extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finish install/fallback cleanup

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2677 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-13 17:13:35 +00:00
parent 050ba1b307
commit 0864c22d26
5 changed files with 113 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 2.5.6
1) Finish install/fallback cleanup.
Changes in 2.5.5 Changes in 2.5.5
1) Zone file alchemy attempted. 1) Zone file alchemy attempted.

27
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.5.5 VERSION=2.5.6
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -49,8 +49,23 @@ restore_directory() # $1 = directory to restore
fi fi
} }
restore_file() # $1 = file to restore restore_file() # $1 = file to restore, $2 = (Optional) Directory to restore from
{ {
if [ -n "$2" ]; then
local file=$(basename $1)
if [ -f $2/$file ]; then
if mv -f $2/$file $1 ; then
echo
echo "$1 restored"
return
fi
echo "ERROR: Could not restore $1"
exit 1
fi
fi
if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
if (mv -f ${1}-${VERSION}.bkout $1); then if (mv -f ${1}-${VERSION}.bkout $1); then
echo echo
@ -71,17 +86,17 @@ echo "Backing Out Installation of Shorewall $VERSION"
if [ -L /usr/share/shorewall/init ]; then if [ -L /usr/share/shorewall/init ]; then
FIREWALL=$(ls -l /usr/share/shorewall/init | sed 's/^.*> //') FIREWALL=$(ls -l /usr/share/shorewall/init | sed 's/^.*> //')
restore_file $FIREWALL restore_file $FIREWALL /usr/share/shorewall-${VERSION}.bkout
else else
restore_file /etc/init.d/shorewall restore_file /etc/init.d/shorewall /usr/share/shorewall-${VERSION}.bkout
fi fi
restore_file /sbin/shorewall restore_file /sbin/shorewall /var/lib/shorewall-${VERSION}.bkout
restore_directory /etc/shorewall restore_directory /etc/shorewall
restore_directory /usr/share/shorewall restore_directory /usr/share/shorewall
restore_directory /var/lib/shorewall restore_directory /var/lib/shorewall
echo "Shorewall Restored to Version $oldversion" echo "Shorewall Restored to Version $(cat /usr/share/shorewall/version)"

51
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=2.5.5 VERSION=2.5.6
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -37,7 +37,7 @@ run_install()
{ {
if ! install $*; then if ! install $*; then
echo echo
echo "ERROR: Failed to install $*" echo "ERROR: Failed to install $*" >&2
exit 1 exit 1
fi fi
} }
@ -45,8 +45,7 @@ run_install()
cant_autostart() cant_autostart()
{ {
echo echo
echo "WARNING: Unable to configure shorewall to start" echo "WARNING: Unable to configure shorewall to start automatically at boot" >&2
echo " automatically at boot"
} }
backup_directory() # $1 = directory to backup backup_directory() # $1 = directory to backup
@ -61,15 +60,26 @@ backup_directory() # $1 = directory to backup
fi fi
} }
backup_file() # $1 = file to backup backup_file() # $1 = file to backup, $2 = (optional) Directory in which to create the backup
{ {
if [ -z "$PREFIX" -a -f $1 -a ! -f ${1}-${VERSION}.bkout ]; then if [ -z "$PREFIX" ]; then
if (cp $1 ${1}-${VERSION}.bkout); then if [ -f $1 -a ! -f ${1}-${VERSION}.bkout ]; then
echo if [ -n "$2" ]; then
echo "$1 saved to ${1}-${VERSION}.bkout" if [ -d $2 ]; then
else if cp -f $1 $2 ; then
exit 1 echo
fi echo "$1 saved to $2/$(basename $1)"
else
exit 1
fi
fi
elif cp $1 ${1}-${VERSION}.bkout; then
echo
echo "$1 saved to ${1}-${VERSION}.bkout"
else
exit 1
fi
fi
fi fi
} }
@ -90,9 +100,9 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $OWNERSHIP -m $3 $1 ${2} run_install $OWNERSHIP -m $3 $1 ${2}
} }
install_file_with_backup() # $1 = source $2 = target $3 = mode install_file_with_backup() # $1 = source $2 = target $3 = mode $4 = (optional) backup directory
{ {
backup_file $2 backup_file $2 $4
run_install $OWNERSHIP -m $3 $1 ${2} run_install $OWNERSHIP -m $3 $1 ${2}
} }
@ -194,7 +204,7 @@ else
first_install="Yes" first_install="Yes"
fi fi
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544 install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
echo echo
echo "shorewall control program installed in ${PREFIX}/sbin/shorewall" echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
@ -203,9 +213,9 @@ echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
# Install the Firewall Script # Install the Firewall Script
# #
if [ -n "$DEBIAN" ]; then if [ -n "$DEBIAN" ]; then
install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544 install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
else else
install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
fi fi
echo echo
@ -227,7 +237,6 @@ if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
fi fi
if [ -n "$ARCHLINUX" ] ; then if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf
fi fi
# #
@ -381,9 +390,7 @@ fi
# #
# Install the TOS file # Install the TOS file
# #
if [ -f ${PREFIX}/etc/shorewall/tos ]; then if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then
backup_file /etc/shorewall/tos
else
run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos
echo echo
echo "TOS file installed as ${PREFIX}/etc/shorewall/tos" echo "TOS file installed as ${PREFIX}/etc/shorewall/tos"
@ -447,7 +454,7 @@ echo "RFC 1918 file installed as ${PREFIX}/usr/share/shorewall/rfc1918"
# #
install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0600 install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0600
echo echo
echo " Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath" echo "Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath"
# #
# Install the init file # Install the init file
# #

98
Shorewall/releasenotes.txt
View File

@ -1,4 +1,22 @@
Shorewall 2.5.5. Shorewall 2.5.6.
Problems Corrected in 2.5.6:
None.
New Features in 2.5.6:
1) The install.sh script now does a much cleaner job of backing up the
current installation. It copies the directories /etc/shorewall,
/usr/share/shorewall and /var/lib/shorewall to a directory of the
same name with "-$VERSION.bkout" appended. The init script and
/sbin/shorewall are backed up to the /usr/share/shorewall and
/var/lib/shorewall directories respectively. This makes it very
simple to remove the backups:
rm -rf /etc/shorewall-*.bkout
rm -rf /usr/share/shorewall-*.bkout
rm -rf /var/lib/shorewall-*.bkout
Problems Corrected in 2.5.5: Problems Corrected in 2.5.5:
@ -9,41 +27,6 @@ Problems Corrected in 2.5.5:
"shorewall start" would continue after what should have been fatal "shorewall start" would continue after what should have been fatal
errors. errors.
New Features in 2.5.5:
1) The IPSEC column in /etc/shorewall/zones has been renamed TYPE and
can have one of the following values:
plain, -, or <empty> A normal zone
ipsec An IPSEC zone
firewall The firewall zone. There must be
exactly one firewall zone.
2) You may now define zone nesting in the /etc/shorewall/zones
file. In the ZONE column, the (sub)zone name can be followed by a
colon (":") and a comma-separated list of parent zones. The parent
zone(s) must be listed before the subzone.
Example: Zone B is a subzone of zone A
#ZONE TYPE OPTIONS
A plain
B:A plain
Currently, Shorewall only uses the zone nesting information to
re-order the zone list such that subzones appear before their
parent zones. In a future release, Shorewall might make additional
use of this information to structure the ruleset in a more
efficient fashion.
3) When /usr/share/shorewall/functions is loaded it now sets
SHOREWALL_LIBRARY=Loaded
Application code such as /etc/shorewall/tcstart may test that
variable to determine if the library has been loaded into the
current shell process.
Problems Corrected in 2.5.4: Problems Corrected in 2.5.4:
1) Several serious problems associated with macros have been corrected. 1) Several serious problems associated with macros have been corrected.
@ -121,17 +104,38 @@ Migration Considerations:
are now as follows: are now as follows:
ZONE Short name of the zone (5 Characters or less in ZONE Short name of the zone (5 Characters or less in
length). length). The names "all" and "none" are
reserved and may not be used as zone names.
The names "all" and "none" are reserved and may
not beused as zone names.
TYPE ipsec - Communication with all zone hosts is encrypted Where a zone is nested in one or more other
zones, you may follow the (sub)zone name by ":"
and a comma-separated list of the parent
zones. The parent zones must have been defined
in earlier records in this file.
Example:
#ZONE TYPE OPTIONS
a plain
b plain
c:a,b plain
Currently, Shorewall uses this information only
to reorder the zone list so that parent zones
appear after their subzones in the list. In the
future, Shorewall may make more extensive use
of that information.
TYPE plain - This is the standard Shorewall zone type and is
the default if the column is left empty or if
it is entered as "-". Communication with some
zone hosts may be encrypted. Encrypted hosts
are designated using the 'ipsec' option in
/etc/shorewall/hosts.
ipsec - Communication with all zone hosts is encrypted
Your kernel and iptables must include policy Your kernel and iptables must include policy
match support. match support.
plain - Communication with some zone hosts may be encrypted.
Encrypted hosts are designated using the 'ipsec'
option in /etc/shorewall/hosts.
firewall firewall
- Designates the firewall itself. You must have - Designates the firewall itself. You must have
exactly one 'firewall' zone. No options are exactly one 'firewall' zone. No options are
@ -535,3 +539,11 @@ New Features in Shorewall 2.5.*
Thanks, Arne! Thanks, Arne!
19) When /usr/share/shorewall/functions is loaded it now sets
SHOREWALL_LIBRARY=Loaded
Application code such as /etc/shorewall/tcstart may test that
variable to determine if the library has been loaded into the
current shell process.

5
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=2.5.5 VERSION=2.5.6
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -101,8 +101,11 @@ rm -f /sbin/shorewall
rm -f /sbin/shorewall-*.bkout rm -f /sbin/shorewall-*.bkout
rm -rf /etc/shorewall rm -rf /etc/shorewall
rm -rf /etc/shorewall-*.bkout
rm -rf /var/lib/shorewall rm -rf /var/lib/shorewall
rm -rf /var/lib/shorewall-*.bkout
rm -rf /usr/share/shorewall rm -rf /usr/share/shorewall
rm -rf /usr/share/shorewall-*.bkout
echo "Shorewall Uninstalled" echo "Shorewall Uninstalled"