holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow embedded shell/Perl directives to have leading '?'

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-06-05 07:32:43 -07:00
parent 170875c7dd
commit ee467a4877
13 changed files with 46 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2064,7 +2064,7 @@ sub embedded_shell( $ ) {
my $last = 0;
while ( read_a_line( PLAIN_READ ) ) {
last if $last = $currentline =~ s/^\s*END(\s+SHELL)?\s*;?//;
last if $last = $currentline =~ s/^\s*\??END(\s+SHELL)?\s*(?:;\s*)?$//;
$command .= "$currentline\n";
}
@ -2098,7 +2098,7 @@ sub embedded_perl( $ ) {
my $last = 0;
while ( read_a_line( PLAIN_READ ) ) {
last if $last = $currentline =~ s/^\s*END(\s+PERL)?\s*;?//;
last if $last = $currentline =~ s/^\s*\??END(\s+PERL)?\s*(?:;\s*)?//;
$command .= "$currentline\n";
}
@ -2309,13 +2309,13 @@ sub read_a_line($) {
# Must check for shell/perl before doing variable expansion
#
if ( $options & EMBEDDED_ENABLED ) {
if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
if ( $currentline =~ s/^\s*\??(BEGIN\s+)?SHELL\s*;?// ) {
handle_first_entry if $first_entry;
embedded_shell( $1 );
next;
}
if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
if ( $currentline =~ s/^\s*\??(BEGIN\s+)?PERL\s*\;?// ) {
handle_first_entry if $first_entry;
embedded_perl( $1 );
next;

4
Shorewall/action.Broadcast
View File

@ -31,7 +31,7 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use Shorewall::IPAddrs;
use Shorewall::Config;
@ -70,4 +70,4 @@ add_jump $chainref, $target, 0, '-d 224.0.0.0/4 ';
1;
END PERL;
?END PERL;

4
Shorewall/action.Drop
View File

@ -36,7 +36,7 @@ FORMAT 2
# The following magic provides different defaults for $2 thru $5, when $1 is
# 'audit'.
#
BEGIN PERL;
?BEGIN PERL;
use Shorewall::Config;
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -54,7 +54,7 @@ if ( defined $p1 ) {
1;
END PERL;
?END PERL;
DEFAULTS -,REJECT,DROP,ACCEPT,DROP

4
Shorewall/action.DropSmurfs
View File

@ -13,7 +13,7 @@ FORMAT 2
DEFAULTS -
BEGIN PERL;
?BEGIN PERL;
use strict;
use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6);
use Shorewall::Chains;
@ -77,7 +77,7 @@ if ( $family == F_IPV4 ) {
add_ijump( $chainref, g => $target, s => IPv6_MULTICAST );
}
END PERL;
?END PERL;

4
Shorewall/action.Invalid
View File

@ -31,7 +31,7 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use Shorewall::IPAddrs;
use Shorewall::Config;
@ -53,4 +53,4 @@ allow_optimize( $chainref );
1;
END PERL;
?END PERL;

4
Shorewall/action.NotSyn
View File

@ -31,7 +31,7 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use Shorewall::IPAddrs;
use Shorewall::Config;
@ -53,4 +53,4 @@ allow_optimize( $chainref );
1;
END PERL;
?END PERL;

4
Shorewall/action.RST
View File

@ -31,7 +31,7 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use Shorewall::Config;
use Shorewall::Chains;
@ -52,4 +52,4 @@ allow_optimize( $chainref );
1;
END PERL;
?END PERL;

4
Shorewall/action.Reject
View File

@ -32,7 +32,7 @@ FORMAT 2
# The following magic provides different defaults for $2 thru $5, when $1 is
# 'audit'.
#
BEGIN PERL;
?BEGIN PERL;
use Shorewall::Config;
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -50,7 +50,7 @@ if ( defined $p1 ) {
1;
END PERL;
?END PERL;
DEFAULTS -,REJECT,REJECT,ACCEPT,DROP

5
Shorewall/action.TCPFlags
View File

@ -13,12 +13,11 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use strict;
use Shorewall::Config qw(:DEFAULT F_IPV4 F_IPV6);
use Shorewall::Chains;
my ( $disposition, $audit ) = get_action_params( 2 );
my $chainref = get_action_chain;
@ -55,7 +54,7 @@ add_ijump $chainref , g => $disposition, p => 'tcp --tcp-flags SYN,RST SYN,RST';
add_ijump $chainref , g => $disposition, p => 'tcp --tcp-flags SYN,FIN SYN,FIN';
add_ijump $chainref , g => $disposition, p => 'tcp --syn --sport 0';
END PERL;
?END PERL;

4
Shorewall6/action.Broadcast
View File

@ -31,7 +31,7 @@ FORMAT 2
DEFAULTS DROP,-
BEGIN PERL;
?BEGIN PERL;
use Shorewall::IPAddrs;
use Shorewall::Config;
@ -68,4 +68,4 @@ add_jump $chainref, $target, 0, join( ' ', '-d', IPv6_MULTICAST . ' ' );
1;
END PERL;
?END PERL;

4
Shorewall6/action.Drop
View File

@ -36,7 +36,7 @@ FORMAT 2
# The following magic provides different defaults for $2 thru $5, when $1 is
# 'audit'.
#
BEGIN PERL;
?BEGIN PERL;
use Shorewall::Config;
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -54,7 +54,7 @@ if ( defined $p1 ) {
1;
END PERL;
?END PERL;
DEFAULTS -,REJECT,DROP,ACCEPT,DROP

4
Shorewall6/action.Reject
View File

@ -32,7 +32,7 @@ FORMAT 2
# The following magic provides different defaults for $2 thru $5, when $1 is
# 'audit'.
#
BEGIN PERL;
?BEGIN PERL;
use Shorewall::Config;
my ( $p1, $p2, $p3 , $p4, $p5 ) = get_action_params( 5 );
@ -50,7 +50,7 @@ if ( defined $p1 ) {
1;
END PERL;
?END PERL;
DEFAULTS -,REJECT,REJECT,ACCEPT,DROP

28
docs/configuration_file_basics.xml
View File

@ -1625,16 +1625,23 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
<itemizedlist>
<listitem>
<para><emphasis role="bold">PERL</emphasis> &lt;<emphasis>perl
<para>[<emphasis role="bold">?</emphasis>]<emphasis
role="bold">PERL</emphasis> &lt;<emphasis>perl
script</emphasis>&gt;</para>
</listitem>
<listitem>
<para><emphasis role="bold">SHELL</emphasis> &lt;<emphasis>shell
<para>[<emphasis role="bold">?</emphasis>]<emphasis
role="bold">SHELL</emphasis> &lt;<emphasis>shell
script</emphasis>&gt;</para>
</listitem>
</itemizedlist>
<note>
<para>The optional leading question mark (?) is allowed in Shorewall
4.5.5 and later.</para>
</note>
<para>Shell scripts run in a child shell process and their output is piped
back to the compiler which processes that output as if it were embedded at
the point of the script.</para>
@ -1678,14 +1685,19 @@ use Shorewall::Config ( qw/shorewall/ );</programlisting>
</listitem>
</orderedlist>
<para>Multi-line scripts use one of the following forms:<programlisting><emphasis
role="bold">BEGIN SHELL</emphasis>
<para>Multi-line scripts use one of the following forms:<programlisting>[<emphasis
role="bold">?</emphasis>]<emphasis role="bold">BEGIN SHELL</emphasis>
&lt;<emphasis>shell script</emphasis>&gt;
<emphasis role="bold">END</emphasis> [ <emphasis role="bold">SHELL</emphasis> ]</programlisting><programlisting><emphasis
role="bold">BEGIN PERL</emphasis> [;]
[<emphasis role="bold">?</emphasis>]<emphasis role="bold">END</emphasis> [ <emphasis
role="bold">SHELL</emphasis> ]</programlisting><programlisting>[<emphasis
role="bold">?</emphasis>]<emphasis role="bold">BEGIN PERL</emphasis> [<emphasis
role="bold">;</emphasis>]
&lt;<emphasis>perl script</emphasis>&gt;
<emphasis role="bold">END</emphasis> [ <emphasis role="bold">PERL</emphasis> ] [<emphasis
role="bold">;</emphasis>]</programlisting></para>
[<emphasis role="bold">?</emphasis>]<emphasis role="bold">END</emphasis> [ <emphasis
role="bold">PERL</emphasis> ] [<emphasis role="bold">;</emphasis>]</programlisting><note>
<para>The optional leading question mark (?) is allowed in Shorewall
4.5.5 and later.</para>
</note></para>
</section>
<section id="dnsnames">