diff --git a/Shorewall/compiler b/Shorewall/compiler index d461cb599..70930025e 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -476,8 +476,6 @@ determine_zones() [ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}" while read zone type rest; do - expandv zone type - case $zone in *:*) parents=${zone#*:} @@ -875,8 +873,7 @@ find_hosts() # $1 = host zone local hosts interface address addresses while read z hosts options; do - if [ "x$(expand $z)" = "x$1" ]; then - expandv hosts + if [ "x$z" = "x$1" ]; then interface=${hosts%%:*} addresses=${hosts#*:} for address in $(separate_list $addresses); do @@ -996,7 +993,6 @@ validate_interfaces_file() { local z interface networks options r iface option while read z interface networks options; do - expandv z interface networks options r="$z $interface $networks $options" [ "x$z" = "x-" ] && z= @@ -1342,7 +1338,6 @@ __EOF__ save_command "DEFAULT_ROUTE=" while read table number mark duplicate interface gateway options copy; do - expandv table number mark duplicate interface gateway options copy provider="$table $number $mark $duplicate $interface $gateway $options $copy" add_a_provider PROVIDERS="$PROVIDERS $table" @@ -1387,7 +1382,6 @@ __EOF__ save_command while read source dest provider priority; do - expandv source dest provider priority rule="$source $dest $priority $provider" add_an_rtrule done < $TMP_DIR/route_rules @@ -1415,7 +1409,6 @@ validate_hosts_file() { } while read z hosts options; do - expandv z hosts options r="$z $hosts $options" validate_zone1 $z || fatal_error "Invalid zone ($z) in record \"$r\"" @@ -1564,8 +1557,6 @@ validate_policy() strip_file policy while read client server policy loglevel synparams; do - expandv client server policy loglevel synparams - clientwild= serverwild= @@ -1727,11 +1718,9 @@ find_hosts_by_option() # $1 = option local ignore hosts interface address addresses options ipsec= list while read ignore hosts options; do - expandv options list=$(separate_list $options) if list_search $1 $list; then list_search ipsec $list && ipsec=ipsec || ipsec=none - expandv hosts interface=${hosts%%:*} addresses=${hosts#*:} for address in $(separate_list $addresses); do @@ -1781,7 +1770,6 @@ process_routestopped() # $1 = command local hosts= interface host host1 options networks source= dest= matched while read interface host options; do - expandv interface host options [ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0 for h in $(separate_list $host); do hosts="$hosts $interface:$h" @@ -1860,8 +1848,6 @@ process_criticalhosts() [ -f $TMP_DIR/routestopped ] || strip_file routestopped while read interface host options; do - expandv interface host options - [ "x$host" = "x-" -o -z "$host" ] && host=0.0.0.0/0 || host=$(separate_list $host) if [ -n "$options" ]; then @@ -2118,7 +2104,6 @@ setup_tunnels() # $1 = name of tunnels file strip_file tunnels $1 while read kind z gateway z1; do - expandv kind z gateway z1 tunnel="$(echo $kind $z $gateway $z1)" if validate_zone $z; then inchain=${z}2${FW} @@ -2263,8 +2248,6 @@ setup_ipsec() { esac while read zone type options in_options out_options mss; do - expandv zone type options in_options out_options mss - if [ -n "$using_ipsec" ]; then validate_zone1 $zone || fatal_error "Unknown zone: $zone" fi @@ -2370,7 +2353,6 @@ __EOF__ save_progress_message "Setting up Proxy ARP..." while read address interface external haveroute persistent; do - expandv address interface external haveroute persistent list_search $interface $setlist || setlist="$setlist $interface" list_search $external $resetlist || list_search $external $setlist || resetlist="$resetlist $external" setup_one_proxy_arp @@ -2488,8 +2470,6 @@ setup_mac_lists() { # Process the maclist file producing the verification rules # while read disposition interface mac addresses; do - expandv disposition interface mac addresses - level= case $disposition in @@ -2757,10 +2737,7 @@ setup_nat() { [ -n "$RETAIN_ALIASES" ] || save_progress_message "Setting up one-to-one NAT..." while read external interface internal allints localnat; do - expandv external interface internal allints localnat - do_one_nat - progress_message_and_save " Host $internal NAT $external on $interface" done < $TMP_DIR/nat } @@ -2793,8 +2770,6 @@ __EOF__ setup_netmap() { while read type net1 interface net2 ; do - expandv type net1 interface net2 - list_search $interface $ALL_INTERFACES || \ fatal_error "Unknown interface $interface in entry \"$type $net1 $interface $net2\"" @@ -2829,7 +2804,6 @@ setup_ecn() # $1 = file name progress_message2 "$DOING $1..." while read interface host; do - expandv interface host list_search $interface $ALL_INTERFACES || \ fatal_error "Unknown interface $interface" list_search $interface $interfaces || \ @@ -2917,7 +2891,6 @@ setup_tc1() { strip_file tcrules while read mark sources dests proto ports sports user testval length tos; do - expandv mark sources dests proto ports sports user testval length tos rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos") process_tc_rule done < $TMP_DIR/tcrules @@ -3214,7 +3187,6 @@ setup_accounting() # $1 = Name of accounting file strip_file accounting $1 while read action chain source dest proto port sport user ; do - expandv action chain source dest proto port sport user process_accounting_rule done < $TMP_DIR/accounting @@ -3530,11 +3502,9 @@ process_action() # $1 = chain (Chain to add the rules to) else loglevel="${target#*:}" target="${target%%:*}" - expandv loglevel if [ "$loglevel" != "${loglevel%:*}" ]; then logtag="${loglevel#*:}" loglevel="${loglevel%:*}" - expandv logtag fi case $loglevel in @@ -4029,7 +3999,6 @@ process_actions1() { progress_message2 " Pre-processing $fn..." strip_file $f $fn while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do - expandv xtarget temp="${xtarget%%:*}" case "$temp" in ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE) @@ -4069,7 +4038,6 @@ process_actions1() { progress_message " ..Expanding Macro $fn..." while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - expandv mtarget temp="${mtarget%%:*}" case "$temp" in ACCEPT|DROP|REJECT|LOG|QUEUE|CONTINUE|PARAM) @@ -4315,7 +4283,6 @@ __EOF__ progress_message2 "$DOING $(find_file $f) for Chain $xchain..." while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec; do - expandv xtarget # # Generate the target:level:tag to pass to process_action() # @@ -4348,8 +4315,6 @@ __EOF__ ;; esac - expandv xclients xservers xprotocol xports xcports xratelimit xuserspec - if [ -n "$is_macro" ]; then xtarget1=$(map_old_action $xtarget1) @@ -4363,8 +4328,6 @@ __EOF__ progress_message "..Expanding Macro $(find_file macro.$xtarget1)..." while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - expandv mtarget mclients mservers mprotocol mports mcports mratelimit muserspec - mtarget=$(merge_levels $xaction2 $mtarget) case $mtarget in @@ -5018,11 +4981,9 @@ __EOF__ else loglevel="${target#*:}" target="${target%%:*}" - expandv loglevel if [ "$loglevel" != "${loglevel%:*}" ]; then logtag="${loglevel#*:}" loglevel="${loglevel%:*}" - expandv logtag fi case $loglevel in @@ -5412,8 +5373,6 @@ process_macro() # $1 = target progress_message "..Expanding Macro $(find_file macro.${itarget%%:*})..." while read mtarget mclients mservers mprotocol mports mcports mratelimit muserspec; do - expandv mtarget mclients mservers mprotocol mports mcports mratelimit muserspec - mtarget=$(merge_levels $itarget $mtarget) case $mtarget in @@ -5519,8 +5478,6 @@ process_rules() do_it() # $1 = "Yes" if the target is a macro. { - expandv xprotocol xports xcports xaddress xratelimit xuserspec intrazone= - if [ -z "$SECTIONS" ]; then finish_section ESTABLISHED,RELATED SECTIONS="ESTABLISHED RELATED NEW" @@ -5581,8 +5538,6 @@ process_rules() } while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do - expandv xtarget xclients xservers - if [ "x$xclients" = xnone -o "x$servers" = xnone ]; then rule="$xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec" progress_message " Rule \"$rule\" ignored." @@ -5857,7 +5812,6 @@ process_tos() # $1 = name of tos file createmanglechain outtos while read src dst protocol sport dport tos; do - expandv src dst protocol sport dport tos rule="$(echo $src $dst $protocol $sport $dport $tos)" process_tos_rule done < $TMP_DIR/tos @@ -6501,7 +6455,6 @@ __EOF__ fi while read fullinterface networks addresses proto ports ipsec; do - expandv fullinterface networks addresses proto ports ipsec if [ -n "$NAT_ENABLED" ]; then setup_one else @@ -6643,7 +6596,6 @@ setup_blacklist() { if [ -z "$DELAYBLACKLISTLOAD" ]; then while read networks protocol ports; do - expandv networks protocol ports process_blacklist_rec done < $TMP_DIR/blacklist fi @@ -6667,7 +6619,6 @@ refresh_blacklist() { run_iptables -F blacklst while read networks protocol ports; do - expandv networks protocol ports process_blacklist_rec done < $TMP_DIR/blacklist } @@ -6686,7 +6637,6 @@ validate_blacklist() { [ "$disposition" = REJECT ] && disposition=reject while read networks protocol ports; do - expandv networks protocol ports process_blacklist_rec done < $TMP_DIR/blacklist } diff --git a/Shorewall/functions b/Shorewall/functions index bf4d134a0..81b8be757 100644 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -594,6 +594,7 @@ read_file() # $1 = file name, $2 = nest count if [ -f $1 ]; then while read first rest; do + expandv first rest if [ "x$first" = "xINCLUDE" ]; then if [ $2 -lt 4 ]; then read_file $(find_file $(expand ${rest%#*})) $(($2 + 1))