forked from extern/shorewall_code
A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
fb007bc1c7
commit
1556002b54
@ -737,15 +737,19 @@ sub cleanup() {
|
|||||||
unlink ( $perlscriptname ), $perlscriptname = undef if $perlscriptname;
|
unlink ( $perlscriptname ), $perlscriptname = undef if $perlscriptname;
|
||||||
unlink ( @tempfiles ), @tempfiles = () if @tempfiles;
|
unlink ( @tempfiles ), @tempfiles = () if @tempfiles;
|
||||||
#
|
#
|
||||||
# Delete termprary chains
|
# Delete temporary chains
|
||||||
#
|
#
|
||||||
if ( $sillyname ) {
|
if ( $sillyname ) {
|
||||||
|
#
|
||||||
|
# We went through determine_capabilities()
|
||||||
|
#
|
||||||
qt1( "$iptables -F $sillyname" );
|
qt1( "$iptables -F $sillyname" );
|
||||||
qt1( "$iptables -X $sillyname" );
|
qt1( "$iptables -X $sillyname" );
|
||||||
qt1( "$iptables -F $sillyname1" );
|
qt1( "$iptables -F $sillyname1" );
|
||||||
qt1( "$iptables -X $sillyname1" );
|
qt1( "$iptables -X $sillyname1" );
|
||||||
qt1( "$iptables -t mangle -F $sillyname" );
|
qt1( "$iptables -t mangle -F $sillyname" );
|
||||||
qt1( "$iptables -t mangle -X $sillyname" );
|
qt1( "$iptables -t mangle -X $sillyname" );
|
||||||
|
$sillyname = '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2072,11 +2076,16 @@ sub Nat_Enabled() {
|
|||||||
sub Persistent_Snat() {
|
sub Persistent_Snat() {
|
||||||
have_capability 'NAT_ENABLED' || return '';
|
have_capability 'NAT_ENABLED' || return '';
|
||||||
|
|
||||||
|
my $result = '';
|
||||||
|
|
||||||
if ( qt1( "$iptables -t nat -N $sillyname" ) ) {
|
if ( qt1( "$iptables -t nat -N $sillyname" ) ) {
|
||||||
$capabilities{PERSISTENT_SNAT} = qt1( "$iptables -t nat -A $sillyname -j SNAT --to-source 1.2.3.4 --persistent" );
|
$result = qt1( "$iptables -t nat -A $sillyname -j SNAT --to-source 1.2.3.4 --persistent" );
|
||||||
qt1( "$iptables -t nat -F $sillyname" );
|
qt1( "$iptables -t nat -F $sillyname" );
|
||||||
qt1( "$iptables -t nat -X $sillyname" );
|
qt1( "$iptables -t nat -X $sillyname" );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$result;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub Mangle_Enabled() {
|
sub Mangle_Enabled() {
|
||||||
|
|||||||
@ -402,6 +402,7 @@ sub process_zone( \$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( $type eq IPSEC ) {
|
if ( $type eq IPSEC ) {
|
||||||
|
require_capability 'POLICY_MATCH' , 'IPSEC zones', '';
|
||||||
for ( @parents ) {
|
for ( @parents ) {
|
||||||
unless ( $zones{$_}{type} == IPSEC ) {
|
unless ( $zones{$_}{type} == IPSEC ) {
|
||||||
set_super( $zones{$_} );
|
set_super( $zones{$_} );
|
||||||
@ -1215,6 +1216,7 @@ sub process_host( ) {
|
|||||||
|
|
||||||
for my $option ( @options ) {
|
for my $option ( @options ) {
|
||||||
if ( $option eq 'ipsec' ) {
|
if ( $option eq 'ipsec' ) {
|
||||||
|
require_capability 'POLICY_MATCH' , q(The 'ipsec' option), 's';
|
||||||
$type = IPSEC;
|
$type = IPSEC;
|
||||||
$zoneref->{options}{complex} = 1;
|
$zoneref->{options}{complex} = 1;
|
||||||
$ipsec = 1;
|
$ipsec = 1;
|
||||||
@ -1274,8 +1276,6 @@ sub validate_hosts_file()
|
|||||||
|
|
||||||
$ipsec |= process_host while read_a_line;
|
$ipsec |= process_host while read_a_line;
|
||||||
|
|
||||||
require_capability( 'POLICY_MATCH', 'ipsec zones or hosts', '' ) if $have_ipsec = $ipsec || haveipseczones;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user