From 0771b15bb0637e032217d896558f68985c164895 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 26 May 2007 02:57:27 +0000 Subject: [PATCH] Some 'on the train' changes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6437 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 4 ++-- Shorewall-perl/Shorewall/Common.pm | 16 ++++++++-------- Shorewall-perl/Shorewall/Config.pm | 4 ++-- Shorewall-perl/Shorewall/Policy.pm | 6 +++--- Shorewall-perl/Shorewall/Rules.pm | 7 ++----- Shorewall-perl/install.sh | 2 +- 6 files changed, 18 insertions(+), 21 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index d7af8204d..1db713a7b 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -644,8 +644,8 @@ sub finish_chain_section ($$) { } else { my $policychainref = $chainref->{policychain}; if ( $policychainref->{synparams} ) { - my $synchainref = ensure_chain 'filter', "\@$policychainref->{name}"; - add_rule $synchainref, "-p tcp --syn -j $synchainref->{name}"; + my $synchainref = ensure_chain 'filter', syn_chain $policychainref->{name}; + add_rule $chainref, "-p tcp --syn -j $synchainref->{name}"; } } } diff --git a/Shorewall-perl/Shorewall/Common.pm b/Shorewall-perl/Shorewall/Common.pm index f58662e39..5eb176515 100644 --- a/Shorewall-perl/Shorewall/Common.pm +++ b/Shorewall-perl/Shorewall/Common.pm @@ -127,7 +127,7 @@ sub emitj { my $line = $_; # This copy is necessary because the actual arguments are almost always read-only. $line =~ s/^\n// if $lastlineblank; $line =~ s/^/$indent/gm if $indent; - $line =~ s/ /\t/g; + $line =~ s/ /\t/gm; print $object "$line\n"; $lastlineblank = ( substr( $line, -1, 1 ) eq "\n" ); } else { @@ -138,7 +138,6 @@ sub emitj { } } - # # Write passed message to the object with newline but no indentation. # @@ -269,12 +268,13 @@ sub create_temp_object( $ ) { ( $file, $dir, $suffix ) = fileparse( $objectfile ); }; - die $@ if $@; + die if $@; - fatal_error "Directory $dir does not exist" unless -d $dir; - fatal_error "$dir is a Symbolic Link" if -l $dir; - fatal_error "$objectfile is a Directory" if -d $objectfile; - fatal_error "$dir is a Symbolic Link" if -l $objectfile; + fatal_error "Directory $dir does not exist" unless -d $dir; + fatal_error "Directory $dir is not writable" unless -w _; + fatal_error "$dir is a Symbolic Link" if -l $dir; + fatal_error "$objectfile is a Directory" if -d $objectfile; + fatal_error "$dir is a Symbolic Link" if -l $objectfile; fatal_error "$objectfile exists and is not a compiled script" if -e _ && ! -x _; eval { @@ -282,7 +282,7 @@ sub create_temp_object( $ ) { ( $object, $tempfile ) = tempfile ( 'tempfileXXXX' , DIR => $dir ); }; - die if $@; + fatal_error "Unable to create temporary file in directory $dir" if $@; $file = "$file.$suffix" if $suffix; $dir .= '/' unless substr( $dir, -1, 1 ) eq '/'; diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 0fbd2350e..c23691b92 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -74,7 +74,7 @@ our %globals = ( SHAREDIR => '/usr/share/shorewall' , ORIGINAL_POLICY_MATCH => '', LOGPARMS => '', TC_SCRIPT => '', - VERSION => '4.0.0-Beta1', + VERSION => '4.0.0-Beta2', ); # @@ -171,7 +171,7 @@ our %config = BLACKLIST_DISPOSITION => undef, ); # -# Config options and global settings that are to be copied to object +# Config options and global settings that are to be copied to object script # my @propagateconfig = qw/ CLEAR_TC DISABLE_IPV6 ADMINISABSENTMINDED IP_FORWARDING MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE/; my @propagateenv = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /; diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 0640c0035..ade0afb0a 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -209,9 +209,9 @@ sub validate_policy() push @policy_chains, ( $chainref ); } - $chainref->{loglevel} = $loglevel if defined $loglevel && $loglevel ne ''; - $chainref->{synparams} = $synparams if $synparams; - $chainref->{default} = $default if $default; + $chainref->{loglevel} = $loglevel if defined $loglevel && $loglevel ne ''; + $chainref->{synparams} = do_ratelimit $synparams, 'ACCEPT' if $synparams ne ''; + $chainref->{default} = $default if $default; if ( $clientwild ) { if ( $serverwild ) { diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index b2033aef5..7551f1089 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -260,12 +260,9 @@ sub setup_syn_flood_chains() { for my $chainref ( @policy_chains ) { my $limit = $chainref->{synparams}; if ( $limit ) { - my $level = $chainref->{loglevel}; - ( $limit, my ( $burst, $remainder) ) = split( ':', $limit, 3 ); - fatal_error "Invalid BURST/LIMIT" if defined $remainder; - $burst = $burst ? "--limit-burst $burst " : ''; + my $level = $chainref->{loglevel}; my $synchainref = new_chain 'filter' , syn_chain $chainref->{name}; - add_rule $synchainref , "-m limit --limit $limit ${burst}-j RETURN"; + add_rule $synchainref , "${limit}-j RETURN"; log_rule_limit $level , $synchainref , $chainref->{name} , 'DROP', '-m limit --limit 5/min --limit-burst 5 ' , '' , 'add' , '' if $level ne ''; add_rule $synchainref, '-j DROP'; diff --git a/Shorewall-perl/install.sh b/Shorewall-perl/install.sh index 4532b1639..ae52c1712 100755 --- a/Shorewall-perl/install.sh +++ b/Shorewall-perl/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=4.0.0-Beta1 +VERSION=4.0.0-Beta2 usage() # $1 = exit status {