holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Tweak emitter

Browse Source
This commit is contained in:
Tom Eastep 2009-09-29 14:28:50 -05:00
parent 393673a884
commit 39ee3b2025
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -272,11 +272,11 @@ our %interfacegateways; # Gateway of default route out of the interface
our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING);
# #
# Mode of the generator. # Mode of the emitter.
# #
use constant { NULL_MODE => 0 , # Generating neither shell commands nor iptables-restore input use constant { NULL_MODE => 0 , # Emitting neither shell commands nor iptables-restore input
CAT_MODE => 1 , # Generating iptables-restore input CAT_MODE => 1 , # Emitting iptables-restore input
CMD_MODE => 2 }; # Generating shell commands. CMD_MODE => 2 }; # Emitting shell commands.
our $mode; our $mode;
@ -2826,14 +2826,15 @@ sub expand_rule( $$$$$$$$$$;$ )
} }
# #
# The following code generates the input to iptables-restore # The following code generates the input to iptables-restore from the contents of the
# @rules arrays in the chain table entries.
# #
# We always write the iptables-restore input into a file then pass the # We always write the iptables-restore input into a file then pass the
# file to iptables-restore. That way, if things go wrong, the user (and Shorewall support) # file to iptables-restore. That way, if things go wrong, the user (and Shorewall support)
# has (have) something to look at to determine the error # has (have) something to look at to determine the error
# #
# We may have to generate part of the input at run-time. The rules array in each chain # We may have to generate part of the input at run-time. The rules array in each chain
# table entry may contain rules (begin with '-A') or shell source. We alternate between # table entry may contain both rules (begin with '-A') or shell source. We alternate between
# writing the rules ('-A') into the temporary file to be passed to iptables-restore # writing the rules ('-A') into the temporary file to be passed to iptables-restore
# (CAT_MODE) and and writing shell source into the generated script (CMD_MODE). # (CAT_MODE) and and writing shell source into the generated script (CMD_MODE).
# #
@ -2854,20 +2855,20 @@ sub enter_cmd_mode() {
# Emits the passed rule (input to iptables-restore) or command # Emits the passed rule (input to iptables-restore) or command
# #
sub emitr( $ ) { sub emitr( $ ) {
my $rule = $_[0]; if ( my $rule = $_[0] ) {
if ( substr( $rule, 0, 2 ) eq '-A' ) {
if ( $rule && substr( $rule, 0, 2 ) eq '-A' ) { #
# # A rule
# A rule #
# enter_cat_mode unless $mode == CAT_MODE;
enter_cat_mode unless $mode == CAT_MODE; emit_unindented $rule;
emit_unindented $rule; } else {
} else { #
# # A command
# A command #
# enter_cmd_mode unless $mode == CMD_MODE;
enter_cmd_mode unless $mode == CMD_MODE; emit $rule;
emit $rule; }
} }
} }