From 06e38b587d485bd89148fe1eea5cec6386c48196 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 28 Jun 2003 15:22:22 +0000 Subject: [PATCH] SHOREWALL_SHELL parameter git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 1 + Shorewall/firewall | 14 ++++++++------ Shorewall/releasenotes.txt | 4 ++++ Shorewall/shorewall | 13 +++++++++++-- Shorewall/shorewall.conf | 8 ++++++++ 5 files changed, 32 insertions(+), 8 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index dd2743f72..80e3cb7b0 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -23,4 +23,5 @@ Changes since 1.4.5 parameters and replaced them with code that detects these capabilities. +10) Added the SHOREWALL_SHELL configuraiton parameter. diff --git a/Shorewall/firewall b/Shorewall/firewall index 085e3f69f..5a2e5bae1 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2025,9 +2025,12 @@ add_a_rule() servport=$serverport multiport= + [ x$port = x- ] && port= + [ x$cport = x- ] && cport= + case $proto in tcp|udp|TCP|UDP|6|17) - if [ -n "$port" -a "x${port}" != "x-" ]; then + if [ -n "$port" ]; then dports="--dport" if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then multiport="$multioption" @@ -2036,7 +2039,7 @@ add_a_rule() dports="$dports $port" fi - if [ -n "$cport" -a "x${cport}" != "x-" ]; then + if [ -n "$cport" ]; then sports="--sport" if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then multiport="$multioption" @@ -2046,18 +2049,17 @@ add_a_rule() fi ;; icmp|ICMP|1) - [ -n "$port" ] && [ "x${port}" != "x-" ] && \ - dports="--icmp-type $port" + [ -n "$port" ] && dports="--icmp-type $port" state= ;; all|ALL) - [ -n "$port" ] && [ "x${port}" != "x-" ] && \ + [ -n "$port" ] && \ fatal_error "Port number not allowed with \"all\"; rule: \"$rule\"" proto= ;; *) state= - [ -n "$port" ] && [ "x${port}" != "x-" ] && \ + [ -n "$port" ] && \ fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\"" ;; esac diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 9e3352573..9703d7d8d 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -83,3 +83,7 @@ New Features: Tracking Match Extension is available, the rule in the filter table is extended to check that the original destination address was the same as specified (or defaulted to) in the DNAT rule. + +7) The shell used to interpret the firewall script + (/usr/share/shorewall/firewall) may now be specified using the + SHOREWALL_SHELL parameter in shorewall.conf. \ No newline at end of file diff --git a/Shorewall/shorewall b/Shorewall/shorewall index fa5555fa3..e07bb0ace 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -138,6 +138,13 @@ get_config() { [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:" + + if [ -n "$SHOREWALL_SHELL" ]; then + if [ ! -e "$SHOREWALL_SHELL" ]; then + echo "The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2 + exit 2 + fi + fi } # @@ -653,11 +660,13 @@ esac case "$1" in start|stop|restart|reset|clear|refresh|check) [ $# -ne 1 ] && usage 1 - exec $FIREWALL $debugging $nolock $1 + get_config + exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 ;; add|delete) [ $# -ne 3 ] && usage 1 - exec $FIREWALL $debugging $nolock $1 $2 $3 + get_config + exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 $2 $3 ;; show|list) [ $# -gt 2 ] && usage 1 diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index 278271ac5..45d7964c7 100755 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -191,6 +191,14 @@ RFC1918_LOG_LEVEL=info # PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin +# +# SHELL +# +# The firewall script is normally interpreted by /bin/sh. If you wish to change +# the shell used to interpret that script, specify the shell here. + +SHOREWALL_SHELL=/bin/sh + # SUBSYSTEM LOCK FILE # # Set this to the name of the lock file expected by your init scripts. For