diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm index ee7be7815..e9229e411 100644 --- a/New/Shorewall/Chains.pm +++ b/New/Shorewall/Chains.pm @@ -416,7 +416,7 @@ sub finish_section ( $ ) { for my $zone ( @zones ) { for my $zone1 ( @zones ) { - my $chainref = $chain_table{'filter'}{"${zone}2${zone1}"}; + my $chainref = $chain_table{'filter'}{"$zone}2${zone1}"}; if ( $chainref->{referenced} ) { finish_chain_section $chainref, $sections; } diff --git a/New/Shorewall/Rules.pm b/New/Shorewall/Rules.pm new file mode 100644 index 000000000..97d0c487b --- /dev/null +++ b/New/Shorewall/Rules.pm @@ -0,0 +1,64 @@ +package Shorewall::Rules; +require Exporter; + +our @ISA = qw(Exporter); +our @EXPORT = qw( STANDARD + NATRULE + BUILTIN + NONAT + NATONLY + REDIRECT + ACTION + MACRO + LOGRULE + + %targets + ); +our @EXPORT_OK = (); +our @VERSION = 1.00; + +# +# Target Table. Each entry maps a target to a set of flags defined as follows. +# +use constant { STANDARD => 1, #defined by Netfilter + NATRULE => 2, #Involved NAT + BUILTIN => 4, #A built-in action + NONAT => 8, #'NONAT' or 'ACCEPT+' + NATONLY => 16, #'DNAT-' or 'REDIRECT-' + REDIRECT => 32, #'REDIRECT' + ACTION => 64, #An action + MACRO => 128, #A Macro + LOGRULE => 256, #'LOG' + }; +# +# As new targets (Actions and Macros) are discovered, they are added to the table +# +our %targets = ('ACCEPT' => STANDARD, + 'ACCEPT+' => STANDARD + NONAT, + 'ACCEPT!' => STANDARD, + 'NONAT' => STANDARD + NONAT, + 'DROP' => STANDARD, + 'DROP!' => STANDARD, + 'REJECT' => STANDARD, + 'REJECT!' => STANDARD, + 'DNAT' => NATRULE, + 'DNAT-' => NATRULE + NATONLY, + 'REDIRECT' => NATRULE + REDIRECT, + 'REDIRECT-' => NATRULE + REDIRECT + NATONLY, + 'LOG' => STANDARD + LOGRULE, + 'CONTINUE' => STANDARD, + 'QUEUE' => STANDARD, + 'SAME' => NATRULE, + 'SAME-' => NATRULE + NATONLY, + 'dropBcast' => BUILTIN + ACTION, + 'allowBcast' => BUILTIN + ACTION, + 'dropNotSyn' => BUILTIN + ACTION, + 'rejNotSyn' => BUILTIN + ACTION, + 'dropInvalid' => BUILTIN + ACTION, + 'allowInvalid' => BUILTIN + ACTION, + 'allowinUPnP' => BUILTIN + ACTION, + 'forwardUPnP' => BUILTIN + ACTION, + 'Limit' => BUILTIN + ACTION, + ); + +1; diff --git a/New/Shorewall/Zones.pm b/New/Shorewall/Zones.pm index e2d0edd7f..f4cd331d3 100644 --- a/New/Shorewall/Zones.pm +++ b/New/Shorewall/Zones.pm @@ -4,10 +4,33 @@ use Shorewall::Common; use Shorewall::Config; our @ISA = qw(Exporter); -our @EXPORT = qw( determine_zones add_group_to_zone dump_zone_info zone_report @zones %zones $firewall_zone ); +our @EXPORT = qw( NOTHING + NUMERIC + NETWORK + IPSECPROTO + IPSECMODE + + determine_zones + add_group_to_zone + dump_zone_info + zone_report + + @zones + %zones + $firewall_zone ); our @EXPORT_OK = (); our @VERSION = 1.00; +# +# IPSEC Option types +# +use constant { NOTHING => 'NOTHING', + NUMERIC => '0x[\da-fA-F]+|\d+', + NETWORK => '\d+.\d+.\d+.\d+(\/\d+)?', + IPSECPROTO => 'ah|esp|ipcomp', + IPSECMODE => 'tunnel|transport' + }; + # # Zone Table. # diff --git a/New/compiler.pl b/New/compiler.pl index 0c8adc5c7..df52c4a9e 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -10,16 +10,8 @@ use Shorewall::Chains; use Shorewall::Zones; use Shorewall::Interfaces; use Shorewall::Hosts; +use Shorewall::Rules; -# -# IPSEC Option types -# -use constant { NOTHING => 'NOTHING', - NUMERIC => '0x[\da-fA-F]+|\d+', - NETWORK => '\d+.\d+.\d+.\d+(\/\d+)?', - IPSECPROTO => 'ah|esp|ipcomp', - IPSECMODE => 'tunnel|transport' - }; my ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion. @@ -57,50 +49,7 @@ my @allipv4 = ( '0.0.0.0/0' ); use constant { ALLIPv4 => '0.0.0.0/0' }; my @rfc1918_networks = ( "10.0.0.0/24", "172.16.0.0/12", "192.168.0.0/16" ); -# -# Target Table. Each entry maps a target to a set of flags defined as follows. -# -use constant { STANDARD => 1, #defined by Netfilter - NATRULE => 2, #Involved NAT - BUILTIN => 4, #A built-in action - NONAT => 8, #'NONAT' or 'ACCEPT+' - NATONLY => 16, #'DNAT-' or 'REDIRECT-' - REDIRECT => 32, #'REDIRECT' - ACTION => 64, #An action - MACRO => 128, #A Macro - LOGRULE => 256, #'LOG' - }; -# -# As new targets (Actions and Macros) are discovered, they are added to the table -# -my %targets = ('ACCEPT' => STANDARD, - 'ACCEPT+' => STANDARD + NONAT, - 'ACCEPT!' => STANDARD, - 'NONAT' => STANDARD + NONAT, - 'DROP' => STANDARD, - 'DROP!' => STANDARD, - 'REJECT' => STANDARD, - 'REJECT!' => STANDARD, - 'DNAT' => NATRULE, - 'DNAT-' => NATRULE + NATONLY, - 'REDIRECT' => NATRULE + REDIRECT, - 'REDIRECT-' => NATRULE + REDIRECT + NATONLY, - 'LOG' => STANDARD + LOGRULE, - 'CONTINUE' => STANDARD, - 'QUEUE' => STANDARD, - 'SAME' => NATRULE, - 'SAME-' => NATRULE + NATONLY, - 'dropBcast' => BUILTIN + ACTION, - 'allowBcast' => BUILTIN + ACTION, - 'dropNotSyn' => BUILTIN + ACTION, - 'rejNotSyn' => BUILTIN + ACTION, - 'dropInvalid' => BUILTIN + ACTION, - 'allowInvalid' => BUILTIN + ACTION, - 'allowinUPnP' => BUILTIN + ACTION, - 'forwardUPnP' => BUILTIN + ACTION, - 'Limit' => BUILTIN + ACTION, - ); -# + # Action Table # # %actions{ => { requires => { = 1,