holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Revise notrack/conntrack handling:

Browse Source 
- Purge empty notrack files.
- Process both files.
This commit is contained in:
Tom Eastep 2012-08-13 07:28:07 -07:00
parent 75b830b10e
commit 45288f5927
1 changed files with 48 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -204,62 +204,69 @@ sub setup_conntrack() {
my $format = 1; my $format = 1;
my $action = 'NOTRACK'; my $action = 'NOTRACK';
my $fn = open_file( 'notrack' ); for my $name ( qw/notrack conntrack/ ) {
if ( $fn ) { my $fn = open_file( $name );
if ( -f ( my $fn1 = find_file 'conntrack' ) ) {
warning_message "Both $fn and $fn1 exist: $fn1 will be ignored";
}
} else {
$fn = open_file( 'conntrack' );
}
if ( $fn ) { if ( $fn ) {
first_entry "$doing $fn..."; my $empty = 1;
my $nonEmpty = 0; first_entry( sub () { progress_message2 "$doing $fn...";
$empty = 0;
warning_message( "Non-empty notrack file ($fn); please move its contents to the conntrack file" ) if $name eq 'notrack';
}
);
while ( read_a_line( NORMAL_READ ) ) { while ( read_a_line( NORMAL_READ ) ) {
my ( $source, $dest, $proto, $ports, $sports, $user ); my ( $source, $dest, $proto, $ports, $sports, $user );
if ( $format == 1 ) { if ( $format == 1 ) {
( $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Conntrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5 }; ( $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Conntrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5 };
if ( $source eq 'FORMAT' ) { if ( $source eq 'FORMAT' ) {
$format = process_format( $dest ); $format = process_format( $dest );
next; next;
}
if ( $source eq 'COMMENT' ) {
process_comment;
next;
}
} else {
( $action, $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6 }, { COMMENT => 0, FORMAT => 2 };
if ( $action eq 'FORMAT' ) {
$format = process_format( $source );
$action = 'NOTRACK';
next;
}
if ( $action eq 'COMMENT' ) {
process_comment;
next;
}
} }
if ( $source eq 'COMMENT' ) { if ( $source eq 'all' ) {
process_comment; for my $zone (all_zones) {
next; process_conntrack_rule( undef, undef, $action, $zone, $dest, $proto, $ports, $sports, $user );
} }
} else { } else {
( $action, $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6 }, { COMMENT => 0, FORMAT => 2 }; process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user );
if ( $action eq 'FORMAT' ) {
$format = process_format( $source );
$action = 'NOTRACK';
next;
}
if ( $action eq 'COMMENT' ) {
process_comment;
next;
} }
} }
if ( $source eq 'all' ) { clear_comment;
for my $zone (all_zones) {
process_conntrack_rule( undef, undef, $action, $zone, $dest, $proto, $ports, $sports, $user ); if ( $empty && $name eq 'notrack') {
if ( unlink( $fn ) ) {
warning_message "Empty notrack file ($fn) removed";
} else {
warning_message "Unable to remove empty notrack file ($fn): $!";
} }
} else {
process_conntrack_rule( undef, undef, $action, $source, $dest, $proto, $ports, $sports, $user );
} }
} }
clear_comment;
} }
} }