More detect stuff

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5632 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-03-22 20:24:21 +00:00 · 2007-03-22 20:24:21 +00:00 · 2f40bcd8e1
commit 2f40bcd8e1
parent 7146dc4942
4 changed files with 23 additions and 8 deletions
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@ -236,7 +236,7 @@ sub add_command($$)
 {
    my ($chainref, $command) = @_;
-    $command =~ s/^/~/mg;
+    $command =~ s/^/~/;
    push @{$chainref->{rules}}, $command;
@ -1299,7 +1299,8 @@ sub create_netfilter_load() {
    emit_unindented '__EOF__' unless $state == CMD_STATE;
    emit '';
-
+    emit ' exec 3>&-';
    emit '';
    emit 'iptables-restore < $TEMPFILE' if $slowstart;
    emit 'if [ $? != 0 ]; then';
    emit '    fatal_error "iptables-restore Failed"';
--- a/New/Shorewall/Interfaces.pm
+++ b/New/Shorewall/Interfaces.pm
@ -46,7 +46,6 @@ our @VERSION = 1.00;
 #     @interfaces lists the interface names in the order that they appear in the interfaces file.
 #
 #     %interfaces { <interface1> => { root        => <name without trailing '+'>
 #                                     broadcast   => [ <bcast1>, ... ]
 #                                     options     => { <option1> = <val1> ,
 #                                                      ...
 #                                                    }
@ -162,10 +161,9 @@ sub validate_interfaces_file()
 	( $interfaces{$interface}{root} = $interface ) =~ s/\+$// ;
-	if ( $networks && $networks ne '-' )
+	if ( $networks && $networks ne '-' && $networks ne 'detect' )
 	{
-	    my @broadcast = split ',', $networks; 
+	    warning_message 'Shorewall no longer uses broadcast addresses in rule generation:' . $networks;
 	    $interfaces{$interface}{broadcast} = \@broadcast;
 	}
 	my $optionsref = {};
--- a/New/Shorewall/Rules.pm
+++ b/New/Shorewall/Rules.pm
@ -669,7 +669,24 @@ sub setup_mac_lists( $ ) {
 	for my $interface ( @maclist_interfaces ) {
 	    my $chainref = $chain_table{$table}{( $config{MACLIST_TTL} ? macrecent_target $interface : mac_chain $interface )};
-	    my $chain    = mac_chain $interface;
+	    my $chain    = $chainref->{name};
 	    if ( $config{MACLIST_LOG_LEVEL} || $config{MACLIST_DISPOSITION} != 'ACCEPT' ) {
 		add_command $chainref, "if interface_is_usable $interface; then";
 		add_command $chainref, "    ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do";
 		add_command $chainref, '        address=${address%/*}';
 		add_command $chainref, '        if [ -n "$broadcast" ]; then';
 		add_command $chainref, '            echo "-A $chain -s $address -d $broadcast -j RETURN" >&3'; 
 		add_command $chainref, '        fi';
 		add_command $chainref, '';
 		add_command $chainref, '        echo "-A $chain -s $address -d 255.255.255.255 -j RETURN" >&3';
 		add_command $chainref, '        echo "-A $chain -s $address -d 224.0.0.0/4     -j RETURN" >&3';
 		add_command $chainref, '    done';
 		add_command $chainref, 'else';
 		add_command $chainref, "    fatal_error \"Interface $interface must be up before Shorewall can start\"";
 		add_command $chainref, "fi\n";
 	    }
 	    log_rule_limit $level, $chainref , $chain , $disposition, '', '', 'add', '';
 	    add_rule $chainref, "-j $target";
 	}
--- a/New/compiler.pl
+++ b/New/compiler.pl
@ -543,7 +543,6 @@ if [ $COMMAND = restore ]; then
        iptables-restore < $iptables_save_file
    else
        fatal_error "$iptables_save_file does not exist"
        exit 2
    fi
    set_state "Started"
 else