More micro optimizations

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5694 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-26 01:49:31 +00:00
parent c2140b4923
commit 9f8dbf120d

View File

@ -58,7 +58,11 @@ use Shorewall::Accounting;
use Shorewall::Rules;
use Shorewall::Proc;
use Shorewall::Proxyarp;
#
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
# (it basically doesn't understand it at all and gets lost). So I use a number of rather
# awkward styles in place of 'here docs'.
#
sub generate_script_1 {
copy $env{SHAREDIRPL} . 'prog.header';
@ -67,22 +71,25 @@ sub generate_script_1 {
emit join ( '', "#\n# Compiled firewall script generated by Shorewall-pl ", $env{VERSION}, " - $date\n#" );
if ( $ENV{EXPORT} ) {
emit 'SHAREDIR=/usr/share/shorewall-lite';
emit 'CONFDIR=/etc/shorewall-lite';
emit 'VARDIR=/var/lib/shorewall-lite';
emit 'PRODUCT="Shorewall Lite"';
emit join ( "\n",
'SHAREDIR=/usr/share/shorewall-lite',
'CONFDIR=/etc/shorewall-lite',
'VARDIR=/var/lib/shorewall-lite',
'PRODUCT="Shorewall Lite"' );
copy "$env{SHAREDIR}/lib.base";
emit '################################################################################';
emit '# End of /usr/share/shorewall/lib.base';
emit '################################################################################';
emit join ( "\n",
'################################################################################',
'# End of /usr/share/shorewall/lib.base',
'################################################################################' );
} else {
emit 'SHAREDIR=/usr/share/shorewall';
emit 'CONFDIR=/etc/shorewall';
emit 'VARDIR=/var/lib/shorewall';
emit 'PRODUCT=\'Shorewall\'';
emit '. /usr/share/shorewall/lib.base';
emit join ( "\n",
'SHAREDIR=/usr/share/shorewall',
'CONFDIR=/etc/shorewall',
'VARDIR=/var/lib/shorewall',
'PRODUCT=\'Shorewall\'',
'. /usr/share/shorewall/lib.base' );
}
emit 'TEMPFILE=';
@ -103,35 +110,38 @@ sub generate_script_1 {
push_indent;
if ( $ENV{EXPORT} ) {
emit '#';
emit '# These variables are required by the library functions called in this script';
emit '#';
emit 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"';
emit join ( "\n",
'#',
'# These variables are required by the library functions called in this script',
'#',
'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' );
} else {
emit 'if [ ! -f ${SHAREDIR}/version ]; then';
emit ' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"';
emit 'fi';
emit '';
emit 'local version=$(cat ${SHAREDIR}/version)';
emit '';
emit 'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then';
emit ' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"';
emit 'fi';
emit '#';
emit '# These variables are required by the library functions called in this script';
emit '#';
emit "CONFIG_PATH=\"$config{CONFIG_PATH}\"";
emit join ( "\n",
'if [ ! -f ${SHAREDIR}/version ]; then',
' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"',
'fi',
'',
'local version=$(cat ${SHAREDIR}/version)',
'',
'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then',
' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"',
'fi',
'#',
'# These variables are required by the library functions called in this script',
'#',
"CONFIG_PATH=\"$config{CONFIG_PATH}\"" );
}
propagateconfig;
emit '[ -n "${COMMAND:=restart}" ]';
emit '[ -n "${VERBOSE:=0}" ]';
emit '[ -n "${RESTOREFILE:=$RESTOREFILE}" ]';
emit '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"';
emit join( '', 'VERSION="', $env{VERSION}, '"' );
emit "PATH=\"$config{PATH}\"";
emit 'TERMINATOR=fatal_error';
emit join ( "\n" ,
'[ -n "${COMMAND:=restart}" ]',
'[ -n "${VERBOSE:=0}" ]',
'[ -n "${RESTOREFILE:=$RESTOREFILE}" ]',
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
emit join( '', 'VERSION="', $env{VERSION}, '"' ) ,
"PATH=\"$config{PATH}\"" ,
'TERMINATOR=fatal_error' );
if ( $config{IPTABLES} ) {
emit "IPTABLES=\"$config{IPTABLES}\"\n";
@ -144,13 +154,14 @@ sub generate_script_1 {
append_file 'params' if $config{EXPORTPARAMS};
emit '';
emit "STOPPING=";
emit "COMMENT=\n"; # Fixme -- eventually this goes but it's ok now to maintain compability with lib.base
emit '#';
emit '# The library requires that ${VARDIR} exist';
emit '#';
emit '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}';
emit join ( "\n",
'',
"STOPPING=",
"COMMENT=\n", # Maintain compability with lib.base
'#',
'# The library requires that ${VARDIR} exist',
'#',
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' );
pop_indent;
@ -159,11 +170,7 @@ sub generate_script_1 {
}
sub compile_stop_firewall() {
#
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
# (it basically doesn't understand it at all and gets lost). So we use the following rather
# awkward style in place of 'here docs'.
#
emit "
#
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
@ -312,14 +319,13 @@ stop_firewall() {
if ( @$criticalhosts ) {
if ( $config{ADMINISABSENTMINDED} ) {
emit ' for chain in INPUT OUTPUT; do';
emit ' setpolicy $chain ACCEPT';
emit " done\n";
emit " setpolicy FORWARD DROP\n";
emit ' deleteallchains';
emit '';
emit join ( "\n",
' for chain in INPUT OUTPUT; do',
' setpolicy $chain ACCEPT',
" done\n",
" setpolicy FORWARD DROP\n",
' deleteallchains',
'' );
for my $hosts ( @$criticalhosts ) {
my ( $interface, $host ) = ( split /:/, $hosts );