diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index cdee939e1..940366521 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -100,6 +100,9 @@ our %EXPORT_TAGS = ( ALL_RESTRICT ALL_COMMANDS NOT_RESTORE + OPTIMIZE_POLICY_MASK + OPTIMIZE_RULESET_MASK + OPTIMIZE_MASK state_imatch initialize_chain_table @@ -347,6 +350,16 @@ my $ipset_rules; # use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 }; +# +# Optimization masks +# +use constant { + OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains() + OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset() + }; + +use constant { OPTIMIZE_MASK => OPTIMIZE_POLICY_MASK | OPTIMIZE_RULESET_MASK }; + # # These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents # diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index b821f1721..40275c6ee 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -490,13 +490,12 @@ EOF setup_load_distribution; setup_forwarding( $family , 0 ); - emit<<"EOF"; - run_refreshed_exit - do_iptables -N shorewall - set_state Started $config_dir - else - setup_netfilter -EOF + emit( ' run_refreshed_exit' , + ' do_iptables -N shorewall' , + " set_state Started $config_dir" , + ' else' , + ' setup_netfilter' ); + setup_load_distribution; emit<<"EOF"; @@ -623,14 +622,9 @@ sub compiler { # S H O R E W A L L . C O N F A N D C A P A B I L I T I E S # get_configuration( $export , $update , $annotate ); - - report_capabilities unless $config{LOAD_HELPERS_ONLY}; - - require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' ); - require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL}; - require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0; - require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED}; - + # + # Create a temp file to hold the script + # if ( $scriptfilename ) { set_command( 'compile', 'Compiling', 'Compiled' ); create_temp_script( $scriptfilename , $export ); @@ -639,7 +633,7 @@ sub compiler { } # # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until - # shorewall.conf has been processed and the capabilities have been determined. + # now when shorewall.conf has been processed and the capabilities have been determined. # initialize_chain_table(1); # @@ -888,16 +882,16 @@ sub compiler { optimize_level0; - if ( $config{OPTIMIZE} & 0x1E ) { + if ( $config{OPTIMIZE} & OPTIMIZE_MASK ) { progress_message2 'Optimizing Ruleset...'; # # Optimize Policy Chains # - optimize_policy_chains if $config{OPTIMIZE} & 2; + optimize_policy_chains if $config{OPTIMIZE} & OPTIMIZE_POLICY_MASK; # # Ruleset Optimization # - optimize_ruleset if $config{OPTIMIZE} & 0x1C; + optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK; } enable_script if $debug; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 679cf0be0..c56ca1dbe 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -3982,6 +3982,13 @@ sub get_configuration( $$$ ) { } else { $config{LOCKFILE} = ''; } + + report_capabilities unless $config{LOAD_HELPERS_ONLY}; + + require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' ); + require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL}; + require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0; + require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED}; } # diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 4a5f0d052..a4fcc4d24 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -764,9 +764,7 @@ CEOF emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl; } } - - emit ''; - } else { + } else { $weight = 1; }