From b9a36331b4c6fd96e24b710faf1d3d8d6309b5b9 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 23 Mar 2007 19:19:43 +0000
Subject: [PATCH] More detect cleanup

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5647 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Chains.pm | 20 +++++++++-----------
 New/Shorewall/Nat.pm    |  7 ++++---
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm
index 8c5254ab4..25bb66a8f 100644
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@@ -234,7 +234,9 @@ my $chainseq;
 #
 
 #
-# Count of the number of unclosed loops in generated shell code
+# Count of the number of unclosed loops in generated shell code. We insert shell code
+# into the Chain tables 'rules' array (proceeded by '~'). create_netfilter_load() 
+# emits that code inline for execution at run-time.
 #
 my $loopcount = 0;
 
@@ -250,6 +252,7 @@ sub add_command($$)
 
     $slowstart = 1;
 }
+
 #
 # Add a rule to a chain. Arguments are:
 #
@@ -957,11 +960,6 @@ sub expand_rule( $$$$$$$$$$ )
     my ($chainref , $restriction, $rule, $source, $dest, $origdest, $target, $loglevel , $disposition, $exceptionrule ) = @_;
     my ($iiface, $diface, $inets, $dnets, $iexcl, $dexcl, $onets , $oexcl );
     my $chain = $chainref->{name};
-
-    sub finish_detect_loops( $$ ) {
-	my ( $chainref, $chain, $ruleref, $detectcount, $newchainneeded ) = @_;
-
-    }
     #
     # Handle Log Level
     #
@@ -971,7 +969,7 @@ sub expand_rule( $$$$$$$$$$ )
 	( $loglevel, $logtag ) = split /:/, $loglevel;
 	
 	if ( $loglevel =~ /^none!?$/i ) {
-	    return 1 if $disposition eq 'LOG';
+	    return if $disposition eq 'LOG';
 	    $loglevel = $logtag = '';
 	}
     }
@@ -1071,9 +1069,9 @@ sub expand_rule( $$$$$$$$$$ )
 	    my @interfaces = split /\s+/, $1;
 
 	    if ( @interfaces > 1 ) {
-		add_command $chainref, ('    ' x $loopcount) . "addresses=";
+		add_command $chainref, 'addresses=';
 
-		for my $interface ( split /\s+/, $1 ) {
+		for my $interface ( @interfaces ) {
 		    add_command  $chainref , 'addresses="$addresses $(find_first_interface_address $interface)"';
 		    add_command( $chainref , 'for address in $addresses; do' );
 		}
@@ -1292,15 +1290,15 @@ sub create_netfilter_load() {
 
     if ( $slowstart ) {
 	emit 'TEMPFILE=$(mktempfile)';
+	emit '[ -n "$TEMPFILE" ] || fatal_error "Cannot create temporary file in /tmp"';
 	emit '';
 	emit 'exec 3>>$TEMPFILE';
+	emit '';
     } else {
 	emit 'iptables-restore << __EOF__';
 	$state = CAT_STATE;
     }
 
-    emit '';
-
     for my $table qw/raw nat mangle filter/ {
 	emitr "*$table";
 		
diff --git a/New/Shorewall/Nat.pm b/New/Shorewall/Nat.pm
index 5ef1fe818..edd444fd8 100644
--- a/New/Shorewall/Nat.pm
+++ b/New/Shorewall/Nat.pm
@@ -187,13 +187,14 @@ sub setup_one_masq($$$$$$)
 		$target .= "--to $addr ";
 	    }
 	} elsif ( $addresses eq 'detect' ) {
-	    $target = '-j SNAT $addrlist';
 	    add_command( $chainref , "addresses=\$(find_interface_addresses $interface);" );
 	    add_command( $chainref , qq([ -z "\$addresses" ] && fatal_error "Unable to determine the IP address(es) of $interface";) );
-	    add_command( $chainref , 'addrlist=; \\' );
+	    add_command( $chainref , 'addrlist=' );
 	    add_command( $chainref , 'for address in $addresses; do' );
-	    add_command( $chainref , '    addrlist="$addrlist --to-source $address";' );
+	    add_command( $chainref , '    addrlist="$addrlist --to-source $address"' );
 	    add_command( $chainref , 'done' );
+
+	    $target = '-j SNAT $addrlist';
 	} else {
 	    my $addrlist = '';
 	    for my $addr ( split /,/, $addresses ) {