holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix syntax error in generated script; more maclist streamlining

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6085 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-23 18:20:54 +00:00
parent 2b397ffc5d
commit 716d370e9b
2 changed files with 7 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-perl/Shorewall/Chains.pm
View File

@ -1071,9 +1071,9 @@ sub get_interface_addresses ( $ ) {
my $variable = interface_addresses( $interface );
if ( interface_is_optional $interface ) {
$interfaceaddrs{$interface} = qq($variable=\$(get_interface_addresses $interface)\n);
$interfaceaddrs{$interface} = qq($variable=\$(find_interface_addresses $interface)\n);
} else {
$interfaceaddrs{$interface} = qq($variable=\$(get_interface_addresses $interface)
$interfaceaddrs{$interface} = qq($variable=\$(find_interface_addresses $interface)
[ -n "\$$variable" ] || fatal_error "Unable to determine the IP address(es) of $interface"
);
}

16
Shorewall-perl/Shorewall/Rules.pm
View File

@ -651,8 +651,6 @@ sub setup_mac_lists( $ ) {
if ( $phase == 1 ) {
save_progress_message "Setting up MAC Verification" if @maclist_interfaces;
for my $interface ( @maclist_interfaces ) {
my $chainref = new_chain $table , mac_chain $interface;
@ -752,19 +750,11 @@ sub setup_mac_lists( $ ) {
my $chain = $chainref->{name};
if ( $config{MACLIST_LOG_LEVEL} || $config{MACLIST_DISPOSITION} != 'ACCEPT' ) {
add_command $chainref, "if interface_is_usable $interface; then";
add_command $chainref, " ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do";
add_command $chainref, ' address=${address%/*}';
my $variable = get_interface_addresses $interface;
add_command $chainref, "for address in $variable; do";
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3";
add_command $chainref, " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type MULTICAST -j RETURN\" >&3";
add_command $chainref, ' done';
unless ( interface_is_optional $interface ) {
add_command $chainref, 'else';
add_command $chainref, " fatal_error \"Interface $interface must be up before Shorewall can start\"";
}
add_command $chainref, "fi\n";
add_command $chainref, 'done';
}
add_file $chainref, 'maclog';