forked from extern/shorewall_code
Eliminate the $blrules global in Shorewall::Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
d6bac484dc
commit
c2293f3d64
@ -116,11 +116,6 @@ my %auditpolicies = ( ACCEPT => 1,
|
|||||||
DROP => 1,
|
DROP => 1,
|
||||||
REJECT => 1
|
REJECT => 1
|
||||||
);
|
);
|
||||||
#
|
|
||||||
# Set to true if we have any entries in blacklist or blrules
|
|
||||||
#
|
|
||||||
my $blrules;
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Rather than initializing globals in an INIT block or during declaration,
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# we initialize them in a function. This is done for two reasons:
|
# we initialize them in a function. This is done for two reasons:
|
||||||
@ -189,8 +184,6 @@ sub initialize( $ ) {
|
|||||||
} else {
|
} else {
|
||||||
@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid/;
|
@builtins = qw/dropBcast allowBcast dropNotSyn rejNotSyn dropInvalid allowInvalid/;
|
||||||
}
|
}
|
||||||
|
|
||||||
$blrules = 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -2472,26 +2465,6 @@ sub process_rule ( ) {
|
|||||||
progress_message qq( Rule "$thisline" $done);
|
progress_message qq( Rule "$thisline" $done);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub initiate_blacklist() {
|
|
||||||
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
|
|
||||||
my $audit = $disposition =~ /^A_/;
|
|
||||||
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
|
||||||
|
|
||||||
progress_message2 "$doing $currentfilename...";
|
|
||||||
|
|
||||||
if ( supplied $level ) {
|
|
||||||
ensure_blacklog_chain( $target, $disposition, $level, $audit );
|
|
||||||
ensure_audit_blacklog_chain( $target, $disposition, $level ) if have_capability 'AUDIT_TARGET';
|
|
||||||
} elsif ( $audit ) {
|
|
||||||
require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
|
|
||||||
verify_audit( $disposition );
|
|
||||||
} elsif ( have_capability 'AUDIT_TARGET' ) {
|
|
||||||
verify_audit( 'A_' . $disposition );
|
|
||||||
}
|
|
||||||
|
|
||||||
$blrules = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Add jumps to the blacklst and blackout chains
|
# Add jumps to the blacklst and blackout chains
|
||||||
#
|
#
|
||||||
@ -2500,6 +2473,7 @@ sub classic_blacklist() {
|
|||||||
my @zones = off_firewall_zones;
|
my @zones = off_firewall_zones;
|
||||||
my @vservers = vserver_zones;
|
my @vservers = vserver_zones;
|
||||||
my @state = $config{BLACKLISTNEWONLY} ? $globals{UNTRACKED} ? state_imatch 'NEW,INVALID,UNTRACKED' : state_imatch 'NEW,INVALID' : ();
|
my @state = $config{BLACKLISTNEWONLY} ? $globals{UNTRACKED} ? state_imatch 'NEW,INVALID,UNTRACKED' : state_imatch 'NEW,INVALID' : ();
|
||||||
|
my $result;
|
||||||
#
|
#
|
||||||
# First take care of classic blacklisting
|
# First take care of classic blacklisting
|
||||||
#
|
#
|
||||||
@ -2524,6 +2498,8 @@ sub classic_blacklist() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$result = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $zoneref->{options}{out}{blacklist} ) {
|
if ( $zoneref->{options}{out}{blacklist} ) {
|
||||||
@ -2538,6 +2514,8 @@ sub classic_blacklist() {
|
|||||||
add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
|
add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$result = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
unless ( $simple ) {
|
unless ( $simple ) {
|
||||||
@ -2549,20 +2527,42 @@ sub classic_blacklist() {
|
|||||||
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $zoneref->{options}{in}{blacklist};
|
add_ijump( $frwd_ref , j => $filter_table->{blacklst}, @state ) if $zoneref->{options}{in}{blacklist};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$result;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Process the Rules File
|
# Process the Rules File
|
||||||
#
|
#
|
||||||
sub process_rules() {
|
sub process_rules() {
|
||||||
classic_blacklist;
|
my $blrules = classic_blacklist;
|
||||||
|
|
||||||
$section = 'BLACKLIST';
|
$section = 'BLACKLIST';
|
||||||
|
|
||||||
my $fn = open_file 'blrules';
|
my $fn = open_file 'blrules';
|
||||||
|
|
||||||
if ( $fn ) {
|
if ( $fn ) {
|
||||||
first_entry( \&initiate_blacklist );
|
first_entry( sub () {
|
||||||
|
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
|
||||||
|
my $audit = $disposition =~ /^A_/;
|
||||||
|
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
||||||
|
|
||||||
|
progress_message2 "$doing $currentfilename...";
|
||||||
|
|
||||||
|
if ( supplied $level ) {
|
||||||
|
ensure_blacklog_chain( $target, $disposition, $level, $audit );
|
||||||
|
ensure_audit_blacklog_chain( $target, $disposition, $level ) if have_capability 'AUDIT_TARGET';
|
||||||
|
} elsif ( $audit ) {
|
||||||
|
require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
|
||||||
|
verify_audit( $disposition );
|
||||||
|
} elsif ( have_capability 'AUDIT_TARGET' ) {
|
||||||
|
verify_audit( 'A_' . $disposition );
|
||||||
|
}
|
||||||
|
|
||||||
|
$blrules = 1;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
process_rule while read_a_line;
|
process_rule while read_a_line;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user