holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Pre-process standard files up front -- Take 2

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5071 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-12-09 19:31:23 +00:00
parent 7d68533ab2
commit 8300183445
5 changed files with 52 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/lib.accounting
View File

@ -239,8 +239,6 @@ setup_accounting() # $1 = Name of accounting file
save_progress_message "Setting up Accounting..." save_progress_message "Setting up Accounting..."
strip_file accounting $1
while read action chain source dest proto port sport user ; do while read action chain source dest proto port sport user ; do
process_accounting_rule process_accounting_rule
done < $TMP_DIR/accounting done < $TMP_DIR/accounting

4
Shorewall/lib.actions
View File

@ -557,10 +557,6 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
# #
process_actions1() { process_actions1() {
strip_file actions
strip_file actions.std ${SHAREDIR}/actions.std
for inputfile in actions.std actions; do for inputfile in actions.std actions; do
while read xaction rest; do while read xaction rest; do
[ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest" [ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"

73
Shorewall/lib.config
View File

@ -222,7 +222,7 @@ get_firewall_zone() {
esac esac
done < $f done < $f
startup_error "No firewall zone defined" startup_error "No firewall zone defined in $f"
} }
# #
@ -255,7 +255,7 @@ determine_zones()
IPV4_ZONES= IPV4_ZONES=
IPSEC_ZONES= IPSEC_ZONES=
[ "$IPSECFILE" = zones ] && new_zone_file=Yes [ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}"
while read zone type rest; do while read zone type rest; do
case $zone in case $zone in
@ -1717,9 +1717,12 @@ do_initialize() {
# #
TERMINATOR=fatal_error TERMINATOR=fatal_error
# #
# Clear all configuration variables # Clear all configuration variables (shorewall.conf)
# #
VERSION= STARTUP_ENABLED=
#
#VERBOSE is inherited -- VERBOSITY is only used in the CIs
#
# #
# Logging # Logging
# #
@ -1795,6 +1798,7 @@ do_initialize() {
# #
# Other Globals # Other Globals
# #
VERSION=
FW= FW=
USEPKTYPE= USEPKTYPE=
LOGLIMIT= LOGLIMIT=
@ -1820,7 +1824,7 @@ do_initialize() {
TMP_DIR=$(mktempdir) TMP_DIR=$(mktempdir)
[ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \ [ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
fatal_error "Can't create a temporary directory" startup_error "Can't create a temporary directory"
case $PROGRAM in case $PROGRAM in
compiler) compiler)
@ -1846,10 +1850,10 @@ do_initialize() {
progress_message "Processing $config..." progress_message "Processing $config..."
. $config . $config
else else
fatal_error "Cannot read $config (Hint: Are you root?)" startup_error "Cannot read $config (Hint: Are you root?)"
fi fi
else else
fatal_error "$config does not exist!" startup_error "$config does not exist!"
fi fi
# #
@ -1872,9 +1876,9 @@ do_initialize() {
if [ -z "$IPTABLES" ]; then if [ -z "$IPTABLES" ]; then
IPTABLES=$(mywhich iptables 2> /dev/null) IPTABLES=$(mywhich iptables 2> /dev/null)
[ -z "$IPTABLES" ] && fatal_error "Can't find iptables executable" [ -z "$IPTABLES" ] && startup_error "Can't find iptables executable"
else else
[ -e "$IPTABLES" ] || fatal_error "\$IPTABLES=$IPTABLES does not exist or is not executable" [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
fi fi
f=$(find_file capabilities) f=$(find_file capabilities)
@ -1884,7 +1888,7 @@ do_initialize() {
else else
f=$(find_file capabilities) f=$(find_file capabilities)
[ -f $f ] && . $f || fatal_error "The -e flag requires a capabilities file" [ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
fi fi
ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)" ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
@ -1900,7 +1904,7 @@ do_initialize() {
[Oo][Nn]|[Oo][Ff][Ff]|[Kk][Ee][Ee][Pp]) [Oo][Nn]|[Oo][Ff][Ff]|[Kk][Ee][Ee][Pp])
;; ;;
*) *)
fatal_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING" startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
;; ;;
esac esac
else else
@ -1935,7 +1939,7 @@ do_initialize() {
MACLIST_TARGET=RETURN MACLIST_TARGET=RETURN
;; ;;
*) *)
fatal_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION" startup_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION"
;; ;;
esac esac
else else
@ -1947,7 +1951,7 @@ do_initialize() {
REJECT|ACCEPT|DROP) REJECT|ACCEPT|DROP)
;; ;;
*) *)
fatal_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION" startup_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION"
;; ;;
esac esac
else else
@ -1965,16 +1969,16 @@ do_initialize() {
LOGRULENUMBERS=Yes LOGRULENUMBERS=Yes
temp=$(printf "$LOGFORMAT" fooxx2barxx 1 ACCEPT 2> /dev/null) temp=$(printf "$LOGFORMAT" fooxx2barxx 1 ACCEPT 2> /dev/null)
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
fi fi
else else
temp=$(printf "$LOGFORMAT" fooxx2barxx ACCEPT 2> /dev/null) temp=$(printf "$LOGFORMAT" fooxx2barxx ACCEPT 2> /dev/null)
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
fi fi
fi fi
[ ${#temp} -le 29 ] || fatal_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\"" [ ${#temp} -le 29 ] || startup_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\""
MAXZONENAMELENGTH=$(( 5 + ( ( 29 - ${#temp}) / 2) )) MAXZONENAMELENGTH=$(( 5 + ( ( 29 - ${#temp}) / 2) ))
MAXZONENAMELENGTH=${MAXZONENAMELENGTH%.*} MAXZONENAMELENGTH=${MAXZONENAMELENGTH%.*}
@ -1990,7 +1994,7 @@ do_initialize() {
DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES) DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
if [ -n "$DYNAMIC_ZONES" ]; then if [ -n "$DYNAMIC_ZONES" ]; then
[ -n "$EXPORT" ] && fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" [ -n "$EXPORT" ] && startup_error "DYNAMIC_ZONES=Yes is incompatible with the -e option"
lib_avail dynamiczones || error_message "WARNING: DYNAMIC_ZONES=Yes requires the Shorewall dynamiczones library (${SHAREDIR}/lib.dynamiczones) which is not installed" lib_avail dynamiczones || error_message "WARNING: DYNAMIC_ZONES=Yes requires the Shorewall dynamiczones library (${SHAREDIR}/lib.dynamiczones) which is not installed"
fi fi
@ -2012,15 +2016,15 @@ do_initialize() {
[ -n "$XCONNMARK_MATCH" ] || XCONNMARK= [ -n "$XCONNMARK_MATCH" ] || XCONNMARK=
[ -n "$XMARK" ] || XCONNMARK= [ -n "$XMARK" ] || XCONNMARK=
[ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && fatal_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support" [ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && startup_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support"
case ${MACLIST_TABLE:=filter} in case ${MACLIST_TABLE:=filter} in
filter) filter)
;; ;;
mangle) mangle)
[ $MACLIST_DISPOSITION = reject ] && fatal_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle" [ $MACLIST_DISPOSITION = reject ] && startup_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle"
;; *) ;; *)
fatal_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option" startup_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option"
;; ;;
esac esac
@ -2031,7 +2035,7 @@ do_initialize() {
[Yy][Ee][Ss]) [Yy][Ee][Ss])
TC_ENABLED=Yes TC_ENABLED=Yes
TC_SCRIPT=$(find_file tcstart) TC_SCRIPT=$(find_file tcstart)
[ -f $TC_SCRIPT ] || fatal_error "Unable to find tcstart file" [ -f $TC_SCRIPT ] || startup_error "Unable to find tcstart file"
;; ;;
[Ii][Nn][Tt][Ee][Rr][Nn][Aa][Ll]) [Ii][Nn][Tt][Ee][Rr][Nn][Aa][Ll])
TC_ENABLED=Internal TC_ENABLED=Internal
@ -2045,7 +2049,7 @@ do_initialize() {
fi fi
if [ -n "$TC_ENABLED" ];then if [ -n "$TC_ENABLED" ];then
[ -n "$MANGLE_ENABLED" ] || fatal_error "Traffic Shaping requires mangle support in your kernel and iptables" [ -n "$MANGLE_ENABLED" ] || startup_error "Traffic Shaping requires mangle support in your kernel and iptables"
fi fi
[ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD" [ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD"
@ -2079,7 +2083,7 @@ do_initialize() {
0|1) 0|1)
;; ;;
*) *)
fatal_error "Invalid OPTIMIZE value ($OPTIMIZE)" startup_error "Invalid OPTIMIZE value ($OPTIMIZE)"
;; ;;
esac esac
# #
@ -2089,7 +2093,7 @@ do_initialize() {
temp=$(decodeaddr 192.168.1.1) temp=$(decodeaddr 192.168.1.1)
if [ $(encodeaddr $temp) != 192.168.1.1 ]; then if [ $(encodeaddr $temp) != 192.168.1.1 ]; then
fatal_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall" startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall"
fi fi
if [ -z "$KLUDGEFREE" ]; then if [ -z "$KLUDGEFREE" ]; then
@ -2098,7 +2102,12 @@ do_initialize() {
fi fi
qt mywhich awk && HAVEAWK=Yes || HAVEAWK= qt mywhich awk && HAVEAWK=Yes || HAVEAWK=
#
# Pre-process all of the standard files
#
# Because 'strip_file()' does shell variable expansion, we must first determine the
# setting of $FW
#
case ${IPSECFILE:=ipsec} in case ${IPSECFILE:=ipsec} in
ipsec) ipsec)
[ -n "${FW:=fw}" ] [ -n "${FW:=fw}" ]
@ -2108,7 +2117,7 @@ do_initialize() {
get_firewall_zone get_firewall_zone
;; ;;
*) *)
fatal_error "Invalid value ($IPSECFILE) for IPSECFILE option" startup_error "Invalid value ($IPSECFILE) for IPSECFILE option"
;; ;;
esac esac
@ -2118,7 +2127,13 @@ do_initialize() {
strip_file hosts strip_file hosts
if [ $PROGRAM = compiler ]; then if [ $PROGRAM = compiler ]; then
strip_file_and_lib_load accounting accounting strip_file_and_lib_load accounting accounting
if [ -n "$USE_ACTIONS" ]; then
strip_file actions
strip_file actions.std ${SHAREDIR}/actions.std
fi
strip_file blacklist strip_file blacklist
strip_file ecn strip_file ecn
strip_file maclist strip_file maclist
@ -2141,7 +2156,9 @@ do_initialize() {
strip_file tos strip_file tos
strip_file_and_lib_load tunnels tunnels strip_file_and_lib_load tunnels tunnels
fi fi
#
# Clear $FW
#
FW= FW=
} }

20
Shorewall/lib.providers
View File

@ -393,21 +393,15 @@ __EOF__
__EOF__ __EOF__
done done
f=$(find_file route_rules) if [ -s $TMP_DIR/route_rules ]; then
progress_message2 "$DOING $(find_file route_rules)..."
if [ -f $f ]; then save_command
strip_file route_rules $f
if [ -s $TMP_DIR/route_rules ]; then while read source dest provider priority; do
progress_message2 "$DOING $f..." rule="$source $dest $priority $provider"
add_an_rtrule
save_command done < $TMP_DIR/route_rules
while read source dest provider priority; do
rule="$source $dest $priority $provider"
add_an_rtrule
done < $TMP_DIR/route_rules
fi
fi fi
fi fi

2
Shorewall/lib.tunnels
View File

@ -223,8 +223,6 @@ setup_tunnels() # $1 = name of tunnels file
progress_message_and_save " GENERIC tunnel to $1:$p defined." progress_message_and_save " GENERIC tunnel to $1:$p defined."
} }
strip_file tunnels $1
while read kind z gateway z1; do while read kind z gateway z1; do
tunnel="$(echo $kind $z $gateway $z1)" tunnel="$(echo $kind $z $gateway $z1)"
if validate_zone $z; then if validate_zone $z; then