holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Corrections to WORKAROUNDS implementation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-06-06 12:15:03 -07:00
parent 7c9155a6e8
commit 2956698298
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall-core/lib.cli
View File

@ -442,6 +442,7 @@ do_save() {
rm -f ${VARDIR}/restore-$$ rm -f ${VARDIR}/restore-$$
fi fi
fi fi
fi
else else
case "$ARPTABLES" in case "$ARPTABLES" in
*/*) */*)

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -301,7 +301,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
# #
# Config options and global settings that are to be copied to output script # Config options and global settings that are to be copied to output script
# #
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY WORKAROUNDS/; our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/;
# #
# From parsing the capabilities file or detecting capabilities # From parsing the capabilities file or detecting capabilities
# #
@ -5718,7 +5718,7 @@ sub get_configuration( $$$$$ ) {
default_yes_no 'TRACK_RULES' , ''; default_yes_no 'TRACK_RULES' , '';
default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , ''; default_yes_no 'WORKAROUNDS' , 'Yes';
require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS}; require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
@ -6263,7 +6263,7 @@ sub generate_aux_config() {
emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#"; emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";
for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE) ) { for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS) ) {
conditionally_add_option $option; conditionally_add_option $option;
} }

14
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -2397,14 +2397,22 @@ sub compile_stop_firewall( $$$ ) {
my $output = $filter_table->{OUTPUT}; my $output = $filter_table->{OUTPUT};
my $forward = $filter_table->{FORWARD}; my $forward = $filter_table->{FORWARD};
emit <<'EOF'; if ( $config{WORKAROUNDS} ) {
emit <<'EOF';
#
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
#
stop_firewall() {
local hack
EOF
} else {
emit <<'EOF';
# #
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command # Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
# #
stop_firewall() { stop_firewall() {
EOF EOF
}
emit ( ' local hack' ) if $config{WORKAROUNDS};
$output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED}; $output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};