diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index cf936ecd9..a93df922a 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -110,6 +110,7 @@ our @EXPORT = qw( STANDARD insertnatjump get_interface_address get_interface_addresses + set_global_variables create_netfilter_load @policy_chains @@ -1715,6 +1716,43 @@ sub emitr( $ ) { } } +# +# Generate function that sets global variables +# +sub set_global_variables() { + + my $nonempty = 0; + + emitj( 'set_global_variables()', + '{' + ); + + push_indent; + # + # Establish the values of shell variables used in the following shell commands and/or 'here documents' input. + # + for ( values %interfaceaddr ) { + emit $_; + $nonempty = 1; + } + + for ( values %interfaceaddrs ) { + emit $_; + $nonempty = 1; + } + + for ( values %interfacenets ) { + emit $_; + $nonempty = 1; + } + + emit "true" unless $nonempty; + + pop_indent; + + emit "}\n"; +} + # # Generate the netfilter input # @@ -1728,21 +1766,6 @@ sub create_netfilter_load() { save_progress_message "Preparing iptables-restore input..."; - # - # Establish the values of shell variables used in the following shell commands and/or 'here documents' input. - # - for ( values %interfaceaddr ) { - emit $_; - } - - for ( values %interfaceaddrs ) { - emit $_; - } - - for ( values %interfacenets ) { - emit $_; - } - emit ''; # # We always write the input into a file then pass the file to iptables-restore. That way, if things go wrong, diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 92f333bf5..b650632f0 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -177,9 +177,10 @@ sub setup_providers() { } if ( $gateway eq 'detect' ) { + my $variable = get_interface_address $interface; emitj ( "gateway=\$(detect_gateway $interface)\n", 'if [ -n "$gateway" ]; then', - " run_ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number", + " run_ip route replace $variable dev $interface table $number", " run_ip route add default via \$gateway dev $interface table $number", 'else', " fatal_error \"Unable to detect the gateway through interface $interface\"", @@ -187,7 +188,8 @@ sub setup_providers() { $gateway = '$gateway'; } elsif ( $gateway && $gateway ne '-' ) { validate_address $gateway; - emit "run_ip route replace $gateway src \$(find_first_interface_address $interface) dev $interface table $number"; + my $variable = get_interface_address $interface; + emit "run_ip route replace $gateway src $variable dev $interface table $number"; emit "run_ip route add default via $gateway dev $interface table $number"; } else { $gateway = ''; diff --git a/Shorewall-perl/compiler.pl b/Shorewall-perl/compiler.pl index 4f84540ff..7542d547e 100755 --- a/Shorewall-perl/compiler.pl +++ b/Shorewall-perl/compiler.pl @@ -577,6 +577,8 @@ sub generate_script_3() { emit "}\n"; + set_global_variables; + progress_message2 "Creating iptables-restore input..."; create_netfilter_load; @@ -585,6 +587,9 @@ sub generate_script_3() { push_indent; emit<<'EOF'; + +set_global_variables; + setup_routing_and_traffic_shaping; if [ $COMMAND = restore ]; then