forked from extern/shorewall_code
capitalize 'terminator' variable; duplicate PREROUTING connmark logic in OUTPUT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2441 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c7cb64e4ee
commit
c66159abee
@ -1959,7 +1959,7 @@ stop_firewall() {
|
||||
|
||||
stopping="Yes"
|
||||
|
||||
terminator=
|
||||
TERMINATOR=
|
||||
|
||||
deletechain shorewall
|
||||
|
||||
@ -3095,12 +3095,6 @@ setup_tc1() {
|
||||
#
|
||||
|
||||
run_iptables -t mangle -N tcpre
|
||||
|
||||
for interface in $ROUTEMARK_INTERFACES; do
|
||||
eval mark=\$$(chain_base $interface)_routemark
|
||||
run_iptables -t mangle -A tcpre -m connmark --mark $mark -j RETURN
|
||||
done
|
||||
|
||||
run_iptables -t mangle -N tcfor
|
||||
run_iptables -t mangle -N tcout
|
||||
run_iptables -t mangle -N tcpost
|
||||
@ -3118,9 +3112,18 @@ setup_tc1() {
|
||||
# Link to the TC mangle chains from the main chains
|
||||
#
|
||||
|
||||
if [ -n "$ROUTEMARK_INTERFACES" ]; then
|
||||
#
|
||||
# Route marks are restored in PREROUTING/OUTPUT prior to these rules. We only send
|
||||
# packets that are not part of a marked connection to the 'tcpre/tcout' chains
|
||||
#
|
||||
run_iptables -t mangle -A PREROUTING -m mark --mark 0 -j tcpre
|
||||
run_iptables -t mangle -A OUTPUT -m mark --mark 0 -j tcout
|
||||
else
|
||||
run_iptables -t mangle -A PREROUTING -j tcpre
|
||||
run_iptables -t mangle -A OUTPUT -j tcout
|
||||
fi
|
||||
run_iptables -t mangle -A FORWARD -j tcfor
|
||||
run_iptables -t mangle -A PREROUTING -j tcpre
|
||||
run_iptables -t mangle -A OUTPUT -j tcout
|
||||
run_iptables -t mangle -A POSTROUTING -j tcpost
|
||||
|
||||
f=$(find_file tcstart)
|
||||
@ -6038,6 +6041,7 @@ setup_routes()
|
||||
{
|
||||
|
||||
run_iptables -t mangle -A PREROUTING -m connmark ! --mark 0 -j CONNMARK --restore-mark
|
||||
run_iptables -t mangle -A OUTPUT -m connmark ! --mark 0 -j CONNMARK --restore-mark
|
||||
run_iptables -t mangle -N routemark
|
||||
|
||||
for interface in $ROUTEMARK_INTERFACES ; do
|
||||
@ -6868,7 +6872,7 @@ initialize_netfilter () {
|
||||
echo "Pre-processing Actions..."
|
||||
process_actions1
|
||||
|
||||
terminator=fatal_error
|
||||
TERMINATOR=fatal_error
|
||||
|
||||
deletechain shorewall
|
||||
|
||||
@ -8096,7 +8100,7 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
|
||||
|
||||
mv -f /var/lib/shorewall/zones_$$ /var/lib/shorewall/zones
|
||||
|
||||
terminator=fatal_error
|
||||
TERMINATOR=fatal_error
|
||||
#
|
||||
# Create a new Zone state file
|
||||
#
|
||||
@ -8284,7 +8288,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
|
||||
|
||||
mv -f /var/lib/shorewall/zones_$$ /var/lib/shorewall/zones
|
||||
|
||||
terminator=fatal_error
|
||||
TERMINATOR=fatal_error
|
||||
|
||||
for delhost in $hostlist; do
|
||||
interface=${delhost%%:*}
|
||||
@ -8412,7 +8416,7 @@ do_initialize() {
|
||||
#
|
||||
# Establish termination function
|
||||
#
|
||||
terminator=startup_error
|
||||
TERMINATOR=startup_error
|
||||
#
|
||||
# Clear all configuration variables
|
||||
#
|
||||
|
@ -172,12 +172,12 @@ separate_list() {
|
||||
# There's been whining about us not catching embedded white space in
|
||||
# comma-separated lists. This is an attempt to snag some of the cases.
|
||||
#
|
||||
# The 'terminator' function will be set by the 'firewall' script to
|
||||
# The 'TERMINATOR' function will be set by the 'firewall' script to
|
||||
# either 'startup_error' or 'fatal_error' depending on the command and
|
||||
# command phase
|
||||
#
|
||||
[ -n "$terminator" ] && \
|
||||
$terminator "Invalid comma-separated list \"$@\""
|
||||
[ -n "$TERMINATOR" ] && \
|
||||
$TERMINATOR "Invalid comma-separated list \"$@\""
|
||||
echo "WARNING -- invalid comma-separated list \"$@\"" >&2
|
||||
;;
|
||||
*\[*\]*)
|
||||
@ -430,7 +430,7 @@ read_file() # $1 = file name, $2 = nest count
|
||||
fi
|
||||
done < $1
|
||||
else
|
||||
[ -n "$terminator" ] && $terminator "No such file: $1"
|
||||
[ -n "$TERMINATOR" ] && $TERMINATOR "No such file: $1"
|
||||
echo "WARNING -- No such file: $1"
|
||||
fi
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user