forked from extern/shorewall_code
More micro optimizations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5694 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c2140b4923
commit
9f8dbf120d
120
New/compiler.pl
120
New/compiler.pl
@ -58,7 +58,11 @@ use Shorewall::Accounting;
|
||||
use Shorewall::Rules;
|
||||
use Shorewall::Proc;
|
||||
use Shorewall::Proxyarp;
|
||||
|
||||
#
|
||||
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
|
||||
# (it basically doesn't understand it at all and gets lost). So I use a number of rather
|
||||
# awkward styles in place of 'here docs'.
|
||||
#
|
||||
sub generate_script_1 {
|
||||
copy $env{SHAREDIRPL} . 'prog.header';
|
||||
|
||||
@ -67,22 +71,25 @@ sub generate_script_1 {
|
||||
emit join ( '', "#\n# Compiled firewall script generated by Shorewall-pl ", $env{VERSION}, " - $date\n#" );
|
||||
|
||||
if ( $ENV{EXPORT} ) {
|
||||
emit 'SHAREDIR=/usr/share/shorewall-lite';
|
||||
emit 'CONFDIR=/etc/shorewall-lite';
|
||||
emit 'VARDIR=/var/lib/shorewall-lite';
|
||||
emit 'PRODUCT="Shorewall Lite"';
|
||||
emit join ( "\n",
|
||||
'SHAREDIR=/usr/share/shorewall-lite',
|
||||
'CONFDIR=/etc/shorewall-lite',
|
||||
'VARDIR=/var/lib/shorewall-lite',
|
||||
'PRODUCT="Shorewall Lite"' );
|
||||
|
||||
copy "$env{SHAREDIR}/lib.base";
|
||||
|
||||
emit '################################################################################';
|
||||
emit '# End of /usr/share/shorewall/lib.base';
|
||||
emit '################################################################################';
|
||||
emit join ( "\n",
|
||||
'################################################################################',
|
||||
'# End of /usr/share/shorewall/lib.base',
|
||||
'################################################################################' );
|
||||
} else {
|
||||
emit 'SHAREDIR=/usr/share/shorewall';
|
||||
emit 'CONFDIR=/etc/shorewall';
|
||||
emit 'VARDIR=/var/lib/shorewall';
|
||||
emit 'PRODUCT=\'Shorewall\'';
|
||||
emit '. /usr/share/shorewall/lib.base';
|
||||
emit join ( "\n",
|
||||
'SHAREDIR=/usr/share/shorewall',
|
||||
'CONFDIR=/etc/shorewall',
|
||||
'VARDIR=/var/lib/shorewall',
|
||||
'PRODUCT=\'Shorewall\'',
|
||||
'. /usr/share/shorewall/lib.base' );
|
||||
}
|
||||
|
||||
emit 'TEMPFILE=';
|
||||
@ -103,35 +110,38 @@ sub generate_script_1 {
|
||||
push_indent;
|
||||
|
||||
if ( $ENV{EXPORT} ) {
|
||||
emit '#';
|
||||
emit '# These variables are required by the library functions called in this script';
|
||||
emit '#';
|
||||
emit 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"';
|
||||
emit join ( "\n",
|
||||
'#',
|
||||
'# These variables are required by the library functions called in this script',
|
||||
'#',
|
||||
'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' );
|
||||
} else {
|
||||
emit 'if [ ! -f ${SHAREDIR}/version ]; then';
|
||||
emit ' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"';
|
||||
emit 'fi';
|
||||
emit '';
|
||||
emit 'local version=$(cat ${SHAREDIR}/version)';
|
||||
emit '';
|
||||
emit 'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then';
|
||||
emit ' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"';
|
||||
emit 'fi';
|
||||
emit '#';
|
||||
emit '# These variables are required by the library functions called in this script';
|
||||
emit '#';
|
||||
emit "CONFIG_PATH=\"$config{CONFIG_PATH}\"";
|
||||
emit join ( "\n",
|
||||
'if [ ! -f ${SHAREDIR}/version ]; then',
|
||||
' fatal_error "This script requires Shorewall which do not appear to be installed on this system (did you forget \"-e\" when you compiled?)"',
|
||||
'fi',
|
||||
'',
|
||||
'local version=$(cat ${SHAREDIR}/version)',
|
||||
'',
|
||||
'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then',
|
||||
' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"',
|
||||
'fi',
|
||||
'#',
|
||||
'# These variables are required by the library functions called in this script',
|
||||
'#',
|
||||
"CONFIG_PATH=\"$config{CONFIG_PATH}\"" );
|
||||
}
|
||||
|
||||
propagateconfig;
|
||||
|
||||
emit '[ -n "${COMMAND:=restart}" ]';
|
||||
emit '[ -n "${VERBOSE:=0}" ]';
|
||||
emit '[ -n "${RESTOREFILE:=$RESTOREFILE}" ]';
|
||||
emit '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"';
|
||||
emit join( '', 'VERSION="', $env{VERSION}, '"' );
|
||||
emit "PATH=\"$config{PATH}\"";
|
||||
emit 'TERMINATOR=fatal_error';
|
||||
emit join ( "\n" ,
|
||||
'[ -n "${COMMAND:=restart}" ]',
|
||||
'[ -n "${VERBOSE:=0}" ]',
|
||||
'[ -n "${RESTOREFILE:=$RESTOREFILE}" ]',
|
||||
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
|
||||
emit join( '', 'VERSION="', $env{VERSION}, '"' ) ,
|
||||
"PATH=\"$config{PATH}\"" ,
|
||||
'TERMINATOR=fatal_error' );
|
||||
|
||||
if ( $config{IPTABLES} ) {
|
||||
emit "IPTABLES=\"$config{IPTABLES}\"\n";
|
||||
@ -144,13 +154,14 @@ sub generate_script_1 {
|
||||
|
||||
append_file 'params' if $config{EXPORTPARAMS};
|
||||
|
||||
emit '';
|
||||
emit "STOPPING=";
|
||||
emit "COMMENT=\n"; # Fixme -- eventually this goes but it's ok now to maintain compability with lib.base
|
||||
emit '#';
|
||||
emit '# The library requires that ${VARDIR} exist';
|
||||
emit '#';
|
||||
emit '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}';
|
||||
emit join ( "\n",
|
||||
'',
|
||||
"STOPPING=",
|
||||
"COMMENT=\n", # Maintain compability with lib.base
|
||||
'#',
|
||||
'# The library requires that ${VARDIR} exist',
|
||||
'#',
|
||||
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' );
|
||||
|
||||
pop_indent;
|
||||
|
||||
@ -159,11 +170,7 @@ sub generate_script_1 {
|
||||
}
|
||||
|
||||
sub compile_stop_firewall() {
|
||||
#
|
||||
# Emacs doesn't handle 'here documents' in Perl Mode nearly as well as it does in Shell mode
|
||||
# (it basically doesn't understand it at all and gets lost). So we use the following rather
|
||||
# awkward style in place of 'here docs'.
|
||||
#
|
||||
|
||||
emit "
|
||||
#
|
||||
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
||||
@ -312,14 +319,13 @@ stop_firewall() {
|
||||
|
||||
if ( @$criticalhosts ) {
|
||||
if ( $config{ADMINISABSENTMINDED} ) {
|
||||
emit ' for chain in INPUT OUTPUT; do';
|
||||
emit ' setpolicy $chain ACCEPT';
|
||||
emit " done\n";
|
||||
|
||||
emit " setpolicy FORWARD DROP\n";
|
||||
|
||||
emit ' deleteallchains';
|
||||
emit '';
|
||||
emit join ( "\n",
|
||||
' for chain in INPUT OUTPUT; do',
|
||||
' setpolicy $chain ACCEPT',
|
||||
" done\n",
|
||||
" setpolicy FORWARD DROP\n",
|
||||
' deleteallchains',
|
||||
'' );
|
||||
|
||||
for my $hosts ( @$criticalhosts ) {
|
||||
my ( $interface, $host ) = ( split /:/, $hosts );
|
||||
|
Loading…
Reference in New Issue
Block a user