forked from extern/shorewall_code
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
395ea90cd7 | ||
|
|
ce861dd0a3 | ||
|
|
8fca17a0ef | ||
|
|
63d7580219 | ||
|
|
1d1068ac74 | ||
|
|
5bc724c268 |
@@ -16,7 +16,7 @@ RemainAfterExit=yes
|
||||
EnvironmentFile=-/etc/default/shorewall-lite
|
||||
StandardOutput=syslog
|
||||
ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
|
||||
ExecStop=/sbin/shorewall-lite $OPTIONS stop
|
||||
ExecStop=/sbin/shorewall-lite $OPTIONS clear
|
||||
ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -2000,6 +2000,21 @@ sub find_writable_file($) {
|
||||
"$config_path[0]$filename";
|
||||
}
|
||||
|
||||
#
|
||||
# Determine if a value has been supplied
|
||||
#
|
||||
sub supplied( $ ) {
|
||||
my $val = shift;
|
||||
|
||||
defined $val && $val ne '';
|
||||
}
|
||||
|
||||
sub passed( $ ) {
|
||||
my $val = shift;
|
||||
|
||||
defined $val && $val ne '' && $val ne '-';
|
||||
}
|
||||
|
||||
#
|
||||
# Split a comma-separated list into a Perl array
|
||||
#
|
||||
@@ -2058,7 +2073,7 @@ sub split_list1( $$;$ ) {
|
||||
sub split_list2( $$ ) {
|
||||
my ($list, $type ) = @_;
|
||||
|
||||
fatal_error "Invalid $type ($list)" if $list =~ /^:|::/;
|
||||
fatal_error "Invalid $type ($list)" if $list =~ /^:/;
|
||||
|
||||
my @list1 = split /:/, $list;
|
||||
my @list2;
|
||||
@@ -2095,6 +2110,7 @@ sub split_list2( $$ ) {
|
||||
fatal_error "Invalid $type ($list)" if $opencount < 0;
|
||||
}
|
||||
} elsif ( $element eq '' ) {
|
||||
fatal_error "Invalid $type ($list)" unless supplied $_;
|
||||
push @list2 , $_;
|
||||
} else {
|
||||
$element = join ':', $element , $_;
|
||||
@@ -2260,21 +2276,6 @@ sub split_columns( $ ) {
|
||||
@list2;
|
||||
}
|
||||
|
||||
#
|
||||
# Determine if a value has been supplied
|
||||
#
|
||||
sub supplied( $ ) {
|
||||
my $val = shift;
|
||||
|
||||
defined $val && $val ne '';
|
||||
}
|
||||
|
||||
sub passed( $ ) {
|
||||
my $val = shift;
|
||||
|
||||
defined $val && $val ne '' && $val ne '-';
|
||||
}
|
||||
|
||||
sub clear_comment();
|
||||
|
||||
#
|
||||
@@ -3666,6 +3667,7 @@ sub expand_variables( \$ ) {
|
||||
$usedcaller = USEDCALLER if $var eq 'caller';
|
||||
} else {
|
||||
fatal_error "Undefined shell variable (\$$var)" unless $config{IGNOREUNKNOWNVARIABLES} || exists $config{$var};
|
||||
$val = $config{$var};
|
||||
}
|
||||
|
||||
$val = '' unless defined $val;
|
||||
|
||||
@@ -122,7 +122,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
|
||||
fatal_error "Invalid conntrack ACTION (IPTABLES)" unless $1;
|
||||
}
|
||||
|
||||
my ( $tgt, $options ) = split( ' ', $2 );
|
||||
my ( $tgt, $options ) = split( ' ', $2, 2 );
|
||||
my $target_type = $builtin_target{$tgt};
|
||||
fatal_error "Unknown target ($tgt)" unless $target_type;
|
||||
fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE;
|
||||
|
||||
@@ -731,22 +731,21 @@ sub process_a_policy1($$$$$$$) {
|
||||
if ( $serverwild ) {
|
||||
for my $zone ( @zonelist ) {
|
||||
for my $zone1 ( @zonelist ) {
|
||||
set_policy_chain rules_chain( ${zone}, ${zone1} ), $client, $server, $chainref, $policy, $intrazone;
|
||||
set_policy_chain rules_chain( ${zone}, ${zone1} ), $zone, $zone1, $chainref, $policy, $intrazone;
|
||||
print_policy $zone, $zone1, $originalpolicy, $chain;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for my $zone ( all_zones ) {
|
||||
set_policy_chain rules_chain( ${zone}, ${server} ), $client, $server, $chainref, $policy, $intrazone;
|
||||
set_policy_chain rules_chain( ${zone}, ${server} ), $zone, $server, $chainref, $policy, $intrazone;
|
||||
print_policy $zone, $server, $originalpolicy, $chain;
|
||||
}
|
||||
}
|
||||
} elsif ( $serverwild ) {
|
||||
for my $zone ( @zonelist ) {
|
||||
set_policy_chain rules_chain( ${client}, ${zone} ), $client, $server, $chainref, $policy, $intrazone;
|
||||
set_policy_chain rules_chain( ${client}, ${zone} ), $client, $zone, $chainref, $policy, $intrazone;
|
||||
print_policy $client, $zone, $originalpolicy, $chain;
|
||||
}
|
||||
|
||||
} else {
|
||||
print_policy $client, $server, $originalpolicy, $chain;
|
||||
}
|
||||
@@ -2915,7 +2914,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
|
||||
IPTABLES => sub {
|
||||
if ( $param ) {
|
||||
fatal_error "Unknown ACTION (IPTABLES)" unless $family == F_IPV4;
|
||||
my ( $tgt, $options ) = split / /, $param;
|
||||
my ( $tgt, $options ) = split / /, $param, 2;
|
||||
my $target_type = $builtin_target{$tgt};
|
||||
fatal_error "Unknown target ($tgt)" unless $target_type;
|
||||
fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE;
|
||||
@@ -2928,7 +2927,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
|
||||
IP6TABLES => sub {
|
||||
if ( $param ) {
|
||||
fatal_error "Unknown ACTION (IP6TABLES)" unless $family == F_IPV6;
|
||||
my ( $tgt, $options ) = split / /, $param;
|
||||
my ( $tgt, $options ) = split / /, $param, 2;
|
||||
my $target_type = $builtin_target{$tgt};
|
||||
fatal_error "Unknown target ($tgt)" unless $target_type;
|
||||
fatal_error "The $tgt TARGET is not allowed in the filter table" unless $target_type & FILTER_TABLE;
|
||||
@@ -4499,7 +4498,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
|
||||
maxparams => 1,
|
||||
function => sub () {
|
||||
fatal_error "Invalid ACTION (IPTABLES)" unless $family == F_IPV4;
|
||||
my ( $tgt, $options ) = split( ' ', $params );
|
||||
my ( $tgt, $options ) = split( ' ', $params, 2 );
|
||||
my $target_type = $builtin_target{$tgt};
|
||||
fatal_error "Unknown target ($tgt)" unless $target_type;
|
||||
fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE;
|
||||
@@ -4515,7 +4514,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
|
||||
maxparams => 1,
|
||||
function => sub () {
|
||||
fatal_error "Invalid ACTION (IP6TABLES)" unless $family == F_IPV6;
|
||||
my ( $tgt, $options ) = split( ' ', $params );
|
||||
my ( $tgt, $options ) = split( ' ', $params, 2 );
|
||||
my $target_type = $builtin_target{$tgt};
|
||||
fatal_error "Unknown target ($tgt)" unless $target_type;
|
||||
fatal_error "The $tgt TARGET is not allowed in the mangle table" unless $target_type & MANGLE_TABLE;
|
||||
|
||||
@@ -1235,7 +1235,7 @@ safe_commands() {
|
||||
echo "New configuration has been accepted"
|
||||
else
|
||||
if [ "$command" = "restart" -o "$command" = "reload" ]; then
|
||||
run_it ${VARDIR}/.safe restore
|
||||
run_it ${VARDIR}/.safe -r restore
|
||||
else
|
||||
run_it ${VARDIR}/.$command clear
|
||||
fi
|
||||
|
||||
@@ -16,7 +16,7 @@ RemainAfterExit=yes
|
||||
EnvironmentFile=-/etc/default/shorewall
|
||||
StandardOutput=syslog
|
||||
ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
|
||||
ExecStop=/sbin/shorewall $OPTIONS stop
|
||||
ExecStop=/sbin/shorewall $OPTIONS clear
|
||||
ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -15,7 +15,7 @@ RemainAfterExit=yes
|
||||
EnvironmentFile=-/etc/default/shorewall6-lite
|
||||
StandardOutput=syslog
|
||||
ExecStart=/sbin/shorewall6-lite $OPTIONS start
|
||||
ExecStop=/sbin/shorewall6-lite $OPTIONS stop
|
||||
ExecStop=/sbin/shorewall6-lite $OPTIONS clear
|
||||
ExecReload=/sbin/shorewall6-lite $OPTIONS reload
|
||||
|
||||
[Install]
|
||||
|
||||
@@ -16,7 +16,7 @@ RemainAfterExit=yes
|
||||
EnvironmentFile=-/etc/default/shorewall6
|
||||
StandardOutput=syslog
|
||||
ExecStart=/sbin/shorewall6 $OPTIONS start $STARTOPTIONS
|
||||
ExecStop=/sbin/shorewall6 $OPTIONS stop
|
||||
ExecStop=/sbin/shorewall6 $OPTIONS clear
|
||||
ExecReload=/sbin/shorewall6 $OPTIONS reload $RELOADOPTIONS
|
||||
|
||||
[Install]
|
||||
|
||||
Reference in New Issue
Block a user