forked from extern/shorewall_code
Fix a parsing error; clean up output; disable TC and Multi-ISP in 6 for now
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
63f3b609f7
commit
71155835a1
@ -1982,7 +1982,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
|||||||
} else {
|
} else {
|
||||||
$iiface = $source;
|
$iiface = $source;
|
||||||
}
|
}
|
||||||
} elsif ( $source =~ /^(.+?):\[(.+)\]\s+$/ ) {
|
} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) {
|
||||||
$iiface = $1;
|
$iiface = $1;
|
||||||
$inets = $2;
|
$inets = $2;
|
||||||
} elsif ( $source =~ /:/ ) {
|
} elsif ( $source =~ /:/ ) {
|
||||||
@ -2065,7 +2065,7 @@ sub expand_rule( $$$$$$$$$$$ )
|
|||||||
} else {
|
} else {
|
||||||
$diface = $dest;
|
$diface = $dest;
|
||||||
}
|
}
|
||||||
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s+$/ ) {
|
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) {
|
||||||
$diface = $1;
|
$diface = $1;
|
||||||
$dnets = $2;
|
$dnets = $2;
|
||||||
} elsif ( $dest =~ /:/ ) {
|
} elsif ( $dest =~ /:/ ) {
|
||||||
|
@ -65,8 +65,8 @@ sub reinitialize() {
|
|||||||
Shorewall::Zones::initialize ($family);
|
Shorewall::Zones::initialize ($family);
|
||||||
Shorewall::Policy::initialize;
|
Shorewall::Policy::initialize;
|
||||||
Shorewall::Nat::initialize;
|
Shorewall::Nat::initialize;
|
||||||
Shorewall::Providers::initialize;
|
Shorewall::Providers::initialize($family);
|
||||||
Shorewall::Tc::initialize;
|
Shorewall::Tc::initialize($family);
|
||||||
Shorewall::Actions::initialize;
|
Shorewall::Actions::initialize;
|
||||||
Shorewall::Accounting::initialize;
|
Shorewall::Accounting::initialize;
|
||||||
Shorewall::Rules::initialize($family);
|
Shorewall::Rules::initialize($family);
|
||||||
|
@ -46,6 +46,7 @@ our @EXPORT = qw(
|
|||||||
warning_message
|
warning_message
|
||||||
fatal_error
|
fatal_error
|
||||||
progress_message
|
progress_message
|
||||||
|
progress_message_nocompress
|
||||||
progress_message2
|
progress_message2
|
||||||
progress_message3
|
progress_message3
|
||||||
);
|
);
|
||||||
@ -813,6 +814,24 @@ sub progress_message {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub progress_message_nocompress {
|
||||||
|
my $havelocaltime = 0;
|
||||||
|
|
||||||
|
if ( $verbose > 1 ) {
|
||||||
|
timestamp, $havelocaltime = 1 if $timestamp;
|
||||||
|
print "@_\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $log_verbose > 1 ) {
|
||||||
|
our @localtime;
|
||||||
|
|
||||||
|
@localtime = localtime unless $havelocaltime;
|
||||||
|
|
||||||
|
printf $log '%s %2d %2d:%02d:%02d ', $abbr[$localtime[4]], @localtime[3,2,1,0];
|
||||||
|
print $log "@_\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Write a message if $verbose >= 1
|
# Write a message if $verbose >= 1
|
||||||
#
|
#
|
||||||
|
@ -528,7 +528,7 @@ sub validate_6net( $$ ) {
|
|||||||
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
|
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
|
||||||
|
|
||||||
if ( defined $vlsm ) {
|
if ( defined $vlsm ) {
|
||||||
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 64;
|
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;
|
||||||
fatal_error "Invalid Network address ($_[0])" if defined $rest;
|
fatal_error "Invalid Network address ($_[0])" if defined $rest;
|
||||||
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
|
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
|
||||||
} else {
|
} else {
|
||||||
|
@ -149,7 +149,7 @@ sub print_policy($$$$) {
|
|||||||
my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) );
|
my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) );
|
||||||
warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} );
|
warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} );
|
||||||
}
|
}
|
||||||
progress_message " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
|
progress_message_nocompress " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -362,7 +362,7 @@ sub policy_rules( $$$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub report_syn_flood_protection() {
|
sub report_syn_flood_protection() {
|
||||||
progress_message ' Enabled SYN flood protection';
|
progress_message_nocompress ' Enabled SYN flood protection';
|
||||||
}
|
}
|
||||||
|
|
||||||
sub default_policy( $$$ ) {
|
sub default_policy( $$$ ) {
|
||||||
@ -396,7 +396,7 @@ sub default_policy( $$$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
progress_message " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
|
progress_message_nocompress " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -54,6 +54,8 @@ our %providers;
|
|||||||
|
|
||||||
our @providers;
|
our @providers;
|
||||||
|
|
||||||
|
our $family;
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||||
@ -64,7 +66,9 @@ our @providers;
|
|||||||
# the second and subsequent calls to that function.
|
# the second and subsequent calls to that function.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize() {
|
sub initialize( $ ) {
|
||||||
|
$family = shift;
|
||||||
|
|
||||||
@routemarked_providers = ();
|
@routemarked_providers = ();
|
||||||
%routemarked_interfaces = ();
|
%routemarked_interfaces = ();
|
||||||
@routemarked_interfaces = ();
|
@routemarked_interfaces = ();
|
||||||
@ -79,7 +83,7 @@ sub initialize() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
INIT {
|
||||||
initialize;
|
initialize( F_IPV4 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -481,6 +485,8 @@ sub setup_providers() {
|
|||||||
while ( read_a_line ) {
|
while ( read_a_line ) {
|
||||||
unless ( $providers ) {
|
unless ( $providers ) {
|
||||||
progress_message2 "$doing $fn ...";
|
progress_message2 "$doing $fn ...";
|
||||||
|
fatal_error "Multi-ISP support is not yet available in Shorewall6" if $family == F_IPV6;
|
||||||
|
|
||||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
|
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
|
||||||
|
|
||||||
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
|
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
|
||||||
|
@ -128,7 +128,7 @@ sub process_tos() {
|
|||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
|
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
|
||||||
fatal_error 'Invalid SOURCE' if defined $remainder;
|
fatal_error 'Invalid SOURCE' if defined $remainder;
|
||||||
} elsif ( $src =~ /^(.+?):\[(.*)]\s$/ ) {
|
} elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) {
|
||||||
$srczone = $1;
|
$srczone = $1;
|
||||||
$source = $2;
|
$source = $2;
|
||||||
} else {
|
} else {
|
||||||
|
@ -155,6 +155,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
|
|||||||
tcfor => NO_RESTRICT ,
|
tcfor => NO_RESTRICT ,
|
||||||
tcout => OUTPUT_RESTRICT );
|
tcout => OUTPUT_RESTRICT );
|
||||||
|
|
||||||
|
our $family;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||||
# the compiler to run multiple times in the same process. The
|
# the compiler to run multiple times in the same process. The
|
||||||
@ -164,7 +166,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
|
|||||||
# the second and subsequent calls to that function.
|
# the second and subsequent calls to that function.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize() {
|
sub initialize( $ ) {
|
||||||
|
$family = shift;
|
||||||
%classids = ();
|
%classids = ();
|
||||||
@deferred_rules = ();
|
@deferred_rules = ();
|
||||||
@tcdevices = ();
|
@tcdevices = ();
|
||||||
@ -176,7 +179,7 @@ sub initialize() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
INIT {
|
||||||
initialize;
|
initialize( F_IPV4 );
|
||||||
}
|
}
|
||||||
|
|
||||||
sub process_tc_rule( $$$$$$$$$$$$ ) {
|
sub process_tc_rule( $$$$$$$$$$$$ ) {
|
||||||
@ -339,6 +342,8 @@ sub validate_tc_device( $$$$$ ) {
|
|||||||
|
|
||||||
my $devnumber;
|
my $devnumber;
|
||||||
|
|
||||||
|
fatal_error "Traffic Shaping is not yet available in Shorewall6" if $family == F_IPV6;
|
||||||
|
|
||||||
if ( $device =~ /:/ ) {
|
if ( $device =~ /:/ ) {
|
||||||
( my $number, $device, my $rest ) = split /:/, $device, 3;
|
( my $number, $device, my $rest ) = split /:/, $device, 3;
|
||||||
|
|
||||||
|
@ -374,7 +374,7 @@ sub zone_report()
|
|||||||
|
|
||||||
$type = $ipzone if $type eq 'ip';
|
$type = $ipzone if $type eq 'ip';
|
||||||
|
|
||||||
progress_message " $zone ($type)";
|
progress_message_nocompress " $zone ($type)";
|
||||||
|
|
||||||
my $printed = 0;
|
my $printed = 0;
|
||||||
|
|
||||||
@ -388,7 +388,11 @@ sub zone_report()
|
|||||||
my $hosts = $groupref->{hosts};
|
my $hosts = $groupref->{hosts};
|
||||||
if ( $hosts ) {
|
if ( $hosts ) {
|
||||||
my $grouplist = join ',', ( @$hosts );
|
my $grouplist = join ',', ( @$hosts );
|
||||||
progress_message " $interface:$grouplist";
|
if ( $family == F_IPV4 ) {
|
||||||
|
progress_message_nocompress " $interface:$grouplist";
|
||||||
|
} else {
|
||||||
|
progress_message_nocompress " $interface:\[$grouplist\]";
|
||||||
|
}
|
||||||
$printed = 1;
|
$printed = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -443,7 +447,11 @@ sub dump_zone_contents()
|
|||||||
my $hosts = $groupref->{hosts};
|
my $hosts = $groupref->{hosts};
|
||||||
if ( $hosts ) {
|
if ( $hosts ) {
|
||||||
my $grouplist = join ',', ( @$hosts );
|
my $grouplist = join ',', ( @$hosts );
|
||||||
|
if ( $family == F_IPV4 ) {
|
||||||
$entry .= " $interface:$grouplist";
|
$entry .= " $interface:$grouplist";
|
||||||
|
} else {
|
||||||
|
$entry .= " $interface:\[$grouplist\]";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user