Reverse 'here docs' madness (cperl-mode sucks); fix ADMINSISABSENTMINDED=No

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5710 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-27 00:59:01 +00:00
parent bcec7bdc63
commit 0c8ffffb10

View File

@ -73,6 +73,7 @@ sub generate_script_1 {
'PRODUCT="Shorewall Lite"' );
copy "$env{SHAREDIR}/lib.base";
emitj ( '################################################################################',
'# End of /usr/share/shorewall/lib.base',
'################################################################################' );
@ -87,7 +88,8 @@ sub generate_script_1 {
emit 'TEMPFILE=';
emit '';
for my $exit qw/init start tcclear started stop stopped/ {
for my $exit qw/init start tcclear started stop stopped/
{
emit "run_${exit}_exit() {";
push_indent;
append_file $exit;
@ -159,8 +161,7 @@ sub generate_script_1 {
sub compile_stop_firewall() {
emit <<EOF;
#
emit "#
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
#
stop_firewall() {
@ -298,7 +299,7 @@ stop_firewall() {
fi
rm -f \${VARDIR}/proxyarp
EOF
";
emit ' delete_tc1' if $config{CLEAR_TC};
emit ' undo_routing';
@ -326,25 +327,23 @@ EOF
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
}
emit <<EOF;
emit "
for chain in INPUT OUTPUT; do
setpolicy \$chain DROP
done
EOF
";
} else {
emit <<EOF;
emit "
for chain in INPUT OUTPUT; do
setpolicy \$chain ACCEPT
done
setpolicy FORWARD DROP
deleteallchains
EOF
deleteallchains";
for my $hosts ( @$criticalhosts ) {
my ( $interface, $host ) = ( split /,/, $hosts );
my ( $interface, $host ) = ( split /:/, $hosts );
my $source = match_source_net $host;
my $dest = match_dest_net $host;
@ -352,25 +351,22 @@ EOF
emit " \$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT";
}
emit <<EOF;
emit "
setpolicy INPUT DROP
for chain in INPUT FORWARD; do
setcontinue \$chain
done
EOF
done";
}
} elsif ( ! $config{ADMINISABSENTMINDED} ) {
emit <<EOF;
for chain in INPUT OUTPUT FORWARD; do
emit "for chain in INPUT OUTPUT FORWARD; do
setpolicy \$chain DROP
done
deleteallchains
EOF
deleteallchains"
} else {
emit <<EOF;
for chain in INPUT FORWARD; do
emit "for chain in INPUT FORWARD; do
setpolicy \$chain DROP
done
@ -380,9 +376,7 @@ EOF
for chain in INPUT FORWARD; do
setcontinue \$chain
done
EOF
done";
}
push_indent;
@ -418,8 +412,7 @@ EOF
pop_indent;
emit <<EOF;
emit "
set_state \"Stopped\"
logger -p kern.info \"\$PRODUCT Stopped\"
@ -437,7 +430,7 @@ EOF
;;
esac
}
EOF
";
}