extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 08:03:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

SHOREWALL_SHELL parameter

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-06-28 15:22:22 +00:00
parent 52bc8bca5e
commit 06e38b587d
5 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/changelog.txt
View File

@ -23,4 +23,5 @@ Changes since 1.4.5
parameters and replaced them with code that detects these parameters and replaced them with code that detects these
capabilities. capabilities.
10) Added the SHOREWALL_SHELL configuraiton parameter.

14
Shorewall/firewall
View File

@ -2025,9 +2025,12 @@ add_a_rule()
servport=$serverport servport=$serverport
multiport= multiport=
[ x$port = x- ] && port=
[ x$cport = x- ] && cport=
case $proto in case $proto in
tcp|udp|TCP|UDP|6|17) tcp|udp|TCP|UDP|6|17)
if [ -n "$port" -a "x${port}" != "x-" ]; then if [ -n "$port" ]; then
dports="--dport" dports="--dport"
if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then
multiport="$multioption" multiport="$multioption"
@ -2036,7 +2039,7 @@ add_a_rule()
dports="$dports $port" dports="$dports $port"
fi fi
if [ -n "$cport" -a "x${cport}" != "x-" ]; then if [ -n "$cport" ]; then
sports="--sport" sports="--sport"
if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then
multiport="$multioption" multiport="$multioption"
@ -2046,18 +2049,17 @@ add_a_rule()
fi fi
;; ;;
icmp|ICMP|1) icmp|ICMP|1)
[ -n "$port" ] && [ "x${port}" != "x-" ] && \ [ -n "$port" ] && dports="--icmp-type $port"
dports="--icmp-type $port"
state= state=
;; ;;
all|ALL) all|ALL)
[ -n "$port" ] && [ "x${port}" != "x-" ] && \ [ -n "$port" ] && \
fatal_error "Port number not allowed with \"all\"; rule: \"$rule\"" fatal_error "Port number not allowed with \"all\"; rule: \"$rule\""
proto= proto=
;; ;;
*) *)
state= state=
[ -n "$port" ] && [ "x${port}" != "x-" ] && \ [ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\"" fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
;; ;;
esac esac

4
Shorewall/releasenotes.txt
View File

@ -83,3 +83,7 @@ New Features:
Tracking Match Extension is available, the rule in the filter table Tracking Match Extension is available, the rule in the filter table
is extended to check that the original destination address was the is extended to check that the original destination address was the
same as specified (or defaulted to) in the DNAT rule. same as specified (or defaulted to) in the DNAT rule.
7) The shell used to interpret the firewall script
(/usr/share/shorewall/firewall) may now be specified using the
SHOREWALL_SHELL parameter in shorewall.conf.

13
Shorewall/shorewall
View File

@ -138,6 +138,13 @@ get_config() {
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:" [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
if [ -n "$SHOREWALL_SHELL" ]; then
if [ ! -e "$SHOREWALL_SHELL" ]; then
echo "The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
exit 2
fi
fi
} }
# #
@ -653,11 +660,13 @@ esac
case "$1" in case "$1" in
start|stop|restart|reset|clear|refresh|check) start|stop|restart|reset|clear|refresh|check)
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
exec $FIREWALL $debugging $nolock $1 get_config
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
;; ;;
add|delete) add|delete)
[ $# -ne 3 ] && usage 1 [ $# -ne 3 ] && usage 1
exec $FIREWALL $debugging $nolock $1 $2 $3 get_config
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 $2 $3
;; ;;
show|list) show|list)
[ $# -gt 2 ] && usage 1 [ $# -gt 2 ] && usage 1

8
Shorewall/shorewall.conf
View File

@ -191,6 +191,14 @@ RFC1918_LOG_LEVEL=info
# #
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
#
# SHELL
#
# The firewall script is normally interpreted by /bin/sh. If you wish to change
# the shell used to interpret that script, specify the shell here.
SHOREWALL_SHELL=/bin/sh
# SUBSYSTEM LOCK FILE # SUBSYSTEM LOCK FILE
# #
# Set this to the name of the lock file expected by your init scripts. For # Set this to the name of the lock file expected by your init scripts. For