forked from extern/shorewall_code
Combine emit() and emitj()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
7c01ffd2c0
commit
16a7b1deae
@ -1853,7 +1853,7 @@ sub emitr( $ ) {
|
||||
|
||||
sub emit_comment() {
|
||||
unless ( $emitted_comment ) {
|
||||
emitj ( '#',
|
||||
emit ( '#',
|
||||
'# Establish the values of shell variables used in the following function calls',
|
||||
'#' );
|
||||
$emitted_comment = 1;
|
||||
@ -1889,7 +1889,7 @@ sub create_netfilter_load() {
|
||||
|
||||
$state = NULL_STATE;
|
||||
|
||||
emitj( 'setup_netfilter()',
|
||||
emit( 'setup_netfilter()',
|
||||
'{'
|
||||
);
|
||||
|
||||
@ -1955,14 +1955,14 @@ sub create_netfilter_load() {
|
||||
#
|
||||
# Now generate the actual iptables-restore command
|
||||
#
|
||||
emitj( 'exec 3>&-',
|
||||
emit( 'exec 3>&-',
|
||||
'',
|
||||
'progress_message2 "Running iptables-restore..."',
|
||||
'',
|
||||
'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
|
||||
);
|
||||
|
||||
emitj( 'if [ $? != 0 ]; then',
|
||||
emit( 'if [ $? != 0 ]; then',
|
||||
' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"',
|
||||
"fi\n"
|
||||
);
|
||||
@ -1979,7 +1979,7 @@ sub create_blacklist_reload() {
|
||||
|
||||
$state = NULL_STATE;
|
||||
|
||||
emitj( 'blacklist_reload()',
|
||||
emit( 'blacklist_reload()',
|
||||
'{'
|
||||
);
|
||||
|
||||
@ -2010,14 +2010,12 @@ sub create_blacklist_reload() {
|
||||
#
|
||||
# Now generate the actual iptables-restore command
|
||||
#
|
||||
emitj( 'exec 3>&-',
|
||||
emit( 'exec 3>&-',
|
||||
'',
|
||||
'progress_message2 "Running iptables-restore..."',
|
||||
'',
|
||||
'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux'
|
||||
);
|
||||
|
||||
emitj( 'if [ $? != 0 ]; then',
|
||||
'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux',
|
||||
'if [ $? != 0 ]; then',
|
||||
' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"',
|
||||
"fi\n"
|
||||
);
|
||||
|
||||
@ -93,78 +93,78 @@ sub generate_script_1() {
|
||||
emit "}\n";
|
||||
}
|
||||
|
||||
emitj ( '#',
|
||||
'# This function initializes the global variables used by the program',
|
||||
'#',
|
||||
'initialize()',
|
||||
'{',
|
||||
' #',
|
||||
' # These variables are required by the library functions called in this script',
|
||||
' #'
|
||||
);
|
||||
emit ( '#',
|
||||
'# This function initializes the global variables used by the program',
|
||||
'#',
|
||||
'initialize()',
|
||||
'{',
|
||||
' #',
|
||||
' # These variables are required by the library functions called in this script',
|
||||
' #'
|
||||
);
|
||||
|
||||
push_indent;
|
||||
|
||||
if ( $export ) {
|
||||
emitj ( 'SHAREDIR=/usr/share/shorewall-lite',
|
||||
'CONFDIR=/etc/shorewall-lite',
|
||||
'PRODUCT="Shorewall Lite"'
|
||||
);
|
||||
emit ( 'SHAREDIR=/usr/share/shorewall-lite',
|
||||
'CONFDIR=/etc/shorewall-lite',
|
||||
'PRODUCT="Shorewall Lite"'
|
||||
);
|
||||
} else {
|
||||
emitj ( 'SHAREDIR=/usr/share/shorewall',
|
||||
'CONFDIR=/etc/shorewall',
|
||||
'PRODUCT=\'Shorewall\'',
|
||||
);
|
||||
emit ( 'SHAREDIR=/usr/share/shorewall',
|
||||
'CONFDIR=/etc/shorewall',
|
||||
'PRODUCT=\'Shorewall\'',
|
||||
);
|
||||
}
|
||||
|
||||
emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' );
|
||||
|
||||
if ( $export ) {
|
||||
emitj ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' ,
|
||||
'[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' );
|
||||
emit ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' ,
|
||||
'[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' );
|
||||
} else {
|
||||
emitj ( qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
|
||||
'[ -n "${VARDIR:=/var/lib/shorewall}" ]' );
|
||||
emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
|
||||
'[ -n "${VARDIR:=/var/lib/shorewall}" ]' );
|
||||
}
|
||||
|
||||
emit 'TEMPFILE=';
|
||||
|
||||
propagateconfig;
|
||||
|
||||
emitj ( '[ -n "${COMMAND:=restart}" ]',
|
||||
'[ -n "${VERBOSE:=0}" ]',
|
||||
qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]),
|
||||
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
|
||||
qq(VERSION="$globals{VERSION}") ,
|
||||
qq(PATH="$config{PATH}") ,
|
||||
'TERMINATOR=fatal_error'
|
||||
);
|
||||
emit ( '[ -n "${COMMAND:=restart}" ]',
|
||||
'[ -n "${VERBOSE:=0}" ]',
|
||||
qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]),
|
||||
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
|
||||
qq(VERSION="$globals{VERSION}") ,
|
||||
qq(PATH="$config{PATH}") ,
|
||||
'TERMINATOR=fatal_error'
|
||||
);
|
||||
|
||||
if ( $config{IPTABLES} ) {
|
||||
emitj( qq(IPTABLES="$config{IPTABLES}"),
|
||||
'',
|
||||
'[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"',
|
||||
);
|
||||
emit( qq(IPTABLES="$config{IPTABLES}"),
|
||||
'',
|
||||
'[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"',
|
||||
);
|
||||
} else {
|
||||
emitj( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)',
|
||||
'',
|
||||
'[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"'
|
||||
);
|
||||
emit( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)',
|
||||
'',
|
||||
'[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"'
|
||||
);
|
||||
}
|
||||
|
||||
emitj( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
||||
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
||||
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
||||
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
||||
|
||||
append_file 'params' if $config{EXPORTPARAMS};
|
||||
|
||||
emitj ( '',
|
||||
"STOPPING=",
|
||||
'',
|
||||
'#',
|
||||
'# The library requires that ${VARDIR} exist',
|
||||
'#',
|
||||
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
|
||||
);
|
||||
emit ( '',
|
||||
"STOPPING=",
|
||||
'',
|
||||
'#',
|
||||
'# The library requires that ${VARDIR} exist',
|
||||
'#',
|
||||
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
|
||||
);
|
||||
|
||||
pop_indent;
|
||||
|
||||
@ -329,15 +329,15 @@ EOF
|
||||
|
||||
emit 'delete_tc1' if $config{CLEAR_TC};
|
||||
|
||||
emitj( 'undo_routing',
|
||||
'restore_default_route'
|
||||
);
|
||||
emit( 'undo_routing',
|
||||
'restore_default_route'
|
||||
);
|
||||
|
||||
my $criticalhosts = process_criticalhosts;
|
||||
|
||||
if ( @$criticalhosts ) {
|
||||
if ( $config{ADMINISABSENTMINDED} ) {
|
||||
emitj ( 'for chain in INPUT OUTPUT; do',
|
||||
emit ( 'for chain in INPUT OUTPUT; do',
|
||||
' setpolicy $chain ACCEPT',
|
||||
'done',
|
||||
'',
|
||||
@ -352,71 +352,71 @@ EOF
|
||||
my $source = match_source_net $host;
|
||||
my $dest = match_dest_net $host;
|
||||
|
||||
emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
||||
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
|
||||
);
|
||||
emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
||||
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
|
||||
);
|
||||
}
|
||||
|
||||
emitj( '',
|
||||
'for chain in INPUT OUTPUT; do',
|
||||
' setpolicy $chain DROP',
|
||||
"done\n"
|
||||
);
|
||||
emit( '',
|
||||
'for chain in INPUT OUTPUT; do',
|
||||
' setpolicy $chain DROP',
|
||||
"done\n"
|
||||
);
|
||||
} else {
|
||||
emitj( '',
|
||||
'for chain in INPUT OUTPUT; do',
|
||||
' setpolicy \$chain ACCEPT',
|
||||
'done',
|
||||
'',
|
||||
'setpolicy FORWARD DROP',
|
||||
'',
|
||||
"deleteallchains\n"
|
||||
);
|
||||
emit( '',
|
||||
'for chain in INPUT OUTPUT; do',
|
||||
' setpolicy \$chain ACCEPT',
|
||||
'done',
|
||||
'',
|
||||
'setpolicy FORWARD DROP',
|
||||
'',
|
||||
"deleteallchains\n"
|
||||
);
|
||||
|
||||
for my $hosts ( @$criticalhosts ) {
|
||||
my ( $interface, $host ) = ( split /:/, $hosts );
|
||||
my $source = match_source_net $host;
|
||||
my $dest = match_dest_net $host;
|
||||
|
||||
emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
||||
emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
||||
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
|
||||
);
|
||||
}
|
||||
|
||||
emitj ( "\nsetpolicy INPUT DROP",
|
||||
'',
|
||||
'for chain in INPUT FORWARD; do',
|
||||
' setcontinue $chain',
|
||||
"done\n"
|
||||
);
|
||||
emit( "\nsetpolicy INPUT DROP",
|
||||
'',
|
||||
'for chain in INPUT FORWARD; do',
|
||||
' setcontinue $chain',
|
||||
"done\n"
|
||||
);
|
||||
}
|
||||
} elsif ( $config{ADMINISABSENTMINDED} ) {
|
||||
emitj( 'for chain in INPUT FORWARD; do',
|
||||
' setpolicy $chain DROP',
|
||||
'done',
|
||||
'',
|
||||
'setpolicy OUTPUT ACCEPT',
|
||||
'',
|
||||
'deleteallchains',
|
||||
'',
|
||||
'for chain in INPUT FORWARD; do',
|
||||
' setcontinue $chain',
|
||||
"done\n",
|
||||
);
|
||||
emit( 'for chain in INPUT FORWARD; do',
|
||||
' setpolicy $chain DROP',
|
||||
'done',
|
||||
'',
|
||||
'setpolicy OUTPUT ACCEPT',
|
||||
'',
|
||||
'deleteallchains',
|
||||
'',
|
||||
'for chain in INPUT FORWARD; do',
|
||||
' setcontinue $chain',
|
||||
"done\n",
|
||||
);
|
||||
} else {
|
||||
emitj( 'for chain in INPUT OUTPUT FORWARD; do',
|
||||
' setpolicy $chain DROP',
|
||||
'done',
|
||||
'',
|
||||
"deleteallchains\n"
|
||||
);
|
||||
emit( 'for chain in INPUT OUTPUT FORWARD; do',
|
||||
' setpolicy $chain DROP',
|
||||
'done',
|
||||
'',
|
||||
"deleteallchains\n"
|
||||
);
|
||||
}
|
||||
|
||||
process_routestopped;
|
||||
|
||||
emitj( '$IPTABLES -A INPUT -i lo -j ACCEPT',
|
||||
'$IPTABLES -A OUTPUT -o lo -j ACCEPT'
|
||||
);
|
||||
emit( '$IPTABLES -A INPUT -i lo -j ACCEPT',
|
||||
'$IPTABLES -A OUTPUT -o lo -j ACCEPT'
|
||||
);
|
||||
|
||||
emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED};
|
||||
|
||||
@ -434,12 +434,12 @@ EOF
|
||||
emit '';
|
||||
|
||||
if ( $config{IP_FORWARDING} eq 'on' ) {
|
||||
emitj( 'echo 1 > /proc/sys/net/ipv4/ip_forward',
|
||||
'progress_message2 IP Forwarding Enabled' );
|
||||
emit( 'echo 1 > /proc/sys/net/ipv4/ip_forward',
|
||||
'progress_message2 IP Forwarding Enabled' );
|
||||
} elsif ( $config{IP_FORWARDING} eq 'off' ) {
|
||||
emitj( 'echo 0 > /proc/sys/net/ipv4/ip_forward',
|
||||
'progress_message2 IP Forwarding Disabled!'
|
||||
);
|
||||
emit( 'echo 0 > /proc/sys/net/ipv4/ip_forward',
|
||||
'progress_message2 IP Forwarding Disabled!'
|
||||
);
|
||||
}
|
||||
|
||||
emit 'run_stopped_exit';
|
||||
@ -491,7 +491,7 @@ sub generate_script_2 () {
|
||||
|
||||
copy $globals{SHAREDIRPL} . 'prog.functions';
|
||||
|
||||
emitj( '',
|
||||
emit( '',
|
||||
'#',
|
||||
'# Clear Routing and Traffic Shaping',
|
||||
'#',
|
||||
@ -524,7 +524,7 @@ sub generate_script_2 () {
|
||||
emit '';
|
||||
|
||||
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
|
||||
emitj ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
|
||||
emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
|
||||
'if [ -n "$addr" ]; then',
|
||||
' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')',
|
||||
' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do',
|
||||
@ -535,7 +535,7 @@ sub generate_script_2 () {
|
||||
"fi\n" );
|
||||
}
|
||||
|
||||
emitj ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
|
||||
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
|
||||
'',
|
||||
'qt $IPTABLES -L shorewall -n && qt $IPTABLES -F shorewall && qt $IPTABLES -X shorewall',
|
||||
'',
|
||||
@ -544,7 +544,7 @@ sub generate_script_2 () {
|
||||
);
|
||||
|
||||
if ( $capabilities{NAT_ENABLED} ) {
|
||||
emitj( 'if [ -f ${VARDIR}/nat ]; then',
|
||||
emit( 'if [ -f ${VARDIR}/nat ]; then',
|
||||
' while read external interface; do',
|
||||
' del_ip_addr $external $interface',
|
||||
' done < ${VARDIR}/nat',
|
||||
@ -560,7 +560,7 @@ sub generate_script_2 () {
|
||||
|
||||
emit "}\n";
|
||||
|
||||
emitj( '#',
|
||||
emit( '#',
|
||||
'# Setup Routing and Traffic Shaping',
|
||||
'#',
|
||||
'setup_routing_and_traffic_shaping() {'
|
||||
|
||||
@ -42,7 +42,6 @@ our @EXPORT = qw(
|
||||
create_temp_object
|
||||
finalize_object
|
||||
emit
|
||||
emitj
|
||||
emit_unindented
|
||||
save_progress_message
|
||||
save_progress_message_short
|
||||
@ -414,34 +413,11 @@ sub fatal_error {
|
||||
}
|
||||
|
||||
#
|
||||
# Write the argument to the object file (if any) with the current indentation.
|
||||
# Write the arguments to the object file (if any) with the current indentation.
|
||||
#
|
||||
# Replaces leading spaces with tabs as appropriate and suppresses consecutive blank lines.
|
||||
#
|
||||
sub emit ( $ ) {
|
||||
if ( $object ) {
|
||||
#
|
||||
# 'compile' as opposed to 'check'
|
||||
#
|
||||
my $line = $_[0]; # This copy is necessary because the actual arguments are almost always read-only.
|
||||
|
||||
unless ( $line =~ /^\s*$/ ) {
|
||||
$line =~ s/^\n// if $lastlineblank;
|
||||
$line =~ s/^/$indent/gm if $indent;
|
||||
$line =~ s/ /\t/gm;
|
||||
print $object "$line\n";
|
||||
$lastlineblank = ( substr( $line, -1, 1 ) eq "\n" );
|
||||
} else {
|
||||
print $object "\n" unless $lastlineblank;
|
||||
$lastlineblank = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Version of emit() that accepts an indefinite number of scalar arguments; each argument will be emitted as a separate line
|
||||
#
|
||||
sub emitj {
|
||||
sub emit {
|
||||
if ( $object ) {
|
||||
#
|
||||
# 'compile' as opposed to 'check'
|
||||
|
||||
@ -60,10 +60,10 @@ sub setup_arp_filtering() {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter";
|
||||
my $value = get_interface_option $interface, 'arp_filter';
|
||||
|
||||
emitj( '',
|
||||
emit ( '',
|
||||
"if [ -f $file ]; then",
|
||||
" echo $value > $file");
|
||||
emitj( 'else',
|
||||
emit ( 'else',
|
||||
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface );
|
||||
emit "fi\n";
|
||||
}
|
||||
@ -74,9 +74,9 @@ sub setup_arp_filtering() {
|
||||
|
||||
fatal_error "Internal Error in setup_arp_filtering()" unless defined $value;
|
||||
|
||||
emitj( "if [ -f $file ]; then",
|
||||
emit ( "if [ -f $file ]; then",
|
||||
" echo $value > $file");
|
||||
emitj( 'else',
|
||||
emit ( 'else',
|
||||
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface );
|
||||
emit "fi\n";
|
||||
}
|
||||
@ -100,18 +100,18 @@ sub setup_route_filtering() {
|
||||
if ( $config{ROUTE_FILTER} ) {
|
||||
my $val = $config{ROUTE_FILTER} eq 'on' ? 1 : 0;
|
||||
|
||||
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter",
|
||||
'done' );
|
||||
emit ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter",
|
||||
'done' );
|
||||
}
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
|
||||
my $value = get_interface_option $interface, 'routefilter';
|
||||
|
||||
emitj( "if [ -f $file ]; then" ,
|
||||
emit ( "if [ -f $file ]; then" ,
|
||||
" echo $value > $file" );
|
||||
emitj( 'else' ,
|
||||
emit ( 'else' ,
|
||||
" error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface);
|
||||
emit "fi\n";
|
||||
}
|
||||
@ -144,19 +144,19 @@ sub setup_martian_logging() {
|
||||
if ( $config{LOG_MARTIANS} ) {
|
||||
my $val = $config{LOG_MARTIANS} eq 'on' ? 1 : 0;
|
||||
|
||||
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/log_martians ] && echo $val > \$file/log_martians",
|
||||
'done' );
|
||||
emit ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/log_martians ] && echo $val > \$file/log_martians",
|
||||
'done' );
|
||||
}
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";
|
||||
my $value = get_interface_option $interface, 'logmartians';
|
||||
|
||||
emitj( "if [ -f $file ]; then" ,
|
||||
emit ( "if [ -f $file ]; then" ,
|
||||
" echo $value > $file" );
|
||||
|
||||
emitj( 'else' ,
|
||||
emit ( 'else' ,
|
||||
" error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface);
|
||||
emit "fi\n";
|
||||
}
|
||||
@ -189,9 +189,9 @@ sub setup_source_routing() {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/accept_source_route";
|
||||
my $value = get_interface_option $interface, 'sourceroute';
|
||||
|
||||
emitj( "if [ -f $file ]; then" ,
|
||||
emit ( "if [ -f $file ]; then" ,
|
||||
" echo $value > $file" );
|
||||
emitj( 'else' ,
|
||||
emit ( 'else' ,
|
||||
" error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface);
|
||||
emit "fi\n";
|
||||
}
|
||||
|
||||
@ -105,7 +105,7 @@ sub setup_route_marking() {
|
||||
sub copy_table( $$ ) {
|
||||
my ( $duplicate, $number ) = @_;
|
||||
|
||||
emitj( "ip route show table $duplicate | while read net route; do",
|
||||
emit ( "ip route show table $duplicate | while read net route; do",
|
||||
' case $net in',
|
||||
' default|nexthop)',
|
||||
' ;;',
|
||||
@ -120,7 +120,7 @@ sub copy_table( $$ ) {
|
||||
sub copy_and_edit_table( $$$ ) {
|
||||
my ( $duplicate, $number, $copy ) = @_;
|
||||
|
||||
emitj ( "ip route show table $duplicate | while read net route; do",
|
||||
emit ( "ip route show table $duplicate | while read net route; do",
|
||||
' case $net in',
|
||||
' default|nexthop)',
|
||||
' ;;',
|
||||
@ -197,7 +197,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
|
||||
if ( $gateway eq 'detect' ) {
|
||||
my $variable = get_interface_address $interface;
|
||||
emitj ( "gateway=\$(detect_gateway $interface)\n",
|
||||
emit ( "gateway=\$(detect_gateway $interface)\n",
|
||||
'if [ -n "$gateway" ]; then',
|
||||
" run_ip route replace $variable dev $interface table $number",
|
||||
" run_ip route add default via \$gateway dev $interface table $number",
|
||||
@ -235,7 +235,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
|
||||
my $pref = 10000 + $val;
|
||||
|
||||
emitj( "qt ip rule del fwmark $mark",
|
||||
emit ( "qt ip rule del fwmark $mark",
|
||||
"run_ip rule add fwmark $mark pref $pref table $number",
|
||||
"echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing"
|
||||
);
|
||||
@ -273,7 +273,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
|
||||
emit "\nrulenum=0\n";
|
||||
|
||||
emitj ( "find_interface_addresses $interface | while read address; do",
|
||||
emit ( "find_interface_addresses $interface | while read address; do",
|
||||
' qt ip rule del from $address',
|
||||
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
|
||||
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
|
||||
@ -281,7 +281,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
'done'
|
||||
);
|
||||
} else {
|
||||
emitj( "\nfind_interface_addresses $interface | while read address; do",
|
||||
emit ( "\nfind_interface_addresses $interface | while read address; do",
|
||||
' qt ip rule del from $address',
|
||||
'done'
|
||||
);
|
||||
@ -293,7 +293,7 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
emit 'else';
|
||||
|
||||
if ( $optional ) {
|
||||
emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
|
||||
emit ( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
|
||||
" ${iface}_up="
|
||||
);
|
||||
} else {
|
||||
@ -343,7 +343,7 @@ sub add_an_rtrule( $$$$ ) {
|
||||
|
||||
$priority = "priority $priority";
|
||||
|
||||
emitj( "qt ip rule del $source $dest $priority",
|
||||
emit ( "qt ip rule del $source $dest $priority",
|
||||
"run_ip rule add $source $dest $priority table $provider",
|
||||
"echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing"
|
||||
);
|
||||
@ -364,7 +364,7 @@ sub setup_providers() {
|
||||
|
||||
push_indent;
|
||||
|
||||
emitj ( '#',
|
||||
emit ( '#',
|
||||
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
|
||||
'#',
|
||||
'undo_routing',
|
||||
@ -400,7 +400,7 @@ sub setup_providers() {
|
||||
|
||||
if ( $providers ) {
|
||||
if ( $balance ) {
|
||||
emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
|
||||
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
|
||||
' run_ip route replace default scope global $DEFAULT_ROUTE',
|
||||
" progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
|
||||
'else',
|
||||
@ -409,7 +409,7 @@ sub setup_providers() {
|
||||
'fi',
|
||||
'' );
|
||||
} else {
|
||||
emitj( '#',
|
||||
emit ( '#',
|
||||
'# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved',
|
||||
'#',
|
||||
'restore_default_route' );
|
||||
|
||||
@ -80,7 +80,7 @@ sub setup_one_proxy_arp( $$$$$ ) {
|
||||
$haveroute = 1 if $persistent;
|
||||
}
|
||||
|
||||
emitj( "if ! arp -i $external -Ds $address $external pub; then",
|
||||
emit ( "if ! arp -i $external -Ds $address $external pub; then",
|
||||
" fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
|
||||
'fi' ,
|
||||
'',
|
||||
@ -126,25 +126,25 @@ sub setup_proxy_arp() {
|
||||
|
||||
for my $interface ( keys %reset ) {
|
||||
unless ( $set{interface} ) {
|
||||
emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
" echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
||||
emit "fi\n";
|
||||
}
|
||||
}
|
||||
|
||||
for my $interface ( keys %set ) {
|
||||
emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
" echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
||||
emitj ( 'else' ,
|
||||
emit ( 'else' ,
|
||||
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
|
||||
emit "fi\n";
|
||||
}
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $value = get_interface_option $interface, 'proxyarp';
|
||||
emitj( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" ,
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" ,
|
||||
" echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
||||
emitj( 'else' ,
|
||||
emit ( 'else' ,
|
||||
" error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface );
|
||||
emit "fi\n";
|
||||
}
|
||||
|
||||
@ -453,7 +453,7 @@ sub setup_traffic_shaping() {
|
||||
|
||||
push_indent;
|
||||
|
||||
emitj( "${dev}_exists=Yes",
|
||||
emit ( "${dev}_exists=Yes",
|
||||
"qt tc qdisc del dev $device root",
|
||||
"qt tc qdisc del dev $device ingress",
|
||||
"run_tc qdisc add dev $device root handle $devnum: htb default $defmark",
|
||||
@ -465,7 +465,7 @@ sub setup_traffic_shaping() {
|
||||
my $inband = rate_to_kbit $devref->{in_bandwidth};
|
||||
|
||||
if ( $inband ) {
|
||||
emitj( "run_tc qdisc add dev $device handle ffff: ingress",
|
||||
emit ( "run_tc qdisc add dev $device handle ffff: ingress",
|
||||
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
|
||||
);
|
||||
}
|
||||
@ -509,7 +509,7 @@ sub setup_traffic_shaping() {
|
||||
$lastdevice = $device;
|
||||
}
|
||||
|
||||
emitj( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum",
|
||||
emit ( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum",
|
||||
"run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum",
|
||||
"run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10"
|
||||
);
|
||||
|
||||
@ -76,7 +76,7 @@ use constant { NOTHING => 'NOTHING',
|
||||
#
|
||||
# @zones contains the ordered list of zones with sub-zones appearing before their parents.
|
||||
#
|
||||
# %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4';
|
||||
# %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4', 'bport4';
|
||||
# options => { complex => 0|1
|
||||
# in_out => < policy match string >
|
||||
# in => < policy match string >
|
||||
|
||||
Loading…
Reference in New Issue
Block a user