holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Second baby step in reorganizing the compiled script

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-01-16 21:16:13 +00:00
parent 790b9dfa21
commit 5b3a2831c6
3 changed files with 50 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -606,21 +606,12 @@ EOF
# #
# Second Phase of Script Generation # Second Phase of Script Generation
# #
# copies the 'prog.functions' file into the script, generates # copies the 'prog.functions' file into the script and generates
# clear_routing_and_traffic_shaping() and the first part of # the first part of 'setup_routing_and_traffic_shaping()'
# 'setup_routing_and_traffic_shaping()'
# #
# The bulk of that function is produced by the various config file # The bulk of that function is produced by the various config file
# parsing routines that are called directly out of 'compiler()'. # parsing routines that are called directly out of 'compiler()'.
# #
# We create two separate functions rather than one so that the
# define_firewall() shell function can set global IP configuration variables
# after the old config has been cleared and before we start instantiating
# the new config. That way, the variables reflect the way that the
# distribution's tools have configured IP without any Shorewall
# modifications and the firewall configuration is the same after
# 'restart' as it is after 'start'.
#
# Note: This function is not called when $command eq 'check'. So it must have no side effects other # Note: This function is not called when $command eq 'check'. So it must have no side effects other
# than those related to writing to the object file. # than those related to writing to the object file.
# #
@ -634,64 +625,7 @@ sub generate_script_2 () {
} }
} }
emit( '', emit( "\n#",
'#',
'# Clear Routing and Traffic Shaping',
'#',
'clear_routing_and_traffic_shaping() {'
);
push_indent;
if ( $family == F_IPV4 ) {
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
'if [ -n "$addr" ]; then',
' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')',
' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do',
' if in_network $addr $network; then',
" error_message \"WARNING: The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface\"",
' fi',
' done',
"fi\n" );
}
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'',
'qt1 $IPTABLES -L shorewall -n && qt1 $IPTABLES -F shorewall && qt1 $IPTABLES -X shorewall',
'',
'delete_proxyarp',
''
);
if ( $capabilities{NAT_ENABLED} ) {
emit( 'if [ -f ${VARDIR}/nat ]; then',
' while read external interface; do',
' del_ip_addr $external $interface',
' done < ${VARDIR}/nat',
'',
' rm -f ${VARDIR}/nat',
"fi\n" );
}
emit "delete_tc1\n" if $config{CLEAR_TC};
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
} else {
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'',
'qt1 $IP6TABLES -L shorewall -n && qt1 $IP6TABLES -F shorewall && qt1 $IP6TABLES -X shorewall',
''
);
emit "delete_tc1\n" if $config{CLEAR_TC};
}
pop_indent;
emit "}\n";
emit( '#',
'# Setup Routing and Traffic Shaping', '# Setup Routing and Traffic Shaping',
'#', '#',
'setup_routing_and_traffic_shaping() {' 'setup_routing_and_traffic_shaping() {'
@ -776,7 +710,51 @@ sub generate_script_3($) {
emit ''; emit '';
emit "\nclear_routing_and_traffic_shaping"; if ( $family == F_IPV4 ) {
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
'if [ -n "$addr" ]; then',
' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')',
' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do',
' if in_network $addr $network; then',
" error_message \"WARNING: The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface\"",
' fi',
' done',
"fi\n" );
}
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'',
'qt1 $IPTABLES -L shorewall -n && qt1 $IPTABLES -F shorewall && qt1 $IPTABLES -X shorewall',
'',
'delete_proxyarp',
''
);
if ( $capabilities{NAT_ENABLED} ) {
emit( 'if [ -f ${VARDIR}/nat ]; then',
' while read external interface; do',
' del_ip_addr $external $interface',
' done < ${VARDIR}/nat',
'',
' rm -f ${VARDIR}/nat',
"fi\n" );
}
emit "delete_tc1\n" if $config{CLEAR_TC};
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
} else {
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'',
'qt1 $IP6TABLES -L shorewall -n && qt1 $IP6TABLES -F shorewall && qt1 $IP6TABLES -X shorewall',
''
);
emit "delete_tc1\n" if $config{CLEAR_TC};
}
emit '';
set_global_variables; set_global_variables;

2
Shorewall-perl/prog.header
View File

@ -858,7 +858,7 @@ delete_tc1()
} }
run_user_exit tcclear run_tcclear_exit
run_ip link list | \ run_ip link list | \
while read inx interface details; do while read inx interface details; do

2
Shorewall-perl/prog.header6
View File

@ -778,7 +778,7 @@ delete_tc1()
} }
run_user_exit tcclear run_tcclear_exit
run_ip link list | \ run_ip link list | \
while read inx interface details; do while read inx interface details; do