forked from extern/shorewall_code
Finish switch to INCLUDE-aware read routines
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5744 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
2de234316b
commit
eb3ef2e636
@ -378,20 +378,15 @@ sub process_action3( $$$$$ ) {
|
||||
}
|
||||
|
||||
my $actionfile = find_file "action.$action";
|
||||
my $standard = ( $actionfile =~ /^($env{SHAREDIR})/ );
|
||||
|
||||
my $standard = ( $actionfile =~ /^$env{SHAREDIR}/ );
|
||||
|
||||
fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
|
||||
|
||||
|
||||
progress_message2 "Processing $actionfile for chain $chainref->{name}...";
|
||||
|
||||
open A, $actionfile or fatal_error "Unable to open $actionfile: $!";
|
||||
open_file $actionfile;
|
||||
|
||||
while ( $line = <A> ) {
|
||||
chomp $line;
|
||||
next if $line =~ /^\s*#/;
|
||||
next if $line =~ /^\s*$/;
|
||||
$line =~ s/#.*$//;
|
||||
$line = expand_shell_variables $line unless $standard;
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($target, $source, $dest, $proto, $ports, $sports, $rate, $user ) = split_line 8, 'action file';
|
||||
|
||||
@ -423,15 +418,11 @@ sub process_action3( $$$$$ ) {
|
||||
|
||||
progress_message "..Expanding Macro $fn...";
|
||||
|
||||
open M, $fn or fatal_error "Can't open $fn: $!";
|
||||
push_open $fn;
|
||||
|
||||
my $standard = ( $fn =~ /^($env{SHAREDIR})/ );
|
||||
|
||||
while ( $line = <M> ) {
|
||||
next if $line =~ /^\s*#/;
|
||||
next if $line =~ /^\s*$/;
|
||||
$line =~ s/#.*$//;
|
||||
$line = expand_shell_variables $line unless $standard;
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file';
|
||||
|
||||
@ -477,7 +468,7 @@ sub process_action3( $$$$$ ) {
|
||||
process_action $chainref, $action, $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser;
|
||||
}
|
||||
|
||||
close M;
|
||||
pop_open;
|
||||
|
||||
progress_message '..End Macro'
|
||||
|
||||
|
||||
@ -1447,7 +1447,7 @@ sub emitr( $ ) {
|
||||
$state = CMD_STATE;
|
||||
}
|
||||
|
||||
$rule =~ s/~//;
|
||||
$rule = substr( $rule, 1 );
|
||||
|
||||
emit $rule;
|
||||
} else {
|
||||
|
||||
@ -295,7 +295,7 @@ sub open_file( $ ) {
|
||||
|
||||
fatal_error 'Internal Error in open_file()' if defined $currentfile;
|
||||
|
||||
if ( -f $fname ) {
|
||||
if ( -f $fname && -s _ ) {
|
||||
open $currentfile, '<', $fname or fatal_error "Unable to open $fname: $!";
|
||||
}
|
||||
}
|
||||
@ -321,16 +321,35 @@ sub pop_open() {
|
||||
$currentfile = pop @openstack;
|
||||
}
|
||||
|
||||
#
|
||||
# Read a line from the current open stack.
|
||||
#
|
||||
# - Ignore blank or comment-only lines.
|
||||
# - Remove trailing comments.
|
||||
# - Compress out extra whitespace.
|
||||
# - Handle Line Continuation
|
||||
# - Expand shell variables from $ENV.
|
||||
# - Handle INCLUDE <filename>
|
||||
#
|
||||
|
||||
sub read_a_line {
|
||||
while ( $currentfile ) {
|
||||
while ( $line = <$currentfile> ) {
|
||||
next if $line =~ /^\s*#/;
|
||||
next if $line =~ /^\s*$/;
|
||||
chomp $line;
|
||||
|
||||
$line =~ s/#.*$//;
|
||||
$line = '';
|
||||
|
||||
while ( my $nextline = <$currentfile> ) {
|
||||
next if $nextline =~ /^\s*#/;
|
||||
next if $nextline =~ /^\s*$/;
|
||||
$nextline =~ s/#.*$//;
|
||||
|
||||
expand_shell_variables( $line );
|
||||
chomp $nextline;
|
||||
|
||||
if ( substr( $nextline, -1, 1 ) eq '\\' ) {
|
||||
$line .= substr( $nextline, 0, -1 );
|
||||
next;
|
||||
}
|
||||
|
||||
$line = expand_shell_variables( $line ? $line . $nextline : $nextline );
|
||||
|
||||
if ( $line =~ /^\s*INCLUDE\s/ ) {
|
||||
|
||||
|
||||
@ -52,9 +52,9 @@ sub validate_hosts_file()
|
||||
|
||||
my $ipsec = 0;
|
||||
|
||||
open HOSTS, "$ENV{TMP_DIR}/hosts" or fatal_error "Unable to open stripped hosts file: $!";
|
||||
open_file 'hosts';
|
||||
|
||||
while ( $line = <HOSTS> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($zone, $hosts, $options ) = split_line 3, 'hosts file';
|
||||
|
||||
@ -104,8 +104,6 @@ sub validate_hosts_file()
|
||||
progress_message " Host \"$line\" validated";
|
||||
}
|
||||
|
||||
close HOSTS;
|
||||
|
||||
$capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec};
|
||||
}
|
||||
#
|
||||
|
||||
@ -132,9 +132,9 @@ sub validate_interfaces_file()
|
||||
upnp => 1,
|
||||
);
|
||||
|
||||
open INTERFACES, "$ENV{TMP_DIR}/interfaces" or fatal_error "Unable to open stripped interfaces file: $!";
|
||||
open_file 'interfaces';
|
||||
|
||||
while ( $line = <INTERFACES> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file';
|
||||
my $zoneref;
|
||||
@ -195,8 +195,6 @@ sub validate_interfaces_file()
|
||||
progress_message " Interface \"$line\" Validated";
|
||||
|
||||
}
|
||||
|
||||
close INTERFACES;
|
||||
}
|
||||
|
||||
#
|
||||
|
||||
@ -101,6 +101,7 @@ sub setup_one_masq($$$$$$)
|
||||
my $destnets = '';
|
||||
my $target = '-j MASQUERADE ';
|
||||
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
|
||||
#
|
||||
# Handle IPSEC options, if any
|
||||
#
|
||||
@ -238,9 +239,9 @@ sub setup_one_masq($$$$$$)
|
||||
#
|
||||
sub setup_masq()
|
||||
{
|
||||
open MASQ, "$ENV{TMP_DIR}/masq" or fatal_error "Unable to open stripped zones file: $!";
|
||||
open_file 'masq';
|
||||
|
||||
while ( $line = <MASQ> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file';
|
||||
|
||||
@ -256,8 +257,6 @@ sub setup_masq()
|
||||
}
|
||||
}
|
||||
|
||||
close MASQ;
|
||||
|
||||
$comment = '';
|
||||
|
||||
}
|
||||
@ -300,6 +299,8 @@ sub do_one_nat( $$$$$ )
|
||||
my $policyin = '';
|
||||
my $policyout = '';
|
||||
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
|
||||
|
||||
if ( $capabilities{POLICY_MATCH} ) {
|
||||
$policyin = ' -m policy --pol none --dir in';
|
||||
$policyout = '-m policy --pol none --dir out';
|
||||
@ -346,9 +347,9 @@ sub do_one_nat( $$$$$ )
|
||||
#
|
||||
sub setup_nat() {
|
||||
|
||||
open NAT, "$ENV{TMP_DIR}/nat" or fatal_error "Unable to open stripped nat file: $!";
|
||||
open_file 'nat';
|
||||
|
||||
while ( $line = <NAT> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file';
|
||||
|
||||
@ -365,8 +366,6 @@ sub setup_nat() {
|
||||
|
||||
}
|
||||
|
||||
close NAT;
|
||||
|
||||
$comment = '';
|
||||
}
|
||||
|
||||
@ -375,12 +374,14 @@ sub setup_nat() {
|
||||
#
|
||||
sub setup_netmap() {
|
||||
|
||||
open NM, "$ENV{TMP_DIR}/netmap" or fatal_error "Unable to open stripped netmap file: $!";
|
||||
open_file 'netmap';
|
||||
|
||||
while ( $line = <NM> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file';
|
||||
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
|
||||
|
||||
if ( $type eq 'DNAT' ) {
|
||||
add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2";
|
||||
} elsif ( $type eq 'SNAT' ) {
|
||||
@ -393,7 +394,6 @@ sub setup_netmap() {
|
||||
|
||||
}
|
||||
|
||||
close NM;
|
||||
}
|
||||
|
||||
sub add_addresses () {
|
||||
|
||||
@ -128,9 +128,9 @@ sub validate_policy()
|
||||
}
|
||||
}
|
||||
|
||||
open POLICY, "$ENV{TMP_DIR}/policy" or fatal_error "Unable to open stripped policy file: $!";
|
||||
open_file 'policy';
|
||||
|
||||
while ( $line = <POLICY> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file';
|
||||
|
||||
@ -226,8 +226,6 @@ sub validate_policy()
|
||||
print_policy $client, $server, $policy, $chain;
|
||||
}
|
||||
}
|
||||
|
||||
close POLICY;
|
||||
}
|
||||
|
||||
#
|
||||
|
||||
@ -343,38 +343,42 @@ sub setup_providers() {
|
||||
}
|
||||
#
|
||||
# Setup_Providers() Starts Here....
|
||||
#
|
||||
#
|
||||
progress_message2 "$doing $fn ...";
|
||||
|
||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
||||
open_file 'providers';
|
||||
|
||||
push_indent;
|
||||
while ( read_a_line ) {
|
||||
|
||||
emitj ( '#',
|
||||
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
|
||||
'#',
|
||||
'undo_routing',
|
||||
'#',
|
||||
'# Save current routing table database so that it can be restored later',
|
||||
'#',
|
||||
'cp /etc/iproute2/rt_tables ${VARDIR}/',
|
||||
'#',
|
||||
'# Capture the default route(s) if we don\'t have it (them) already.',
|
||||
'#',
|
||||
'[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route',
|
||||
'#',
|
||||
'# Initialize the file that holds \'undo\' commands',
|
||||
'#',
|
||||
'> ${VARDIR}/undo_routing' );
|
||||
unless ( $providers ) {
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
|
||||
|
||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
||||
|
||||
save_progress_message 'Adding Providers...';
|
||||
push_indent;
|
||||
|
||||
emit 'DEFAULT_ROUTE=';
|
||||
|
||||
open PV, "$ENV{TMP_DIR}/providers" or fatal_error "Unable to open stripped providers file: $!";
|
||||
|
||||
while ( $line = <PV> ) {
|
||||
emitj ( '#',
|
||||
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
|
||||
'#',
|
||||
'undo_routing',
|
||||
'#',
|
||||
'# Save current routing table database so that it can be restored later',
|
||||
'#',
|
||||
'cp /etc/iproute2/rt_tables ${VARDIR}/',
|
||||
'#',
|
||||
'# Capture the default route(s) if we don\'t have it (them) already.',
|
||||
'#',
|
||||
'[ -f ${VARDIR}/default_route ] || ip route ls | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route',
|
||||
'#',
|
||||
'# Initialize the file that holds \'undo\' commands',
|
||||
'#',
|
||||
'> ${VARDIR}/undo_routing' );
|
||||
|
||||
save_progress_message 'Adding Providers...';
|
||||
|
||||
emit 'DEFAULT_ROUTE=';
|
||||
}
|
||||
|
||||
my ( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 8, 'providers file';
|
||||
|
||||
add_a_provider( $table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy );
|
||||
@ -387,8 +391,6 @@ sub setup_providers() {
|
||||
|
||||
}
|
||||
|
||||
close PV;
|
||||
|
||||
if ( $providers ) {
|
||||
if ( $balance ) {
|
||||
emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
|
||||
@ -427,30 +429,32 @@ sub setup_providers() {
|
||||
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
||||
}
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/route_rules" ) {
|
||||
my $fn = find_file 'route_rules';
|
||||
my $fn = find_file 'route_rules';
|
||||
|
||||
if ( -f $fn ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
|
||||
emit '';
|
||||
|
||||
open RR, "$ENV{TMP_DIR}/route_rules" or fatal_error "Unable to open stripped route rules file: $!";
|
||||
open_file $fn;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
while ( $line = <RR> ) {
|
||||
my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file';
|
||||
|
||||
add_an_rtrule( $source, $dest, $provider , $priority );
|
||||
}
|
||||
|
||||
close RR;
|
||||
}
|
||||
|
||||
emit "\nrun_ip route flush cache";
|
||||
pop_indent;
|
||||
emit "fi\n";
|
||||
|
||||
setup_route_marking if @routemarked_interfaces;
|
||||
} else {
|
||||
emit "\nundo_routing";
|
||||
emit 'restore_default_route';
|
||||
}
|
||||
|
||||
emit "\nrun_ip route flush cache";
|
||||
pop_indent;
|
||||
emit "fi\n";
|
||||
|
||||
setup_route_marking if @routemarked_interfaces;
|
||||
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
@ -82,15 +82,13 @@ sub setup_proxy_arp() {
|
||||
|
||||
my $interfaces= find_interfaces_by_option 'proxyarp';
|
||||
|
||||
if ( @$interfaces || -s "$ENV{TMP_DIR}/proxyarp" ) {
|
||||
if ( @$interfaces || open_file 'proxyarp' ) {
|
||||
|
||||
save_progress_message "Setting up Proxy ARP...";
|
||||
|
||||
my ( %set, %reset );
|
||||
|
||||
open PA, "$ENV{TMP_DIR}/proxyarp" or fatal_error "Unable to open stripped proxyarp file: $!";
|
||||
|
||||
while ( $line = <PA> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file';
|
||||
|
||||
@ -100,8 +98,6 @@ sub setup_proxy_arp() {
|
||||
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
|
||||
}
|
||||
|
||||
close PA;
|
||||
|
||||
for my $interface ( keys %reset ) {
|
||||
emit "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" unless $set{interface};
|
||||
}
|
||||
|
||||
@ -64,15 +64,13 @@ sub process_tos() {
|
||||
my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos';
|
||||
my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING';
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/tos" ) {
|
||||
if ( open_file 'tos' ) {
|
||||
progress_message2 'Setting up TOS...';
|
||||
|
||||
my $pretosref = new_chain 'mangle' , $chain;
|
||||
my $outtosref = new_chain 'mangle' , 'outtos';
|
||||
|
||||
open TOS, "$ENV{TMP_DIR}/tos" or fatal_error "Unable to open stripped tos file: $!";
|
||||
|
||||
while ( $line = <TOS> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file';
|
||||
|
||||
@ -108,8 +106,6 @@ sub process_tos() {
|
||||
'';
|
||||
}
|
||||
|
||||
close TOS;
|
||||
|
||||
add_rule $mangle_table->{$stdchain}, "-j $chain";
|
||||
add_rule $mangle_table->{OUTPUT}, "-j outtos";
|
||||
}
|
||||
@ -123,13 +119,11 @@ sub setup_ecn()
|
||||
my %interfaces;
|
||||
my @hosts;
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/ecn" ) {
|
||||
if ( open_file 'ecn' ) {
|
||||
|
||||
progress_message2 join( '' , '$doing ', find_file( 'ecn' ), '...' );
|
||||
|
||||
open ECN, "$ENV{TMP_DIR}/ecn" or fatal_error "Unable to open stripped ecn file: $!";
|
||||
|
||||
while ( $line = <ECN> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($interface, $hosts ) = split_line 2, 'ecn file';
|
||||
|
||||
@ -144,8 +138,6 @@ sub setup_ecn()
|
||||
}
|
||||
}
|
||||
|
||||
close ECN;
|
||||
|
||||
if ( @hosts ) {
|
||||
my @interfaces = ( keys %interfaces );
|
||||
|
||||
@ -189,9 +181,9 @@ sub setup_rfc1918_filteration( $ ) {
|
||||
|
||||
$chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT};
|
||||
|
||||
open RFC, "$ENV{TMP_DIR}/rfc1918" or fatal_error "Unable to open stripped rfc1918 file: $!";
|
||||
open_file 'rfc1918';
|
||||
|
||||
while ( $line = <RFC> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $networks, $target ) = split_line 2, 'rfc1918 file';
|
||||
|
||||
@ -214,8 +206,6 @@ sub setup_rfc1918_filteration( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
close RFC;
|
||||
|
||||
add_rule $norfc1918ref , '-j rfc1918d' if $config{RFC1918_STRICT};
|
||||
|
||||
for my $hostref ( @$listref ) {
|
||||
@ -267,13 +257,11 @@ sub setup_blacklist() {
|
||||
$target = 'blacklog';
|
||||
}
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/blacklist" ) {
|
||||
|
||||
open BL, "$ENV{TMP_DIR}/blacklist" or fatal_error "Unable to open stripped blacklist file: $!";
|
||||
if ( open_file 'blacklist' ) {
|
||||
|
||||
progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) );
|
||||
|
||||
while ( $line = <BL> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file';
|
||||
|
||||
@ -293,8 +281,6 @@ sub setup_blacklist() {
|
||||
}
|
||||
}
|
||||
|
||||
close BL;
|
||||
|
||||
my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : '';
|
||||
|
||||
for my $hostref ( @$hosts ) {
|
||||
@ -320,9 +306,9 @@ sub process_criticalhosts() {
|
||||
|
||||
@critical = ();
|
||||
|
||||
open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!";
|
||||
open_file $fn;
|
||||
|
||||
while ( $line = <RS> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my $routeback = 0;
|
||||
|
||||
@ -349,8 +335,6 @@ sub process_criticalhosts() {
|
||||
}
|
||||
}
|
||||
|
||||
close RS;
|
||||
|
||||
\@critical;
|
||||
}
|
||||
|
||||
@ -361,9 +345,9 @@ sub process_routestopped() {
|
||||
|
||||
progress_message2 "$doing $fn...";
|
||||
|
||||
open RS, "$ENV{TMP_DIR}/routestopped" or fatal_error "Unable to open stripped routestopped file: $!";
|
||||
open_file $fn;
|
||||
|
||||
while ( $line = <RS> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my $routeback = 0;
|
||||
|
||||
@ -409,8 +393,6 @@ sub process_routestopped() {
|
||||
push @allhosts, @hosts;
|
||||
}
|
||||
|
||||
close RS;
|
||||
|
||||
for my $host ( @allhosts ) {
|
||||
my ( $interface, $h ) = split /:/, $host;
|
||||
my $source = match_source_net $h;
|
||||
@ -649,9 +631,9 @@ sub setup_mac_lists( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
open MAC, "$ENV{TMP_DIR}/maclist" or fatal_error "Unable to open stripped maclist file: $!";
|
||||
open_file 'maclist';
|
||||
|
||||
while ( $line = <MAC> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file';
|
||||
|
||||
@ -695,8 +677,6 @@ sub setup_mac_lists( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
close MAC;
|
||||
|
||||
$comment = '';
|
||||
#
|
||||
# Generate jumps from the input and forward chains
|
||||
@ -758,14 +738,9 @@ sub process_macro ( $$$$$$$$$$$ ) {
|
||||
|
||||
progress_message "..Expanding Macro $macrofile...";
|
||||
|
||||
open M, $macrofile or fatal_error "Unable to open $macrofile: $!";
|
||||
push_open $macrofile;
|
||||
|
||||
while ( $line = <M> ) {
|
||||
chomp $line;
|
||||
next if $line =~ /^\s*#/;
|
||||
next if $line =~ /^\s*$/;
|
||||
$line =~ s/#.*$//;
|
||||
$line = expand_shell_variables $line unless $standard;
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line 8, 'macro file';
|
||||
|
||||
@ -828,7 +803,7 @@ sub process_macro ( $$$$$$$$$$$ ) {
|
||||
|
||||
progress_message " Rule \"$line\" $done"; }
|
||||
|
||||
close M;
|
||||
pop_open;
|
||||
|
||||
progress_message '..End Macro'
|
||||
}
|
||||
@ -1186,9 +1161,9 @@ sub process_rule ( $$$$$$$$$ ) {
|
||||
#
|
||||
sub process_rules() {
|
||||
|
||||
open RULES, "$ENV{TMP_DIR}/rules" or fatal_error "Unable to open stripped rules file: $!";
|
||||
open_file 'rules';
|
||||
|
||||
while ( $line = <RULES> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file';
|
||||
|
||||
@ -1220,8 +1195,6 @@ sub process_rules() {
|
||||
}
|
||||
}
|
||||
|
||||
close RULES;
|
||||
|
||||
$comment = '';
|
||||
$section = 'DONE';
|
||||
}
|
||||
|
||||
@ -349,14 +349,16 @@ sub validate_tc_class( $$$$$$ ) {
|
||||
}
|
||||
|
||||
sub setup_traffic_shaping() {
|
||||
if ( -s "$ENV{TMP_DIR}/tcdevices" ) {
|
||||
save_progress_message "Setting up Traffic Control...";
|
||||
my $fn = find_file 'tcdevices';
|
||||
save_progress_message "Setting up Traffic Control...";
|
||||
|
||||
my $fn = find_file 'tcdevices';
|
||||
|
||||
if ( -f $fn ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
|
||||
open TD, "$ENV{TMP_DIR}/tcdevices" or fatal_error "Unable to open stripped tcdevices file: $!";
|
||||
open_file $fn;
|
||||
|
||||
while ( $line = <TD> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $device, $inband, $outband ) = split_line 3, 'tcdevices';
|
||||
|
||||
@ -365,15 +367,14 @@ sub setup_traffic_shaping() {
|
||||
}
|
||||
}
|
||||
|
||||
close TD;
|
||||
$fn = find_file 'tcclasses';
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/tcclasses" ) {
|
||||
my $fn = find_file 'tcdevices';
|
||||
if ( -f $fn ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
|
||||
open TC, "$ENV{TMP_DIR}/tcclasses" or fatal_error "Unable to open stripped tcclasses file: $!";
|
||||
open_file $fn;
|
||||
|
||||
while ( $line = <TC> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $device, $mark, $rate, $ceil, $prio, $options ) = split_line 6, 'tcclasses file';
|
||||
|
||||
@ -381,8 +382,6 @@ sub setup_traffic_shaping() {
|
||||
}
|
||||
}
|
||||
|
||||
close TC;
|
||||
|
||||
my $devnum = 1;
|
||||
|
||||
$prefix = '10' if @tcdevices > 10;
|
||||
@ -496,13 +495,14 @@ sub setup_tc() {
|
||||
ensure_mangle_chain 'tcpost';
|
||||
}
|
||||
|
||||
if ( -s "$ENV{TMP_DIR}/tcrules" ) {
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' );
|
||||
my $fn = find_file 'tcrules';
|
||||
|
||||
open TC, "$ENV{TMP_DIR}/tcrules" or fatal_error "Unable to open stripped tcrules file: $!";
|
||||
if ( -f $fn ) {
|
||||
|
||||
while ( $line = <TC> ) {
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' ) if open_file $fn;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file';
|
||||
|
||||
if ( $mark eq 'COMMENT' ) {
|
||||
@ -518,8 +518,6 @@ sub setup_tc() {
|
||||
|
||||
}
|
||||
|
||||
close TC;
|
||||
|
||||
$comment = '';
|
||||
}
|
||||
|
||||
@ -554,7 +552,7 @@ sub setup_tc() {
|
||||
save_progress_message 'Setting up Traffic Control...';
|
||||
append_file $config{TC_SCRIPT};
|
||||
} elsif ( $config{TC_ENABLED} eq 'Internal' ) {
|
||||
setup_traffic_shaping if -s "$ENV{TMP_DIR}/tcdevices";
|
||||
setup_traffic_shaping;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -230,9 +230,9 @@ sub setup_tunnels() {
|
||||
#
|
||||
# Setup_Tunnels() Starts Here
|
||||
#
|
||||
open TUNNELS, "$ENV{TMP_DIR}/tunnels" or fatal_error "Unable to open stripped tunnels file: $!";
|
||||
open_file 'tunnels';
|
||||
|
||||
while ( $line = <TUNNELS> ) {
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file';
|
||||
|
||||
@ -248,8 +248,6 @@ sub setup_tunnels() {
|
||||
}
|
||||
}
|
||||
|
||||
close TUNNELS;
|
||||
|
||||
$comment = '';
|
||||
}
|
||||
|
||||
|
||||
@ -710,13 +710,7 @@ sub compiler( $ ) {
|
||||
#
|
||||
# [Re-]establish Routing
|
||||
#
|
||||
if ( -s "$ENV{TMP_DIR}/providers" ) {
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' );
|
||||
setup_providers;
|
||||
} else {
|
||||
emit "\nundo_routing";
|
||||
emit 'restore_default_route';
|
||||
}
|
||||
setup_providers;
|
||||
#
|
||||
# TCRules and Traffic Shaping
|
||||
#
|
||||
@ -733,11 +727,8 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Setup Masquerading/SNAT
|
||||
#
|
||||
if ( -s "$ENV{TMP_DIR}/masq" ) {
|
||||
progress_message2 "$doing Masq file...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
|
||||
setup_masq;
|
||||
}
|
||||
progress_message2 "$doing Masq file...";
|
||||
setup_masq;
|
||||
#
|
||||
# MACLIST Filtration
|
||||
#
|
||||
@ -771,19 +762,13 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Setup Nat
|
||||
#
|
||||
if ( -s "$ENV{TMP_DIR}/nat" ) {
|
||||
progress_message2 "$doing one-to-one NAT...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
|
||||
setup_nat;
|
||||
}
|
||||
progress_message2 "$doing one-to-one NAT...";
|
||||
setup_nat;
|
||||
#
|
||||
# Setup NETMAP
|
||||
#
|
||||
if ( -s "$ENV{TMP_DIR}/nat" ) {
|
||||
progress_message2 "$doing NETMAP...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
|
||||
setup_netmap;
|
||||
}
|
||||
progress_message2 "$doing NETMAP...";
|
||||
setup_netmap;
|
||||
#
|
||||
# Accounting.
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user