forked from extern/shorewall_code
Cosmetic changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5690 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
9c3050d071
commit
08d59ffc7e
@ -101,16 +101,10 @@ sub setup_one_masq($$$$$$)
|
||||
my $destnets = '';
|
||||
my $target = '-j MASQUERADE ';
|
||||
|
||||
#
|
||||
# Take care of missing ADDRESSES column
|
||||
#
|
||||
$addresses = '' unless defined $addresses;
|
||||
$addresses = '' if $addresses eq '-';
|
||||
|
||||
#
|
||||
# Handle IPSEC options, if any
|
||||
#
|
||||
if ( $ipsec && $ipsec ne '-' ) {
|
||||
if ( $ipsec ne '-' ) {
|
||||
fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless $env{ORIGINAL_POLICY_MATCH};
|
||||
|
||||
if ( $ipsec =~ /^yes$/i ) {
|
||||
@ -162,8 +156,8 @@ sub setup_one_masq($$$$$$)
|
||||
#
|
||||
# If there is no source or destination then allow all addresses
|
||||
#
|
||||
$networks = ALLIPv4 unless $networks;
|
||||
$destnets = ALLIPv4 unless $destnets;
|
||||
$networks = ALLIPv4 if $networks eq '-';
|
||||
$destnets = ALLIPv4 if $destnets eq '-';
|
||||
#
|
||||
# Handle Protocol and Ports
|
||||
#
|
||||
@ -173,7 +167,7 @@ sub setup_one_masq($$$$$$)
|
||||
#
|
||||
# Parse the ADDRESSES column
|
||||
#
|
||||
if ( $addresses ) {
|
||||
if ( $addresses ne '-' ) {
|
||||
if ( $addresses =~ /^SAME:nodst:/ ) {
|
||||
$target = '-j SAME --nodst';
|
||||
$addresses =~ s/.*://;
|
||||
|
||||
@ -479,7 +479,7 @@ sub add_common_rules() {
|
||||
if ( @$list ) {
|
||||
my $disposition;
|
||||
|
||||
progress_message2 " $doing TCP Flags checking...";
|
||||
progress_message2 " $doing TCP Flags filtering...";
|
||||
|
||||
$chainref = new_standard_chain 'tcpflags';
|
||||
|
||||
|
||||
@ -649,7 +649,7 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
# Do all of the zone-independent stuff
|
||||
#
|
||||
progress_message2 "Setting up Common Rules...";
|
||||
progress_message2 "$doing Common Rules...";
|
||||
add_common_rules;
|
||||
#
|
||||
# /proc stuff
|
||||
@ -672,11 +672,10 @@ sub compile_firewall( $ ) {
|
||||
emit "\nundo_routing";
|
||||
emit 'restore_default_route';
|
||||
}
|
||||
|
||||
#
|
||||
# TCRules and Traffic Shaping
|
||||
#
|
||||
progress_message2 "Processing TC Rules...";
|
||||
progress_message2 "$doing TC Rules...";
|
||||
setup_tc;
|
||||
#
|
||||
# Setup Masquerading/SNAT
|
||||
@ -686,7 +685,7 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
# MACLIST Filtration
|
||||
#
|
||||
progress_message2 "Setting up MAC Filtration -- Phase 1...";
|
||||
progress_message2 "$doing MAC Filtration -- Phase 1...";
|
||||
setup_mac_lists 1;
|
||||
#
|
||||
# Process the rules file.
|
||||
@ -696,7 +695,7 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
# Add Tunnel rules.
|
||||
#
|
||||
progress_message2 "Adding Tunnels...";
|
||||
progress_message2 "$doing Tunnels...";
|
||||
setup_tunnels;
|
||||
#
|
||||
# Post-rules action processing.
|
||||
@ -706,7 +705,7 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
# MACLIST Filtration again
|
||||
#
|
||||
progress_message2 "Setting up MAC Filtration -- Phase 2...";
|
||||
progress_message2 "$doing MAC Filtration -- Phase 2...";
|
||||
setup_mac_lists 2;
|
||||
#
|
||||
# Apply Policies
|
||||
@ -726,7 +725,7 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
# Accounting.
|
||||
#
|
||||
progress_message2 "Setting UP Accounting...";
|
||||
progress_message2 "$doing Accounting...";
|
||||
setup_accounting;
|
||||
|
||||
if ( $command eq 'check' ) {
|
||||
@ -743,7 +742,6 @@ sub compile_firewall( $ ) {
|
||||
# And generate the auxilary config file
|
||||
#
|
||||
generate_aux_config if $ENV{EXPORT};
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user