Deprecate 'all[+]-'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2019-01-23 12:28:25 -08:00 · 2019-01-23 12:28:25 -08:00 · edc9e25f25
commit edc9e25f25
parent ef11ae834d
2 changed files with 26 additions and 3 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -292,6 +292,8 @@ our $mangle;

 our $sticky;

+our $excludefw;
+
 our $divertref; # DIVERT chain

 our %validstates = ( NEW                => 0,
@ -365,6 +367,10 @@ sub initialize( $ ) {
    #
    %actions           = ();
    #
+    # Count of 'all[+]=' encountered
+    #
+    $excludefw         = 0;
+    #
    # Action variants actually used. Key is <action>:<loglevel>:<tag>:<caller>:<params>; value is corresponding chain name
    #
    %usedactions       = ();
@ -3689,6 +3695,7 @@ sub next_section() {
 #
 sub build_zone_list( $$$\$\$ ) {
    my ($fw, $input, $which, $intrazoneref, $wildref ) = @_;
+    my $original_input = $input;
    my $any = ( $input =~ s/^any/all/ );
    my $exclude;
    my $rest;
@ -3717,9 +3724,25 @@ sub build_zone_list( $$$\$\$ ) {
 	    if ( $input eq 'all+' ) {
 		$$intrazoneref = 1;
 	    } elsif ( ( $input eq 'all+-' ) || ( $input eq 'all-+' ) ) {
+		unless ( $excludefw++ ) {
+		    if ( $any ) {
+			warning message "$original_input is deprecated in favor of 'any+!\$FW'";
+		    } else {
+			warning message "$original_input is deprecated in favor of 'all+!\$FW'";
+		    }
+		}
+
 		$$intrazoneref = 1;
 		$exclude{$fw} = 1;
 	    } elsif ( $input eq 'all-' ) {
+		unless ( $excludefw++ ) {
+		    if ( $any ) {
+			warning message "any- is deprecated in favor of 'any!\$FW'";
+		    } else {
+			warning message "all- is deprecated in favor of 'all!\$FW'" unless $excludefw++;
+		    }
+		}
+
 		$exclude{$fw} = 1;
 	    } else {
 		fatal_error "Invalid $which ($input)";
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@ -1259,11 +1259,11 @@
            </varlistentry>

            <varlistentry>
-              <term>all+!dmz</term>
+              <term>all+!$FW</term>

              <listitem>
-                <para>All but the <emphasis role="bold">dmz</emphasis> zone
-                and applies to intrazone traffic.</para>
+                <para>All but the firewall zone and applies to intrazone
+                traffic.</para>
              </listitem>
            </varlistentry>