From 70ebe17cb35168f1e55273d5f67fbeeda0678c34 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 6 Sep 2009 13:37:24 -0700 Subject: [PATCH] Reimplement MAPOLDACTIONS=Yes --- Shorewall/Perl/Shorewall/Actions.pm | 24 ++++++++++++++++++++++++ Shorewall/Perl/Shorewall/Config.pm | 2 +- Shorewall/Perl/Shorewall/Rules.pm | 4 ++++ Shorewall/changelog.txt | 2 ++ docs/LennyToSqueeze.xml | 20 -------------------- 5 files changed, 31 insertions(+), 21 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm index 2e015ef44..acc741849 100644 --- a/Shorewall/Perl/Shorewall/Actions.pm +++ b/Shorewall/Perl/Shorewall/Actions.pm @@ -265,6 +265,30 @@ sub add_requiredby ( $$ ) { $actions{$requires}{requires}{$requiredby} = 1; } +# +# Map pre-3.0 actions to the corresponding Macro invocation +# +sub map_old_actions( $ ) { + my $target = shift; + my $macro; + my $param; + + if ( $target =~ /^Allow(.*)$/ ) { + $macro = $1; + $param = 'ACCEPT'; + } elsif ( $target =~ /^Drop(.*)$/ ) { + $macro = $1; + $param = 'DROP'; + } elsif ( $target = /^Reject(.*)$/ ) { + $macro = $1; + $param = 'REJECT'; + } else { + return ( $target, 0, '' ); + } + + ( $macro, find_macro( $macro ) , $param ); +} + # # Create and record a log action chain -- Log action chains have names # that are formed from the action name by prepending a "%" and appending diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 74c4f0c66..a47f6544f 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -2356,11 +2356,11 @@ sub get_configuration( $ ) { unsupported_yes_no_warning 'DYNAMIC_ZONES'; unsupported_yes_no 'BRIDGING'; unsupported_yes_no_warning 'SAVE_IPSETS'; - unsupported_yes_no 'MAPOLDACTIONS'; unsupported_yes_no_warning 'RFC1918_STRICT'; default_yes_no 'STARTUP_ENABLED' , 'Yes'; default_yes_no 'DELAYBLACKLISTLOAD' , ''; + default_yes_no 'MAPOLDACTIONS' , 'Yes'; warning_message 'DELAYBLACKLISTLOAD=Yes is not supported by Shorewall ' . $globals{VERSION} if $config{DELAYBLACKLISTLOAD}; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 86b7d64da..9c26f1353 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -959,6 +959,10 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { # my $actiontype = $targets{$basictarget} || find_macro( $basictarget ); + if ( $config{ MAPOLDACTIONS } ) { + ( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless ( $actiontype || $param ); + } + fatal_error "Unknown action ($action)" unless $actiontype; if ( $actiontype == MACRO ) { diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c90e43d07..0f2152a39 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -9,6 +9,8 @@ Changes in Shorewall 4.4.2 4) Let the Actions module add the builtin actions to %Shorewall::Chains::targets. Much better modularization that way. +5) Some changes to mmake Lenny->Squeeze less painful. + Changes in Shorewall 4.4.1 1) Deleted extra 'use ...IPAddrs.pm' from Nat.pm. diff --git a/docs/LennyToSqueeze.xml b/docs/LennyToSqueeze.xml index 95310a8ad..0fd466243 100644 --- a/docs/LennyToSqueeze.xml +++ b/docs/LennyToSqueeze.xml @@ -249,26 +249,6 @@ - - MAPOLDACTIONS - - - If you have set this option to Yes, you will receive the - following error. - - ERROR: MAPOLDACTIONS=Yes is not - supported by Shorewall 4.4.x - - Only the very oldest of configurations should receive this - error. If your configuration is that old, this might be a good - time to reconfigure from scratch. - - The alternative is to change your - /etc/shorewall/rules file as described in the - Shorewall 3.0.0 upgrade issues from 2005. - - - RFC1918_LOG_LEVEL