extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-19 07:31:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Localize $current_params

Browse Source
This commit is contained in:
Tom Eastep 2010-11-28 09:14:52 -08:00
parent ecb71f7791
commit f45af8ff0a
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -49,7 +49,6 @@ our @EXPORT_OK = qw( process_rule process_rule1 initialize );
our $VERSION = '4.4_15'; our $VERSION = '4.4_15';
our $macro_nest_level; our $macro_nest_level;
our $current_param;
our $family; our $family;
# #
# When splitting a line in the rules file, don't pad out the columns with '-' if the first column contains one of these # When splitting a line in the rules file, don't pad out the columns with '-' if the first column contains one of these
@ -71,7 +70,6 @@ my %rules_commands = ( COMMENT => 0,
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
$macro_nest_level = 0; $macro_nest_level = 0;
$current_param = '';
} }
use constant { MAX_MACRO_NEST_LEVEL => 5 }; use constant { MAX_MACRO_NEST_LEVEL => 5 };
@ -886,7 +884,7 @@ sub setup_mac_lists( $ ) {
} }
} }
sub process_rule1 ( $$$$$$$$$$$$$$ ); sub process_rule1 ( $$$$$$$$$$$$$$$ );
# #
# Expand a macro rule from the rules file # Expand a macro rule from the rules file
@ -973,6 +971,7 @@ sub process_macro ( $$$$$$$$$$$$$$$$ ) {
$generated |= process_rule1( $generated |= process_rule1(
$mtarget, $mtarget,
$param,
$msource, $msource,
$mdest, $mdest,
merge_macro_column( $mproto, $proto ) , merge_macro_column( $mproto, $proto ) ,
@ -1004,8 +1003,8 @@ sub process_macro ( $$$$$$$$$$$$$$$$ ) {
# Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If # Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If
# the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion. # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion.
# #
sub process_rule1 ( $$$$$$$$$$$$$$ ) { sub process_rule1 ( $$$$$$$$$$$$$$$ ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wildcard ) = @_; my ( $target, $current_param, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wildcard ) = @_;
my ( $action, $loglevel) = split_action $target; my ( $action, $loglevel) = split_action $target;
my ( $basictarget, $param ) = get_target_param $action; my ( $basictarget, $param ) = get_target_param $action;
my $rule = ''; my $rule = '';
@ -1031,10 +1030,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$ ) {
# #
fatal_error "Macro invocations nested too deeply" if ++$macro_nest_level > MAX_MACRO_NEST_LEVEL; fatal_error "Macro invocations nested too deeply" if ++$macro_nest_level > MAX_MACRO_NEST_LEVEL;
my $save_param;
if ( $param ne '' ) { if ( $param ne '' ) {
$save_param = $current_param;
$current_param = $param unless $param eq 'PARAM'; $current_param = $param unless $param eq 'PARAM';
} }
@ -1057,8 +1053,6 @@ sub process_rule1 ( $$$$$$$$$$$$$$ ) {
$macro_nest_level--; $macro_nest_level--;
$current_param = $save_param if $param ne '';
return $generated; return $generated;
} elsif ( $actiontype & NFQ ) { } elsif ( $actiontype & NFQ ) {
@ -1642,7 +1636,7 @@ sub process_rule ( ) {
my $destzone = (split( /:/, $dest, 2 ) )[0]; my $destzone = (split( /:/, $dest, 2 ) )[0];
$destzone = $action =~ /^REDIRECT/ ? $fw : '' unless defined_zone $destzone; $destzone = $action =~ /^REDIRECT/ ? $fw : '' unless defined_zone $destzone;
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) { if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
$generated |= process_rule1 $target, $source, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wild; $generated |= process_rule1 $target, '', $source, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers, $wild;
} }
} }
} }