holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Some code cleanup:

Browse Source 
- Store config value in a local rather than repeatedly referencing the
  %config hash.
- Centralize generation of the valid table array

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-19 09:02:44 -07:00
parent 231c5dbca0
commit 56b8a9b9fa
1 changed files with 24 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3707,17 +3707,32 @@ sub optimize_level16( $$$ ) {
$passes++; $passes++;
} }
sub optimize_ruleset() { #
for my $table ( qw/raw rawpost mangle nat filter/ ) { # Return an array of valid Netfilter tables
#
sub valid_tables() {
my @table_list;
next if $family == F_IPV6 && $table eq 'nat'; push @table_list, 'raw' if have_capability( 'RAW_TABLE' );
push @table_list, 'rawpost' if have_capability( 'RAWPOST_TABLE' );
push @table_list, 'nat' if have_capability( 'NAT_ENABLED' );
push @table_list, 'mangle' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
push @table_list, 'filter';
@table_list;
}
sub optimize_ruleset() {
for my $table ( valid_tables ) {
my $tableref = $chain_table{$table}; my $tableref = $chain_table{$table};
my $passes = 0; my $passes = 0;
my $optimize = $config{OPTIMIZE};
$passes = optimize_level4( $table, $tableref ) if $config{OPTIMIZE} & 4; $passes = optimize_level4( $table, $tableref ) if $optimize & 4;
$passes = optimize_level8( $table, $tableref , $passes ) if $config{OPTIMIZE} & 8; $passes = optimize_level8( $table, $tableref , $passes ) if $optimize & 8;
$passes = optimize_level16( $table, $tableref , $passes ) if $config{OPTIMIZE} & 16; $passes = optimize_level16( $table, $tableref , $passes ) if $optimize & 16;
progress_message " Table $table Optimized -- Passes = $passes"; progress_message " Table $table Optimized -- Passes = $passes";
progress_message ''; progress_message '';
@ -7126,14 +7141,6 @@ sub load_ipsets() {
sub create_netfilter_load( $ ) { sub create_netfilter_load( $ ) {
my $test = shift; my $test = shift;
my @table_list;
push @table_list, 'raw' if have_capability( 'RAW_TABLE' );
push @table_list, 'rawpost' if have_capability( 'RAWPOST_TABLE' );
push @table_list, 'nat' if have_capability( 'NAT_ENABLED' );
push @table_list, 'mangle' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
push @table_list, 'filter';
$mode = NULL_MODE; $mode = NULL_MODE;
emit ( '#', emit ( '#',
@ -7164,7 +7171,7 @@ sub create_netfilter_load( $ ) {
emit_unindented '#'; emit_unindented '#';
} }
for my $table ( @table_list ) { for my $table ( valid_tables ) {
emit_unindented "*$table"; emit_unindented "*$table";
my @chains; my @chains;
@ -7229,14 +7236,6 @@ sub create_netfilter_load( $ ) {
# #
sub preview_netfilter_load() { sub preview_netfilter_load() {
my @table_list;
push @table_list, 'raw' if have_capability( 'RAW_TABLE' );
push @table_list, 'rawpost' if have_capability( 'RAWPOST_TABLE' );
push @table_list, 'nat' if have_capability( 'NAT_ENABLED' );
push @table_list, 'mangle' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
push @table_list, 'filter';
$mode = NULL_MODE; $mode = NULL_MODE;
push_indent; push_indent;
@ -7247,7 +7246,7 @@ sub preview_netfilter_load() {
print "#\n# Generated by Shorewall $globals{VERSION} - $date\n#\n"; print "#\n# Generated by Shorewall $globals{VERSION} - $date\n#\n";
for my $table ( @table_list ) { for my $table ( valid_tables ) {
print "*$table\n"; print "*$table\n";
my @chains; my @chains;
@ -7449,14 +7448,6 @@ sub create_chainlist_reload($) {
sub create_stop_load( $ ) { sub create_stop_load( $ ) {
my $test = shift; my $test = shift;
my @table_list;
push @table_list, 'raw' if have_capability( 'RAW_TABLE' );
push @table_list, 'rawpost' if have_capability( 'RAWPOST_TABLE' );
push @table_list, 'nat' if have_capability( 'NAT_ENABLED' );
push @table_list, 'mangle' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
push @table_list, 'filter';
my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore'; my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore';
my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE'; my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE';
@ -7477,7 +7468,7 @@ sub create_stop_load( $ ) {
emit_unindented '#'; emit_unindented '#';
} }
for my $table ( @table_list ) { for my $table ( valid_tables ) {
emit_unindented "*$table"; emit_unindented "*$table";
my @chains; my @chains;