summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/tinyfirewall.pm33
1 files changed, 13 insertions, 20 deletions
diff --git a/perl-install/tinyfirewall.pm b/perl-install/tinyfirewall.pm
index 37be4895e..7ce984c2a 100644
--- a/perl-install/tinyfirewall.pm
+++ b/perl-install/tinyfirewall.pm
@@ -67,15 +67,12 @@ sub DoInterface {
my $GetNetworkInfo = sub {
$settings{DNS_SERVERS} = join(' ', uniq(split(' ', $settings{DNS_SERVERS}),
@{network::read_resolv_conf("/etc/resolv.conf")}{'dnsServer', 'dnsServer2', 'dnsServer3'}));
- open NETSTAT, "/bin/netstat -in |" or die "Can't pipe from /bin/netstat: $!\n"; <NETSTAT>; <NETSTAT>;
- my @interfaces = map { (split / /)[0]; } (<NETSTAT>); close NETSTAT;
- open ROUTE, "/sbin/route -n |" or die "Can't pipe from /sbin/route: $!\n"; <ROUTE>; <ROUTE>;
+ my (undef, undef, @netstat) = `/bin/netstat -in`;
+ my @interfaces = map { /(\S+)/ } @netstat;
+ my (@route, undef, undef) = `/sbin/route -n`;
my $defaultgw;
my $iface;
- while (<ROUTE>) {
- my @parts = split /\s+/;
- ($parts[0] eq "0.0.0.0") and $defaultgw = $parts[1], $iface = $parts[7];
- } close ROUTE;
+ foreach (@route) { my @parts = split /\s+/; $parts[0] eq "0.0.0.0" and $defaultgw = $parts[1], $iface = $parts[7] }
my $fulliface = $iface;
$fulliface =~ s/[0-9]+/\\\+/;
$settings{PUBLIC_INTERFACES} = join(' ', uniq(split(' ', $settings{PUBLIC_INTERFACES}), $iface));
@@ -83,7 +80,7 @@ sub DoInterface {
$settings{INTERNAL_IFACES} = join(' ', uniq(split(' ', $settings{INTERNAL_IFACES}),
map { my $i=$_; my $f=$i; $f=~s/[0-9]+/\\\+/;
if_(and_( map {$settings{$_} !~ /$i/ and $settings{$_} !~ /$f/ } ('TRUSTED_IFACES', 'PUBLIC_IFACES', 'INTERNAL_IFACES')), $i)
- } (@interfaces) ));
+ } @interfaces ));
};
my $popimap = sub { $_[0] or return; mapn { $settings{$_[0]} = $_[1] }
[ qw(FORCE_PASV_FTP TCP_BLOCKED_SERVICES UDP_BLOCKED_SERVICES ICMP_ALLOWED_TYPES ENABLE_SRC_ADDR_VERIFY IP_MASQ_NETWORK IP_MASQ_MODULES REJECT_METHOD) ] ,
@@ -136,7 +133,7 @@ sub DoInterface {
my $yes = $l->[2] ? $l->[2] : _("Yes (allow this through the firewall)");
if (my $e = $in->ask_from_list(_("Firewall Configuration Wizard"),
$messages[$i],
- [ $yes, $no ], or_( map { $_ and CheckService($_->[0], $_->[1]) } (@$l[4..6])) ? $yes : $no
+ [ $yes, $no ], or_( map { $_ && CheckService($_->[0], $_->[1]) } (@$l[4..6])) ? $yes : $no
)) {
map { $_ and Service ($e=~/Yes/, $_->[0], $_->[1]) } (@{@struct[$i]}[4..6]);
$struct[$i][3] and $struct[$i][3]->($e=~/Yes/);
@@ -146,20 +143,16 @@ sub DoInterface {
}
}
}
+sub unbox_service {
+ split ' ', $settings{uc($_[0]) . "_PUBLIC_SERVICES"}
+}
sub Service {
my ($add, $protocol, $port) = @_;
- if ($add) {
- map { $_ eq $port and return } (split (' ', $settings{uc($protocol) . "_PUBLIC_SERVICES"}));
- $settings{uc($protocol) . "_PUBLIC_SERVICES"} = join(' ',split(' ',$settings{uc($protocol) . "_PUBLIC_SERVICES"}, $port));
- } else {
- $settings{uc($protocol) . "_PUBLIC_SERVICES"} =
- join( ' ', map { if_($_ ne $port, $_)} (split (' ', $settings{uc($protocol) . "_PUBLIC_SERVICES"})) );
- }
-}
-sub CheckService {
- my ($protocol, $port) = @_;
- map { $_ eq $port and return 1 } split / /, $settings{uc($protocol) . "_PUBLIC_SERVICES"};
+ my @l = unbox_service($protocol);
+ @l = uniq($add ? (@l, $port) : grep { $_ ne $port } @l);
+ $settings{uc($protocol) . "_PUBLIC_SERVICES"} = join(' ', @l);
}
+sub CheckService { member($_[1], unbox_service($_[0])); }
sub Kernel22 {
my ($major, $minor, $patchlevel) = (cat_("/proc/version"))[0] =~ m/^Linux version ([0-9]+)\.([0-9]+)\.([0-9]+)/;
$major eq "2" && $minor eq "2";