forked from extern/shorewall_code
Allow hosts file to work with modularization
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5522 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
27f70a7950
commit
e52318ee8d
85
New/Shorewall/Hosts.pm
Normal file
85
New/Shorewall/Hosts.pm
Normal file
@ -0,0 +1,85 @@
|
||||
package Shorewall::Hosts;
|
||||
require Exporter;
|
||||
use Shorewall::Common;
|
||||
use Shorewall::Config;
|
||||
use Shorewall::Zones;
|
||||
use Shorewall::Interfaces;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( validate_hosts_file );
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
|
||||
#
|
||||
# Validates the hosts file. Generates entries in %zone{..}{hosts}
|
||||
#
|
||||
sub validate_hosts_file()
|
||||
{
|
||||
my %validoptions = (
|
||||
blacklist => 1,
|
||||
maclist => 1,
|
||||
norfc1918 => 1,
|
||||
nosmurfs => 1,
|
||||
routeback => 1,
|
||||
routefilter => 1,
|
||||
tcpflags => 1,
|
||||
);
|
||||
|
||||
open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!";
|
||||
|
||||
while ( $line = <HOSTS> ) {
|
||||
|
||||
chomp $line;
|
||||
$line =~ s/\s+/ /g;
|
||||
|
||||
my ($zone, $hosts, $options, $extra) = split /\s+/, $line;
|
||||
|
||||
fatal_error "Invalid hosts file entry: $line" if $extra;
|
||||
|
||||
my $zoneref = $zones{$zone};
|
||||
my $type = $zoneref->{type};
|
||||
|
||||
fatal_error "Unknown ZONE ($zone)" unless $type;
|
||||
fatal_error 'Firewall zone not allowed in ZONE column of hosts record' if $type eq 'firewall';
|
||||
|
||||
my $interface;
|
||||
|
||||
if ( $hosts =~ /^([\w.@%-]+):(.*)$/ ) {
|
||||
$interface = $1;
|
||||
$hosts = $2;
|
||||
$zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
|
||||
fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root};
|
||||
} else {
|
||||
fatal_error "Invalid HOSTS(S) column contents: $hosts";
|
||||
}
|
||||
|
||||
my $optionsref;
|
||||
|
||||
if ( $options && $options ne '-' ) {
|
||||
my @options = split ',', $options;
|
||||
my %options;
|
||||
|
||||
for my $option ( @options )
|
||||
{
|
||||
if ( $option eq 'ipsec' ) {
|
||||
$type = 'ipsec';
|
||||
$zoneref->{options}{complex} = 1;
|
||||
} elsif ( $validoptions{$option}) {
|
||||
$options{$option} = 1;
|
||||
} else {
|
||||
fatal_error "Invalid option ($option)";
|
||||
}
|
||||
}
|
||||
|
||||
$optionsref = \%options;
|
||||
}
|
||||
|
||||
my @h = split ',', $hosts;
|
||||
|
||||
add_group_to_zone( $zone, $type , $interface, \@h , $optionsref);
|
||||
|
||||
progress_message " Host \"$line\" validated";
|
||||
}
|
||||
|
||||
close HOSTS;
|
||||
}
|
||||
@ -4,7 +4,7 @@ use Shorewall::Common;
|
||||
use Shorewall::Config;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( determine_zones validate_hosts_file add_group_to_zone dump_zone_info zone_report @zones %zones $firewall_zone );
|
||||
our @EXPORT = qw( determine_zones add_group_to_zone dump_zone_info zone_report @zones %zones $firewall_zone );
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
|
||||
@ -383,78 +383,4 @@ sub zone_report()
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Validates the hosts file. Generates entries in %zone{..}{hosts}
|
||||
#
|
||||
sub validate_hosts_file()
|
||||
{
|
||||
my %validoptions = (
|
||||
blacklist => 1,
|
||||
maclist => 1,
|
||||
norfc1918 => 1,
|
||||
nosmurfs => 1,
|
||||
routeback => 1,
|
||||
routefilter => 1,
|
||||
tcpflags => 1,
|
||||
);
|
||||
|
||||
open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!";
|
||||
|
||||
while ( $line = <HOSTS> ) {
|
||||
|
||||
chomp $line;
|
||||
$line =~ s/\s+/ /g;
|
||||
|
||||
my ($zone, $hosts, $options, $extra) = split /\s+/, $line;
|
||||
|
||||
fatal_error "Invalid hosts file entry: $line" if $extra;
|
||||
|
||||
my $zoneref = $zones{$zone};
|
||||
my $type = $zoneref->{type};
|
||||
|
||||
fatal_error "Unknown ZONE ($zone)" unless $type;
|
||||
fatal_error 'Firewall zone not allowed in ZONE column of hosts record' if $type eq 'firewall';
|
||||
|
||||
my $interface;
|
||||
|
||||
if ( $hosts =~ /^([\w.@%-]+):(.*)$/ ) {
|
||||
$interface = $1;
|
||||
$hosts = $2;
|
||||
$zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
|
||||
fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root};
|
||||
} else {
|
||||
fatal_error "Invalid HOSTS(S) column contents: $hosts";
|
||||
}
|
||||
|
||||
my $optionsref;
|
||||
|
||||
if ( $options && $options ne '-' ) {
|
||||
my @options = split ',', $options;
|
||||
my %options;
|
||||
|
||||
for my $option ( @options )
|
||||
{
|
||||
if ( $option eq 'ipsec' ) {
|
||||
$type = 'ipsec';
|
||||
$zoneref->{options}{complex} = 1;
|
||||
} elsif ( $validoptions{$option}) {
|
||||
$options{$option} = 1;
|
||||
} else {
|
||||
fatal_error "Invalid option ($option)";
|
||||
}
|
||||
}
|
||||
|
||||
$optionsref = \%options;
|
||||
}
|
||||
|
||||
my @h = split ',', $hosts;
|
||||
|
||||
add_group_to_zone( $zone, $type , $interface, \@h , $optionsref);
|
||||
|
||||
progress_message " Host \"$line\" validated";
|
||||
}
|
||||
|
||||
close HOSTS;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
@ -9,6 +9,7 @@ use Shorewall::Config;
|
||||
use Shorewall::Chains;
|
||||
use Shorewall::Zones;
|
||||
use Shorewall::Interfaces;
|
||||
use Shorewall::Hosts;
|
||||
|
||||
#
|
||||
# IPSEC Option types
|
||||
@ -4624,6 +4625,7 @@ sub compile_firewall( $ ) {
|
||||
generate_matrix;
|
||||
dump_chain_table if $ENV{DEBUG};
|
||||
generate_script_3;
|
||||
|
||||
$file = "$dir/$file";
|
||||
rename $tempfile, $file;
|
||||
chmod 0700, $file;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user