holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Some cosmetic cleanup

Browse Source
This commit is contained in:
Tom Eastep 2010-12-28 17:18:43 -08:00
parent d90d56161c
commit a4bf11c7d5
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -20,7 +20,8 @@
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
# This module contains those routines that don't seem to fit well elsewhere. # This module contains those routines that don't seem to fit well elsewhere. It
# was carved from the Rules module in 4.4.16.
# #
package Shorewall::Misc; package Shorewall::Misc;
require Exporter; require Exporter;
@ -1055,7 +1056,8 @@ sub add_interface_jumps {
# The biggest disadvantage of the zone-policy-rule model used by Shorewall is that it doesn't scale well as the number of zones increases (Order N**2 where N = number of zones). # The biggest disadvantage of the zone-policy-rule model used by Shorewall is that it doesn't scale well as the number of zones increases (Order N**2 where N = number of zones).
# A major goal of the rewrite of the compiler in Perl was to restrict those scaling effects to this function and the rules that it generates. # A major goal of the rewrite of the compiler in Perl was to restrict those scaling effects to this function and the rules that it generates.
# #
# The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table rules. # The function traverses the full "source-zone by destination-zone" matrix and generates the rules necessary to direct traffic through the right set of filter-table and
# nat-table rules.
# #
sub generate_matrix() { sub generate_matrix() {
my @interfaces = ( all_interfaces ); my @interfaces = ( all_interfaces );

13
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -23,6 +23,8 @@
# This module contains process_rule() and it's associated helpers for handling # This module contains process_rule() and it's associated helpers for handling
# Actions and Macros. # Actions and Macros.
# #
# This module combines the former Rules and Actions modules.
#
package Shorewall::Rules; package Shorewall::Rules;
require Exporter; require Exporter;
use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Config qw(:DEFAULT :internal);
@ -447,8 +449,6 @@ sub map_old_actions( $ ) {
# processed once for each unique [:level[:tag]][:param] applied to an invocation of the action. # processed once for each unique [:level[:tag]][:param] applied to an invocation of the action.
# #
sub process_rule_common ( $$$$$$$$$$$$$$$$ );
sub process_actions1() { sub process_actions1() {
progress_message2 "Locating Action Files..."; progress_message2 "Locating Action Files...";
@ -513,6 +513,8 @@ sub merge_action_levels( $$ ) {
join ':', $action, $sublevel, $subtag, $subparam; join ':', $action, $sublevel, $subtag, $subparam;
} }
sub process_rule_common ( $$$$$$$$$$$$$$$$ );
sub process_action2( $ ) { sub process_action2( $ ) {
my $wholeaction = shift; my $wholeaction = shift;
my ( $action , $level, $tag, $param ) = split /:/, $wholeaction; my ( $action , $level, $tag, $param ) = split /:/, $wholeaction;
@ -567,10 +569,10 @@ sub process_action2( $ ) {
} }
sub process_actions2 () { sub process_actions2 () {
progress_message2 "Pre-processing default actions..."; progress_message2 "Pre-processing policy actions...";
for my $action ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) { for ( map normalize_action_name $_, ( grep ! ( $targets{$_} & BUILTIN ), keys %policy_actions ) ) {
process_action2( $action ) if use_action( $action ); process_action2( $_ ) if use_action( $_ );
} }
} }
@ -668,7 +670,6 @@ sub dropBcast( $$$ ) {
log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne ''; log_rule_limit $level, $chainref, 'dropBcast' , 'DROP', '', $tag, 'add', ' -d 224.0.0.0/4 ' if $level ne '';
} }
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
add_rule $chainref, '-d 224.0.0.0/4 -j DROP'; add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
} else { } else {