Allow embedded shell/Perl directives to have leading '?'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-04-30 14:14:31 +02:00 · 2012-06-05 07:32:43 -07:00 · 2012-06-05 07:32:43 -07:00 · ee467a4877
commit ee467a4877
parent 170875c7dd
13 changed files with 46 additions and 35 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -2064,7 +2064,7 @@ sub embedded_shell( $ ) {
 	my $last = 0;
 	while ( read_a_line( PLAIN_READ ) ) {
-	    last if $last = $currentline =~ s/^\s*END(\s+SHELL)?\s*;?//;
+	    last if $last = $currentline =~ s/^\s*\??END(\s+SHELL)?\s*(?:;\s*)?$//;
 	    $command .= "$currentline\n";
 	}
@ -2098,7 +2098,7 @@ sub embedded_perl( $ ) {
 	my $last = 0;
 	while ( read_a_line( PLAIN_READ ) ) {
-	    last if $last = $currentline =~ s/^\s*END(\s+PERL)?\s*;?//;
+	    last if $last = $currentline =~ s/^\s*\??END(\s+PERL)?\s*(?:;\s*)?//;
 	    $command .= "$currentline\n";
 	}
@ -2309,13 +2309,13 @@ sub read_a_line($) {
 	    # Must check for shell/perl before doing variable expansion
 	    #
 	    if ( $options & EMBEDDED_ENABLED ) {
-		if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
+		if ( $currentline =~ s/^\s*\??(BEGIN\s+)?SHELL\s*;?// ) {
 		    handle_first_entry if $first_entry;
 		    embedded_shell( $1 );
 		    next;
 		}
-		if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
+		if ( $currentline =~ s/^\s*\??(BEGIN\s+)?PERL\s*\;?// ) {
 		    handle_first_entry if $first_entry;
 		    embedded_perl( $1 );
 		    next;
--- a/Shorewall/action.Broadcast
+++ b/Shorewall/action.Broadcast
@ -31,7 +31,7 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
@ -70,4 +70,4 @@ add_jump $chainref, $target, 0, '-d 224.0.0.0/4 ';
 1;
-END PERL;
+?END PERL;
--- a/Shorewall/action.Drop
+++ b/Shorewall/action.Drop
@ -36,7 +36,7 @@ FORMAT 2
 # The following magic provides different defaults for $2 thru $5, when $1 is
 # 'audit'.
 #
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::Config;
 my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -54,7 +54,7 @@ if ( defined $p1 ) {
 1;
-END PERL;
+?END PERL;
 DEFAULTS -,REJECT,DROP,ACCEPT,DROP
--- a/Shorewall/action.DropSmurfs
+++ b/Shorewall/action.DropSmurfs
@ -13,7 +13,7 @@ FORMAT 2
 DEFAULTS -
-BEGIN PERL;
+?BEGIN PERL;
 use strict;
 use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6);
 use Shorewall::Chains;
@ -77,7 +77,7 @@ if ( $family == F_IPV4 ) {
    add_ijump( $chainref, g => $target, s => IPv6_MULTICAST );
 }
-END PERL;
+?END PERL;
--- a/Shorewall/action.Invalid
+++ b/Shorewall/action.Invalid
@ -31,7 +31,7 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
@ -53,4 +53,4 @@ allow_optimize( $chainref );
 1;
-END PERL;
+?END PERL;
--- a/Shorewall/action.NotSyn
+++ b/Shorewall/action.NotSyn
@ -31,7 +31,7 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
@ -53,4 +53,4 @@ allow_optimize( $chainref );
 1;
-END PERL;
+?END PERL;
--- a/Shorewall/action.RST
+++ b/Shorewall/action.RST
@ -31,7 +31,7 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::Config;
 use Shorewall::Chains;
@ -52,4 +52,4 @@ allow_optimize( $chainref );
 1;
-END PERL;
+?END PERL;
--- a/Shorewall/action.Reject
+++ b/Shorewall/action.Reject
@ -32,7 +32,7 @@ FORMAT 2
 # The following magic provides different defaults for $2 thru $5, when $1 is
 # 'audit'.
 #
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::Config;
 my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -50,7 +50,7 @@ if ( defined $p1 ) {
 1;
-END PERL;
+?END PERL;
 DEFAULTS -,REJECT,REJECT,ACCEPT,DROP
--- a/Shorewall/action.TCPFlags
+++ b/Shorewall/action.TCPFlags
@ -13,12 +13,11 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use strict;
 use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6);
 use Shorewall::Chains;
 my ( $disposition, $audit ) = get_action_params( 2 );
 my $chainref        = get_action_chain;
@ -55,7 +54,7 @@ add_ijump $chainref , g => $disposition, p => 'tcp --tcp-flags SYN,RST SYN,RST';
 add_ijump $chainref , g => $disposition, p => 'tcp --tcp-flags SYN,FIN SYN,FIN';
 add_ijump $chainref , g => $disposition, p => 'tcp --syn --sport 0';
-END PERL;
+?END PERL;
--- a/Shorewall6/action.Broadcast
+++ b/Shorewall6/action.Broadcast
@ -31,7 +31,7 @@ FORMAT 2
 DEFAULTS DROP,-
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::IPAddrs;
 use Shorewall::Config;
@ -68,4 +68,4 @@ add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
 1;
-END PERL;
+?END PERL;
--- a/Shorewall6/action.Drop
+++ b/Shorewall6/action.Drop
@ -36,7 +36,7 @@ FORMAT 2
 # The following magic provides different defaults for $2 thru $5, when $1 is
 # 'audit'.
 #
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::Config;
 my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -54,7 +54,7 @@ if ( defined $p1 ) {
 1;
-END PERL;
+?END PERL;
 DEFAULTS -,REJECT,DROP,ACCEPT,DROP
--- a/Shorewall6/action.Reject
+++ b/Shorewall6/action.Reject
@ -32,7 +32,7 @@ FORMAT 2
 # The following magic provides different defaults for $2 thru $5, when $1 is
 # 'audit'.
 #
-BEGIN PERL;
+?BEGIN PERL;
 use Shorewall::Config;
 my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -50,7 +50,7 @@ if ( defined $p1 ) {
 1;
-END PERL;
+?END PERL;
 DEFAULTS -,REJECT,REJECT,ACCEPT,DROP
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@ -1625,16 +1625,23 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
    <itemizedlist>
      <listitem>
-        <para><emphasis role="bold">PERL</emphasis> &lt;<emphasis>perl
+        <para>[<emphasis role="bold">?</emphasis>]<emphasis
        role="bold">PERL</emphasis> &lt;<emphasis>perl
        script</emphasis>&gt;</para>
      </listitem>
      <listitem>
-        <para><emphasis role="bold">SHELL</emphasis> &lt;<emphasis>shell
+        <para>[<emphasis role="bold">?</emphasis>]<emphasis
        role="bold">SHELL</emphasis> &lt;<emphasis>shell
        script</emphasis>&gt;</para>
      </listitem>
    </itemizedlist>
    <note>
      <para>The optional leading question mark (?) is allowed in Shorewall
      4.5.5 and later.</para>
    </note>
    <para>Shell scripts run in a child shell process and their output is piped
    back to the compiler which processes that output as if it were embedded at
    the point of the script.</para>
@ -1678,14 +1685,19 @@ use Shorewall::Config ( qw/shorewall/ );</programlisting>
      </listitem>
    </orderedlist>
-    <para>Multi-line scripts use one of the following forms:<programlisting><emphasis
+    <para>Multi-line scripts use one of the following forms:<programlisting>[<emphasis
-          role="bold">BEGIN SHELL</emphasis>
+          role="bold">?</emphasis>]<emphasis role="bold">BEGIN SHELL</emphasis>
 &lt;<emphasis>shell script</emphasis>&gt;
-<emphasis role="bold">END</emphasis> [ <emphasis role="bold">SHELL</emphasis> ]</programlisting><programlisting><emphasis
+[<emphasis role="bold">?</emphasis>]<emphasis role="bold">END</emphasis> [ <emphasis
-          role="bold">BEGIN PERL</emphasis> [;]
+          role="bold">SHELL</emphasis> ]</programlisting><programlisting>[<emphasis
          role="bold">?</emphasis>]<emphasis role="bold">BEGIN PERL</emphasis> [<emphasis
          role="bold">;</emphasis>]
 &lt;<emphasis>perl script</emphasis>&gt;
-<emphasis role="bold">END</emphasis> [ <emphasis role="bold">PERL</emphasis> ] [<emphasis
+[<emphasis role="bold">?</emphasis>]<emphasis role="bold">END</emphasis> [ <emphasis
-          role="bold">;</emphasis>]</programlisting></para>
+          role="bold">PERL</emphasis> ] [<emphasis role="bold">;</emphasis>]</programlisting><note>
        <para>The optional leading question mark (?) is allowed in Shorewall
        4.5.5 and later.</para>
      </note></para>
  </section>
  <section id="dnsnames">