holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Revise notrack/conntrack handling:

Browse Source 
- Purge empty notrack files.
- Process both files.
This commit is contained in:
Tom Eastep 2012-08-13 07:28:07 -07:00
parent 75b830b10e
commit 45288f5927
1 changed files with 48 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -204,21 +204,19 @@ sub setup_conntrack() {
my $format = 1; my $format = 1;
my $action = 'NOTRACK'; my $action = 'NOTRACK';
my $fn = open_file( 'notrack' ); for my $name ( qw/notrack conntrack/ ) {
if ( $fn ) { my $fn = open_file( $name );
if ( -f ( my $fn1 = find_file 'conntrack' ) ) {
warning_message "Both $fn and $fn1 exist: $fn1 will be ignored";
}
} else {
$fn = open_file( 'conntrack' );
}
if ( $fn ) { if ( $fn ) {
first_entry "$doing $fn..."; my $empty = 1;
my $nonEmpty = 0; first_entry( sub () { progress_message2 "$doing $fn...";
$empty = 0;
warning_message( "Non-empty notrack file ($fn); please move its contents to the conntrack file" ) if $name eq 'notrack';
}
);
while ( read_a_line( NORMAL_READ ) ) { while ( read_a_line( NORMAL_READ ) ) {
my ( $source, $dest, $proto, $ports, $sports, $user ); my ( $source, $dest, $proto, $ports, $sports, $user );
@ -260,6 +258,15 @@ sub setup_conntrack() {
} }
clear_comment; clear_comment;
if ( $empty && $name eq 'notrack') {
if ( unlink( $fn ) ) {
warning_message "Empty notrack file ($fn) removed";
} else {
warning_message "Unable to remove empty notrack file ($fn): $!";
}
}
}
} }
} }