Rename 'New' to 'Shorewall-perl'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5816 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-08-09 07:31:00 +02:00 · 2007-04-03 01:25:13 +00:00
parent 7bfed5dd6e
commit 053b690320
29 changed files with 8 additions and 1 deletions
--- a/Shorewall-perl/prog.functions
+++ b/Shorewall-perl/prog.functions
@ -0,0 +1,152 @@
+#
+# Clear Proxy Arp
+#
+delete_proxyarp() {
+    if [ -f ${VARDIR}/proxyarp ]; then
+	while read address interface external haveroute; do
+	    qt arp -i $external -d $address pub
+	    [ -z "${haveroute}${NOROUTES}" ] && qt ip route del $address dev $interface
+	done < ${VARDIR}/proxyarp
+
+	for f in /proc/sys/net/ipv4/conf/*; do
+	    [ -f $f/proxy_arp ] && echo 0 > $f/proxy_arp
+	done
+    fi
+
+    rm -f ${VARDIR}/proxyarp
+}
+
+#
+# Set policy of chain $1 to $2
+#
+setpolicy() {
+    $IPTABLES -P $1 $2
+}
+#
+# Remove all Shorewall-added rules
+#
+clear_firewall() {
+    stop_firewall
+
+    setpolicy INPUT ACCEPT
+    setpolicy FORWARD ACCEPT
+    setpolicy OUTPUT ACCEPT
+
+    run_iptables -F
+
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+
+    if [ -n "$DISABLE_IPV6" ]; then
+	if qt mywhich ip6tables; then
+	    ip6tables -P INPUT   ACCEPT 2> /dev/null
+	    ip6tables -P OUTPUT  ACCEPT 2> /dev/null
+	    ip6tables -P FORWARD ACCEPT 2> /dev/null
+	fi
+    fi
+
+    run_clear_exit
+
+    set_state "Cleared"
+
+    logger -p kern.info "$PRODUCT Cleared"
+}
+
+#
+# Issue a message and stop/restore the firewall
+#
+fatal_error()
+{
+    echo "   ERROR: $@" >&2
+    stop_firewall
+    [ -n "$TEMPFILE" ] && rm -f $TEMPFILE
+    exit 2
+}
+
+#
+# Issue a message and stop
+#
+startup_error() # $* = Error Message
+{
+    echo "   ERROR: $@" >&2
+    case $COMMAND in
+        start)
+	    logger -p kern.err "ERROR:$PRODUCT start failed"
+	    ;;
+	restart)
+	    logger -p kern.err "ERROR:$PRODUCT restart failed"
+	    ;;
+	restore)
+	    logger -p kern.err "ERROR:$PRODUCT restore failed"
+	    ;;
+    esac
+            
+    kill $$
+    exit 2
+}
+
+#
+# Run iptables and if an error occurs, stop/restore the firewall
+#
+run_iptables()
+{
+    if [ -n "$COMMENT" ]; then
+        $IPTABLES $@ -m comment --comment "$COMMENT"
+    else
+        $IPTABLES $@
+    fi
+
+    if [ $? -ne 0 ]; then
+        error_message "ERROR: Command \"$IPTABLES $@\" Failed"
+	stop_firewall
+        exit 2
+    fi
+}
+
+#
+# Run iptables and if an error occurs, stop/restore the firewall
+#
+run_ip()
+{
+    if ! ip $@; then
+	error_message "ERROR: Command \"ip $@\" Failed"
+	stop_firewall
+	exit 2
+    fi
+}
+
+#
+# Run tc and if an error occurs, stop/restore the firewall
+#
+run_tc() {
+    if ! tc $@ ; then
+	error_message "ERROR: Command \"tc $@\" Failed"
+	stop_firewall
+	exit 2
+    fi
+}
+
+restore_dynamic_rules() {
+    if [ -f ${VARDIR}/save ]; then
+	progress_message2 "Setting up dynamic rules..."
+	rangematch='source IP range'
+	while read target ignore1 ignore2 address ignore3 rest; do
+	    case $target in
+		DROP|reject|logdrop|logreject)
+		    case $rest in
+			$rangematch*)
+			    run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
+			    ;;
+			*)
+			    if [ -z "$rest" ]; then
+				run_iptables -A dynamic -s $address -j $target
+			    else
+				error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
+			    fi
+			    ;;
+		    esac
+		    ;;
+	    esac
+	done < ${VARDIR}/save
+    fi
+}
+