diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 00412dd05..8b8c3b68b 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -202,6 +202,17 @@ our %interfaceaddr; our %interfaceaddrs; our %interfacenets; +our @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); + +# +# State of the generator. +# +use constant { NULL_STATE => 0 , # Generating neither shell commands nor iptables-restore input + CAT_STATE => 1 , # Generating iptables-restore input + CMD_STATE => 2 }; # Generating shell commands. + +our $state; + # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -287,6 +298,10 @@ sub initialize() { %interfaceaddr = (); %interfaceaddrs = (); %interfacenets = (); + # + # State of the generator. + # + $state = NULL_STATE; } INIT { @@ -1799,16 +1814,6 @@ sub insertnatjump( $$$$ ) { # # What follows is the code that generates the input to iptables-restore # -my @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING); - -# -# State of the generator. -# -use constant { NULL_STATE => 0 , # Generating neither shell commands nor iptables-restore input - CAT_STATE => 1 , # Generating iptables-restore input - CMD_STATE => 2 }; # Generating shell commands. - -my $state = NULL_STATE; # # Emits the passed 'rule' diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index e4daeb042..ad91cfb40 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -61,7 +61,9 @@ our @rule_chains; # Set to one if we find a SECTION # our $sectioned; - +our $macro_nest_level; +our $current_param; +our @param_stack; # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -74,6 +76,9 @@ our $sectioned; sub initialize() { @rule_chains = (); $sectioned = 0; + $macro_nest_level = 0; + $current_param = ''; + @param_stack; } INIT { @@ -887,10 +892,6 @@ sub process_macro ( $$$$$$$$$$$$$ ) { progress_message "..End Macro $macrofile" } -my $macro_nest_level = 0; -my $current_param = ''; -my @param_stack; - # # Once a rule has been completely resolved by macro expansion and wildcard (source and/or dest zone == 'all'), it is processed by this function. #