shorewall_code/Shorewall-lite/init.openwrt.sh

95 lines
2.7 KiB
Bash
Raw Normal View History

#!/bin/sh /etc/rc.common
#
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
#
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012,2014 - Tom Eastep (teastep@shorewall.net)
# (c) 2015 - Matt Darfeuille - (matdarf@gmail.com)
#
# On most distributions, this file should be called /etc/init.d/shorewall.
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically stopped.
#
# Commands are:
#
# shorewall-lite start Starts the firewall
# shorewall-lite restart Restarts the firewall
# shorewall-lite reload Reload the firewall
# shorewall-lite stop Stops the firewall
# shorewall-lite status Displays firewall status
#
# description: Packet filtering firewall
# Openwrt related
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
# Start and stop runlevel variable
START=50
STOP=89
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
# Displays the status command
EXTRA_COMMANDS="status"
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
EXTRA_HELP=" status Displays firewall status"
################################################################################
# Get startup options (override default)
################################################################################
OPTIONS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
. ${SYSCONFDIR}/shorewall-lite
fi
SHOREWALL_INIT_SCRIPT=1
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
# Arg1 of init script is arg2 when rc.common is sourced; set to action variable
command="$action"
start() {
exec ${SBINDIR}/shorewall -l $OPTIONS $command $STARTOPTIONS
}
boot() {
Shorewall 5.0.4 Beta 2 Hi Tom, Some unnecessary lines need to be removed from the sysconfig files. I made some more changes to the init.openwrt.sh scripts(lite and lite6) Attached as sysconfig-lite.patch! In order to be able to use the build50 script I had to make a few changes(attached as build50.patch): - Adding a variable BASEDIR (to build shorewall in a subdirectory) BASEDIR=$PWD and doing: $BASEDIR/annotate.pl and so on ... - Adding a variable CYGWINSTYLESHEET and modifying the script to use this new variable(added cygwin clause in case statement) - Adding a variable GITRELEASEDIR and modifying the lines around 624(to specify an other name for the release repo) from ../release/ to ../$GITRELEASEDIR/ - Added line to remove unnecessary *.bak files - Added an if statement if a subdirectory is used when patches are created question/request: Would it be possible to use the build50 script without the '-t' option? That way only the packages would be built but the tarballs wouldn't be created. -Matt On 12 Jan 2016 at 7:57, Tom Eastep wrote: > Shorewall 5.0.4 Beta 2 is now available for download. > > New Feature since Beta 1: > > 1) The mangle file now supports an DIVERTHA action that provides > support for HAProxy. > > To setup the HAProxy transparent configuration described at > > http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x, > place this entry in shorewall-providers(5): > > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > TProxy 1 - - lo - tproxy > > and use this DIVERTHA entry: > > #ACTION SOURCE DEST PROTO ... > DIVERTHA - - tcp > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > -------------- Enclosure number 1 ---------------- >From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Wed, 13 Jan 2016 21:28:47 +0100 Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:08:20 +01:00
local command="start"
start
}
restart() {
exec ${SBINDIR}/shorewall -l $OPTIONS $command $RESTARTOPTIONS
}
reload() {
exec ${SBINDIR}/shorewall -l $OPTIONS $command $RELOADOPTION
}
stop() {
exec ${SBINDIR}/shorewall -l $OPTIONS $command $STOPOPTIONS
}
status() {
exec ${SBINDIR}/shorewall -l $OPTIONS $command $@
}