forked from extern/shorewall_code
Unify file-related progress messages
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5759 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ccc8fc0b6c
commit
f69be4124c
@ -110,12 +110,19 @@ sub process_accounting_rule( $$$$$$$$ ) {
|
||||
|
||||
sub setup_accounting() {
|
||||
|
||||
open_file 'accounting';
|
||||
my $first_entry = 1;
|
||||
|
||||
my $fn = open_file 'accounting';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = split_line 8, 'Accounting File';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user;
|
||||
}
|
||||
|
||||
|
@ -304,7 +304,9 @@ sub expand_shell_variables( $ ) {
|
||||
}
|
||||
|
||||
#
|
||||
# Open a file, setting $currentfile.
|
||||
# Open a file, setting $currentfile. Returns the absolute pathname if the file
|
||||
# exists, is non-empty and was successfully opened. Terminates with a fatal error
|
||||
# if the file exists, is non-empty, but the open fails.
|
||||
#
|
||||
sub open_file( $ ) {
|
||||
my $fname = find_file $_[0];
|
||||
@ -352,7 +354,8 @@ sub pop_open() {
|
||||
# - Ignore blank or comment-only lines.
|
||||
# - Remove trailing comments.
|
||||
# - Compress out extra whitespace.
|
||||
# - Handle Line Continuation
|
||||
# - Handle Line Continuation (We don't continue comment lines, thus avoiding user frustration
|
||||
# when the last line of a comment inadvertently ends with '\').
|
||||
# - Expand shell variables from $ENV.
|
||||
# - Handle INCLUDE <filename>
|
||||
#
|
||||
@ -363,6 +366,7 @@ sub read_a_line {
|
||||
$line = '';
|
||||
|
||||
while ( my $nextline = <$currentfile> ) {
|
||||
|
||||
$currentlinenumber++;
|
||||
next if $nextline =~ /^\s*#/;
|
||||
next if $nextline =~ /^\s*$/;
|
||||
|
@ -53,14 +53,14 @@ sub validate_hosts_file()
|
||||
my $ipsec = 0;
|
||||
my $first_entry = 1;
|
||||
|
||||
open_file 'hosts';
|
||||
my $fn = open_file 'hosts';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($zone, $hosts, $options ) = split_line 3, 'hosts file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "Validating hosts file...";
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
|
@ -132,13 +132,20 @@ sub validate_interfaces_file()
|
||||
upnp => 1,
|
||||
);
|
||||
|
||||
open_file 'interfaces';
|
||||
my $fn = open_file 'interfaces';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file';
|
||||
my $zoneref;
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
if ( $zone eq '-' ) {
|
||||
$zone = '';
|
||||
} else {
|
||||
|
@ -240,14 +240,14 @@ sub setup_masq()
|
||||
{
|
||||
my $first_entry = 1;
|
||||
|
||||
open_file 'masq';
|
||||
my $fn = open_file 'masq';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing Masq file...";
|
||||
progress_message2 "$doing $fn...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty masq file' );
|
||||
$first_entry = 0;
|
||||
}
|
||||
@ -354,14 +354,14 @@ sub setup_nat() {
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
open_file 'nat';
|
||||
my $fn = open_file 'nat';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing one-to-one NAT...";
|
||||
progress_message2 "$doing $fn...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty nat file' );
|
||||
$first_entry = 0;
|
||||
}
|
||||
@ -389,14 +389,14 @@ sub setup_netmap() {
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
open_file 'netmap';
|
||||
my $fn = open_file 'netmap';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing NETMAP...";
|
||||
progress_message2 "$doing $fn...";
|
||||
require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' );
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
@ -128,14 +128,19 @@ sub validate_policy()
|
||||
}
|
||||
}
|
||||
|
||||
open_file 'policy';
|
||||
my $fn = open_file 'policy';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file';
|
||||
|
||||
$loglevel = '' unless defined $loglevel;
|
||||
$synparams = '' unless defined $synparams;
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
$loglevel = '' if $loglevel eq '-';
|
||||
$synparams = '' if $synparams eq '-';
|
||||
|
||||
|
@ -79,7 +79,6 @@ sub setup_route_marking() {
|
||||
}
|
||||
|
||||
sub setup_providers() {
|
||||
my $fn = find_file 'providers';
|
||||
my $providers = 0;
|
||||
|
||||
sub copy_table( $$ ) {
|
||||
@ -344,7 +343,7 @@ sub setup_providers() {
|
||||
#
|
||||
# Setup_Providers() Starts Here....
|
||||
#
|
||||
open_file $fn;
|
||||
my $fn = open_file 'providers';
|
||||
|
||||
while ( read_a_line ) {
|
||||
unless ( $providers ) {
|
||||
@ -427,17 +426,21 @@ sub setup_providers() {
|
||||
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
||||
}
|
||||
|
||||
my $fn = find_file 'route_rules';
|
||||
my $fn = open_file 'route_rules';
|
||||
|
||||
if ( -f $fn ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
if ( $fn ) {
|
||||
|
||||
my $first_entry = 0;
|
||||
|
||||
emit '';
|
||||
|
||||
open_file $fn;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file';
|
||||
|
||||
add_an_rtrule( $source, $dest, $provider , $priority );
|
||||
|
@ -81,8 +81,11 @@ progress_message \" Host $address connected to $interface added to ARP on $ext
|
||||
sub setup_proxy_arp() {
|
||||
|
||||
my $interfaces= find_interfaces_by_option 'proxyarp';
|
||||
my $fn = open_file 'proxyarp';
|
||||
|
||||
if ( @$interfaces || open_file 'proxyarp' ) {
|
||||
if ( @$interfaces || $fn ) {
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
save_progress_message "Setting up Proxy ARP...";
|
||||
|
||||
@ -92,6 +95,11 @@ sub setup_proxy_arp() {
|
||||
|
||||
my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
$set{$interface} = 1;
|
||||
$reset{$external} = 1 unless $set{$external};
|
||||
|
||||
|
@ -64,7 +64,7 @@ sub process_tos() {
|
||||
my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos';
|
||||
my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING';
|
||||
|
||||
if ( open_file 'tos' ) {
|
||||
if ( my $fn = open_file 'tos' ) {
|
||||
my $first_entry = 1;
|
||||
|
||||
my ( $pretosref, $outtosref );
|
||||
@ -74,7 +74,7 @@ sub process_tos() {
|
||||
my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 'Setting up TOS...';
|
||||
progress_message2 "$doing $fn...";
|
||||
$pretosref = ensure_chain 'mangle' , $chain;
|
||||
$outtosref = ensure_chain 'mangle' , 'outtos';
|
||||
$first_entry = 0;
|
||||
@ -127,14 +127,19 @@ sub setup_ecn()
|
||||
my %interfaces;
|
||||
my @hosts;
|
||||
|
||||
if ( open_file 'ecn' ) {
|
||||
|
||||
progress_message2 join( '' , "$doing ", find_file( 'ecn' ), '...' );
|
||||
if ( my $fn = open_file 'ecn' ) {
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ($interface, $hosts ) = split_line 2, 'ecn file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
fatal_error "Unknown interface ( $interface )" unless known_interface $interface;
|
||||
|
||||
$interfaces{$interface} = 1;
|
||||
@ -189,7 +194,9 @@ sub setup_rfc1918_filteration( $ ) {
|
||||
|
||||
$chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT};
|
||||
|
||||
open_file 'rfc1918';
|
||||
my $fn = open_file 'rfc1918';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
@ -197,6 +204,11 @@ sub setup_rfc1918_filteration( $ ) {
|
||||
|
||||
my $s_target;
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
if ( $target eq 'logdrop' ) {
|
||||
$target = 'rfc1918';
|
||||
$s_target = 'rfc1918';
|
||||
@ -249,8 +261,6 @@ sub setup_blacklist() {
|
||||
|
||||
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
|
||||
|
||||
progress_message2 " Setting up Blacklist...";
|
||||
|
||||
new_standard_chain 'blacklst';
|
||||
|
||||
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
||||
@ -265,14 +275,19 @@ sub setup_blacklist() {
|
||||
$target = 'blacklog';
|
||||
}
|
||||
|
||||
if ( open_file 'blacklist' ) {
|
||||
if ( my $fn = open_file 'blacklist' ) {
|
||||
|
||||
progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) );
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
expand_rule
|
||||
ensure_filter_chain( 'blacklst' , 0 ) ,
|
||||
NO_RESTRICT ,
|
||||
@ -348,12 +363,11 @@ sub process_criticalhosts() {
|
||||
|
||||
sub process_routestopped() {
|
||||
|
||||
my $fn = find_file 'routestopped';
|
||||
my ( @allhosts, %source, %dest );
|
||||
|
||||
progress_message2 "$doing $fn...";
|
||||
my $fn = open_file 'routestopped';
|
||||
|
||||
open_file $fn;
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
@ -361,6 +375,11 @@ sub process_routestopped() {
|
||||
|
||||
my ($interface, $hosts, $options ) = split_line 3, 'routestopped file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
$hosts = ALLIPv4 unless $hosts && $hosts ne '-';
|
||||
|
||||
my @hosts;
|
||||
@ -478,7 +497,7 @@ sub add_common_rules() {
|
||||
}
|
||||
|
||||
if ( @$list ) {
|
||||
progress_message2 ' Adding Anti-smurf Rules';
|
||||
progress_message2 'Adding Anti-smurf Rules';
|
||||
for my $hostref ( @$list ) {
|
||||
$interface = $hostref->[0];
|
||||
my $ipsec = $hostref->[1];
|
||||
@ -502,7 +521,7 @@ sub add_common_rules() {
|
||||
$list = find_interfaces_by_option 'dhcp';
|
||||
|
||||
if ( @$list ) {
|
||||
progress_message2 ' Adding rules for DHCP';
|
||||
progress_message2 'Adding rules for DHCP';
|
||||
|
||||
for $interface ( @$list ) {
|
||||
for $chain ( @{first_chains $interface}) {
|
||||
@ -515,18 +534,14 @@ sub add_common_rules() {
|
||||
|
||||
$list = find_hosts_by_option 'norfc1918';
|
||||
|
||||
if ( @$list ) {
|
||||
progress_message2 ' Enabling RFC1918 Filtering';
|
||||
|
||||
setup_rfc1918_filteration $list;
|
||||
}
|
||||
setup_rfc1918_filteration $list if @$list;
|
||||
|
||||
$list = find_hosts_by_option 'tcpflags';
|
||||
|
||||
if ( @$list ) {
|
||||
my $disposition;
|
||||
|
||||
progress_message2 " $doing TCP Flags filtering...";
|
||||
progress_message2 "$doing TCP Flags filtering...";
|
||||
|
||||
$chainref = new_standard_chain 'tcpflags';
|
||||
|
||||
@ -585,7 +600,7 @@ sub add_common_rules() {
|
||||
$list = find_interfaces_by_option 'upnp';
|
||||
|
||||
if ( @$list ) {
|
||||
progress_message2 ' $doing UPnP';
|
||||
progress_message2 '$doing UPnP';
|
||||
|
||||
(new_chain 'nat', 'UPnP')->{referenced} = 1;
|
||||
|
||||
@ -639,12 +654,19 @@ sub setup_mac_lists( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
open_file 'maclist';
|
||||
my $fn = open_file 'maclist';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
if ( $disposition eq 'COMMENT' ) {
|
||||
if ( $capabilities{COMMENTS} ) {
|
||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
||||
@ -1169,12 +1191,19 @@ sub process_rule ( $$$$$$$$$ ) {
|
||||
#
|
||||
sub process_rules() {
|
||||
|
||||
open_file 'rules';
|
||||
my $fn = open_file 'rules';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
if ( $target eq 'COMMENT' ) {
|
||||
if ( $capabilities{COMMENTS} ) {
|
||||
( $comment = $line ) =~ s/^\s*COMMENT\s*//;
|
||||
|
@ -349,15 +349,12 @@ sub validate_tc_class( $$$$$$ ) {
|
||||
}
|
||||
|
||||
sub setup_traffic_shaping() {
|
||||
my $first_entry = 1;
|
||||
|
||||
save_progress_message "Setting up Traffic Control...";
|
||||
|
||||
my $fn = find_file 'tcdevices';
|
||||
my $fn = open_file 'tcdevices';
|
||||
|
||||
if ( -f $fn ) {
|
||||
|
||||
open_file $fn;
|
||||
if ( $fn ) {
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
@ -373,12 +370,10 @@ sub setup_traffic_shaping() {
|
||||
}
|
||||
}
|
||||
|
||||
$fn = find_file 'tcclasses';
|
||||
$fn = open_file 'tcclasses';
|
||||
|
||||
if ( -f $fn ) {
|
||||
$first_entry = 1;
|
||||
|
||||
open_file $fn;
|
||||
if ( $fn ) {
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
@ -510,16 +505,14 @@ sub setup_tc() {
|
||||
}
|
||||
}
|
||||
|
||||
my $fn = find_file 'tcrules';
|
||||
|
||||
if ( open_file $fn ) {
|
||||
if ( my $fn = open_file 'tcrules' ) {
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing TC Rules...";
|
||||
progress_message2 "$doing $fn...";
|
||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' );
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
@ -233,14 +233,14 @@ sub setup_tunnels() {
|
||||
#
|
||||
# Setup_Tunnels() Starts Here
|
||||
#
|
||||
open_file 'tunnels';
|
||||
my $fn = open_file 'tunnels';
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing Tunnels...";
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
|
@ -180,7 +180,9 @@ sub determine_zones()
|
||||
{
|
||||
my @z;
|
||||
|
||||
open_file 'zones';
|
||||
my $fn = open_file 'zones';
|
||||
|
||||
my $first_entry = 1;
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
@ -188,6 +190,11 @@ sub determine_zones()
|
||||
|
||||
my ($zone, $type, $options, $in_options, $out_options ) = split_line 5, 'zones file';
|
||||
|
||||
if ( $first_entry ) {
|
||||
progress_message2 "$doing $fn...";
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
if ( $zone =~ /(\w+):([\w,]+)/ ) {
|
||||
$zone = $1;
|
||||
@parents = split ',', $2;
|
||||
|
@ -656,12 +656,10 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Process the zones file.
|
||||
#
|
||||
progress_message2 "Determining Zones...";
|
||||
determine_zones;
|
||||
#
|
||||
# Process the interfaces file.
|
||||
#
|
||||
progress_message2 "Validating interfaces file...";
|
||||
validate_interfaces_file;
|
||||
#
|
||||
# Process the hosts file.
|
||||
@ -680,7 +678,6 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Process the Policy File.
|
||||
#
|
||||
progress_message2 "Validating Policy file...";
|
||||
validate_policy;
|
||||
#
|
||||
# Compile the 'stop_firewall()' function
|
||||
@ -693,7 +690,6 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Do all of the zone-independent stuff
|
||||
#
|
||||
progress_message2 "$doing Common Rules...";
|
||||
add_common_rules;
|
||||
#
|
||||
# /proc stuff
|
||||
@ -735,7 +731,6 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Process the rules file.
|
||||
#
|
||||
progress_message2 "$doing Rules...";
|
||||
process_rules;
|
||||
#
|
||||
# Add Tunnel rules.
|
||||
@ -767,7 +762,6 @@ sub compiler( $ ) {
|
||||
#
|
||||
# Accounting.
|
||||
#
|
||||
progress_message2 "$doing Accounting...";
|
||||
setup_accounting;
|
||||
|
||||
progress_message2 'Generating Rule Matrix...';
|
||||
|
Loading…
Reference in New Issue
Block a user