holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add more comments

Browse Source
This commit is contained in:
Tom Eastep 2010-09-22 15:26:01 -07:00
parent 9d5642aedd
commit 2c7b1b5d7b
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -243,6 +243,9 @@ our $section;
our $comment; our $comment;
#
# Target Types
#
use constant { STANDARD => 1, #defined by Netfilter use constant { STANDARD => 1, #defined by Netfilter
NATRULE => 2, #Involves NAT NATRULE => 2, #Involves NAT
BUILTIN => 4, #A built-in action BUILTIN => 4, #A built-in action
@ -256,7 +259,9 @@ use constant { STANDARD => 1, #defined by Netfilter
CHAIN => 1024, #Manual Chain CHAIN => 1024, #Manual Chain
SET => 2048. #SET SET => 2048. #SET
}; };
#
# Valid Targets -- value is a combination of one or more of the above
#
our %targets; our %targets;
# #
# expand_rule() restrictions # expand_rule() restrictions
@ -267,7 +272,7 @@ use constant { NO_RESTRICT => 0, # FORWARD chain rule - Both -i an
OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed OUTPUT_RESTRICT => 8, # OUTPUT chain rule - -i not allowed
POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table POSTROUTE_RESTRICT => 16, # POSTROUTING chain rule - -i converted to -s <address list> using main routing table
ALL_RESTRICT => 12, # fw->fw rule - neither -i nor -o allowed ALL_RESTRICT => 12, # fw->fw rule - neither -i nor -o allowed
DESTIFACE_DISALLOW => 32, # Don't allow dest interface DESTIFACE_DISALLOW => 32, # Don't allow dest interface. Similar to INPUT_RESTRICT but generates a more relevant error message
}; };
our $iprangematch; our $iprangematch;
@ -276,7 +281,6 @@ our $idiotcount;
our $idiotcount1; our $idiotcount1;
our $warningcount; our $warningcount;
our $hashlimitset; our $hashlimitset;
our $global_variables; our $global_variables;
# #
@ -285,7 +289,7 @@ our $global_variables;
use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 }; use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 };
# #
# These hashes hold the shell code to set shell variables # These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents
# #
our %interfaceaddr; # First interface address our %interfaceaddr; # First interface address
our %interfaceaddrs; # All interface addresses our %interfaceaddrs; # All interface addresses
@ -301,14 +305,16 @@ our %interfacegateways; # Gateway of default route out of the interface
our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING);
# #
# Mode of the emitter. # Mode of the emitter (part of this module that converts rules in the chain table into iptables-restore input)
# #
use constant { NULL_MODE => 0 , # Emitting neither shell commands nor iptables-restore input use constant { NULL_MODE => 0 , # Emitting neither shell commands nor iptables-restore input
CAT_MODE => 1 , # Emitting iptables-restore input CAT_MODE => 1 , # Emitting iptables-restore input
CMD_MODE => 2 }; # Emitting shell commands. CMD_MODE => 2 }; # Emitting shell commands.
our $mode; our $mode;
#
# Address Family
#
our $family; our $family;
# #
@ -369,7 +375,7 @@ sub initialize( $ ) {
# #
$chainseq = 0; $chainseq = 0;
# #
# Used to suppress duplicate match specifications. # Used to suppress duplicate match specifications for old iptables binaries.
# #
$iprangematch = 0; $iprangematch = 0;
# #