From e1fbd64cdd937dd03dbeaa4edacc3e718888e8c5 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 12 Mar 2006 21:55:36 +0000 Subject: [PATCH] Clean up inline indentation in the compiler git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3662 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/compiler | 479 +++++++++++++++++++++++---------------------- 1 file changed, 245 insertions(+), 234 deletions(-) diff --git a/Shorewall/compiler b/Shorewall/compiler index 340b45bad..72d090ff6 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -95,6 +95,17 @@ progress_message_and_save() echo "${INDENT}progress_message \"$@\"" >&3 } +# +# Filter to indent the passed text by $INTENT +# +indent() { + if [ -n "$INDENT" ]; then + eval sed \'s\/^/"$INDENT"\/\' $1 + else + cat $1 + fi +} + # # Append a file to the compiler's output # @@ -104,7 +115,7 @@ append_file() # $1 = File Name if [ -f $user_exit ]; then save_progress_message "Processing $user_exit ..." - eval sed \'s\/^/"$INDENT"\/\' $user_exit >&3 + indent $user_exit >&3 fi } @@ -1040,16 +1051,16 @@ validate_interfaces_file() { dhcp|tcpflags|arp_filter|routefilter|maclist|logmartians|sourceroute|blacklist|proxyarp|nosmurfs|upnp|-) ;; norfc1918) - cat >&3 << __EOF__ -${INDENT}addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1) -${INDENT}if [ -n "\$addr" ]; then -${INDENT} addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//') -${INDENT} for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do -${INDENT} if in_network \$addr \$network; then -${INDENT} startup_error "The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface" -${INDENT} fi -${INDENT} done -${INDENT}fi + indent >&3 << __EOF__ +addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1) +if [ -n "\$addr" ]; then + addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//') + for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do + if in_network \$addr \$network; then + startup_error "The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface" + fi + done +fi __EOF__ ;; arp_ignore=*) @@ -1103,34 +1114,34 @@ setup_providers() local table number mark duplicate interface gateway options provider address copy route loose addresses rulenum pref echobin=$(mywhich echo) balance save_indent="$INDENT" copy_table() { - cat >&3 << __EOF__ -${INDENT}ip route show table $duplicate | while read net route; do -${INDENT} case \$net in -${INDENT} default|nexthop) -${INDENT} ;; -${INDENT} *) -${INDENT} run_ip route add table $number \$net \$route" -${INDENT} ;; -${INDENT} esac -${INDENT}done + indent >&3 << __EOF__ +ip route show table $duplicate | while read net route; do + case \$net in + default|nexthop) + ;; + *) + run_ip route add table $number \$net \$route" + ;; + esac +done __EOF__ } copy_and_edit_table() { - cat >&3 << __EOF__ -${INDENT}ip route show table $duplicate | while read net route; do -${INDENT} case \$net in -${INDENT} default|nexthop) -${INDENT} ;; -${INDENT} *) -${INDENT} case \$(find_device \$route) in -${INDENT} `echo $copy\) | sed 's/ /|/g'` -${INDENT} run_ip route add table $number \$net \$route -${INDENT} ;; -${INDENT} esac -${INDENT} ;; -${INDENT} esac -${INDENT}done + indent >&3 << __EOF__ +ip route show table $duplicate | while read net route; do + case \$net in + default|nexthop) + ;; + *) + case \$(find_device \$route) in + `echo $copy\) | sed 's/ /|/g'` + run_ip route add table $number \$net \$route + ;; + esac + ;; + esac +done __EOF__ } @@ -1170,21 +1181,21 @@ __EOF__ fi if [ "x$gateway" = xdetect ] ; then - cat >&3 << __EOF__ -${INDENT}gateway=\$(detect_gateway $interface) + indent >&3 << __EOF__ +gateway=\$(detect_gateway $interface) -${INDENT}if [ -n "\$gateway" ]; then -${INDENT} run_ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number -${INDENT} run_ip route add default via \$gateway dev $interface table $number -${INDENT}else -${INDENT} fatal_error "Unable to detect the gateway through interface $interface" -${INDENT}fi +if [ -n "\$gateway" ]; then + run_ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number + run_ip route add default via \$gateway dev $interface table $number +else + fatal_error "Unable to detect the gateway through interface $interface" +fi __EOF__ else - cat >&3 << __EOF__ -${INDENT}run_ip route replace $gateway src \$(find_first_interface_address $interface) dev $interface table $number -${INDENT}run_ip route add default via $gateway dev $interface table $number + indent >&3 << __EOF__ +run_ip route replace $gateway src \$(find_first_interface_address $interface) dev $interface table $number +run_ip route add default via $gateway dev $interface table $number __EOF__ fi @@ -1244,24 +1255,24 @@ __EOF__ rulenum=0 if [ -z "$loose" ]; then - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}rulenum=0 +rulenum=0 -${INDENT}find_interface_addresses $interface | while read address; do -${INDENT} qt ip rule del from \$address -${INDENT} pref=\$((20000 + \$rulenum * 1000 + $number )) -${INDENT} rulenum=\$((\$rulenum + 1)) -${INDENT} run_ip rule add from \$address pref \$pref table $number -${INDENT}done +find_interface_addresses $interface | while read address; do + qt ip rule del from \$address + pref=\$((20000 + \$rulenum * 1000 + $number )) + rulenum=\$((\$rulenum + 1)) + run_ip rule add from \$address pref \$pref table $number +done __EOF__ else - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}find_interface_addresses $interface | while read address; do -${INDENT} qt ip rule del from \$address -${INDENT}done +find_interface_addresses $interface | while read address; do + qt ip rule del from \$address +done __EOF__ fi @@ -1309,8 +1320,8 @@ EOF __EOF__ for table in $PROVIDERS; do eval number=\$${table}_number - cat >&3 << __EOF__ -${INDENT}\${echobin:-echo} -e "$number\t$table" >> /etc/iproute2/rt_tables + indent >&3 << __EOF__ +\${echobin:-echo} -e "$number\t$table" >> /etc/iproute2/rt_tables __EOF__ done fi @@ -2249,12 +2260,12 @@ setup_proxy_arp() { [ -n "$persistent" ] && haveroute=yes fi - cat >&3 << __EOF__ -${INDENT}if ! arp -i $external -Ds $address $external pub; then -${INDENT} fatal_error "Command \"arp -i $external -Ds $address $external pub\" failed" -${INDENT}fi + indent >&3 << __EOF__ +if ! arp -i $external -Ds $address $external pub; then + fatal_error "Command \"arp -i $external -Ds $address $external pub\" failed" +fi -${INDENT}progress_message " Host $address connected to $interface added to ARP on $external" +progress_message " Host $address connected to $interface added to ARP on $external" __EOF__ echo $address $interface $external $haveroute >> $STATEDIR/proxyarp @@ -2285,12 +2296,12 @@ __EOF__ interfaces=$(find_interfaces_by_option proxyarp) for interface in $interfaces; do - cat >> $RESTOREFILE << __EOF__ -${INDENT}if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then -${INDENT} echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arP -${INDENT}else -${INDENT} error_message "WARNING: Unable to enable proxy ARP on $interface" -${INDENT}fi + indent >> $RESTOREFILE << __EOF__ +if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then + echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arP +else + error_message "WARNING: Unable to enable proxy ARP on $interface" +fi __EOF__ done @@ -2472,22 +2483,22 @@ setup_mac_lists() { [ -n "$MACLIST_TTL" ] && chain=$(macrecent_target $interface) || chain=$(mac_chain $interface) if [ -n "$MACLIST_LOG_LEVEL" -o $MACLIST_DISPOSITION != ACCEPT ]; then - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}blob=\$(ip link show $interface 2> /dev/null) +blob=\$(ip link show $interface 2> /dev/null) -${INDENT}[ -z "\$blob" ] && \ -${INDENT} fatal_error "Interface $interface must be up before Shorewall can start" +[ -z "\$blob" ] && \ + fatal_error "Interface $interface must be up before Shorewall can start" -${INDENT}ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do -${INDENT} address=\${address%/*} -${INDENT} if [ -n "\$broadcast" ]; then -${INDENT} run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d \$broadcast -j RETURN -${INDENT} fi +ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do + address=\${address%/*} + if [ -n "\$broadcast" ]; then + run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d \$broadcast -j RETURN + fi -${INDENT} run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d 255.255.255.255 -j RETURN -${INDENT} run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d 224.0.0.0/4 -j RETURN -${INDENT}done + run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d 255.255.255.255 -j RETURN + run_iptables -t $MACLIST_TABLE -A $chain -s \$address -d 224.0.0.0/4 -j RETURN +done __EOF__ @@ -2565,20 +2576,20 @@ setup_syn_flood_chains() # Delete existing Proxy ARP # delete_proxy_arp() { - cat >&3 << __EOF__ -${INDENT}if [ -f /var/lib/shorewall/proxyarp ]; then -${INDENT} while read address interface external haveroute; do -${INDENT} qt arp -i \$external -d \$address pub -${INDENT} [ -z "\$haveroute" -a -z "\$NOROUTE" ] && qt ip route del \$address dev \$interface -${INDENT} done < /var/lib/shorewall/proxyarp + indent >&3 << __EOF__ +if [ -f /var/lib/shorewall/proxyarp ]; then + while read address interface external haveroute; do + qt arp -i \$external -d \$address pub + [ -z "\$haveroute" -a -z "\$NOROUTE" ] && qt ip route del \$address dev \$interface + done < /var/lib/shorewall/proxyarp -${INDENT} rm -f {/var/lib/shorewall}/nat -${INDENT}fi + rm -f {/var/lib/shorewall}/nat +fi + +for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp +done -${INDENT}for f in /proc/sys/net/ipv4/conf/*; do -${INDENT} [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp -${INDENT}done -${INDENT} __EOF__ [ -d $STATEDIR ] && touch $STATEDIR/proxyarp @@ -2672,15 +2683,15 @@ delete_nat() { [ -d $STATEDIR ] && touch $STATEDIR/nat - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}if [ -f /var/lib/shorewall/nat ]; then -${INDENT} while read external interface; do -${INDENT} qt ip addr del \$external dev \$interface -${INDENT} done < /var/lib/shorewall/nat -${INDENT} -${INDENT} rm -f {/var/lib/shorewall}/nat -${INDENT}fi +if [ -f /var/lib/shorewall/nat ]; then + while read external interface; do + qt ip addr del \$external dev \$interface + done < /var/lib/shorewall/nat + + rm -f {/var/lib/shorewall}/nat +fi __EOF__ } @@ -3381,17 +3392,17 @@ delete_tc() append_file tcclear - cat >&3 << __EOF__ -${INDENT}ip link list | while read inx interface details; do -${INDENT} case \$inx in -${INDENT} [0-9]*) -${INDENT} qt tc qdisc del dev \${interface%:} root -${INDENT} qt tc qdisc del dev \${interface%:} ingress -${INDENT} ;; -${INDENT} *) -${INDENT} ;; -${INDENT} esac -${INDENT}done + indent >&3 << __EOF__ +ip link list | while read inx interface details; do + case \$inx in + [0-9]*) + qt tc qdisc del dev \${interface%:} root + qt tc qdisc del dev \${interface%:} ingress + ;; + *) + ;; + esac +done __EOF__ } @@ -4583,24 +4594,24 @@ process_actions3() { run_iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP else for interface in $(find_bcastdetect_interfaces); do - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do +ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do __EOF__ case $xlevel in none*) ;; *) [ -n "$xlevel" ] && \ - cat >&3 << __EOF__ -${INDENT} log_rule_limit ${xlevel%\!} $xchain dropBcast DROP "" "$xtag" -A -d \$address + indent >&3 << __EOF__ + log_rule_limit ${xlevel%\!} $xchain dropBcast DROP "" "$xtag" -A -d \$address __EOF__ ;; esac - cat >&3 << __EOF__ -${INDENT} run_iptables -A $xchain -d \$address -j DROP -${INDENT}done + indent >&3 << __EOF__ + run_iptables -A $xchain -d \$address -j DROP +done __EOF__ done @@ -4636,24 +4647,24 @@ __EOF__ run_iptables -A allowBcast -m pkttype --pkt-type multicast -j ACCEPT else for interface in $(find_bcastdetect_interfaces); do - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do +ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do __EOF__ case $xlevel in none*) ;; *) [ -n "$xlevel" ] && \ - cat >&3 << __EOF__ -${INDENT} log_rule_limit ${xlevel%\!} $xchain allowBcast ACCEPT "" "$xtag" -A -d \$address + indent >&3 << __EOF__ + log_rule_limit ${xlevel%\!} $xchain allowBcast ACCEPT "" "$xtag" -A -d \$address __EOF__ ;; esac - cat >&3 << __EOF__ -${INDENT} run_iptables -A $xchain -d \$address -j ACCEPT -${INDENT}done + indent >&3 << __EOF__ + run_iptables -A $xchain -d \$address -j ACCEPT +done __EOF__ done @@ -4881,8 +4892,8 @@ add_nat_rule() { else savecomment "addr=" for interface in $interfaces; do - cat >&3 << __EOF__ -${INDENT}addr="\$addr \$(find_first_interface_address $interface)" + ident >&3 << __EOF__ +addr="\$addr \$(find_first_interface_address $interface)" __EOF__ done fi @@ -4950,10 +4961,10 @@ __EOF__ if [ $addr = detect ]; then ensurenatchain $(dnat_chain $source) - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}for adr in \$addr; do -${INDENT} run_iptables -t nat -A $(fix_bang $(dnat_chain $source) $cli $proto $multiport $sports $dports) -d \$adr -j $chain +for adr in \$addr; do + run_iptables -t nat -A $(fix_bang $(dnat_chain $source) $cli $proto $multiport $sports $dports) -d \$adr -j $chain __EOF__ else for adr in $(separate_list $addr); do @@ -4972,18 +4983,18 @@ __EOF__ if [ $addr = detect ]; then ensurenatchain $chain - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}for adr in \$addr; do +for adr in \$addr; do __EOF__ if [ -n "$loglevel" ]; then - cat >&3 << __EOF__ -${INDENT} log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A -t nat $(fix_bang $proto $cli $sports $multiport $dports) -d \$adr + indent >&3 << __EOF__ + log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A -t nat $(fix_bang $proto $cli $sports $multiport $dports) -d \$adr __EOF__ fi - cat >&3 << __EOF__ -${INDENT} run_iptables -t nat -A $chain $(fix_bang $proto $ratelimit $cli $sports $multiport $dports) -d \$adr -j $target1 + indent >&3 << __EOF__ + run_iptables -t nat -A $chain $(fix_bang $proto $ratelimit $cli $sports $multiport $dports) -d \$adr -j $target1 __EOF__ else for adr in $(separate_list $addr); do @@ -5299,9 +5310,9 @@ process_rule() # $1 = target for srv in $(firewall_ip_range $serv1); do if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then if [ "$addr" = detect ]; then - cat >&3 << __EOF__ -${INDENT} run_iptables -A $chain $state $proto $ratelimit $multiport $cli $sports $(dest_ip_range $srv) $dports -m conntrack --ctorigdst \$adr $user -j $target -${INDENT}done + indent >&3 << __EOF__ + run_iptables -A $chain $state $proto $ratelimit $multiport $cli $sports $(dest_ip_range $srv) $dports -m conntrack --ctorigdst \$adr $user -j $target +done __EOF__ else @@ -6689,15 +6700,15 @@ setup_masq() done networks= elif [ -n "$detectinterface" ]; then - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}networks="\$(get_routed_networks $detectinterface)" +networks="\$(get_routed_networks $detectinterface)" -${INDENT}[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" +[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" -${INDENT}for network in \$networks; do -${INDENT} run_iptables -t nat -A $chain -s \$network $proto $ports $policy -j $newchain -${INDENT}done +for network in \$networks; do + run_iptables -t nat -A $chain -s \$network $proto $ports $policy -j $newchain +done __EOF__ else @@ -6723,22 +6734,22 @@ __EOF__ done done elif [ -n "$detectinterface" ]; then - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}networks="\$(get_routed_networks $detectinterface)" +networks="\$(get_routed_networks $detectinterface)" -${INDENT}[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" +[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" -${INDENT}for network in \$networks; do +for network in \$networks; do __EOF__ for destnet in $(separate_list $destnets); do - cat >&3 << __EOF__ -${INDENT} run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $sports $policy -j $netchain + indent >&3 << __EOF__ + run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $sports $policy -j $netchain __EOF__ done - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}done +done __EOF__ else for destnet in $(separate_list $destnets); do @@ -6806,17 +6817,17 @@ __EOF__ fi done elif [ -n "$detectinterface" ]; then - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}networks="\$(get_routed_networks $detectinterface)" +networks="\$(get_routed_networks $detectinterface)" -${INDENT}[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" +[ -z "\$networks" ] && fatal_error "Unable to determine the routes through interface \"$detectinterface\"" -${INDENT}for network in \$networks; do +for network in \$networks; do __EOF__ for destnet in $(separate_list $destnets); do - cat >&3 << __EOF__ -${INDENT} run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist + indent >&3 << __EOF__ + run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist __EOF__ done @@ -6826,9 +6837,9 @@ __EOF__ message=" To $destination $displayproto from \$network through ${interface}" fi - cat >&3 << __EOF__ -${INDENT} progress_message "$message" -${INDENT}done + indent >&3 << __EOF__ + progress_message "$message" +done __EOF__ @@ -7252,18 +7263,18 @@ initialize_netfilter () { createchain dynamic no createchain smurfs no - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}if [ -f /var/lib/shorewall/save ]; then -${INDENT} progress_message2 "Setting up dynamic rules..." -${INDENT} while read target ignore1 ignore2 address rest; do -${INDENT} case \$target in -${INDENT} DROP|reject) -${INDENT} run_iptables -A dynamic -s \$address -j \$target -${INDENT} ;; -${INDENT} esac -${INDENT} done < /var/lib/shorewall/save -${INDENT}fi +if [ -f /var/lib/shorewall/save ]; then + progress_message2 "Setting up dynamic rules..." + while read target ignore1 ignore2 address rest; do + case \$target in + DROP|reject) + run_iptables -A dynamic -s \$address -j \$target + ;; + esac + done < /var/lib/shorewall/save +fi __EOF__ [ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state= @@ -7289,11 +7300,11 @@ add_common_rules() { drop_broadcasts() { for interface in $(find_bcastdetect_interfaces); do - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do -${INDENT} run_iptables -A reject -d \$address -j DROP -${INDENT}done +ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do + run_iptables -A reject -d \$address -j DROP +done __EOF__ done @@ -7308,17 +7319,17 @@ __EOF__ save_progress_message "Setting up SMURF control..." for interface in $(find_bcastdetect_interfaces); do - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do +ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*brd //; s/scope.*//;' | sort -u | while read address; do __EOF__ [ -n "$SMURF_LOG_LEVEL" ] && \ - cat >&3 << __EOF__ -${INDENT} log_rule $SMURF_LOG_LEVEL smurfs DROP -s \$address + indent >&3 << __EOF__ + log_rule $SMURF_LOG_LEVEL smurfs DROP -s \$address __EOF__ - cat >&3 << __EOF__ -${INDENT} run_iptables -A smurfs -s \$address -j DROP -${INDENT}done + indent >&3 << __EOF__ + run_iptables -A smurfs -s \$address -j DROP +done __EOF__ done @@ -7574,11 +7585,11 @@ __EOF__ # save_progress_message "Setting up ARP filtering..." - cat >&3 << __EOF__ -${INDENT}for f in /proc/sys/net/ipv4/conf/*; do -${INDENT} [ -f \$f/arp_filter ] && echo 0 > \$f/arp_filter -${INDENT} [ -f \$f/arp_ignore ] && echo 0 > \$f/arp_ignore -${INDENT}done + indent >&3 << __EOF__ +for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/arp_filter ] && echo 0 > \$f/arp_filter + [ -f \$f/arp_ignore ] && echo 0 > \$f/arp_ignore +done __EOF__ @@ -7590,24 +7601,24 @@ __EOF__ for interface in $interfaces; do file=/proc/sys/net/ipv4/conf/$interface/arp_filter - cat >&3 << __EOF__ -${INDENT}if [ -f $file ]; then -${INDENT} echo 1 > $file -${INDENT}else -${INDENT} error_message "WARNING: Cannot set ARP filtering on $interface" -${INDENT}fi + indent >&3 << __EOF__ +if [ -f $file ]; then + echo 1 > $file +else + error_message "WARNING: Cannot set ARP filtering on $interface" +fi __EOF__ done for interface in $interfaces1; do file=/proc/sys/net/ipv4/conf/$interface/arp_ignore eval value="\$$(chain_base $interface)_arp_ignore" - cat >&3 << __EOF__ -${INDENT}if [ -f $file ]; then -${INDENT} echo $value > $file -${INDENT}else -${INDENT} error_message "WARNING: Cannot set ARP filtering on $interface" -${INDENT}fi + indent >&3 << __EOF__ +if [ -f $file ]; then + echo $value > $file +else + error_message "WARNING: Cannot set ARP filtering on $interface" +fi __EOF__ done fi @@ -7621,22 +7632,22 @@ __EOF__ save_progress_message "Setting up Route Filtering..." - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}for f in /proc/sys/net/ipv4/conf/*; do -${INDENT} [ -f \$f/log_martians ] && echo 0 > \$f/rp_filter -${INDENT}done +for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/log_martians ] && echo 0 > \$f/rp_filter +done __EOF__ for interface in $interfaces; do file=/proc/sys/net/ipv4/conf/$interface/rp_filter - cat >&3 << __EOF__ -${INDENT}if [ -f $file ]; then -${INDENT} echo 1 > $file -${INDENT}else -${INDENT} error_message "WARNING: Cannot set route filtering on $interface" -${INDENT}fi + indent >&3 << __EOF__ +if [ -f $file ]; then + echo 1 > $file +else + error_message "WARNING: Cannot set route filtering on $interface" +fi __EOF__ done @@ -7660,22 +7671,22 @@ __EOF__ save_progress_message "Setting up Martian Logging..." - cat >&3 << __EOF__ + indent >&3 << __EOF__ -${INDENT}for f in /proc/sys/net/ipv4/conf/*; do -${INDENT} [ -f \$f/log_martians ] && echo 0 > \$f/log_martians -${INDENT}done +for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/log_martians ] && echo 0 > \$f/log_martians +done __EOF__ for interface in $interfaces; do file=/proc/sys/net/ipv4/conf/$interface/log_martians - cat >&3 << __EOF__ -${INDENT}if [ -f $file ]; then -${INDENT} echo 1 > $file -${INDENT}else -${INDENT} error_message "WARNING: Cannot set Martian logging on $interface" -${INDENT}fi + indent >&3 << __EOF__ +if [ -f $file ]; then + echo 1 > $file +else + error_message "WARNING: Cannot set Martian logging on $interface" +fi __EOF__ done @@ -7691,10 +7702,10 @@ __EOF__ # save_progress_message "Setting up Accept Source Routing..." - cat >&3 << __EOF__ -${INDENT}for f in /proc/sys/net/ipv4/conf/*; do -${INDENT} [ -f \$f/accept_source_route ] && echo 0 > \$f/accept_source_route -${INDENT}done + indent >&3 << __EOF__ +for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/accept_source_route ] && echo 0 > \$f/accept_source_route +done __EOF__ @@ -7708,12 +7719,12 @@ __EOF__ for interface in $interfaces; do file=/proc/sys/net/ipv4/conf/$interface/accept_source_route - cat >&3 << __EOF__ -${INDENT}if [ -f $file ]; then -${INDENT} echo 1 > $file -${INDENT}else -${INDENT} error_message "WARNING: Cannot set Accept Source Routing on $interface" -${INDENT}fi + indent >&3 << __EOF__ +if [ -f $file ]; then + echo 1 > $file +else + error_message "WARNING: Cannot set Accept Source Routing on $interface" +fi __EOF__ done fi