From 16a7b1deae8f708f0a68460d5bb277ad40ef4d9d Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 23 Jul 2007 18:14:12 +0000 Subject: [PATCH] Combine emit() and emitj() git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 18 +-- Shorewall-perl/Shorewall/Compiler.pm | 212 +++++++++++++------------- Shorewall-perl/Shorewall/Config.pm | 28 +--- Shorewall-perl/Shorewall/Proc.pm | 32 ++-- Shorewall-perl/Shorewall/Providers.pm | 22 +-- Shorewall-perl/Shorewall/Proxyarp.pm | 12 +- Shorewall-perl/Shorewall/Tc.pm | 6 +- Shorewall-perl/Shorewall/Zones.pm | 2 +- 8 files changed, 153 insertions(+), 179 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index c4b7b3f0d..50f33da48 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -1853,7 +1853,7 @@ sub emitr( $ ) { sub emit_comment() { unless ( $emitted_comment ) { - emitj ( '#', + emit ( '#', '# Establish the values of shell variables used in the following function calls', '#' ); $emitted_comment = 1; @@ -1889,7 +1889,7 @@ sub create_netfilter_load() { $state = NULL_STATE; - emitj( 'setup_netfilter()', + emit( 'setup_netfilter()', '{' ); @@ -1955,14 +1955,14 @@ sub create_netfilter_load() { # # Now generate the actual iptables-restore command # - emitj( 'exec 3>&-', + emit( 'exec 3>&-', '', 'progress_message2 "Running iptables-restore..."', '', 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux' ); - emitj( 'if [ $? != 0 ]; then', + emit( 'if [ $? != 0 ]; then', ' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"', "fi\n" ); @@ -1979,7 +1979,7 @@ sub create_blacklist_reload() { $state = NULL_STATE; - emitj( 'blacklist_reload()', + emit( 'blacklist_reload()', '{' ); @@ -2010,14 +2010,12 @@ sub create_blacklist_reload() { # # Now generate the actual iptables-restore command # - emitj( 'exec 3>&-', + emit( 'exec 3>&-', '', 'progress_message2 "Running iptables-restore..."', '', - 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux' - ); - - emitj( 'if [ $? != 0 ]; then', + 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux', + 'if [ $? != 0 ]; then', ' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"', "fi\n" ); diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index a17f3a383..04da4ddda 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -93,78 +93,78 @@ sub generate_script_1() { emit "}\n"; } - emitj ( '#', - '# This function initializes the global variables used by the program', - '#', - 'initialize()', - '{', - ' #', - ' # These variables are required by the library functions called in this script', - ' #' - ); + emit ( '#', + '# This function initializes the global variables used by the program', + '#', + 'initialize()', + '{', + ' #', + ' # These variables are required by the library functions called in this script', + ' #' + ); push_indent; if ( $export ) { - emitj ( 'SHAREDIR=/usr/share/shorewall-lite', - 'CONFDIR=/etc/shorewall-lite', - 'PRODUCT="Shorewall Lite"' - ); + emit ( 'SHAREDIR=/usr/share/shorewall-lite', + 'CONFDIR=/etc/shorewall-lite', + 'PRODUCT="Shorewall Lite"' + ); } else { - emitj ( 'SHAREDIR=/usr/share/shorewall', - 'CONFDIR=/etc/shorewall', - 'PRODUCT=\'Shorewall\'', - ); + emit ( 'SHAREDIR=/usr/share/shorewall', + 'CONFDIR=/etc/shorewall', + 'PRODUCT=\'Shorewall\'', + ); } emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' ); if ( $export ) { - emitj ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' , - '[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' ); + emit ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' , + '[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' ); } else { - emitj ( qq(CONFIG_PATH="$config{CONFIG_PATH}") , - '[ -n "${VARDIR:=/var/lib/shorewall}" ]' ); + emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") , + '[ -n "${VARDIR:=/var/lib/shorewall}" ]' ); } emit 'TEMPFILE='; propagateconfig; - emitj ( '[ -n "${COMMAND:=restart}" ]', - '[ -n "${VERBOSE:=0}" ]', - qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]), - '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"', - qq(VERSION="$globals{VERSION}") , - qq(PATH="$config{PATH}") , - 'TERMINATOR=fatal_error' - ); + emit ( '[ -n "${COMMAND:=restart}" ]', + '[ -n "${VERBOSE:=0}" ]', + qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]), + '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"', + qq(VERSION="$globals{VERSION}") , + qq(PATH="$config{PATH}") , + 'TERMINATOR=fatal_error' + ); if ( $config{IPTABLES} ) { - emitj( qq(IPTABLES="$config{IPTABLES}"), - '', - '[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"', - ); + emit( qq(IPTABLES="$config{IPTABLES}"), + '', + '[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"', + ); } else { - emitj( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)', - '', - '[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"' - ); + emit( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)', + '', + '[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"' + ); } - emitj( 'IPTABLES_RESTORE=${IPTABLES}-restore', - '[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' ); + emit( 'IPTABLES_RESTORE=${IPTABLES}-restore', + '[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' ); append_file 'params' if $config{EXPORTPARAMS}; - emitj ( '', - "STOPPING=", - '', - '#', - '# The library requires that ${VARDIR} exist', - '#', - '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' - ); + emit ( '', + "STOPPING=", + '', + '#', + '# The library requires that ${VARDIR} exist', + '#', + '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' + ); pop_indent; @@ -329,15 +329,15 @@ EOF emit 'delete_tc1' if $config{CLEAR_TC}; - emitj( 'undo_routing', - 'restore_default_route' - ); + emit( 'undo_routing', + 'restore_default_route' + ); my $criticalhosts = process_criticalhosts; if ( @$criticalhosts ) { if ( $config{ADMINISABSENTMINDED} ) { - emitj ( 'for chain in INPUT OUTPUT; do', + emit ( 'for chain in INPUT OUTPUT; do', ' setpolicy $chain ACCEPT', 'done', '', @@ -352,71 +352,71 @@ EOF my $source = match_source_net $host; my $dest = match_dest_net $host; - emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", - "\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT" - ); + emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", + "\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT" + ); } - emitj( '', - 'for chain in INPUT OUTPUT; do', - ' setpolicy $chain DROP', - "done\n" - ); + emit( '', + 'for chain in INPUT OUTPUT; do', + ' setpolicy $chain DROP', + "done\n" + ); } else { - emitj( '', - 'for chain in INPUT OUTPUT; do', - ' setpolicy \$chain ACCEPT', - 'done', - '', - 'setpolicy FORWARD DROP', - '', - "deleteallchains\n" - ); + emit( '', + 'for chain in INPUT OUTPUT; do', + ' setpolicy \$chain ACCEPT', + 'done', + '', + 'setpolicy FORWARD DROP', + '', + "deleteallchains\n" + ); for my $hosts ( @$criticalhosts ) { my ( $interface, $host ) = ( split /:/, $hosts ); my $source = match_source_net $host; my $dest = match_dest_net $host; - emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", + emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", "\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT" ); } - emitj ( "\nsetpolicy INPUT DROP", - '', - 'for chain in INPUT FORWARD; do', - ' setcontinue $chain', - "done\n" - ); + emit( "\nsetpolicy INPUT DROP", + '', + 'for chain in INPUT FORWARD; do', + ' setcontinue $chain', + "done\n" + ); } } elsif ( $config{ADMINISABSENTMINDED} ) { - emitj( 'for chain in INPUT FORWARD; do', - ' setpolicy $chain DROP', - 'done', - '', - 'setpolicy OUTPUT ACCEPT', - '', - 'deleteallchains', - '', - 'for chain in INPUT FORWARD; do', - ' setcontinue $chain', - "done\n", - ); + emit( 'for chain in INPUT FORWARD; do', + ' setpolicy $chain DROP', + 'done', + '', + 'setpolicy OUTPUT ACCEPT', + '', + 'deleteallchains', + '', + 'for chain in INPUT FORWARD; do', + ' setcontinue $chain', + "done\n", + ); } else { - emitj( 'for chain in INPUT OUTPUT FORWARD; do', - ' setpolicy $chain DROP', - 'done', - '', - "deleteallchains\n" - ); + emit( 'for chain in INPUT OUTPUT FORWARD; do', + ' setpolicy $chain DROP', + 'done', + '', + "deleteallchains\n" + ); } process_routestopped; - emitj( '$IPTABLES -A INPUT -i lo -j ACCEPT', - '$IPTABLES -A OUTPUT -o lo -j ACCEPT' - ); + emit( '$IPTABLES -A INPUT -i lo -j ACCEPT', + '$IPTABLES -A OUTPUT -o lo -j ACCEPT' + ); emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED}; @@ -434,12 +434,12 @@ EOF emit ''; if ( $config{IP_FORWARDING} eq 'on' ) { - emitj( 'echo 1 > /proc/sys/net/ipv4/ip_forward', - 'progress_message2 IP Forwarding Enabled' ); + emit( 'echo 1 > /proc/sys/net/ipv4/ip_forward', + 'progress_message2 IP Forwarding Enabled' ); } elsif ( $config{IP_FORWARDING} eq 'off' ) { - emitj( 'echo 0 > /proc/sys/net/ipv4/ip_forward', - 'progress_message2 IP Forwarding Disabled!' - ); + emit( 'echo 0 > /proc/sys/net/ipv4/ip_forward', + 'progress_message2 IP Forwarding Disabled!' + ); } emit 'run_stopped_exit'; @@ -491,7 +491,7 @@ sub generate_script_2 () { copy $globals{SHAREDIRPL} . 'prog.functions'; - emitj( '', + emit( '', '#', '# Clear Routing and Traffic Shaping', '#', @@ -524,7 +524,7 @@ sub generate_script_2 () { emit ''; for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) { - emitj ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)", + emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)", 'if [ -n "$addr" ]; then', ' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')', ' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do', @@ -535,7 +535,7 @@ sub generate_script_2 () { "fi\n" ); } - emitj ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit', + emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit', '', 'qt $IPTABLES -L shorewall -n && qt $IPTABLES -F shorewall && qt $IPTABLES -X shorewall', '', @@ -544,7 +544,7 @@ sub generate_script_2 () { ); if ( $capabilities{NAT_ENABLED} ) { - emitj( 'if [ -f ${VARDIR}/nat ]; then', + emit( 'if [ -f ${VARDIR}/nat ]; then', ' while read external interface; do', ' del_ip_addr $external $interface', ' done < ${VARDIR}/nat', @@ -560,7 +560,7 @@ sub generate_script_2 () { emit "}\n"; - emitj( '#', + emit( '#', '# Setup Routing and Traffic Shaping', '#', 'setup_routing_and_traffic_shaping() {' diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 83433e692..12ebab9b9 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -42,7 +42,6 @@ our @EXPORT = qw( create_temp_object finalize_object emit - emitj emit_unindented save_progress_message save_progress_message_short @@ -414,34 +413,11 @@ sub fatal_error { } # -# Write the argument to the object file (if any) with the current indentation. +# Write the arguments to the object file (if any) with the current indentation. # # Replaces leading spaces with tabs as appropriate and suppresses consecutive blank lines. # -sub emit ( $ ) { - if ( $object ) { - # - # 'compile' as opposed to 'check' - # - my $line = $_[0]; # This copy is necessary because the actual arguments are almost always read-only. - - unless ( $line =~ /^\s*$/ ) { - $line =~ s/^\n// if $lastlineblank; - $line =~ s/^/$indent/gm if $indent; - $line =~ s/ /\t/gm; - print $object "$line\n"; - $lastlineblank = ( substr( $line, -1, 1 ) eq "\n" ); - } else { - print $object "\n" unless $lastlineblank; - $lastlineblank = 1; - } - } -} - -# -# Version of emit() that accepts an indefinite number of scalar arguments; each argument will be emitted as a separate line -# -sub emitj { +sub emit { if ( $object ) { # # 'compile' as opposed to 'check' diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index 73d2b1ed6..60176a083 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -60,10 +60,10 @@ sub setup_arp_filtering() { my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter"; my $value = get_interface_option $interface, 'arp_filter'; - emitj( '', + emit ( '', "if [ -f $file ]; then", " echo $value > $file"); - emitj( 'else', + emit ( 'else', " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); emit "fi\n"; } @@ -74,9 +74,9 @@ sub setup_arp_filtering() { fatal_error "Internal Error in setup_arp_filtering()" unless defined $value; - emitj( "if [ -f $file ]; then", + emit ( "if [ -f $file ]; then", " echo $value > $file"); - emitj( 'else', + emit ( 'else', " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); emit "fi\n"; } @@ -100,18 +100,18 @@ sub setup_route_filtering() { if ( $config{ROUTE_FILTER} ) { my $val = $config{ROUTE_FILTER} eq 'on' ? 1 : 0; - emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do', - " [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter", - 'done' ); + emit ( 'for file in /proc/sys/net/ipv4/conf/*; do', + " [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter", + 'done' ); } for my $interface ( @$interfaces ) { my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter"; my $value = get_interface_option $interface, 'routefilter'; - emitj( "if [ -f $file ]; then" , + emit ( "if [ -f $file ]; then" , " echo $value > $file" ); - emitj( 'else' , + emit ( 'else' , " error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface); emit "fi\n"; } @@ -144,19 +144,19 @@ sub setup_martian_logging() { if ( $config{LOG_MARTIANS} ) { my $val = $config{LOG_MARTIANS} eq 'on' ? 1 : 0; - emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do', - " [ -f \$file/log_martians ] && echo $val > \$file/log_martians", - 'done' ); + emit ( 'for file in /proc/sys/net/ipv4/conf/*; do', + " [ -f \$file/log_martians ] && echo $val > \$file/log_martians", + 'done' ); } for my $interface ( @$interfaces ) { my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians"; my $value = get_interface_option $interface, 'logmartians'; - emitj( "if [ -f $file ]; then" , + emit ( "if [ -f $file ]; then" , " echo $value > $file" ); - emitj( 'else' , + emit ( 'else' , " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); emit "fi\n"; } @@ -189,9 +189,9 @@ sub setup_source_routing() { my $file = "/proc/sys/net/ipv4/conf/$interface/accept_source_route"; my $value = get_interface_option $interface, 'sourceroute'; - emitj( "if [ -f $file ]; then" , + emit ( "if [ -f $file ]; then" , " echo $value > $file" ); - emitj( 'else' , + emit ( 'else' , " error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface); emit "fi\n"; } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 31f0141a7..ccb110e9f 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -105,7 +105,7 @@ sub setup_route_marking() { sub copy_table( $$ ) { my ( $duplicate, $number ) = @_; - emitj( "ip route show table $duplicate | while read net route; do", + emit ( "ip route show table $duplicate | while read net route; do", ' case $net in', ' default|nexthop)', ' ;;', @@ -120,7 +120,7 @@ sub copy_table( $$ ) { sub copy_and_edit_table( $$$ ) { my ( $duplicate, $number, $copy ) = @_; - emitj ( "ip route show table $duplicate | while read net route; do", + emit ( "ip route show table $duplicate | while read net route; do", ' case $net in', ' default|nexthop)', ' ;;', @@ -197,7 +197,7 @@ sub add_a_provider( $$$$$$$$ ) { if ( $gateway eq 'detect' ) { my $variable = get_interface_address $interface; - emitj ( "gateway=\$(detect_gateway $interface)\n", + emit ( "gateway=\$(detect_gateway $interface)\n", 'if [ -n "$gateway" ]; then', " run_ip route replace $variable dev $interface table $number", " run_ip route add default via \$gateway dev $interface table $number", @@ -235,7 +235,7 @@ sub add_a_provider( $$$$$$$$ ) { my $pref = 10000 + $val; - emitj( "qt ip rule del fwmark $mark", + emit ( "qt ip rule del fwmark $mark", "run_ip rule add fwmark $mark pref $pref table $number", "echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing" ); @@ -273,7 +273,7 @@ sub add_a_provider( $$$$$$$$ ) { emit "\nrulenum=0\n"; - emitj ( "find_interface_addresses $interface | while read address; do", + emit ( "find_interface_addresses $interface | while read address; do", ' qt ip rule del from $address', " run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number", " echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing", @@ -281,7 +281,7 @@ sub add_a_provider( $$$$$$$$ ) { 'done' ); } else { - emitj( "\nfind_interface_addresses $interface | while read address; do", + emit ( "\nfind_interface_addresses $interface | while read address; do", ' qt ip rule del from $address', 'done' ); @@ -293,7 +293,7 @@ sub add_a_provider( $$$$$$$$ ) { emit 'else'; if ( $optional ) { - emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"", + emit ( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"", " ${iface}_up=" ); } else { @@ -343,7 +343,7 @@ sub add_an_rtrule( $$$$ ) { $priority = "priority $priority"; - emitj( "qt ip rule del $source $dest $priority", + emit ( "qt ip rule del $source $dest $priority", "run_ip rule add $source $dest $priority table $provider", "echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing" ); @@ -364,7 +364,7 @@ sub setup_providers() { push_indent; - emitj ( '#', + emit ( '#', '# Undo any changes made since the last time that we [re]started -- this will not restore the default route', '#', 'undo_routing', @@ -400,7 +400,7 @@ sub setup_providers() { if ( $providers ) { if ( $balance ) { - emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then', + emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then', ' run_ip route replace default scope global $DEFAULT_ROUTE', " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', @@ -409,7 +409,7 @@ sub setup_providers() { 'fi', '' ); } else { - emitj( '#', + emit ( '#', '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', '#', 'restore_default_route' ); diff --git a/Shorewall-perl/Shorewall/Proxyarp.pm b/Shorewall-perl/Shorewall/Proxyarp.pm index fb176a9ab..14af5825d 100644 --- a/Shorewall-perl/Shorewall/Proxyarp.pm +++ b/Shorewall-perl/Shorewall/Proxyarp.pm @@ -80,7 +80,7 @@ sub setup_one_proxy_arp( $$$$$ ) { $haveroute = 1 if $persistent; } - emitj( "if ! arp -i $external -Ds $address $external pub; then", + emit ( "if ! arp -i $external -Ds $address $external pub; then", " fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" , 'fi' , '', @@ -126,25 +126,25 @@ sub setup_proxy_arp() { for my $interface ( keys %reset ) { unless ( $set{interface} ) { - emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , + emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , " echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); emit "fi\n"; } } for my $interface ( keys %set ) { - emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , + emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , " echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); - emitj ( 'else' , + emit ( 'else' , " error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface ); emit "fi\n"; } for my $interface ( @$interfaces ) { my $value = get_interface_option $interface, 'proxyarp'; - emitj( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , + emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , " echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); - emitj( 'else' , + emit ( 'else' , " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); emit "fi\n"; } diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index e7f4570f9..aafd2844f 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -453,7 +453,7 @@ sub setup_traffic_shaping() { push_indent; - emitj( "${dev}_exists=Yes", + emit ( "${dev}_exists=Yes", "qt tc qdisc del dev $device root", "qt tc qdisc del dev $device ingress", "run_tc qdisc add dev $device root handle $devnum: htb default $defmark", @@ -465,7 +465,7 @@ sub setup_traffic_shaping() { my $inband = rate_to_kbit $devref->{in_bandwidth}; if ( $inband ) { - emitj( "run_tc qdisc add dev $device handle ffff: ingress", + emit ( "run_tc qdisc add dev $device handle ffff: ingress", "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1" ); } @@ -509,7 +509,7 @@ sub setup_traffic_shaping() { $lastdevice = $device; } - emitj( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum", + emit ( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum", "run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum", "run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10" ); diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index 2c127a8d4..50301724e 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -76,7 +76,7 @@ use constant { NOTHING => 'NOTHING', # # @zones contains the ordered list of zones with sub-zones appearing before their parents. # -# %zones{ => {type = > 'firewall', 'ipv4', 'ipsec4'; +# %zones{ => {type = > 'firewall', 'ipv4', 'ipsec4', 'bport4'; # options => { complex => 0|1 # in_out => < policy match string > # in => < policy match string >