2007-07-22 15:44:06 +02:00
|
|
|
--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.base 2007-06-17 14:30:30.000000000 -0700
|
|
|
|
+++ lib.base 2007-07-22 06:29:50.000000000 -0700
|
|
|
|
@@ -1,6 +1,6 @@
|
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
-# Shorewall 3.4 -- /usr/share/shorewall/lib.base
|
|
|
|
+# Shorewall 4.0 -- /usr/share/shorewall/lib.base
|
|
|
|
#
|
|
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
|
|
#
|
|
|
|
@@ -21,20 +21,26 @@
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
|
|
|
#
|
|
|
|
-# This library contains the code common to all Shorewall components. It is copied into
|
|
|
|
-# the compiled script with the -e compiler flag is specified and is loaded by
|
|
|
|
-# /sbin/shorewall, /usr/share/shorewall/compiler and /usr/share/shorewall/firewall. It
|
|
|
|
-# is also released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
|
|
|
|
-# and /usr/share/shorewall-lite/shorecap.
|
|
|
|
+# This library contains the code common to all Shorewall components.
|
|
|
|
+#
|
|
|
|
+# - It is copied into the compiled script with the -e compiler flag is specified to
|
|
|
|
+# shorewall-shell.
|
|
|
|
+# - It is loaded by /sbin/shorewall.
|
|
|
|
+# - It is loaded by /usr/share/shorewall/firewall.
|
|
|
|
+# - It is loaded by /usr/share/shorewall-shell/compiler.
|
|
|
|
+# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
|
|
|
|
+# and /usr/share/shorewall-lite/shorecap.
|
|
|
|
+# - It is released as part of Shorewall Perl where it is copied into the compiled script
|
|
|
|
+# by the compiler.
|
2007-06-16 17:43:14 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
-SHOREWALL_LIBVERSION=30404
|
|
|
|
+SHOREWALL_LIBVERSION=40000
|
2007-06-17 23:39:01 +02:00
|
|
|
SHOREWALL_CAPVERSION=30405
|
2007-06-16 17:43:14 +02:00
|
|
|
|
|
|
|
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
2007-06-18 22:22:57 +02:00
|
|
|
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
|
|
|
[ -n "${CONFDIR:=/etc/shorewall}" ]
|
|
|
|
-SHELLSHAREDIR=/usr/share/shorewall
|
|
|
|
+SHELLSHAREDIR=/usr/share/shorewall-shell
|
|
|
|
PERLSHAREDIR=/usr/share/shorewall-perl
|
|
|
|
|
|
|
|
#
|
2007-07-22 15:44:06 +02:00
|
|
|
@@ -360,6 +366,8 @@
|
2007-06-16 17:43:14 +02:00
|
|
|
eval loaded=\$LIB_${1}_LOADED
|
|
|
|
|
|
|
|
if [ -z "$loaded" ]; then
|
|
|
|
+ [ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
|
|
|
|
+
|
|
|
|
if [ -f $lib ]; then
|
|
|
|
progress_message "Loading library $lib..."
|
|
|
|
. $lib
|
2007-07-22 15:44:06 +02:00
|
|
|
@@ -380,7 +388,7 @@
|
|
|
|
|
|
|
|
#
|
|
|
|
# Note: The following set of IP address manipulation functions have anomalous
|
|
|
|
-# behavior when the shell only supports 32-bit signed arithmatic and
|
|
|
|
+# behavior when the shell only supports 32-bit signed arithmetic and
|
|
|
|
# the IP address is 128.0.0.0 or 128.0.0.1.
|
|
|
|
#
|
|
|
|
|
|
|
|
@@ -692,7 +700,7 @@
|
|
|
|
#
|
|
|
|
|
|
|
|
find_rt_interface() {
|
|
|
|
- ip route ls | while read addr rest; do
|
|
|
|
+ ip route list | while read addr rest; do
|
|
|
|
case $addr in
|
|
|
|
*/*)
|
|
|
|
in_network ${1%/*} $addr && echo $(find_device $rest)
|
|
|
|
@@ -713,14 +721,14 @@
|
|
|
|
|
|
|
|
find_nexthop() # $1 = interface
|
|
|
|
{
|
|
|
|
- echo $(find_gateway `ip route ls | grep "[[:space:]]nexthop.* $1"`)
|
|
|
|
+ echo $(find_gateway `ip route list | grep "[[:space:]]nexthop.* $1"`)
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# Find the default route's interface
|
|
|
|
#
|
|
|
|
find_default_interface() {
|
|
|
|
- ip route ls | while read first rest; do
|
|
|
|
+ ip route list | while read first rest; do
|
|
|
|
[ "$first" = default ] && echo $(find_device $rest) && return
|
|
|
|
done
|
|
|
|
}
|
|
|
|
@@ -746,7 +754,7 @@
|
|
|
|
find_interface_by_mac() {
|
|
|
|
local mac=$1 first second rest dev
|
|
|
|
|
|
|
|
- ip link ls | while read first second rest; do
|
|
|
|
+ ip link list | while read first second rest; do
|
|
|
|
case $first in
|
|
|
|
*:)
|
|
|
|
dev=$second
|
|
|
|
@@ -764,7 +772,7 @@
|
|
|
|
# Determine if Interface is up
|
|
|
|
#
|
|
|
|
interface_is_up() {
|
|
|
|
- [ -n "$(ip link ls dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
|
|
|
|
+ [ -n "$(ip link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
@@ -1232,11 +1240,11 @@
|
|
|
|
#
|
|
|
|
# First assume that this is some sort of point-to-point interface
|
|
|
|
#
|
|
|
|
- gateway=$( find_peer $(ip addr ls $interface ) )
|
|
|
|
+ gateway=$( find_peer $(ip addr list $interface ) )
|
|
|
|
#
|
|
|
|
# Maybe there's a default route through this gateway already
|
|
|
|
#
|
|
|
|
- [ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface))
|
|
|
|
+ [ -n "$gateway" ] || gateway=$(find_gateway $(ip route list dev $interface))
|
|
|
|
#
|
|
|
|
# Last hope -- is there a load-balancing route through the interface?
|
|
|
|
#
|
|
|
|
@@ -1251,7 +1259,7 @@
|
|
|
|
# Disable IPV6
|
|
|
|
#
|
|
|
|
disable_ipv6() {
|
|
|
|
- local foo="$(ip -f inet6 addr ls 2> /dev/null)"
|
|
|
|
+ local foo="$(ip -f inet6 addr list 2> /dev/null)"
|
|
|
|
|
|
|
|
if [ -n "$foo" ]; then
|
|
|
|
if qt mywhich ip6tables; then
|
|
|
|
@@ -1381,7 +1389,7 @@
|
|
|
|
#
|
|
|
|
get_device_mtu() # $1 = device
|
|
|
|
{
|
|
|
|
- local output="$(ip link ls dev $1 2> /dev/null)" # quotes required for /bin/ash
|
|
|
|
+ local output="$(ip link list dev $1 2> /dev/null)" # quotes required for /bin/ash
|
|
|
|
|
|
|
|
if [ -n "$output" ]; then
|
|
|
|
echo $(find_mtu $output)
|
|
|
|
@@ -1396,7 +1404,7 @@
|
|
|
|
#
|
|
|
|
get_device_mtu1() # $1 = device
|
|
|
|
{
|
|
|
|
- local output="$(ip link ls dev $1 2> /dev/null)" # quotes required for /bin/ash
|
|
|
|
+ local output="$(ip link list dev $1 2> /dev/null)" # quotes required for /bin/ash
|
|
|
|
local mtu
|
|
|
|
|
|
|
|
if [ -n "$output" ]; then
|