diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 9c40099e8..260a10e11 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -7484,7 +7484,6 @@ sub create_stop_load( $ ) { sub initialize_switches() { if ( keys %switches ) { - push_indent; push_indent; emit( 'if [ $COMMAND = start ]; then' ); push_indent; while ( my ( $switch, $setting ) = each %switches ) { @@ -7493,7 +7492,6 @@ sub initialize_switches() { } pop_indent; emit "fi\n"; - pop_indent; pop_indent; } } diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index ec8cf9e7c..6fe0d9af7 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -459,10 +459,10 @@ sub generate_script_3($) { fatal_error "$iptables_save_file does not exist" fi EOF - pop_indent; + push_indent; setup_load_distribution; setup_forwarding( $family , 1 ); - push_indent; + pop_indent; my $config_dir = $globals{CONFIGDIR}; @@ -473,8 +473,10 @@ else if [ \$COMMAND = refresh ]; then chainlist_reload EOF + push_indent(2); setup_load_distribution; setup_forwarding( $family , 0 ); + pop_indent(2); emit( ' run_refreshed_exit' , ' do_iptables -N shorewall' , @@ -482,13 +484,17 @@ EOF ' else' , ' setup_netfilter' ); + push_indent(2); setup_load_distribution; + pop_indent(2); emit<<"EOF"; conditionally_flush_conntrack EOF + push_indent(2); initialize_switches; setup_forwarding( $family , 0 ); + pop_indent(2); emit<<"EOF"; run_start_exit diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index a1b1b8b28..68972e126 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -1489,24 +1489,32 @@ sub progress_message3 { # # Push/Pop Indent # -sub push_indent() { - if ( $indent2 ) { - $indent2 = ''; - $indent = $indent1 = $indent1 . "\t"; - } else { - $indent2 = ' '; - $indent = $indent1 . $indent2; +sub push_indent(;$) { + my $times = shift || 1; + + while ( $times-- ) { + if ( $indent2 ) { + $indent2 = ''; + $indent = $indent1 = $indent1 . "\t"; + } else { + $indent2 = ' '; + $indent = $indent1 . $indent2; + } } } -sub pop_indent() { - if ( $indent2 ) { - $indent2 = ''; - $indent = $indent1; - } else { - $indent1 = substr( $indent1 , 0, -1 ); - $indent2 = ' '; - $indent = $indent1 . $indent2; +sub pop_indent(;$) { + my $times = shift || 1; + + while ( $times-- ) { + if ( $indent2 ) { + $indent2 = ''; + $indent = $indent1; + } else { + $indent1 = substr( $indent1 , 0, -1 ); + $indent2 = ' '; + $indent = $indent1 . $indent2; + } } } diff --git a/Shorewall/Perl/Shorewall/Proc.pm b/Shorewall/Perl/Shorewall/Proc.pm index 71074ecc5..05d625782 100644 --- a/Shorewall/Perl/Shorewall/Proc.pm +++ b/Shorewall/Perl/Shorewall/Proc.pm @@ -219,30 +219,30 @@ sub setup_forwarding( $$ ) { if ( $family == F_IPV4 ) { if ( $config{IP_FORWARDING} eq 'on' ) { - emit ' echo 1 > /proc/sys/net/ipv4/ip_forward'; - emit ' progress_message2 IPv4 Forwarding Enabled'; + emit 'echo 1 > /proc/sys/net/ipv4/ip_forward'; + emit 'progress_message2 IPv4 Forwarding Enabled'; } elsif ( $config{IP_FORWARDING} eq 'off' ) { - emit ' echo 0 > /proc/sys/net/ipv4/ip_forward'; - emit ' progress_message2 IPv4 Forwarding Disabled!'; + emit 'echo 0 > /proc/sys/net/ipv4/ip_forward'; + emit 'progress_message2 IPv4 Forwarding Disabled!'; } emit ''; - emit ( ' echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables' , + emit ( 'echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables' , '' ) if have_bridges; } else { if ( $config{IP_FORWARDING} eq 'on' ) { - emit ' echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'; - emit ' progress_message2 IPv6 Forwarding Enabled'; + emit 'echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'; + emit 'progress_message2 IPv6 Forwarding Enabled'; } elsif ( $config{IP_FORWARDING} eq 'off' ) { - emit ' echo 0 > /proc/sys/net/ipv6/conf/all/forwarding'; - emit ' progress_message2 IPv6 Forwarding Disabled!'; + emit 'echo 0 > /proc/sys/net/ipv6/conf/all/forwarding'; + emit 'progress_message2 IPv6 Forwarding Disabled!'; } emit ''; - emit ( ' echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables' , + emit ( 'echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables' , '' ) if have_bridges; @@ -251,9 +251,6 @@ sub setup_forwarding( $$ ) { if ( @$interfaces ) { progress_message2 "$doing Interface forwarding..." if $first; - push_indent; - push_indent; - save_progress_message 'Setting up IPv6 Interface Forwarding...'; for my $interface ( @$interfaces ) { @@ -270,9 +267,6 @@ sub setup_forwarding( $$ ) { " error_message \"WARNING: Cannot set IPv6 forwarding on $interface\"" ) unless $optional; emit "fi\n"; } - - pop_indent; - pop_indent; } } } diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index ae2bef05b..5802f3ebf 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1952,7 +1952,7 @@ sub handle_stickiness( $ ) { sub setup_load_distribution() { emit ( '', - " distribute_load $maxload @load_interfaces" , + "distribute_load $maxload @load_interfaces" , '' ) if @load_interfaces; }