extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-16 07:18:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better modularization of Chains and Actions

Browse Source
This commit is contained in:
Tom Eastep 2009-09-05 08:43:14 -07:00
parent 496a9449f1
commit ec94ed638e
3 changed files with 26 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -413,8 +413,9 @@ sub process_macro1 ( $$ ) {
# #
# The functions process_actions1-3() implement the three phases of action processing. # The functions process_actions1-3() implement the three phases of action processing.
# #
# The first phase (process_actions1) occurs before the rules file is processed. ${SHAREDIR}/actions.std # The first phase (process_actions1) occurs before the rules file is processed. The builtin-actions are added
# and ${CONFDIR}/actions are scanned (in that order) and for each action: # to the target table (%Shorewall::Chains::targets) and actions table, then ${SHAREDIR}/actions.std and
# ${CONFDIR}/actions are scanned (in that order). For each action:
# #
# a) The related action definition file is located and scanned. # a) The related action definition file is located and scanned.
# b) Forward and unresolved action references are trapped as errors. # b) Forward and unresolved action references are trapped as errors.
@ -476,9 +477,13 @@ sub process_action1 ( $$ ) {
sub process_actions1() { sub process_actions1() {
progress_message2 "Preprocessing Action Files..."; progress_message2 "Preprocessing Action Files...";
#
for my $act ( grep $targets{$_} & ACTION , keys %targets ) { # Add built-in actions to the target table and create those actions
new_action $act; #
if ( $family == F_IPV4 ) {
$targets{$_} = ACTION + BUILTIN, new_action $_ for qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP forwardUPnP Limit/;
} else {
$targets{$_} = ACTION + BUILTIN, new_action $_ for qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid/;
} }
for my $file ( qw/actions.std actions/ ) { for my $file ( qw/actions.std actions/ ) {

22
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -165,7 +165,7 @@ our %EXPORT_TAGS = (
Exporter::export_ok_tags('internal'); Exporter::export_ok_tags('internal');
our $VERSION = '4.4_1'; our $VERSION = '4.4_2';
# #
# Chain Table # Chain Table
@ -916,7 +916,8 @@ sub ensure_filter_chain( $$ )
my $chainref = ensure_chain 'filter', $chain; my $chainref = ensure_chain 'filter', $chain;
if ( $populate and ! $chainref->{referenced} ) { unless ( $chainref->{referenced} ) {
if ( $populate ) {
if ( $section eq 'NEW' or $section eq 'DONE' ) { if ( $section eq 'NEW' or $section eq 'DONE' ) {
finish_chain_section $chainref , 'ESTABLISHED,RELATED'; finish_chain_section $chainref , 'ESTABLISHED,RELATED';
} elsif ( $section eq 'RELATED' ) { } elsif ( $section eq 'RELATED' ) {
@ -925,6 +926,7 @@ sub ensure_filter_chain( $$ )
} }
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
}
$chainref; $chainref;
} }
@ -1018,7 +1020,6 @@ sub ensure_manual_chain($) {
# Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration. # Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
# The function also initializes the target table with the pre-defined targets available for the specfied address family. # The function also initializes the target table with the pre-defined targets available for the specfied address family.
# #
#
sub initialize_chain_table() sub initialize_chain_table()
{ {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
@ -1045,15 +1046,6 @@ sub initialize_chain_table()
'QUEUE!' => STANDARD, 'QUEUE!' => STANDARD,
'NFQUEUE' => STANDARD + NFQ, 'NFQUEUE' => STANDARD + NFQ,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'dropBcast' => BUILTIN + ACTION,
'allowBcast' => BUILTIN + ACTION,
'dropNotSyn' => BUILTIN + ACTION,
'rejNotSyn' => BUILTIN + ACTION,
'dropInvalid' => BUILTIN + ACTION,
'allowInvalid' => BUILTIN + ACTION,
'allowinUPnP' => BUILTIN + ACTION,
'forwardUPnP' => BUILTIN + ACTION,
'Limit' => BUILTIN + ACTION,
); );
for my $chain qw(OUTPUT PREROUTING) { for my $chain qw(OUTPUT PREROUTING) {
@ -1095,12 +1087,6 @@ sub initialize_chain_table()
'QUEUE!' => STANDARD, 'QUEUE!' => STANDARD,
'NFQUEUE' => STANDARD + NFQ, 'NFQUEUE' => STANDARD + NFQ,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'dropBcast' => BUILTIN + ACTION,
'allowBcast' => BUILTIN + ACTION,
'dropNotSyn' => BUILTIN + ACTION,
'rejNotSyn' => BUILTIN + ACTION,
'dropInvalid' => BUILTIN + ACTION,
'allowInvalid' => BUILTIN + ACTION,
); );
for my $chain qw(OUTPUT PREROUTING) { for my $chain qw(OUTPUT PREROUTING) {

9
Shorewall/changelog.txt
View File

@ -1,10 +1,13 @@
Changes in Shorewall 4.4.2 Changes in Shorewall 4.4.2
1) Correct detection of Persistent SNAT support 1) BUGFIX: Correct detection of Persistent SNAT support
2) Fix chain table initialization 2) BUGFIX: Fix chain table initialization
3) Validate routestopped file on 'check' 3) BUGFIX: Validate routestopped file on 'check'
4) Let the Actions module add the builtin actions to
%Shorewall::Chains::targets. Much better modularization that way.
Changes in Shorewall 4.4.1 Changes in Shorewall 4.4.1