From dd9323c2c3031522ae674e678c4f13fd834597b7 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 21 Mar 2007 20:35:40 +0000 Subject: [PATCH] Build $VARDIR/zones file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5616 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/Shorewall/Proxyarp.pm | 10 ++++++++-- New/Shorewall/Rules.pm | 11 +++++++--- New/Shorewall/Zones.pm | 42 +++++++++++++++++++++++++++++++++++++++ New/compiler.pl | 18 +++++++++-------- 4 files changed, 68 insertions(+), 13 deletions(-) diff --git a/New/Shorewall/Proxyarp.pm b/New/Shorewall/Proxyarp.pm index e616da156..0807b2345 100644 --- a/New/Shorewall/Proxyarp.pm +++ b/New/Shorewall/Proxyarp.pm @@ -32,13 +32,13 @@ use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_proxy_arp - @proxyarp + dump_proxy_arp ); our @EXPORT_OK = qw( ); our @VERSION = 1.00; -our @proxyarp; +my @proxyarp; sub setup_one_proxy_arp( $$$$$ ) { my ( $address, $interface, $external, $haveroute, $persistent) = @_; @@ -128,4 +128,10 @@ fi\n"; } } +sub dump_proxy_arp() { + for $line ( @proxyarp ) { + emit_unindented $line; + } +} + 1; diff --git a/New/Shorewall/Rules.pm b/New/Shorewall/Rules.pm index 1c0c5b12f..7af8a05c6 100644 --- a/New/Shorewall/Rules.pm +++ b/New/Shorewall/Rules.pm @@ -44,8 +44,7 @@ our @EXPORT = qw( add_common_rules process_rules generate_matrix setup_mss - - @rule_chains + dump_rule_chains ); our @EXPORT_OK = qw( process_rule process_rule1 ); our @VERSION = 1.00; @@ -53,7 +52,7 @@ our @VERSION = 1.00; # # Keep track of chains for the /var/lib/shorewall[-lite]/chains file # -our @rule_chains; +my @rule_chains; # # Set to one if we find a SECTION # @@ -1544,4 +1543,10 @@ sub setup_mss( $ ) { add_rule $filter_table->{FORWARD} , "-p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option"; } +sub dump_rule_chains() { + for my $arrayref ( @rule_chains ) { + emit_unindented "@$arrayref"; + } +} + 1; diff --git a/New/Shorewall/Zones.pm b/New/Shorewall/Zones.pm index 9c33ba437..463867d64 100644 --- a/New/Shorewall/Zones.pm +++ b/New/Shorewall/Zones.pm @@ -37,6 +37,7 @@ our @EXPORT = qw( NOTHING determine_zones zone_report + dump_zone_contents @zones %zones @@ -304,4 +305,45 @@ sub zone_report() } } +sub dump_zone_contents() +{ + for my $zone ( @zones ) + { + my $zoneref = $zones{$zone}; + my $hostref = $zoneref->{hosts}; + my $type = $zoneref->{type}; + my $optionref = $zoneref->{options}; + my $exclusions = $zoneref->{exclusions}; + my $entry = "$zone $type"; + + if ( $hostref ) { + for my $type ( sort keys %$hostref ) { + my $interfaceref = $hostref->{$type}; + + for my $interface ( sort keys %$interfaceref ) { + my $arrayref = $interfaceref->{$interface}; + for my $groupref ( @$arrayref ) { + my $hosts = $groupref->{hosts}; + if ( $hosts ) { + my $grouplist = join ',', ( @$hosts ); + $entry .= " $interface:$grouplist"; + } + } + + } + } + } + + if ( @$exclusions ) { + $entry .= ' exclude'; + + for my $host ( @$exclusions ) { + $entry .= " $host"; + } + } + + emit_unindented $entry; + } +} + 1; diff --git a/New/compiler.pl b/New/compiler.pl index 8cc16d86d..9c5a3daa5 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -509,19 +509,21 @@ sub generate_script_2 () { sub generate_script_3() { emit 'cat > ${VARDIR}/proxyarp << __EOF__'; - - for $line ( @proxyarp ) { - emit_unindented $line; - } + dump_proxy_arp; + emit_unindented '__EOF__'; emit 'cat > ${VARDIR}/chains << __EOF__'; - - for my $arrayref ( @rule_chains ) { - emit_unindented "@$arrayref"; - } + dump_rule_chains; + + emit_unindented '__EOF__'; + + emit 'cat > ${VARDIR}/zones << __EOF__'; + + dump_zone_contents; + emit_unindented '__EOF__'; pop_indent;