ) { if ( $capabilities{POLICY_MATCH} ) {
$policyin = ' -m policy --pol none --dir in'; $policyin = ' -m policy --pol none --dir in';
$policyout = '-m policy --pol none --dir out'; $policyout = '-m policy --pol none --dir out';
@ -346,9 +347,9 @@ sub do_one_nat( $$$$$ )
# #
sub setup_nat() { sub setup_nat() {
open NAT, "$ENV{TMP_DIR}/nat" or fatal_error "Unable to open stripped nat file: $!"; open_file 'nat';
while ( $line = <NAT> ) { while ( read_a_line ) {
my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file'; my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file';
@ -365,8 +366,6 @@ sub setup_nat() {
} }
close NAT;
$comment = ''; $comment = '';
} }
@ -375,12 +374,14 @@ sub setup_nat() {
# #
sub setup_netmap() { sub setup_netmap() {
open NM, "$ENV{TMP_DIR}/netmap" or fatal_error "Unable to open stripped netmap file: $!"; open_file 'netmap';
while ( $line = <NM> ) { while ( read_a_line ) {
my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file'; my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file';
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
if ( $type eq 'DNAT' ) { if ( $type eq 'DNAT' ) {
add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2"; add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2";
} elsif ( $type eq 'SNAT' ) { } elsif ( $type eq 'SNAT' ) {
@ -393,7 +394,6 @@ sub setup_netmap() {
} }
close NM;
} }
sub add_addresses () { sub add_addresses () {

6
New/Shorewall/Policy.pm
View File

@ -128,9 +128,9 @@ sub validate_policy()
} }
} }
open POLICY, "$ENV{TMP_DIR}/policy" or fatal_error "Unable to open stripped policy file: $!"; open_file 'policy';
while ( $line = <POLICY> ) { while ( read_a_line ) {
my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file'; my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file';
@ -226,8 +226,6 @@ sub validate_policy()
print_policy $client, $server, $policy, $chain; print_policy $client, $server, $policy, $chain;
} }
} }
close POLICY;
} }
# #

78
New/Shorewall/Providers.pm
View File

@ -346,34 +346,38 @@ sub setup_providers() {
# #
progress_message2 "$doing $fn ..."; progress_message2 "$doing $fn ...";
emit "\nif [ -z \"\$NOROUTES\" ]; then"; open_file 'providers';
push_indent; while ( read_a_line ) {
emitj ( '#', unless ( $providers ) {
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route', require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
'#',
'undo_routing',
'#',
'# Save current routing table database so that it can be restored later',
'#',
'cp /etc/iproute2/rt_tables ${VARDIR}/',
'#',
'# Capture the default route(s) if we don\'t have it (them) already.',
'#',
'[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route',
'#',
'# Initialize the file that holds \'undo\' commands',
'#',
'> ${VARDIR}/undo_routing' );
save_progress_message 'Adding Providers...'; emit "\nif [ -z \"\$NOROUTES\" ]; then";
emit 'DEFAULT_ROUTE='; push_indent;
open PV, "$ENV{TMP_DIR}/providers" or fatal_error "Unable to open stripped providers file: $!"; emitj ( '#',
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
'#',
'undo_routing',
'#',
'# Save current routing table database so that it can be restored later',
'#',
'cp /etc/iproute2/rt_tables ${VARDIR}/',
'#',
'# Capture the default route(s) if we don\'t have it (them) already.',
'#',
'[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route',
'#',
'# Initialize the file that holds \'undo\' commands',
'#',
'> ${VARDIR}/undo_routing' );
while ( $line = <PV> ) { save_progress_message 'Adding Providers...';
emit 'DEFAULT_ROUTE=';
}
my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 8, 'providers file'; my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 8, 'providers file';
@ -387,8 +391,6 @@ sub setup_providers() {
} }
close PV;
if ( $providers ) { if ( $providers ) {
if ( $balance ) { if ( $balance ) {
emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then', emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
@ -427,30 +429,32 @@ sub setup_providers() {
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables"; emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
} }
if ( -s "$ENV{TMP_DIR}/route_rules" ) { my $fn = find_file 'route_rules';
my $fn = find_file 'route_rules';
if ( -f $fn ) {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
emit ''; emit '';
open RR, "$ENV{TMP_DIR}/route_rules" or fatal_error "Unable to open stripped route rules file: $!"; open_file $fn;
while ( read_a_line ) {
while ( $line = <RR> ) {
my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file'; my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file';
add_an_rtrule( $source, $dest, $provider , $priority ); add_an_rtrule( $source, $dest, $provider , $priority );
} }
close RR;
} }
emit "\nrun_ip route flush cache";
pop_indent;
emit "fi\n";
setup_route_marking if @routemarked_interfaces;
} else {
emit "\nundo_routing";
emit 'restore_default_route';
} }
emit "\nrun_ip route flush cache";
pop_indent;
emit "fi\n";
setup_route_marking if @routemarked_interfaces;
} }
1; 1;

8
New/Shorewall/Proxyarp.pm
View File

@ -82,15 +82,13 @@ sub setup_proxy_arp() {
my $interfaces= find_interfaces_by_option 'proxyarp'; my $interfaces= find_interfaces_by_option 'proxyarp';
if ( @$interfaces || -s "$ENV{TMP_DIR}/proxyarp" ) { if ( @$interfaces || open_file 'proxyarp' ) {
save_progress_message "Setting up Proxy ARP..."; save_progress_message "Setting up Proxy ARP...";
my ( %set, %reset ); my ( %set, %reset );
open PA, "$ENV{TMP_DIR}/proxyarp" or fatal_error "Unable to open stripped proxyarp file: $!"; while ( read_a_line ) {
while ( $line = <PA> ) {
my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file'; my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file';
@ -100,8 +98,6 @@ sub setup_proxy_arp() {
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent ); setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
} }
close PA;
for my $interface ( keys %reset ) { for my $interface ( keys %reset ) {
emit "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" unless $set{interface}; emit "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" unless $set{interface};
} }

65
New/Shorewall/Rules.pm
View File

@ -64,15 +64,13 @@ sub process_tos() {
my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos'; my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos';
my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING'; my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING';
if ( -s "$ENV{TMP_DIR}/tos" ) { if ( open_file 'tos' ) {
progress_message2 'Setting up TOS...'; progress_message2 'Setting up TOS...';
my $pretosref = new_chain 'mangle' , $chain; my $pretosref = new_chain 'mangle' , $chain;
my $outtosref = new_chain 'mangle' , 'outtos'; my $outtosref = new_chain 'mangle' , 'outtos';
open TOS, "$ENV{TMP_DIR}/tos" or fatal_error "Unable to open stripped tos file: $!"; while ( read_a_line ) {
while ( $line = <TOS> ) {
my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file'; my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file';
@ -108,8 +106,6 @@ sub process_tos() {
''; '';
} }
close TOS;
add_rule $mangle_table->{$stdchain}, "-j $chain"; add_rule $mangle_table->{$stdchain}, "-j $chain";
add_rule $mangle_table->{OUTPUT}, "-j outtos"; add_rule $mangle_table->{OUTPUT}, "-j outtos";
} }
@ -123,13 +119,11 @@ sub setup_ecn()
my %interfaces; my %interfaces;
my @hosts; my @hosts;
if ( -s "$ENV{TMP_DIR}/ecn" ) { if ( open_file 'ecn' ) {
progress_message2 join( '' , '$doing ', find_file( 'ecn' ), '...' ); progress_message2 join( '' , '$doing ', find_file( 'ecn' ), '...' );
open ECN, "$ENV{TMP_DIR}/ecn" or fatal_error "Unable to open stripped ecn file: $!"; while ( read_a_line ) {
while ( $line = <ECN> ) {
my ($interface, $hosts ) = split_line 2, 'ecn file'; my ($interface, $hosts ) = split_line 2, 'ecn file';
@ -144,8 +138,6 @@ sub setup_ecn()
} }
} }
close ECN;
if ( @hosts ) { if ( @hosts ) {
my @interfaces = ( keys %interfaces ); my @interfaces = ( keys %interfaces );
@ -189,9 +181,9 @@ sub setup_rfc1918_filteration( $ ) {
$chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT}; $chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT};
open RFC, "$ENV{TMP_DIR}/rfc1918" or fatal_error "Unable to open stripped rfc1918 file: $!"; open_file 'rfc1918';
while ( $line = <RFC> ) { while ( read_a_line ) {
my ( $networks, $target ) = split_line 2, 'rfc1918 file'; my ( $networks, $target ) = split_line 2, 'rfc1918 file';
@ -214,8 +206,6 @@ sub setup_rfc1918_filteration( $ ) {
} }
} }
close RFC;
add_rule $norfc1918ref , '-j rfc1918d' if $config{RFC1918_STRICT}; add_rule $norfc1918ref , '-j rfc1918d' if $config{RFC1918_STRICT};
for my $hostref ( @$listref ) { for my $hostref ( @$listref ) {
@ -267,13 +257,11 @@ sub setup_blacklist() {
$target = 'blacklog'; $target = 'blacklog';
} }
if ( -s "$ENV{TMP_DIR}/blacklist" ) { if ( open_file 'blacklist' ) {
open BL, "$ENV{TMP_DIR}/blacklist" or fatal_error "Unable to open stripped blacklist file: $!";
progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) ); progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) );
while ( $line = <BL> ) { while ( read_a_line ) {
my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file'; my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file';
@ -293,8 +281,6 @@ sub setup_blacklist() {
} }
} }
close BL;
my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : ''; my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : '';
for my $hostref ( @$hosts ) { for my $hostref ( @$hosts ) {
@ -320,9 +306,9 @@ sub process_criticalhosts() {
@critical = (); @critical = ();
open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!"; open_file $fn;
while ( $line = <RS> ) { while ( read_a_line ) {
my $routeback = 0; my $routeback = 0;
@ -349,8 +335,6 @@ sub process_criticalhosts() {
} }
} }
close RS;
\@critical; \@critical;
} }
@ -361,9 +345,9 @@ sub process_routestopped() {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!"; open_file $fn;
while ( $line = <RS> ) { while ( read_a_line ) {
my $routeback = 0; my $routeback = 0;
@ -409,8 +393,6 @@ sub process_routestopped() {
push @allhosts, @hosts; push @allhosts, @hosts;
} }
close RS;
for my $host ( @allhosts ) { for my $host ( @allhosts ) {
my ( $interface, $h ) = split /:/, $host; my ( $interface, $h ) = split /:/, $host;
my $source = match_source_net $h; my $source = match_source_net $h;
@ -649,9 +631,9 @@ sub setup_mac_lists( $ ) {
} }
} }
open MAC, "$ENV{TMP_DIR}/maclist" or fatal_error "Unable to open stripped maclist file: $!"; open_file 'maclist';
while ( $line = <MAC> ) { while ( read_a_line ) {
my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file'; my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file';
@ -695,8 +677,6 @@ sub setup_mac_lists( $ ) {
} }
} }
close MAC;
$comment = ''; $comment = '';
# #
# Generate jumps from the input and forward chains # Generate jumps from the input and forward chains
@ -758,14 +738,9 @@ sub process_macro ( $$$$$$$$$$$ ) {
progress_message "..Expanding Macro $macrofile..."; progress_message "..Expanding Macro $macrofile...";
open M, $macrofile or fatal_error "Unable to open $macrofile: $!"; push_open $macrofile;
while ( $line = <M> ) { while ( read_a_line ) {
chomp $line;
next if $line =~ /^\s*#/;
next if $line =~ /^\s*$/;
$line =~ s/#.*$//;
$line = expand_shell_variables $line unless $standard;
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file'; my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file';
@ -828,7 +803,7 @@ sub process_macro ( $$$$$$$$$$$ ) {
progress_message " Rule \"$line\" $done"; } progress_message " Rule \"$line\" $done"; }
close M; pop_open;
progress_message '..End Macro' progress_message '..End Macro'
} }
@ -1186,9 +1161,9 @@ sub process_rule ( $$$$$$$$$ ) {
# #
sub process_rules() { sub process_rules() {
open RULES, "$ENV{TMP_DIR}/rules" or fatal_error "Unable to open stripped rules file: $!"; open_file 'rules';
while ( $line = <RULES> ) { while ( read_a_line ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file'; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file';
@ -1220,8 +1195,6 @@ sub process_rules() {
} }
} }
close RULES;
$comment = ''; $comment = '';
$section = 'DONE'; $section = 'DONE';
} }

36
New/Shorewall/Tc.pm
View File

@ -349,14 +349,16 @@ sub validate_tc_class( $$$$$$ ) {
} }
sub setup_traffic_shaping() { sub setup_traffic_shaping() {
if ( -s "$ENV{TMP_DIR}/tcdevices" ) { save_progress_message "Setting up Traffic Control...";
save_progress_message "Setting up Traffic Control...";
my $fn = find_file 'tcdevices'; my $fn = find_file 'tcdevices';
if ( -f $fn ) {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
open TD, "$ENV{TMP_DIR}/tcdevices" or fatal_error "Unable to open stripped tcdevices file: $!"; open_file $fn;
while ( $line = <TD> ) { while ( read_a_line ) {
my ( $device, $inband, $outband ) = split_line 3, 'tcdevices'; my ( $device, $inband, $outband ) = split_line 3, 'tcdevices';
@ -365,15 +367,14 @@ sub setup_traffic_shaping() {
} }
} }
close TD; $fn = find_file 'tcclasses';
if ( -s "$ENV{TMP_DIR}/tcclasses" ) { if ( -f $fn ) {
my $fn = find_file 'tcdevices';
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
open TC, "$ENV{TMP_DIR}/tcclasses" or fatal_error "Unable to open stripped tcclasses file: $!"; open_file $fn;
while ( $line = <TC> ) { while ( read_a_line ) {
my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 6, 'tcclasses file'; my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 6, 'tcclasses file';
@ -381,8 +382,6 @@ sub setup_traffic_shaping() {
} }
} }
close TC;
my $devnum = 1; my $devnum = 1;
$prefix = '10' if @tcdevices > 10; $prefix = '10' if @tcdevices > 10;
@ -496,12 +495,13 @@ sub setup_tc() {
ensure_mangle_chain 'tcpost'; ensure_mangle_chain 'tcpost';
} }
if ( -s "$ENV{TMP_DIR}/tcrules" ) { my $fn = find_file 'tcrules';
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' );
open TC, "$ENV{TMP_DIR}/tcrules" or fatal_error "Unable to open stripped tcrules file: $!"; if ( -f $fn ) {
while ( $line = <TC> ) { require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' ) if open_file $fn;
while ( read_a_line ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file'; my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file';
@ -518,8 +518,6 @@ sub setup_tc() {
} }
close TC;
$comment = ''; $comment = '';
} }
@ -554,7 +552,7 @@ sub setup_tc() {
save_progress_message 'Setting up Traffic Control...'; save_progress_message 'Setting up Traffic Control...';
append_file $config{TC_SCRIPT}; append_file $config{TC_SCRIPT};
} elsif ( $config{TC_ENABLED} eq 'Internal' ) { } elsif ( $config{TC_ENABLED} eq 'Internal' ) {
setup_traffic_shaping if -s "$ENV{TMP_DIR}/tcdevices"; setup_traffic_shaping;
} }
} }

6
New/Shorewall/Tunnels.pm
View File

@ -230,9 +230,9 @@ sub setup_tunnels() {
# #
# Setup_Tunnels() Starts Here # Setup_Tunnels() Starts Here
# #
open TUNNELS, "$ENV{TMP_DIR}/tunnels" or fatal_error "Unable to open stripped tunnels file: $!"; open_file 'tunnels';
while ( $line = <TUNNELS> ) { while ( read_a_line ) {
my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file'; my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file';
@ -248,8 +248,6 @@ sub setup_tunnels() {
} }
} }
close TUNNELS;
$comment = ''; $comment = '';
} }

29
New/compiler.pl
View File

@ -710,13 +710,7 @@ sub compiler( $ ) {
# #
# [Re-]establish Routing # [Re-]establish Routing
# #
if ( -s "$ENV{TMP_DIR}/providers" ) { setup_providers;
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
setup_providers;
} else {
emit "\nundo_routing";
emit 'restore_default_route';
}
# #
# TCRules and Traffic Shaping # TCRules and Traffic Shaping
# #
@ -733,11 +727,8 @@ sub compiler( $ ) {
# #
# Setup Masquerading/SNAT # Setup Masquerading/SNAT
# #
if ( -s "$ENV{TMP_DIR}/masq" ) { progress_message2 "$doing Masq file...";
progress_message2 "$doing Masq file..."; setup_masq;
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
setup_masq;
}
# #
# MACLIST Filtration # MACLIST Filtration
# #
@ -771,19 +762,13 @@ sub compiler( $ ) {
# #
# Setup Nat # Setup Nat
# #
if ( -s "$ENV{TMP_DIR}/nat" ) { progress_message2 "$doing one-to-one NAT...";
progress_message2 "$doing one-to-one NAT..."; setup_nat;
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
setup_nat;
}
# #
# Setup NETMAP # Setup NETMAP
# #
if ( -s "$ENV{TMP_DIR}/nat" ) { progress_message2 "$doing NETMAP...";
progress_message2 "$doing NETMAP..."; setup_netmap;
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
setup_netmap;
}
# #
# Accounting. # Accounting.
# #