diff --git a/Shorewall-perl/README.txt b/Shorewall-perl/README.txt index 0e414e0e8..fe6c514c9 100644 --- a/Shorewall-perl/README.txt +++ b/Shorewall-perl/README.txt @@ -1,2 +1,2 @@ This is the Shorewall-perl Stable 4.0 branch of SVN. - + diff --git a/Shorewall-perl/Shorewall/Accounting.pm b/Shorewall-perl/Shorewall/Accounting.pm index dd8ebd68b..c481e978d 100644 --- a/Shorewall-perl/Shorewall/Accounting.pm +++ b/Shorewall-perl/Shorewall/Accounting.pm @@ -43,7 +43,7 @@ our $VERSION = 4.00; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -59,7 +59,7 @@ INIT { # Accounting # sub process_accounting_rule( $$$$$$$$$ ) { - + our $jumpchainref; my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark ) = @_; @@ -163,7 +163,7 @@ sub process_accounting_rule( $$$$$$$$$ ) { } sub setup_accounting() { - + my $first_entry = 1; my $fn = open_file 'accounting'; diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl/Shorewall/Actions.pm index 80028b8e0..68d368560 100644 --- a/Shorewall-perl/Shorewall/Actions.pm +++ b/Shorewall-perl/Shorewall/Actions.pm @@ -88,7 +88,7 @@ our %macros; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -276,7 +276,7 @@ sub createlogactionchain( $$ ) { mark_referenced $chainref; # Just in case the action body is empty. unless ( $targets{$action} & STANDARD ) { - + my $file = find_file $chain; if ( -f $file ) { @@ -298,13 +298,13 @@ sub createlogactionchain( $$ ) { sub createsimpleactionchain( $ ) { my $action = shift; my $chainref = new_chain 'filter', $action; - + $logactionchains{"$action:none"} = $chainref; - + mark_referenced $chainref; # Just in case the action body is empty. unless ( $targets{$action} & STANDARD ) { - + my $file = find_file $action; if ( -f $file ) { @@ -395,15 +395,15 @@ sub process_macro1 ( $$ ) { fatal_error "Invalid target ($mtarget)" unless ( $targettype == STANDARD ) || ( $mtarget eq 'PARAM' ) || ( $mtarget eq 'LOG' ); } - + progress_message " ..End Macro $macrofile"; - + pop_open; } sub process_action1 ( $$ ) { my ( $action, $wholetarget ) = @_; - + my ( $target, $level ) = split_action $wholetarget; $level = 'none' unless $level; @@ -412,9 +412,9 @@ sub process_action1 ( $$ ) { if ( defined $targettype ) { return if ( $targettype == STANDARD ) || ( $targettype == MACRO ) || ( $targettype & LOGRULE ); - + fatal_error "Invalid TARGET ($target)" if $targettype & STANDARD; - + fatal_error "An action may not invoke itself" if $target eq $action; add_requiredby $wholetarget, $action if $targettype & ACTION; @@ -438,7 +438,7 @@ sub process_action1 ( $$ ) { } } } - + sub process_actions1() { progress_message2 "Preprocessing Action Files..."; @@ -548,7 +548,7 @@ sub process_macro3( $$$$$$$$$$$ ) { my $standard = ( $fn =~ /^($globals{SHAREDIR})/ ); while ( read_a_line ) { - + my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 1, 8, 'macro file'; if ( $mtarget =~ /^PARAM:?/ ) { @@ -581,7 +581,7 @@ sub process_macro3( $$$$$$$$$$$ ) { } else { $mdest = ''; } - + $mdest = '' if $mdest eq '-'; $mproto = merge_macro_column $mproto, $proto; @@ -589,12 +589,12 @@ sub process_macro3( $$$$$$$$$$$ ) { $msports = merge_macro_column $msports, $sports; $mrate = merge_macro_column $mrate, $rate; $muser = merge_macro_column $muser, $user; - + process_action $chainref, $action, $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser; } pop_open; - + progress_message '..End Macro' } @@ -672,7 +672,7 @@ sub process_actions3 () { add_command $chainref, 'done'; log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4' if $level ne ''; - } + } add_rule $chainref, '-d 224.0.0.0/4 -j DROP'; } diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 9fc4c682d..8cf129354 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -20,7 +20,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -# This is the low-level iptables module. It provides the basic services +# This is the low-level iptables module. It provides the basic services # of chain and rule creation. It is used by the higher level modules such # as Rules to create iptables-restore input. # @@ -228,7 +228,7 @@ our $emitted_comment; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -325,7 +325,7 @@ INIT { # # -# Process a COMMENT line (in $currentline) +# Process a COMMENT line (in $currentline) # sub process_comment() { if ( $capabilities{COMMENTS} ) { @@ -357,7 +357,7 @@ sub add_command($$) sub add_commands { my $chainref = shift @_; - + for my $command ( @_ ) { push @{$chainref->{rules}}, join ('', ' ' x ( $chainref->{loopcount} + $chainref->{cmdcount} ), $command ); } @@ -382,7 +382,7 @@ sub add_file( $$ ) { if ( -f $file ) { open EF , '<', $file or fatal_error "Unable to open $file: $!"; - add_commands( $chainref, + add_commands( $chainref, qq(progress_message "Processing $file..."), '' ); @@ -395,7 +395,7 @@ sub add_file( $$ ) { close EF; } -} +} # # Add a rule to a chain. Arguments are: @@ -778,7 +778,7 @@ sub setup_zone_mss() { set_mss( $zone, $zoneref->{options}{in}{mss}, '_in' ) if $zoneref->{options}{in}{mss}; set_mss( $zone, $zoneref->{options}{out}{mss}, '_out' ) if $zoneref->{options}{out}{mss}; } -} +} sub newexclusionchain() { my $seq = $exclseq++; @@ -810,13 +810,13 @@ sub validate_portpair( $ ) { for my $port ( @ports ) { my $value = $services{$port}; - + unless ( defined $value ) { $value = $port if $port =~ /^(\d+)$/ && $port <= 65535; } - + fatal_error "Invalid/Unknown port/service ($port)" unless defined $value; - + $port = $value; } @@ -938,7 +938,7 @@ sub do_proto( $$$ ) } if ( $sports ne '' ) { - if ( $multiport ) { + if ( $multiport ) { fatal_error "Too many entries in port list ($sports)" if port_count( $sports ) > 15; $sports = validate_port_list $sports; $output .= "-m multiport --sports $sports "; @@ -1108,7 +1108,7 @@ sub match_source_dev( $ ) { } else { "-i $interface "; } -} +} # # Match Dest device @@ -1121,7 +1121,7 @@ sub match_dest_dev( $ ) { } else { "-o $interface "; } -} +} # # Avoid generating a second '-m iprange' in a single rule. @@ -1303,7 +1303,7 @@ sub log_rule_limit( $$$$$$$$ ) { if ( $chainref->{loopcount} || $chainref->{cmdcount} ) { # - # The rule will be converted to an "echo" shell command. We must insure that the + # The rule will be converted to an "echo" shell command. We must insure that the # quotes are preserved in the iptables-input file. # if ( $level eq 'ULOG' ) { @@ -1423,7 +1423,7 @@ sub get_interface_addresses ( $ ) { [ -n "\$$variable" ] || fatal_error "Unable to determine the IP address(es) of $interface" ); } - + "\$$variable"; } @@ -1461,15 +1461,15 @@ sub get_interface_nets ( $ ) { # sub expand_rule( $$$$$$$$$$ ) { - my ($chainref , # Chain + my ($chainref , # Chain $restriction, # Determines what to do with interface names in the SOURCE or DEST - $rule, # Caller's matches that don't depend on the SOURCE, DEST and ORIGINAL DEST - $source, # SOURCE - $dest, # DEST - $origdest, # ORIGINAL DEST - $target, # Target ('-j' part of the rule) - $loglevel , # Log level (and tag) - $disposition, # Primative part of the target (RETURN, ACCEPT, ...) + $rule, # Caller's matches that don't depend on the SOURCE, DEST and ORIGINAL DEST + $source, # SOURCE + $dest, # DEST + $origdest, # ORIGINAL DEST + $target, # Target ('-j' part of the rule) + $loglevel , # Log level (and tag) + $disposition, # Primative part of the target (RETURN, ACCEPT, ...) $exceptionrule # Caller's matches used in exclusion case ) = @_; @@ -1666,7 +1666,7 @@ sub expand_rule( $$$$$$$$$$ ) # if ( $inets ) { fatal_error "Invalid SOURCE" if $inets =~ /^([^!]+)?,!([^!]+)$/ || $inets =~ /.*!.*!/; - + if ( $inets =~ /^([^!]+)?!([^!]+)$/ ) { $inets = $1; $iexcl = $2; @@ -1680,7 +1680,7 @@ sub expand_rule( $$$$$$$$$$ ) $rule .= match_source_net "!$iexcl"; $iexcl = ''; } - + } } else { $iexcl = ''; @@ -1691,7 +1691,7 @@ sub expand_rule( $$$$$$$$$$ ) # if ( $dnets ) { fatal_error "Invalid DEST" if $dnets =~ /^([^!]+)?,!([^!]+)$/ || $dnets =~ /.*!.*!/; - + if ( $dnets =~ /^([^!]+)?!([^!]+)$/ ) { $dnets = $1; $dexcl = $2; @@ -1887,7 +1887,7 @@ sub set_global_variables() { # file to iptables-restore. That way, if things go wrong, the user (and Shorewall support) # has (have) something to look at to determine the error # -# We may have to generate part of the input at run-time. The rules array in each chain +# We may have to generate part of the input at run-time. The rules array in each chain # table entry may contain rules (begin with '-A') or shell source. We alternate between # writing the rules ('-A') into the temporary file to be bassed to iptables-restore # (CAT_STATE) and and writing shell source into the generated script. @@ -1939,7 +1939,7 @@ sub create_netfilter_load() { push @table_list, 'filter'; $state = NULL_STATE; - + emit ( 'setup_netfilter()', '{' ); @@ -1953,7 +1953,7 @@ sub create_netfilter_load() { emit 'exec 3>${VARDIR}/.iptables-restore-input'; enter_cat_state; - + for my $table ( @table_list ) { emit_unindented "*$table"; @@ -2019,7 +2019,7 @@ sub create_netfilter_load() { sub create_blacklist_reload() { $state = NULL_STATE; - + emit( 'blacklist_reload()', '{' ); @@ -2044,7 +2044,7 @@ sub create_blacklist_reload() { # Commit the changes to the table # enter_cat_state unless $state == CAT_STATE; - + emit_unindented 'COMMIT'; enter_cmd_state; diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 9ec0951e8..ad9181399 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -296,7 +296,7 @@ EOF for chain in PREROUTING OUTPUT; do qt $IPTABLES -t raw -P $chain ACCEPT done - + EOF } @@ -471,7 +471,7 @@ EOF # Second Phase of Script Generation # # copies the 'prog.functions' file into the script, generates -# clear_routing_and_traffic_shaping() and the first part of +# clear_routing_and_traffic_shaping() and the first part of # 'setup_routing_and_traffic_shaping()' # # The bulk of that function is produced by the various config file @@ -542,7 +542,7 @@ sub generate_script_2 () { 'delete_proxyarp', '' ); - + if ( $capabilities{NAT_ENABLED} ) { emit( 'if [ -f ${VARDIR}/nat ]; then', ' while read external interface; do', @@ -646,7 +646,7 @@ else set_state "Started" run_started_exit fi - + cp -f $(my_pathname) ${VARDIR}/.restore fi diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index caa27fa03..2a72d3613 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -22,10 +22,10 @@ # # This module is responsible for lower level configuration file handling. # It also exports functions for generating warning and error messages. -# The get_configuration function parses the shorewall.conf, capabilities and -# modules files during compiler startup. The module also provides the basic +# The get_configuration function parses the shorewall.conf, capabilities and +# modules files during compiler startup. The module also provides the basic # output file services such as creation of temporary 'object' files, writing -# into those files (emitters) and finalizing those files (renaming +# into those files (emitters) and finalizing those files (renaming # them to their final name and setting their mode appropriately). # package Shorewall::Config; @@ -176,7 +176,7 @@ our $debug; # If true, use Carp to report errors with stack tr # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the current command, it's present progressive, and it's completion. @@ -461,21 +461,21 @@ sub save_progress_message_short( $ ) { # # Set $timestamp -# +# sub set_timestamp( $ ) { $timestamp = shift; } # # Set $verbose -# +# sub set_verbose( $ ) { $verbose = shift; } # # Print the current TOD to STDOUT. -# +# sub timestamp() { my ($sec, $min, $hr) = ( localtime ) [0,1,2]; printf '%02d:%02d:%02d ', $hr, $min, $sec; @@ -739,7 +739,7 @@ sub split_line2( $$$ ) { if ( defined $columns ) { fatal_error "Invalid $first entry" if $columns && @line != $columns; - return @line + return @line } fatal_error "Shorewall Configuration file entries may not contain single quotes" if $currentline =~ /'/; @@ -843,7 +843,7 @@ sub read_a_line() { # # Remove Trailing Comments -- result might be a blank line # - $currentline =~ s/#.*$//; + $currentline =~ s/#.*$//; # # Ignore ( concatenated ) Blank Lines # @@ -935,14 +935,14 @@ sub default_yes_no ( $$ ) { my %validlevels = ( debug => 7, info => 6, - notice => 5, - warning => 4, - warn => 4, + notice => 5, + warning => 4, + warn => 4, err => 3, error => 3, - crit => 2, - alert => 1, - emerg => 0, + crit => 2, + alert => 1, + emerg => 0, panic => 0, none => '', ULOG => 'ULOG' ); @@ -1002,7 +1002,7 @@ sub check_trivalue( $$ ) { $config{var} = $default } } - + # # Produce a report of the detected capabilities # @@ -1180,7 +1180,7 @@ sub determine_capabilities() { $capabilities{USEPKTTYPE} = qt( "$iptables -A $sillyname -m pkttype --pkt-type broadcast -j ACCEPT" ); $capabilities{ADDRTYPE} = qt( "$iptables -A $sillyname -m addrtype --src-type BROADCAST -j ACCEPT" ); - $capabilities{TCPMSS_MATCH} = qt( "$iptables -A $sillyname -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT" ); + $capabilities{TCPMSS_MATCH} = qt( "$iptables -A $sillyname -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT" ); qt( "$iptables -F $sillyname" ); qt( "$iptables -X $sillyname" ); @@ -1279,7 +1279,7 @@ sub process_shorewall_conf() { sub get_capabilities( $ ) { my $export = $_[0]; - + if ( ! $export && $> == 0 ) { # $> == $EUID unless ( $config{IPTABLES} ) { fatal_error "Can't find iptables executable" unless $config{IPTABLES} = mywhich 'iptables'; @@ -1358,7 +1358,7 @@ sub get_configuration( $ ) { check_trivalue ( 'IP_FORWARDING', 'on' ); check_trivalue ( 'ROUTE_FILTER', '' ); check_trivalue ( 'LOG_MARTIANS', '' ); - + default_yes_no 'ADD_IP_ALIASES' , 'Yes'; default_yes_no 'ADD_SNAT_ALIASES' , ''; default_yes_no 'DETECT_DNAT_IPADDRS' , ''; @@ -1632,7 +1632,7 @@ sub run_user_exit2( $$ ) { } pop_open; - + } } diff --git a/Shorewall-perl/Shorewall/FallbackPorts.pm b/Shorewall-perl/Shorewall/FallbackPorts.pm index d415270f1..9c491fc2c 100644 --- a/Shorewall-perl/Shorewall/FallbackPorts.pm +++ b/Shorewall-perl/Shorewall/FallbackPorts.pm @@ -20,7 +20,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -# This module exports the %protocols and %services hashes built from +# This module exports the %protocols and %services hashes built from # /etc/protocols and /etc/services respectively. # # Module generated using buildports.pl 4.0.0-Beta7 - Fri Jun 29 14:10:45 2007 diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index 2c5dd2ff2..ebe9b3ecb 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -20,8 +20,8 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -# This module provides interfaces for dealing with IPv4 addresses. -# +# This module provides interfaces for dealing with IPv4 addresses. +# package Shorewall::IPAddrs; require Exporter; use Shorewall::Config; @@ -121,7 +121,7 @@ sub validate_range( $$ ) { my $last = decodeaddr $high; fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last; -} +} sub ip_range_explicit( $ ) { my $range = $_[0]; @@ -151,7 +151,7 @@ sub ip_range_explicit( $ ) { sub validate_host( $ ) { my $host = $_[0]; - + if ( $host =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) { validate_range $1, $2; } else { diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl/Shorewall/Nat.pm index ccb65d5c6..4d71b0f92 100644 --- a/Shorewall-perl/Shorewall/Nat.pm +++ b/Shorewall-perl/Shorewall/Nat.pm @@ -47,7 +47,7 @@ our %addresses_to_add; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -237,7 +237,7 @@ sub setup_one_masq($$$$$$$) # # And Generate the Rule(s) # - expand_rule( $chainref , + expand_rule( $chainref , POSTROUTE_RESTRICT , $rule , $networks , diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 8d3d5a794..c8ba32240 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -208,10 +208,10 @@ sub validate_policy() unless ( $clientwild || $serverwild ) { if ( $zones{$server}{type} eq 'bport4' ) { - fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge" + fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge" unless $zones{$client}{bridge} eq $zones{$server}{bridge} || single_interface( $client ) eq $zones{$server}{bridge}; } - } + } my $chain = "${client}2${server}"; my $chainref; @@ -238,12 +238,12 @@ sub validate_policy() } $chainref->{loglevel} = validate_level( $loglevel ) if defined $loglevel && $loglevel ne ''; - + if ( $synparams ne '' ) { $chainref->{synparams} = do_ratelimit $synparams, 'ACCEPT'; - $chainref->{synchain} = $chain + $chainref->{synchain} = $chain } - + $chainref->{default} = $default if $default; if ( $clientwild ) { @@ -277,7 +277,7 @@ sub validate_policy() # sub policy_rules( $$$$ ) { my ( $chainref , $target, $loglevel, $default ) = @_; - + unless ( $target eq 'NONE' ) { add_rule $chainref, "-j $default" if $default && $default ne 'none'; log_rule $loglevel , $chainref , $target , '' if $loglevel ne ''; @@ -392,7 +392,7 @@ sub setup_syn_flood_chains() { for my $chainref ( @policy_chains ) { my $limit = $chainref->{synparams}; if ( $limit && ! $filter_table->{syn_flood_chain $chainref} ) { - my $level = $chainref->{loglevel}; + my $level = $chainref->{loglevel}; my $synchainref = new_chain 'filter' , syn_flood_chain $chainref; add_rule $synchainref , "${limit}-j RETURN"; log_rule_limit $level , $synchainref , $chainref->{name} , 'DROP', '-m limit --limit 5/min --limit-burst 5 ' , '' , 'add' , '' diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index 60176a083..5fe9523bd 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -157,7 +157,7 @@ sub setup_martian_logging() { " echo $value > $file" ); emit ( 'else' , - " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); + " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); emit "fi\n"; } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index ccb110e9f..ea33fe14b 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -59,7 +59,7 @@ our @providers; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -104,7 +104,7 @@ sub setup_route_marking() { sub copy_table( $$ ) { my ( $duplicate, $number ) = @_; - + emit ( "ip route show table $duplicate | while read net route; do", ' case $net in', ' default|nexthop)', @@ -119,7 +119,7 @@ sub copy_table( $$ ) { sub copy_and_edit_table( $$$ ) { my ( $duplicate, $number, $copy ) = @_; - + emit ( "ip route show table $duplicate | while read net route; do", ' case $net in', ' default|nexthop)', @@ -137,18 +137,18 @@ sub copy_and_edit_table( $$$ ) { sub balance_default_route( $$$ ) { my ( $weight, $gateway, $interface ) = @_; - + $balance = 1; - + emit ''; - + if ( $first_default_route ) { if ( $gateway ) { emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight\""; } else { emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight\""; } - + $first_default_route = 0; } else { if ( $gateway ) { @@ -164,21 +164,21 @@ sub add_a_provider( $$$$$$$$ ) { my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy) = @_; fatal_error "Duplicate provider ($table)" if $providers{$table}; - + for my $providerref ( values %providers ) { fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number; } - + emit "#\n# Add Provider $table ($number)\n#"; - + emit "if interface_is_usable $interface; then"; push_indent; my $iface = chain_base $interface; - + emit "${iface}_up=Yes"; emit "qt ip route flush table $number"; emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; - + if ( $duplicate ne '-' ) { if ( $copy eq '-' ) { copy_table ( $duplicate, $number ); @@ -218,17 +218,17 @@ sub add_a_provider( $$$$$$$$ ) { my $val = 0; if ( $mark ne '-' ) { - + $val = numeric_value $mark; - + verify_mark $mark; - + if ( $val < 256) { fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=Yes" if $config{HIGH_ROUTE_MARKS}; } else { fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=No" if ! $config{HIGH_ROUTE_MARKS}; } - + for my $providerref ( values %providers ) { fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val; } @@ -244,9 +244,9 @@ sub add_a_provider( $$$$$$$$ ) { $providers{$table} = {}; $providers{$table}{number} = $number; $providers{$table}{mark} = $val; - + my ( $loose, $optional ) = (0,0); - + unless ( $options eq '-' ) { for my $option ( split /,/, $options ) { if ( $option eq 'track' ) { @@ -270,9 +270,9 @@ sub add_a_provider( $$$$$$$$ ) { if ( $loose ) { my $rulebase = 20000 + ( 256 * ( $number - 1 ) ); - + emit "\nrulenum=0\n"; - + emit ( "find_interface_addresses $interface | while read address; do", ' qt ip rule del from $address', " run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number", @@ -286,12 +286,12 @@ sub add_a_provider( $$$$$$$$ ) { 'done' ); } - + emit "\nprogress_message \" Provider $table ($number) Added\"\n"; - + pop_indent; emit 'else'; - + if ( $optional ) { emit ( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"", " ${iface}_up=" @@ -299,19 +299,19 @@ sub add_a_provider( $$$$$$$$ ) { } else { emit " fatal_error \"ERROR: Interface $interface is not configured -- Provider $table ($number) Cannot be Added\""; } - + emit "fi\n"; } sub add_an_rtrule( $$$$ ) { my ( $source, $dest, $provider, $priority ) = @_; - + unless ( $providers{$provider} ) { my $found = 0; - + if ( "\L$provider" =~ /^(0x[a-f0-9]+|0[0-7]*|[0-9]*)$/ ) { my $provider_number = numeric_value $provider; - + for my $provider ( keys %providers ) { if ( $providers{$provider}{number} == $provider_number ) { $found = 1; @@ -319,14 +319,14 @@ sub add_an_rtrule( $$$$ ) { } } } - + fatal_error "Unknown provider ($provider)" unless $found; } - + fatal_error "You must specify either the source or destination in a route_rules entry" if $source eq '-' && $dest eq '-'; - + $dest = $dest eq '-' ? '' : "to $dest"; - + if ( $source eq '-' ) { $source = ''; } elsif ( $source =~ /:/ ) { @@ -338,21 +338,21 @@ sub add_an_rtrule( $$$$ ) { } else { $source = "iif $source"; } - + fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/; - + $priority = "priority $priority"; - + emit ( "qt ip rule del $source $dest $priority", "run_ip rule add $source $dest $priority table $provider", "echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing" ); progress_message " Routing rule \"$currentline\" $done"; } - + sub setup_providers() { my $providers = 0; - + my $fn = open_file 'providers'; while ( read_a_line ) { diff --git a/Shorewall-perl/Shorewall/Proxyarp.pm b/Shorewall-perl/Shorewall/Proxyarp.pm index 14af5825d..413703909 100644 --- a/Shorewall-perl/Shorewall/Proxyarp.pm +++ b/Shorewall-perl/Shorewall/Proxyarp.pm @@ -45,7 +45,7 @@ our @proxyarp; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -145,7 +145,7 @@ sub setup_proxy_arp() { emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , " echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); emit ( 'else' , - " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); + " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); emit "fi\n"; } } diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 36fb000be..2b4c5e9ab 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -66,7 +66,7 @@ our @param_stack; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -111,12 +111,12 @@ sub process_tos() { fatal_error "TOS field required" unless $tos ne '-'; - if ( defined ( my $tosval = $tosoptions{"\L$tos"} ) ) { + if ( defined ( my $tosval = $tosoptions{"\L$tos"} ) ) { $tos = $tosval; } elsif ( numeric_value( $tos ) > 0x1e ) { fatal_error "Invalid TOS value ($tos)"; } - + my $chainref; my $restriction = NO_RESTRICT; @@ -521,13 +521,13 @@ sub add_common_rules() { } run_user_exit1 'initdone'; - + setup_blacklist; $list = find_hosts_by_option 'nosmurfs'; $chainref = new_standard_chain 'smurfs'; - + if ( $capabilities{ADDRTYPE} ) { add_rule $chainref , '-s 0.0.0.0 -j RETURN'; add_rule_pair $chainref, '-m addrtype --src-type BROADCAST ', 'DROP', $config{SMURF_LOG_LEVEL} ; @@ -541,7 +541,7 @@ sub add_common_rules() { } add_rule_pair $chainref, '-s 224.0.0.0/4 ', 'DROP', $config{SMURF_LOG_LEVEL} ; - + if ( $capabilities{ADDRTYPE} ) { add_rule $rejectref , '-m addrtype --src-type BROADCAST -j DROP'; } else { @@ -652,7 +652,7 @@ sub add_common_rules() { add_rule $filter_table->{input_chain $interface}, "-j $chain"; add_rule $filter_table->{forward_chain $interface}, '-j ' . dynamic_fwd $interface; add_rule $filter_table->{output_chain $interface}, '-j ' . dynamic_out $interface; - } + } } $list = find_interfaces_by_option 'upnp'; @@ -689,7 +689,7 @@ sub setup_mac_lists( $ ) { my $level = $config{MACLIST_LOG_LEVEL}; my $disposition = $config{MACLIST_DISPOSITION}; my $ttl = $config{MACLIST_TTL}; - + progress_message2 "$doing MAC Filtration -- Phase $phase..."; for my $hostref ( @$maclist_hosts ) { @@ -761,7 +761,7 @@ sub setup_mac_lists( $ ) { if ( $addresses ) { for my $address ( split ',', $addresses ) { my $source = match_source_net $address; - log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}" + log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}" if defined $level && $level ne ''; add_rule $chainref , "${mac}${source}-j $targetref->{target}"; } @@ -800,9 +800,9 @@ sub setup_mac_lists( $ ) { if ( $level ne '' || $disposition ne 'ACCEPT' ) { my $variable = get_interface_addresses $interfaces{$interface}{bridge}; - + if ( $capabilities{ADDRTYPE} ) { - add_commands( $chainref, + add_commands( $chainref, "for address in $variable; do", " echo \"-A $chainref->{name} -s \$address -m addrtype --dst-type BROADCAST -j RETURN\" >&3", " echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3", @@ -810,7 +810,7 @@ sub setup_mac_lists( $ ) { } else { my $variable1 = get_interface_bcasts $interfaces{$interface}{bridge}; - add_commands( $chainref, + add_commands( $chainref, "for address in $variable; do", " for address1 in $variable1; do", " echo \"-A $chainref->{name} -s \$address -d \$address1 -j RETURN\" >&3", @@ -915,12 +915,12 @@ sub process_rule1 ( $$$$$$$$$$$ ) { my $optimize = $wildcard ? ( $basictarget =~ /!$/ ? 0 : $config{OPTIMIZE} ) : 0; $param = '' unless defined $param; - + # # Determine the validity of the action # my $actiontype = $targets{$basictarget} || find_macro( $basictarget ); - + fatal_error "Unknown action ($action)" unless $actiontype; if ( $actiontype == MACRO ) { @@ -933,7 +933,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { push @param_stack, $current_param; $current_param = $param; } - + process_macro( $macros{$basictarget}, $target , $current_param, @@ -949,7 +949,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { $wildcard ); $macro_nest_level--; - + $current_param = pop @param_stack if $param ne ''; return; @@ -988,7 +988,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { # my $sourcezone; my $destzone; - + if ( $source =~ /^(.+?):(.*)/ ) { $sourcezone = $1; $source = $2; @@ -1004,7 +1004,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { $destzone = $dest; $dest = ALLIPv4; } - + fatal_error "Missing source zone" if $sourcezone eq '-'; fatal_error "Unknown source zone ($sourcezone)" unless $zones{$sourcezone}; fatal_error "Missing destination zone" if $destzone eq '-'; @@ -1069,7 +1069,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { unless ( $section eq 'NEW' ) { fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT}; fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT; - $rule .= "-m state --state $section " + $rule .= "-m state --state $section " } # @@ -1211,7 +1211,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) { } # -# Process a Record in the rules file +# Process a Record in the rules file # # Deals with the ugliness of wildcard zones ('all' in SOURCE and/or DEST column). # @@ -1264,7 +1264,7 @@ sub process_rule ( $$$$$$$$$$ ) { } else { fatal_error "Invalid DEST ($dest)" unless $dest eq 'all'; } - + } my $action = isolate_basic_target $target; @@ -1425,7 +1425,7 @@ sub generate_matrix() { } # - # Set a breakpoint in this function if you want to step through generate_matrix(). + # Set a breakpoint in this function if you want to step through generate_matrix(). # sub start_matrix() { progress_message2 'Generating Rule Matrix...'; @@ -1497,7 +1497,7 @@ sub generate_matrix() { for my $hostref ( @{$arrayref} ) { my $ipsec_match = match_ipsec_in $zone , $hostref; for my $net ( @{$hostref->{hosts}} ) { - add_rule( + add_rule( $filter_table->{forward_chain $interface} , join( '', match_source_net( $net ), $ipsec_match, "-j $frwd_ref->{name}" ) ); @@ -1586,13 +1586,13 @@ sub generate_matrix() { my $variable = get_interface_bcasts $interface; my $chain = output_chain $interface; my $chainref = $filter_table->{$chain}; - - add_commands( $chainref, + + add_commands( $chainref, "for address in $variable; do", " echo \"-A $chain -d \$address -j $chain1\" >&3", 'done' ); } - + add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1"; } } @@ -1847,7 +1847,7 @@ sub setup_mss( $ ) { $match = "-m tcpmss --mss $clampmss: " if $capabilities{TCPMSS_MATCH}; $option = "--set-mss $clampmss"; } - + add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS $option"; } diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 06a98b194..d3d42b002 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -158,7 +158,7 @@ our $prefix = '1'; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -231,7 +231,7 @@ sub process_tc_rule( $$$$$$$$$$ ) { for my $tccmd ( @tccmd ) { if ( $tccmd->{match}($cmd) ) { fatal_error "$mark not valid with :C[FPT]" if $connmark; - + $target = "$tccmd->{target} "; my $marktype = $tccmd->{mark}; @@ -243,9 +243,9 @@ sub process_tc_rule( $$$$$$$$$$ ) { if ( $rest ) { fatal_error "Invalid MARK ($original_mark)" if $marktype == NOMARK; - + $mark = $rest if $tccmd->{mask}; - + if ( $marktype == SMALLMARK ) { verify_small_mark $mark; } else { @@ -254,7 +254,7 @@ sub process_tc_rule( $$$$$$$$$$ ) { } elsif ( $tccmd->{mask} ) { $mark = $tccmd->{mask}; } - + last MARK; } } @@ -339,7 +339,7 @@ sub convert_rate( $$ ) { } else { $rate = rate_to_kbit $rate } - + "${rate}kbit"; } @@ -588,7 +588,7 @@ sub setup_tc() { } elsif ( $config{TC_ENABLED} eq 'Internal' ) { setup_traffic_shaping; } - + if ( my $fn = open_file 'tcrules' ) { while ( read_a_line ) { diff --git a/Shorewall-perl/Shorewall/Tunnels.pm b/Shorewall-perl/Shorewall/Tunnels.pm index 3cc9a7b4c..37d92d0c3 100644 --- a/Shorewall-perl/Shorewall/Tunnels.pm +++ b/Shorewall-perl/Shorewall/Tunnels.pm @@ -84,17 +84,17 @@ sub setup_tunnels() { fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4'; $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1; $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1; - + unless ( $capabilities{POLICY_MATCH} ) { add_rule $inchainref, "-p 50 $source -j ACCEPT"; add_rule $outchainref, "-p 50 $dest -j ACCEPT"; - + unless ( $noah ) { add_rule $inchainref, "-p 51 $source -j ACCEPT"; add_rule $outchainref, "-p 51 $dest -j ACCEPT"; } } - + if ( $kind eq 'ipsec' ) { add_rule $inchainref, "-p udp $source --dport 500 $options"; add_rule $outchainref, "-p udp $dest --dport 500 $options"; diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index 50301724e..9ca4a2168 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -1,5 +1,5 @@ # -# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/Zones.pm +# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/Zones.pm # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # @@ -20,7 +20,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -# This module contains the code which deals with /etc/shorewall/zones, +# This module contains the code which deals with /etc/shorewall/zones, # /etc/shorewall/interfaces and /etc/shorewall/hosts. # package Shorewall::Zones; @@ -54,7 +54,7 @@ our @EXPORT = qw( NOTHING @zones %zones $firewall_zone - %interfaces + %interfaces @interfaces @bridges ); @@ -134,7 +134,7 @@ our @bridges; # initialize() function does globals initialization for this # module and is called from an INIT block below. The function is # also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# the second and subsequent calls to that function. # sub initialize() { @@ -285,8 +285,8 @@ sub determine_zones() } $zones{$zone} = { type => $type, - parents => \@parents, - exclusions => [], + parents => \@parents, + exclusions => [], bridge => '', options => { in_out => parse_zone_option_list( $options || '', $type ) , in => parse_zone_option_list( $in_options || '', $type ) , @@ -300,7 +300,7 @@ sub determine_zones() } fatal_error "No firewall zone defined" unless $firewall_zone; - + my $pushed = 1; my %ordered; @@ -435,7 +435,7 @@ sub single_interface( $ ) { ''; } } -} +} sub add_group_to_zone($$$$$) { @@ -491,7 +491,7 @@ sub add_group_to_zone($$$$$) $zoneref->{options}{complex} = 1 if @$arrayref || ( @newnetworks > 1 ) || ( @exclusions ); push @{$zoneref->{exclusions}}, @exclusions; - + push @{$arrayref}, { options => $options, hosts => \@newnetworks, ipsec => $type eq 'ipsec4' ? 'ipsec' : 'none' }; @@ -533,9 +533,9 @@ sub validate_interfaces_file( $ ) use constant { SIMPLE_IF_OPTION => 1, BINARY_IF_OPTION => 2, - ENUM_IF_OPTION => 3, + ENUM_IF_OPTION => 3, MASK_IF_OPTION => 3, - + IF_OPTION_ZONEONLY => 4 }; my %validoptions = (arp_filter => BINARY_IF_OPTION, @@ -569,7 +569,7 @@ sub validate_interfaces_file( $ ) progress_message2 "$doing $fn..."; $first_entry = 0; } - + my ($zone, $interface, $networks, $options ) = split_line 2, 4, 'interfaces file'; my $zoneref; my $bridge = ''; @@ -588,7 +588,7 @@ sub validate_interfaces_file( $ ) ( $interface, my ($port, $extra) ) = split /:/ , $interface, 3; - fatal_error "Invalid INTERFACE" if defined $extra || ! $interface; + fatal_error "Invalid INTERFACE" if defined $extra || ! $interface; fatal_error "Invalid Interface Name ($interface)" if $interface eq '+'; @@ -620,13 +620,13 @@ sub validate_interfaces_file( $ ) fatal_error "Zones of type 'bport' may only be associated with bridge ports" if $zone && $zoneref->{type} eq 'bport4'; $interfaces{$interface}{bridge} = $interface; } - + my $wildcard = 0; if ( $interface =~ /\+$/ ) { $wildcard = 1; $interfaces{$interface}{root} = substr( $interface, 0, -1 ); - } else { + } else { $interfaces{$interface}{root} = $interface; } @@ -642,7 +642,7 @@ sub validate_interfaces_file( $ ) my $optionsref = {}; my %options; - + if ( $options ) { for my $option (split ',', $options ) { @@ -653,7 +653,7 @@ sub validate_interfaces_file( $ ) fatal_error "Invalid Interface option ($option)" unless my $type = $validoptions{$option}; fatal_error "The \"$option\" option may not be specified on a multi-zone interface" if $type & IF_OPTION_ZONEONLY && ! $zone; - + $type &= MASK_IF_OPTION; if ( $type == SIMPLE_IF_OPTION ) { @@ -672,7 +672,7 @@ sub validate_interfaces_file( $ ) $options{arp_ignore} = $value; } else { fatal_error "Invalid value ($value) for arp_ignore"; - } + } } else { $options{arp_ignore} = 1; } @@ -692,7 +692,7 @@ sub validate_interfaces_file( $ ) } elsif ( $port ) { $options{port} = 1; } - + $interfaces{$interface}{options} = $optionsref = \%options; push @ifaces, $interface; @@ -713,7 +713,7 @@ sub validate_interfaces_file( $ ) add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if $zone && @networks; $interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone() - + progress_message " Interface \"$currentline\" Validated"; } @@ -723,7 +723,7 @@ sub validate_interfaces_file( $ ) # for my $interface ( @ifaces ) { my $interfaceref = $interfaces{$interface}; - + if ( $interfaceref->{options}{bridge} ) { my @ports = grep $interfaces{$_}{options}{port} && $interfaces{$_}{bridge} eq $interface, @ifaces; @@ -735,7 +735,7 @@ sub validate_interfaces_file( $ ) } push @interfaces, $interface unless $interfaceref->{options}{port}; - } + } } # @@ -902,7 +902,7 @@ sub validate_hosts_file() # # Now add a comma before '!'. Do it globally - add_group_to_zone() correctly checks for multiple exclusions # - $hosts =~ s/!/,!/g; + $hosts =~ s/!/,!/g; # # Take care of case where the hosts list begins with '!' # diff --git a/Shorewall-perl/buildports.pl b/Shorewall-perl/buildports.pl index 338b8a560..16bd0ed3a 100755 --- a/Shorewall-perl/buildports.pl +++ b/Shorewall-perl/buildports.pl @@ -31,18 +31,18 @@ use lib '/usr/share/shorewall-perl'; use Shorewall::Config qw( open_file push_open pop_open - read_a_line1 - split_line - fatal_error - %globals - ensure_config_path + read_a_line1 + split_line + fatal_error + %globals + ensure_config_path set_shorewall_dir set_config_path ); our $offset = "\t\t "; our %service_hash; - + sub print_it( $$ ) { my ( $name, $number ) = @_; my $tabs; @@ -61,7 +61,7 @@ sub print_it( $$ ) { sub print_service( $$ ) { my ( $service, $number ) = @_; - + unless ( exists $service_hash{$service} ) { print_it( $service, $number ); $service_hash{$service} = $number; @@ -107,7 +107,7 @@ print <<"EOF"; # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -# This module exports the %protocols and %services hashes built from +# This module exports the %protocols and %services hashes built from # /etc/protocols and /etc/services respectively. # # Module generated using buildports.pl $globals{VERSION} - $date @@ -132,7 +132,7 @@ while ( read_a_line1 ) { my ( $proto1, $number, @aliases ) = split_line( 2, 10, '/etc/protocols entry'); print_it( $proto1, $number ); - + for my $alias ( @aliases ) { last if $alias eq '-'; print_it( $alias, $number ); diff --git a/Shorewall-perl/diff-4.0-lib.base b/Shorewall-perl/diff-4.0-lib.base index 323aaf235..19d96fb7f 100644 --- a/Shorewall-perl/diff-4.0-lib.base +++ b/Shorewall-perl/diff-4.0-lib.base @@ -70,7 +70,7 @@ # @@ -111,20 +90,6 @@ } - + # -# Undo the effect of 'separate_list()' -# @@ -91,7 +91,7 @@ qt() @@ -310,83 +275,6 @@ } - + # -# Call this function to assert mutual exclusion with Shorewall. If you invoke the -# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as @@ -150,7 +150,7 @@ - - if [ -z "$loaded" ]; then - [ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1 -- +- - if [ -f $lib ]; then - progress_message "Loading library $lib..." - . $lib @@ -175,7 +175,7 @@ # the IP address is 128.0.0.0 or 128.0.0.1. @@ -395,32 +283,6 @@ LEFTSHIFT='<<' - + # -# Validate an IP address -# @@ -196,7 +196,7 @@ - ;; - esac - done -- +- - IFS=$ifs - - return 0 @@ -208,7 +208,7 @@ decodeaddr() { @@ -456,88 +318,6 @@ } - + # -# Enumerate the members of an IP range -- When using a shell supporting only -# 32-bit signed arithmetic, the range cannot span 128.0.0.0. @@ -297,7 +297,7 @@ ip_netmask() { @@ -588,60 +368,6 @@ } - + # -# Netmask to VLSM -# @@ -331,7 +331,7 @@ - case $c in - @*) - c=at_${c#@} -- ;; +- ;; - *.*) - c="${c%.*}_${c##*.}" - ;; @@ -358,7 +358,7 @@ chain_exists() # $1 = chain name @@ -879,21 +605,6 @@ } - + # -# Set default config path -# @@ -380,7 +380,7 @@ find_file() @@ -918,54 +629,6 @@ } - + # -# Get fully-qualified name of file -# @@ -435,7 +435,7 @@ set_state () # $1 = state @@ -974,200 +637,6 @@ } - + # -# Determine which optional facilities are supported by iptables/netfilter -# @@ -626,7 +626,7 @@ - report_capability1 MANGLE_FORWARD - report_capability1 COMMENTS - report_capability1 ADDRTYPE -- +- - echo CAPVERSION=$SHOREWALL_CAPVERSION -} - @@ -637,7 +637,7 @@ @@ -1286,82 +755,6 @@ cut -b -${1} } - + -# -# Add a logging rule. -# @@ -718,8 +718,8 @@ { clear_one_tc() { @@ -1496,65 +889,6 @@ - - echo echo + + echo echo } - -# Determine which version of mktemp is present (if any) and set MKTEMP accortingly: diff --git a/Shorewall-perl/prog.functions b/Shorewall-perl/prog.functions index faf0d1532..d0d554164 100644 --- a/Shorewall-perl/prog.functions +++ b/Shorewall-perl/prog.functions @@ -168,6 +168,6 @@ get_device_mtu1() # $1 = device # get_all_bcasts() { - ip -f inet addr show 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u + ip -f inet addr show 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u } - + diff --git a/Shorewall-perl/prog.header b/Shorewall-perl/prog.header index c64148b91..2455da409 100644 --- a/Shorewall-perl/prog.header +++ b/Shorewall-perl/prog.header @@ -267,7 +267,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR fi elif [ $savemoduleinfo = Yes ]; then [ -d ${VARDIR} ] || mkdir -p ${VARDIR} - > ${VARDIR}/.modulesdir + > ${VARDIR}/.modulesdir > ${VARDIR}/.modules fi @@ -585,9 +585,9 @@ get_interface_bcasts() # $1 = interface { local addresses= - ip -f inet addr show dev $1 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u + ip -f inet addr show dev $1 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u } - + # # Internal version of 'which' # @@ -887,7 +887,7 @@ find_echo() { result=$(which echo) [ -n "$result" ] && { echo "$result -e"; return; } - echo echo + echo echo } ################################################################################ # End of functions imported from /usr/share/shorewall/lib.base