extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-16 12:43:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Provide default values for added entries

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-18 14:50:07 -07:00
parent c7be1f1b38
commit f93ac02bfc
1 changed files with 137 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
Shorewall/Perl/Shorewall/Config.pm
View File

@ -209,6 +209,123 @@ our %globals;
# #
our %config; our %config;
my %rawconfig; my %rawconfig;
our %defaults =
( STARTUP_ENABLED => 'Yes',
VERBOSITY => 1,
#
# Logging
#
LOGFILE => '/var/log/messages',
LOGFORMAT => 'Shorewall:%s:%s:',
LOGTAGONLY => 'No',
LOGLIMIT => '',
LOGALLNEW => 'No',
BLACKLIST_LOGLEVEL => 'none',
MACLIST_LOG_LEVEL => 'none',
TCP_FLAGS_LOG_LEVEL => 'none',
SMURF_LOG_LEVEL => 'none',
LOG_VERBOSITY => 2,
SFILTER_LOG_LEVEL => 'none',
#
# Location of Files
#
IP => '',
TC => '',
IPSET => '',
PERL => '',
#
#PATH is inherited
#
PATH => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin',
SHOREWALL_SHELL => '/bin/sh',
MODULESDIR => '',
#
#CONFIG_PATH is inherited
#
RESTOREFILE => 'restore',
IPSECFILE => 'zones',
#
# Default Actions/Macros
#
DROP_DEFAULT => 'Drop',
REJECT_DEFAULT => 'Reject',
ACCEPT_DEFAULT => 'none',
QUEUE_DEFAULT => 'none',
NFQUEUE_DEFAULT => 'none',
#
# RSH/RCP Commands
#
RSH_COMMAND => q('ssh ${root}@${system} ${command}'),
RCP_COMMAND => q('scp ${files} ${root}@${system}:${destination}'),
#
# Firewall Options
#
BRIDGING => 'No',
IP_FORWARDING => 'Keep',
ADD_IP_ALIASES => 'No',
ADD_SNAT_ALIASES => 'No',
RETAIN_ALIASES => 'No',
TC_ENABLED => 'Yes',
TC_EXPERT => 'No',
TC_PRIOMAP => '2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2',
CLEAR_TC => 'Yes',
MARK_IN_FORWARD_CHAIN => 'No',
CLAMPMSS => 'No',
DETECT_DNAT_IPADDRS => 'No',
MUTEX_TIMEOUT => 60,
ADMINISABSENTMINDED => 'Yes',
BLACKLISTNEWONLY => 'Yes',
MODULE_SUFFIX => 'ko',
DISABLE_IPV6 => 'No',
MACLIST_TABLE => 'filter',
MACLIST_TTL => '',
SAVE_IPSETS => 'No',
MAPOLDACTIONS => 'No',
FASTACCEPT => 'No',
IMPLICIT_CONTINUE => 'No',
HIGH_ROUTE_MARKS => 'No',
OPTIMIZE => 0,
EXPAND_POLICIES => 'Yes',
KEEP_RT_TABLES => 'No',
DELETE_THEN_ADD => 'Yes',
MULTICAST => 'No',
DONT_LOAD => '',
AUTO_COMMENT => 'Yes' ,
MANGLE_ENABLED => 'Yes' ,
NULL_ROUTE_RFC1918 => 'No' ,
USE_DEFAULT_RT => 'No' ,
RESTORE_DEFAULT_ROUTE => undef ,
AUTOMAKE => 'No',
WIDE_TC_MARKS => 'No',
TRACK_PROVIDERS => 'No',
ZONE2ZONE => '2',
ACCOUNTING => 'Yes',
OPTIMIZE_ACCOUNTING => 'No',
ACCOUNTING_TABLE => 'filter',
DYNAMIC_BLACKLIST => 'Yes',
LOAD_HELPERS_ONLY => 'No',
REQUIRE_INTERFACE => 'No',
FORWARD_CLEAR_MARK => '',
COMPLETE => 'No',
EXPORTMODULES => 'Yes',
LEGACY_FASTSTART => 'Yes',
#
# Packet Disposition
#
MACLIST_DISPOSITION => 'REJECT',
TCP_FLAGS_DISPOSITION => 'DROP',
BLACKLIST_DISPOSITION => 'DROP',
SMURF_DISPOSITION => 'DROP',
SFILTER_DISPOSITION => 'DROP',
#
# Mark Geometry
#
TC_BITS => undef,
PROVIDER_BITS => undef,
PROVIDER_OFFSET => undef,
MASK_BITS => undef
);
# #
# Config options and global settings that are to be copied to output script # Config options and global settings that are to be copied to output script
# #
@ -687,12 +804,22 @@ sub initialize( $ ) {
$globals{CONFDIR} = '/etc/shorewall'; $globals{CONFDIR} = '/etc/shorewall';
$globals{PRODUCT} = 'shorewall'; $globals{PRODUCT} = 'shorewall';
$config{IPTABLES} = undef; $config{IPTABLES} = undef;
$validlevels{ULOG} = 'ULOG', $validlevels{ULOG} = 'ULOG';
$defaults{LOG_MARTIANS} = 'On';
$defaults{ROUTE_FILTER} = 'On';
$defaults{STARTUP_LOG} = '/var/log/shorewall-init.log';
$defaults{CONFIG_PATH} = '/etc/shorewall:/usr/share/shorewall/';
$defaults{SUBSYSLOCK} = '/var/lock/subsys/shorewall';
} else { } else {
$globals{SHAREDIR} = '/usr/share/shorewall6'; $globals{SHAREDIR} = '/usr/share/shorewall6';
$globals{CONFDIR} = '/etc/shorewall6'; $globals{CONFDIR} = '/etc/shorewall6';
$globals{PRODUCT} = 'shorewall6'; $globals{PRODUCT} = 'shorewall6';
$config{IP6TABLES} = undef; $config{IP6TABLES} = undef;
$defaults{LOG_MARTIANS} = 'Off';
$defaults{ROUTE_FILTER} = 'Off';
$defaults{STARTUP_LOG} = '/var/log/shorewall6-init.log',
$defaults{CONFIG_PATH} = '/etc/shorewall:/usr/share/shorewall6/:/usr/share/shorewall/';
$defaults{SUBSYSLOCK} = '/var/lock/subsys/shorewall6';
} }
} }
@ -3783,7 +3910,7 @@ sub upgrade_config_file( $ ) {
while ( <$template> ) { while ( <$template> ) {
if ( /^(\w+)=/ ) { if ( /^(\w+)=/ ) {
my ($var, $val ) = ( $1, $rawconfig{$1} ); my ($var, $val ) = ( $1, $rawconfig{$1} );
$val = '' unless defined $val; $val = $defaults{$var} unless defined $val;
if ( $val =~ /\s/ ) { if ( $val =~ /\s/ ) {
$val = qq("$val") unless $val =~ /'/; $val = qq("$val") unless $val =~ /'/;