diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm index ad2a761af..ee7be7815 100644 --- a/New/Shorewall/Chains.pm +++ b/New/Shorewall/Chains.pm @@ -33,7 +33,8 @@ our @EXPORT = qw( add_rule %chain_table $nat_table $mangle_table - $filter_table ); + $filter_table + $section ); our @EXPORT_OK = (); our @VERSION = 1.00; @@ -63,15 +64,19 @@ our @VERSION = 1.00; # # 'loglevel', 'synparams' and 'default' only apply to policy chains. # -my @policy_chains; -my %chain_table = ( raw => {} , - mangle => {}, - nat => {}, - filter => {} ); +our @policy_chains; +our %chain_table = ( raw => {} , + mangle => {}, + nat => {}, + filter => {} ); -my $nat_table = $chain_table{nat}; -my $mangle_table = $chain_table{mangle}; -my $filter_table = $chain_table{filter}; +our $nat_table = $chain_table{nat}; +our $mangle_table = $chain_table{mangle}; +our $filter_table = $chain_table{filter}; +# +# Current rules file section. +# +our $section = 'ESTABLISHED'; # # Add a rule to a chain. Arguments are: diff --git a/New/Shorewall/Common.pm b/New/Shorewall/Common.pm index e48f4260d..d2dca768f 100644 --- a/New/Shorewall/Common.pm +++ b/New/Shorewall/Common.pm @@ -18,12 +18,11 @@ our @EXPORT = qw(warning_message copy copy1 - $line - $lastlineblank); + $line); our @EXPORT_OK = (); our @VERSION = 1.00; -my $line = ''; # Current config file line +our $line = ''; # Current config file line my $object = 0; # Object file Handle Reference my $lastlineblank = 0; # Avoid extra blank lines in the output my $indent = ''; diff --git a/New/Shorewall/Interfaces.pm b/New/Shorewall/Interfaces.pm index 7e56e444f..2b7d354ff 100644 --- a/New/Shorewall/Interfaces.pm +++ b/New/Shorewall/Interfaces.pm @@ -2,6 +2,7 @@ package Shorewall::Interfaces; require Exporter; use Shorewall::Common; use Shorewall::Config; +use Shorewall::Zones; our @ISA = qw(Exporter); our @EXPORT = qw( validate_interfaces_file dump_interface_info known_interface @interfaces %interfaces ); @@ -21,8 +22,8 @@ our @VERSION = 1.00; # zone => # } # -my @interfaces; -my %interfaces; +our @interfaces; +our %interfaces; # # Parse the interfaces file. diff --git a/New/Shorewall/Zones.pm b/New/Shorewall/Zones.pm index c960f4f99..338c076f6 100644 --- a/New/Shorewall/Zones.pm +++ b/New/Shorewall/Zones.pm @@ -37,9 +37,9 @@ our @VERSION = 1.00; # # $firewall_zone names the firewall zone. # -my @zones; -my %zones; -my $firewall_zone; +our @zones; +our %zones; +our $firewall_zone; # # Parse the passed option list and return a reference to a hash as follows: diff --git a/New/compiler.pl b/New/compiler.pl index 3dbca07b5..66e3c693b 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -38,10 +38,6 @@ my $exclseq = 0; my $iprangematch = 0; my $ipsetmatch = 0; # -# Current rules file section. -# -my $section = 'ESTABLISHED'; -# # These get set to 1 as sections are encountered. # my %sections = ( ESTABLISHED => 0, @@ -4277,15 +4273,14 @@ sub setup_providers() { sub setup_route_marking() { my $mask = $config{HIGH_ROUTE_MARKS} ? '0xFFFF' : '0xFF'; my $mark_op = $config{HIGH_ROUTE_MARKS} ? '--or-mark' : '--set-mark'; - my $preroutrulenum = 1; - insert_rule $mangle_table->{PREROUTING} , $preroutrulenum++ , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; - insert_rule $mangle_table->{OUTPUT} , 1, " -m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; + add_rule $mangle_table->{PREROUTING} , "-m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; + add_rule $mangle_table->{OUTPUT} , " -m connmark ! --mark 0/$mask -j CONNMARK --restore-mark --mask $mask"; my $chainref = new_chain 'mangle', 'routemark'; while ( my ( $interface, $mark ) = ( each %routemarked_interfaces ) ) { - insert_rule $mangle_table->{PREROUTING} , $preroutrulenum++ , "-i $interface -m mark --mark 0/$mask -j routemark"; + add_rule $mangle_table->{PREROUTING} , "-i $interface -m mark --mark 0/$mask -j routemark"; add_rule $chainref, " -i $interface -j MARK $mark_op $mark"; }