From f741b8a225799b13eadbb21e670c3bfc8fdf9ad4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 15 May 2011 11:52:26 -0700 Subject: [PATCH] Issue warning on missing IPSET --- Shorewall/Perl/Shorewall/Chains.pm | 9 +++++++-- Shorewall/Perl/Shorewall/Compiler.pm | 6 +++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 591be10de..b2e0f8e03 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -244,6 +244,7 @@ our $mangle_table; our $filter_table; our $comment; our @comments; +my $export; # # Target Types @@ -388,8 +389,8 @@ our %builtin_target = ( ACCEPT => 1, # 2. The compiler can run multiple times in the same process so it has to be # able to re-initialize its dependent modules' state. # -sub initialize( $$ ) { - ( $family, my $hard ) = @_; +sub initialize( $$$ ) { + ( $family, my $hard, $export ) = @_; %chain_table = ( raw => {}, mangle => {}, @@ -2819,6 +2820,10 @@ sub get_set_flags( $$ ) { $setname =~ s/^\+//; + unless ( $export || $> != 0 ) { + warning_message "Ipset $setname does not exist" unless qt "ipset -L $setname"; + } + fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/; have_capability 'OLD_IPSET_MATCH' ? "--set $setname $options " : "--match-set $setname $options "; diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 2f43c75d9..b99ad8571 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -54,7 +54,7 @@ our $family; # sub initialize_package_globals() { Shorewall::Config::initialize($family); - Shorewall::Chains::initialize ($family, 1); + Shorewall::Chains::initialize ($family, 1, $export ); Shorewall::Zones::initialize ($family); Shorewall::Nat::initialize; Shorewall::Providers::initialize($family); @@ -817,7 +817,7 @@ sub compiler { # We must reinitialize Shorewall::Chains before generating the iptables-restore input # for stopping the firewall # - Shorewall::Chains::initialize( $family, 0 ); + Shorewall::Chains::initialize( $family, 0 , $export ); initialize_chain_table; # # S T O P _ F I R E W A L L @@ -881,7 +881,7 @@ sub compiler { # Re-initialize the chain table so that process_routestopped() has the same # environment that it would when called by compile_stop_firewall(). # - Shorewall::Chains::initialize( $family , 0 ); + Shorewall::Chains::initialize( $family , 0 , $export ); initialize_chain_table; if ( $debug ) {