forked from extern/shorewall_code
Some cosmetic cleanup
This commit is contained in:
Tom Eastep
parent
d90d56161c
commit
a4bf11c7d5
@ -20,7 +20,8 @@
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# This module contains those routines that don't seem to fit well elsewhere.
|
||||
# This module contains those routines that don't seem to fit well elsewhere. It
|
||||
# was carved from the Rules module in 4.4.16.
|
||||
#
|
||||
package Shorewall::Misc;
|
||||
require Exporter;
|
||||
@ -1055,7 +1056,8 @@ sub add_interface_jumps {
|
||||
# The biggest disadvantage of the zone-policy-rule model used by Shorewall is that it doesn't scale well as the number of zones increases (Order N**2 where N = number of zones).
|
||||
# A major goal of the rewrite of the compiler in Perl was to restrict those scaling effects to this function and the rules that it generates.
|
||||
#
|
||||
# The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table rules.
|
||||
# The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table and
|
||||
# nat-table rules.
|
||||
#
|
||||
sub generate_matrix() {
|
||||
my @interfaces = ( all_interfaces );
|
||||
|
||||
@ -23,6 +23,8 @@
|
||||
# This module contains process_rule() and it's associated helpers for handling
|
||||
# Actions and Macros.
|
||||
#
|
||||
# This module combines the former Rules and Actions modules.
|
||||
#
|
||||
package Shorewall::Rules;
|
||||
require Exporter;
|
||||
use Shorewall::Config qw(:DEFAULT :internal);
|
||||
@ -447,8 +449,6 @@ sub map_old_actions( $ ) {
|
||||
# processed once for each unique [:level[:tag]][:param] applied to an invocation of the action.
|
||||
#
|
||||
|
||||
sub process_rule_common ( $$$$$$$$$$$$$$$$ );
|
||||
|
||||
sub process_actions1() {
|
||||
|
||||
progress_message2 "Locating Action Files...";
|
||||
@ -513,6 +513,8 @@ sub merge_action_levels( $$ ) {
|
||||
join ':', $action, $sublevel, $subtag, $subparam;
|
||||
}
|
||||
|
||||
sub process_rule_common ( $$$$$$$$$$$$$$$$ );
|
||||
|
||||
sub process_action2( $ ) {
|
||||
my $wholeaction = shift;
|
||||
my ( $action , $level, $tag, $param ) = split /:/, $wholeaction;
|
||||
@ -567,10 +569,10 @@ sub process_action2( $ ) {
|
||||
}
|
||||
|
||||
sub process_actions2 () {
|
||||
progress_message2 "Pre-processing default actions...";
|
||||
progress_message2 "Pre-processing policy actions...";
|
||||
|
||||
for my $action ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) {
|
||||
process_action2( $action ) if use_action( $action );
|
||||
for ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) {
|
||||
process_action2( $_ ) if use_action( $_ );
|
||||
}
|
||||
}
|
||||
|
||||
@ -668,7 +670,6 @@ sub dropBcast( $$$ ) {
|
||||
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
|
||||
}
|
||||
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
|
||||
} else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user