forked from extern/shorewall_code
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
f64e171c19
commit
61b5dbbb95
@ -46,8 +46,7 @@ our @EXPORT = qw(
|
|||||||
save_policies
|
save_policies
|
||||||
ensure_rules_chain
|
ensure_rules_chain
|
||||||
optimize_policy_chains
|
optimize_policy_chains
|
||||||
process_actions1
|
process_actions
|
||||||
process_actions2
|
|
||||||
process_rules
|
process_rules
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -62,8 +61,6 @@ my $section;
|
|||||||
|
|
||||||
my @policy_chains;
|
my @policy_chains;
|
||||||
|
|
||||||
my %policy_actions;
|
|
||||||
|
|
||||||
my %default_actions;
|
my %default_actions;
|
||||||
|
|
||||||
my %macros;
|
my %macros;
|
||||||
@ -126,10 +123,6 @@ sub initialize( $ ) {
|
|||||||
# Chains created as a result of entries in the policy file
|
# Chains created as a result of entries in the policy file
|
||||||
@policy_chains = ();
|
@policy_chains = ();
|
||||||
#
|
#
|
||||||
# Default Actions for policies
|
|
||||||
#
|
|
||||||
%policy_actions = ();
|
|
||||||
#
|
|
||||||
# This is updated from the *_DEFAULT settings in shorewall.conf. Those settings were stored
|
# This is updated from the *_DEFAULT settings in shorewall.conf. Those settings were stored
|
||||||
# in the %config hash when shorewall[6].conf was processed.
|
# in the %config hash when shorewall[6].conf was processed.
|
||||||
#
|
#
|
||||||
@ -296,15 +289,7 @@ sub print_policy($$$$) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
sub use_policy_action( $ );
|
||||||
# Add the passed action to %policy_actions
|
|
||||||
#
|
|
||||||
sub use_policy_action( $ ) {
|
|
||||||
my $action = shift;
|
|
||||||
|
|
||||||
$policy_actions{$action} = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Process an entry in the policy file.
|
# Process an entry in the policy file.
|
||||||
#
|
#
|
||||||
@ -357,8 +342,6 @@ sub process_a_policy() {
|
|||||||
$default = $default_actions{$policy} || '';
|
$default = $default_actions{$policy} || '';
|
||||||
}
|
}
|
||||||
|
|
||||||
use_policy_action $policy if $auditactions{$policy};
|
|
||||||
|
|
||||||
if ( defined $queue ) {
|
if ( defined $queue ) {
|
||||||
fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE';
|
fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE';
|
||||||
require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' );
|
require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' );
|
||||||
@ -1361,9 +1344,10 @@ my %builtinops = ( 'dropBcast' => \&dropBcast,
|
|||||||
# - Reads actions.std and actions (in that order) and for each entry:
|
# - Reads actions.std and actions (in that order) and for each entry:
|
||||||
# o Adds the action to the target table
|
# o Adds the action to the target table
|
||||||
# o Verifies that the corresponding action file exists
|
# o Verifies that the corresponding action file exists
|
||||||
|
# o Creates action chains for config options that have audited settings.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub process_actions1() {
|
sub process_actions() {
|
||||||
|
|
||||||
progress_message2 "Locating Action Files...";
|
progress_message2 "Locating Action Files...";
|
||||||
#
|
#
|
||||||
@ -1398,6 +1382,13 @@ sub process_actions1() {
|
|||||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
my $ref;
|
||||||
|
|
||||||
|
for ( map normalize_action_name $_ , ( grep $auditactions{$_}, ( map $config{$_}, @auditoptions ) ) ) {
|
||||||
|
process_action( $ref ) if $ref = use_action($_);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub process_rule1 ( $$$$$$$$$$$$$$$$ );
|
sub process_rule1 ( $$$$$$$$$$$$$$$$ );
|
||||||
@ -1481,20 +1472,22 @@ sub process_action( $) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# This function creates and populates the chains for the policy actions.
|
# Create a policy action if it doesn't already exist
|
||||||
|
#
|
||||||
|
sub use_policy_action( $ ) {
|
||||||
|
my $ref = use_action( normalize_action_name $_[0] );
|
||||||
|
|
||||||
|
process_action( $ref ) if $ref;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# This function creates and populates the chains for config options with audited settings.
|
||||||
#
|
#
|
||||||
sub process_actions2 () {
|
sub process_actions2 () {
|
||||||
progress_message2 "$doing policy actions...";
|
|
||||||
|
|
||||||
my $ref;
|
my $ref;
|
||||||
|
|
||||||
for ( map normalize_action_name $_ , ( grep $auditactions{$_}, ( map $config{$_}, @auditoptions ) ) ) {
|
|
||||||
process_action( $ref ) if $ref = use_action($_);
|
|
||||||
}
|
|
||||||
|
|
||||||
for ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) {
|
|
||||||
process_action( $ref ) if $ref = use_action($_);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user