mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-27 08:39:00 +01:00
More periodic removal of trailing white space
This commit is contained in:
parent
3467969c26
commit
0978f3d41a
@ -23,10 +23,10 @@
|
||||
# to the name of the remote firewall corresponding to the directory.
|
||||
#
|
||||
# To make the 'firewall' script, type "make".
|
||||
#
|
||||
#
|
||||
# Once the script is compiling correctly, you can install it by
|
||||
# typing "make install".
|
||||
#
|
||||
#
|
||||
################################################################################
|
||||
# V A R I A B L E S
|
||||
#
|
||||
@ -55,7 +55,7 @@ all: firewall
|
||||
#
|
||||
# Only generate the capabilities file if it doesn't already exist
|
||||
#
|
||||
capabilities:
|
||||
capabilities:
|
||||
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
|
||||
scp root@$(HOST):$(LITEDIR)/capabilities .
|
||||
#
|
||||
@ -78,5 +78,5 @@ save:
|
||||
#
|
||||
# Remove generated files
|
||||
#
|
||||
clean:
|
||||
clean:
|
||||
rm -f capabilities firewall firewall.conf reload
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
usage() {
|
||||
echo "Usage: $0 [ options ] [ start|stop|clear|down|reset|refresh|restart|status|up|version ]"
|
||||
echo
|
||||
echo
|
||||
echo "Options are:"
|
||||
echo
|
||||
echo " -v and -q Standard Shorewall verbosity controls"
|
||||
@ -85,7 +85,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
t*)
|
||||
g_timestamp=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
;;
|
||||
p*)
|
||||
g_purge=Yes
|
||||
option=${option#p}
|
||||
@ -126,7 +126,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
|
||||
if [ -n "$option" ]; then
|
||||
case $option in
|
||||
*/*)
|
||||
*/*)
|
||||
startup_error "-R must specify a simple file name: $option"
|
||||
;;
|
||||
.safe|.try|NONE)
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
usage() {
|
||||
echo "Usage: $0 [ options ] [ start|stop|clear|down|reset|refresh|restart|status|up|version ]"
|
||||
echo
|
||||
echo
|
||||
echo "Options are:"
|
||||
echo
|
||||
echo " -v and -q Standard Shorewall verbosity controls"
|
||||
@ -85,7 +85,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
t*)
|
||||
g_timestamp=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
;;
|
||||
p*)
|
||||
g_purge=Yes
|
||||
option=${option#p}
|
||||
@ -126,7 +126,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
|
||||
if [ -n "$option" ]; then
|
||||
case $option in
|
||||
*/*)
|
||||
*/*)
|
||||
startup_error "-R must specify a simple file name: $option"
|
||||
;;
|
||||
.safe|.try|NONE)
|
||||
|
@ -124,7 +124,7 @@ deleteallchains() {
|
||||
# Generate a list of all network interfaces on the system
|
||||
#
|
||||
find_all_interfaces() {
|
||||
${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//'
|
||||
${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//'
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -116,7 +116,7 @@ deleteallchains() {
|
||||
# Generate a list of all network interfaces on the system
|
||||
#
|
||||
find_all_interfaces() {
|
||||
${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//'
|
||||
${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//'
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -20,7 +20,7 @@ test -n ${INITLOG:=/var/log/shorewall-init.log}
|
||||
test -x $SRWL || exit 0
|
||||
test -x $WAIT_FOR_IFUP || exit 0
|
||||
test -n "$INITLOG" || {
|
||||
echo "INITLOG cannot be empty, please configure $0" ;
|
||||
echo "INITLOG cannot be empty, please configure $0" ;
|
||||
exit 1;
|
||||
}
|
||||
|
||||
@ -32,9 +32,9 @@ fi
|
||||
|
||||
echo_notdone () {
|
||||
|
||||
if [ "$INITLOG" = "/dev/null" ] ; then
|
||||
if [ "$INITLOG" = "/dev/null" ] ; then
|
||||
echo "not done."
|
||||
else
|
||||
else
|
||||
echo "not done (check $INITLOG)."
|
||||
fi
|
||||
|
||||
@ -71,7 +71,7 @@ fi
|
||||
|
||||
export SHOREWALL_INIT_SCRIPT
|
||||
|
||||
# wait for an unconfigured interface
|
||||
# wait for an unconfigured interface
|
||||
wait_for_pppd () {
|
||||
if [ "$wait_interface" != "" ]
|
||||
then
|
||||
|
@ -45,7 +45,7 @@ status() {
|
||||
|
||||
export SHOREWALL_INIT_SCRIPT=1
|
||||
|
||||
case $1 in
|
||||
case $1 in
|
||||
'start')
|
||||
start
|
||||
;;
|
||||
|
@ -133,7 +133,7 @@ case $(uname) in
|
||||
MAC=Yes
|
||||
INSTALLD=
|
||||
T=
|
||||
;;
|
||||
;;
|
||||
*)
|
||||
[ -z "$OWNER" ] && OWNER=root
|
||||
[ -z "$GROUP" ] && GROUP=root
|
||||
@ -178,7 +178,7 @@ if [ -n "$DESTDIR" ]; then
|
||||
|
||||
install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
|
||||
install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
|
||||
|
||||
|
||||
CYGWIN=
|
||||
MAC=
|
||||
else
|
||||
@ -194,7 +194,7 @@ else
|
||||
if [ -n "$CYGWIN" ]; then
|
||||
echo "Installing Cygwin-specific configuration..."
|
||||
elif [ -n "$MAC" ]; then
|
||||
echo "Installing Mac-specific configuration..."
|
||||
echo "Installing Mac-specific configuration..."
|
||||
else
|
||||
if [ -f /etc/debian_version ]; then
|
||||
echo "Installing Debian-specific configuration..."
|
||||
@ -270,7 +270,7 @@ if [ -n "$DESTDIR" ]; then
|
||||
mkdir -p ${DESTDIR}/etc/logrotate.d
|
||||
chmod 755 ${DESTDIR}/etc/logrotate.d
|
||||
fi
|
||||
|
||||
|
||||
#
|
||||
# Install the config file
|
||||
#
|
||||
|
@ -185,7 +185,7 @@ valid_address() {
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
IFS=$ifs
|
||||
|
||||
return 0
|
||||
@ -381,7 +381,7 @@ find_echo() {
|
||||
result=$(which echo)
|
||||
[ -n "$result" ] && { echo "$result -e"; return; }
|
||||
|
||||
echo echo
|
||||
echo echo
|
||||
}
|
||||
|
||||
# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
|
||||
|
@ -166,7 +166,7 @@ search_log() # $1 = IP address to search for
|
||||
else
|
||||
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
|
||||
fi
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Show traffic control information
|
||||
@ -298,7 +298,7 @@ do_save() {
|
||||
status=1
|
||||
fi
|
||||
|
||||
case ${SAVE_IPSETS:=No} in
|
||||
case ${SAVE_IPSETS:=No} in
|
||||
[Yy]es)
|
||||
case ${IPSET:=ipset} in
|
||||
*/*)
|
||||
@ -345,7 +345,7 @@ save_config() {
|
||||
|
||||
local result
|
||||
result=1
|
||||
|
||||
|
||||
iptables_save=${IPTABLES}-save
|
||||
|
||||
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
|
||||
@ -495,7 +495,7 @@ show_command() {
|
||||
fatal_error "Invalid table name ($s)"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
@ -713,7 +713,7 @@ show_command() {
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [ $# -gt 0 ]; then
|
||||
if [ $1 = dynamic -a $# -gt 1 ]; then
|
||||
@ -729,7 +729,7 @@ show_command() {
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $g_hostname - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
@ -800,7 +800,7 @@ dump_command() {
|
||||
clear_term
|
||||
echo "$g_product $SHOREWALL_VERSION Dump at $g_hostname - $(date)"
|
||||
echo
|
||||
|
||||
|
||||
show_reset
|
||||
host=$(echo $g_hostname | sed 's/\..*$//')
|
||||
$IPTABLES -L $g_ipt_options
|
||||
@ -844,7 +844,7 @@ dump_command() {
|
||||
heading "PFKEY SPD"
|
||||
setkey -DP
|
||||
heading "PFKEY SAD"
|
||||
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
||||
setkey -D | grep -Ev '^[[:space:]](A:|E:)' # Don't divulge the keys
|
||||
fi
|
||||
|
||||
heading "/proc"
|
||||
@ -1183,7 +1183,7 @@ add_command() {
|
||||
if ! qt $IPSET -L $ipset -n; then
|
||||
fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
|
||||
fi
|
||||
|
||||
|
||||
host=${host#*:}
|
||||
|
||||
if $IPSET -A $ipset $host; then
|
||||
@ -1192,7 +1192,7 @@ add_command() {
|
||||
fatal_error "Unable to add $interface:$host to zone $zone"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -1242,7 +1242,7 @@ delete_command() {
|
||||
if ! qt $IPSET -L $ipset -n; then
|
||||
fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
|
||||
fi
|
||||
|
||||
|
||||
host=${hostent#*:}
|
||||
|
||||
if $IPSET -D $ipset $host; then
|
||||
@ -1251,7 +1251,7 @@ delete_command() {
|
||||
echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -1403,9 +1403,9 @@ logwatch_command() {
|
||||
case $option in
|
||||
-*)
|
||||
option=${option#-}
|
||||
|
||||
|
||||
[ -z "$option" ] && usage 1
|
||||
|
||||
|
||||
while [ -n "$option" ]; do
|
||||
case $option in
|
||||
v*)
|
||||
@ -1436,7 +1436,7 @@ logwatch_command() {
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
[ -n "$g_debugging" ] && set -x
|
||||
|
||||
if [ $# -eq 1 ]; then
|
||||
@ -1634,7 +1634,7 @@ determine_capabilities() {
|
||||
if [ -z "$HASHLIMIT_MATCH" ]; then
|
||||
qt $IPTABLES -A $chain -m hashlimit --hashlimit 4 --hashlimit-burst 5 --hashlimit-name $chain --hashlimit-mode dstip -j ACCEPT && OLD_HL_MATCH=Yes
|
||||
HASHLIMIT_MATCH=$OLD_HL_MATCH
|
||||
fi
|
||||
fi
|
||||
qt $IPTABLES -A $chain -j NFQUEUE --queue-num 4 && NFQUEUE_TARGET=Yes
|
||||
qt $IPTABLES -A $chain -m realm --realm 4 && REALM_MATCH=Yes
|
||||
qt $IPTABLES -A $chain -m helper --helper "ftp" && HELPER_MATCH=Yes
|
||||
@ -1779,7 +1779,7 @@ report_capabilities1() {
|
||||
report_capability1 PERSISTENT_SNAT
|
||||
report_capability1 TPROXY_TARGET
|
||||
report_capability1 FLOW_FILTER
|
||||
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
echo KERNELVERSION=$KERNELVERSION
|
||||
}
|
||||
|
@ -45,17 +45,17 @@ get_script_version() { # $1 = script
|
||||
temp=$(echo $temp)
|
||||
IFS=$ifs
|
||||
digits=0
|
||||
|
||||
|
||||
for temp in $temp; do
|
||||
version=${version}$(printf '%02d' $temp)
|
||||
digits=$(($digits + 1))
|
||||
[ $digits -eq 3 ] && break
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
echo $version
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Do required exports or create the required option string and run the passed script using
|
||||
# $SHOREWALL_SHELL
|
||||
@ -66,7 +66,7 @@ run_it() {
|
||||
local version
|
||||
|
||||
export VARDIR
|
||||
|
||||
|
||||
script=$1
|
||||
shift
|
||||
|
||||
@ -82,7 +82,7 @@ run_it() {
|
||||
export PURGE=$g_purge
|
||||
export TIMESTAMP=$g_timestamp
|
||||
export RECOVERING=$g_recovering
|
||||
|
||||
|
||||
if [ "$g_product" != Shorewall ]; then
|
||||
#
|
||||
# Shorewall Lite
|
||||
@ -105,7 +105,7 @@ run_it() {
|
||||
|
||||
[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
|
||||
fi
|
||||
|
||||
|
||||
$SHOREWALL_SHELL $script $options $@
|
||||
}
|
||||
|
||||
|
@ -7,7 +7,7 @@ II. MIGRATION ISSUES
|
||||
III. PROBLEMS CORRECTED IN THIS RELEASE
|
||||
IV. KNOWN PROBLEMS REMAINING
|
||||
V. NEW FEATURES IN THIS RELEASE
|
||||
VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
@ -56,7 +56,7 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
|
||||
11) Support for netfilter's TRACE facility has been added. TRACE allows
|
||||
you to trace selected packets through Netfilter, including marking
|
||||
by tcrules.
|
||||
by tcrules.
|
||||
|
||||
12) You may now preview the generated ruleset by using the '-r' option
|
||||
to the 'check' command (e.g., "shorewall check -r").
|
||||
@ -155,7 +155,7 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
8) The install.sh scripts in the Shorewall and Shorewall6 packages no
|
||||
longer create a backup copy of the existing configuration. If you
|
||||
want your configuration backed up prior to upgrading, you will
|
||||
need to do that yourself.
|
||||
need to do that yourself.
|
||||
|
||||
As part of this change, the fallback.sh scripts are no longer
|
||||
released.
|
||||
@ -182,7 +182,7 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
explicitly call the module's 'initialize' function after the module
|
||||
has been loaded.
|
||||
|
||||
12) Checking for zone membership has been tighened up. Previously,
|
||||
12) Checking for zone membership has been tighened up. Previously,
|
||||
a zone could contain <interface>:0.0.0.0/0 along with other hosts;
|
||||
now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
|
||||
then it may have no additional members in /etc/shorewall/hosts.
|
||||
@ -208,12 +208,12 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
iface_ADDRESSES SW_iface_ADDRESSES
|
||||
iface_NETWORKS SW_iface_NETWORKS
|
||||
iface_MAC SW_iface_MAC
|
||||
|
||||
|
||||
provider_IS_USABLE SW_provider_IS_USABLE
|
||||
|
||||
where 'iface' is a capitalized interface name (e.g., ETH0) and
|
||||
'provider' is the capitalized name of a provider.
|
||||
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||
----------------------------------------------------------------------------
|
||||
@ -231,7 +231,7 @@ None.
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Beginning with this release, UPnP state and the dynamic blacklist
|
||||
are preserved across 'restart'.
|
||||
are preserved across 'restart'.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
@ -256,7 +256,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
3) Under rare circumstances involving a complex configuration,
|
||||
OPTIMIZE=13 and OPTIMIZE=15 could cause invalid iptables-restore
|
||||
input to be generated.
|
||||
input to be generated.
|
||||
|
||||
Sample error message:
|
||||
|
||||
@ -324,7 +324,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
b) be sure that your current firewall script(s) (normally in
|
||||
/var/lib/<product>/firewall) is(are) compiled with the 4.4.10
|
||||
compiler.
|
||||
compiler.
|
||||
|
||||
Shorewall and Shorewall6 users can execute these commands:
|
||||
|
||||
@ -361,8 +361,8 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
On Debian-based systems, set startup=0 in /etc/default/<product>.
|
||||
|
||||
On other systems, use your service startup configuration tool
|
||||
(chkconfig, insserv, ...) to disable startup.
|
||||
|
||||
(chkconfig, insserv, ...) to disable startup.
|
||||
|
||||
The following actions occur when an interface comes up:
|
||||
|
||||
FIREWALL INTERFACE ACTION
|
||||
@ -423,7 +423,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
shorewall-lite: 4.4.10-RC1
|
||||
shorewall6-lite: 4.4.10-RC1
|
||||
shorewall-init: 4.4.10-RC1
|
||||
gateway:~#
|
||||
gateway:~#
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 9
|
||||
@ -498,7 +498,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
/etc/shorewall/masq:
|
||||
|
||||
#INTERFACE SOURCE ADDRESS PROTO PORT
|
||||
tun0 192.168.1.0/24
|
||||
tun0 192.168.1.0/24
|
||||
|
||||
Use of tunN in the nat and netmap files also produced invalid
|
||||
iptables-restore input.
|
||||
@ -540,7 +540,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
I - Inserted a rule into a chain.
|
||||
T - Shell source text appended/inserted into a chain --
|
||||
converted into rules at run-time.
|
||||
D - Deleted Rule from a chain; note that this causes the
|
||||
D - Deleted Rule from a chain; note that this causes the
|
||||
following rules to be renumbered.
|
||||
X - Deleted a chain
|
||||
P - Change a built-in chains policy. Chains in the filter table
|
||||
@ -555,7 +555,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
Netfilter trace records indicate the table and chain being
|
||||
changed. If the change involves a particular rule, then the rule
|
||||
number is also included.
|
||||
number is also included.
|
||||
|
||||
Example (append the first rule to the filter FORWARD chain):
|
||||
|
||||
@ -585,7 +585,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
/etc/shorewall/interfaces:
|
||||
#ZONE INTERFACE BROADCAST OPTIONS
|
||||
dummy br0 - routeback
|
||||
|
||||
|
||||
/etc/shorewall/policy:
|
||||
#SOURCE DEST POLICY
|
||||
dummy all DROP
|
||||
@ -611,7 +611,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 9
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) A CONTINUE rule specifying a log level would cause the compiler to
|
||||
1) A CONTINUE rule specifying a log level would cause the compiler to
|
||||
generate an incorrect rule sequence. The packet would be logged
|
||||
but the CONTINUE action would not occur.
|
||||
|
||||
@ -643,7 +643,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
1/2 of the values given in the rule.
|
||||
|
||||
5) Detection of the 'Old hashlimit match' capability was broken in
|
||||
/sbin/shorewall, /sbin/shorewall-lite and in the IPv4 version of
|
||||
/sbin/shorewall, /sbin/shorewall-lite and in the IPv4 version of
|
||||
shorecap.
|
||||
|
||||
6) On older distributions such as RHEL5 and derivatives, Shorewall
|
||||
@ -651,7 +651,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
/etc/shorewall/tcinterfaces and LOAD_HELPERS_ONLY had been
|
||||
specified in /etc/shorewall/shorewall.conf.
|
||||
|
||||
7) The Debian init scripts are modified to include $remote_fs in the
|
||||
7) The Debian init scripts are modified to include $remote_fs in the
|
||||
Required-start and Required-stop specifications.
|
||||
|
||||
8) Previously, when a supported command failed, the Debian Shorewall
|
||||
@ -715,7 +715,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
VERBOSE
|
||||
VERBOSE_OFFSET
|
||||
VERSION
|
||||
|
||||
|
||||
See Migration Issue 14 above for additional information.
|
||||
|
||||
2) The Shorewall and Shorewall6 installers now accept a '-s' (sparse)
|
||||
@ -739,7 +739,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
Resulting error message
|
||||
|
||||
ERROR: The separator for a port range is ':', not '-' (21-22) :
|
||||
ERROR: The separator for a port range is ':', not '-' (21-22) :
|
||||
/etc/shorewall/rules (line 3)
|
||||
|
||||
5) Support has been added for UDPLITE (proto 136) in that DEST PORT(S)
|
||||
@ -750,7 +750,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
'status' command now gives the detailed status as 'Restored from
|
||||
<filename>' rather than 'Started'; <filename> is the saved script
|
||||
used to restore the configuration.
|
||||
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 7
|
||||
----------------------------------------------------------------------------
|
||||
@ -759,7 +759,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
installer and are included in the rpm.
|
||||
|
||||
2) An invalid octal number (e.g., 080) appearing in a port list
|
||||
resulted in a perl error message.
|
||||
resulted in a perl error message.
|
||||
|
||||
As part of this fix, both hex and octal numbers are now accepted
|
||||
for protocol and port numbers.
|
||||
@ -824,7 +824,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
f) If a chain ends with an unconditional branch to a second chain
|
||||
(other than to 'reject'), then the branch is deleted from the
|
||||
first chain and the rules from the second chain are appended
|
||||
to it.
|
||||
to it.
|
||||
|
||||
The following chains are exempted from optimization 4:
|
||||
|
||||
@ -881,7 +881,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
Modules loaded when LOAD_HELPERS_ONLY=Yes are the protocol
|
||||
helpers. These cannot be autoloaded.
|
||||
|
||||
|
||||
In addition, the nf_conntrack_sip module is loaded with
|
||||
sip_direct_media=0. This setting is slightly less secure than
|
||||
sip_direct_media=1, but it solves many VOIP problems that users
|
||||
@ -914,7 +914,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
the setting of net.ipv4.config.all.rp_filter.
|
||||
|
||||
Beginning with kernel 2.6.31, the value is the arithmetic MAX of
|
||||
those two values.
|
||||
those two values.
|
||||
|
||||
Given that Shorewall sets net.ipv4.config.all.rp_filter to 1 if
|
||||
there are any interfaces specifying 'routefilter', specifying
|
||||
@ -946,7 +946,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
Keep - Shorewall does not change the setting of
|
||||
net.ipv4.config.all.rp_filter if the kernel version
|
||||
is 2.6.31 or later.
|
||||
|
||||
|
||||
The default remains Keep.
|
||||
|
||||
e) The 'routefilter' interface option can have values 0,1 or 2. If
|
||||
@ -1021,7 +1021,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
2) If any interfaces had the 'bridge' option specified, compilation
|
||||
failed with the error:
|
||||
|
||||
Undefined subroutine &Shorewall::Rules::match_source_interface called
|
||||
Undefined subroutine &Shorewall::Rules::match_source_interface called
|
||||
at /usr/share/shorewall/Shorewall/Rules.pm line 2319.
|
||||
|
||||
3) The compiler now flags port number 0 as an error in all
|
||||
@ -1049,7 +1049,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
9) The 'reload -c' command would ignore the setting of DONT_LOAD in
|
||||
shorewall.conf. The 'reload' command without '-c' worked as
|
||||
expected.
|
||||
expected.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S I N 4 . 4 . 5
|
||||
@ -1135,7 +1135,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
/etc/shorewall/zones:
|
||||
|
||||
#ZONE TYPE
|
||||
#ZONE TYPE
|
||||
fw firewall
|
||||
world ipv4
|
||||
z1:world bport4
|
||||
@ -1268,7 +1268,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
STARTUP_LOG=/var/log/shorewall-init.log
|
||||
LOG_VERBOSITY=2
|
||||
|
||||
The effect is much the same as the old defaults, with the exception
|
||||
The effect is much the same as the old defaults, with the exception
|
||||
that:
|
||||
|
||||
a) Start, stop, etc. commands issued through /sbin/shorewall
|
||||
@ -1276,7 +1276,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
b) Logging will occur at maximum verbosity.
|
||||
c) Log entries will be date/time stamped.
|
||||
|
||||
On non-Debian systems, new installs will now log all Shorewall
|
||||
On non-Debian systems, new installs will now log all Shorewall
|
||||
commands to /var/log/shorewall-init.log.
|
||||
|
||||
2) A new TRACK_PROVIDERS option has been added in shorewall.conf.
|
||||
@ -1294,9 +1294,9 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Detection of Persistent SNAT was broken in the rules compiler.
|
||||
1) Detection of Persistent SNAT was broken in the rules compiler.
|
||||
|
||||
2) Initialization of the compiler's chain table was occurring before
|
||||
2) Initialization of the compiler's chain table was occurring before
|
||||
shorewall.conf had been read and before the capabilities had been
|
||||
determined. This could lead to incorrect rules and Perl runtime
|
||||
errors.
|
||||
@ -1348,14 +1348,14 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
N E W F E A T U R E S I N 4 . 4 . 2
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Prior to this release, line continuation has taken precedence over
|
||||
1) Prior to this release, line continuation has taken precedence over
|
||||
#-style comments. This prevented us from doing the following:
|
||||
|
||||
ACCEPT net:206.124.146.176,\ #Gateway
|
||||
206.124.146.177,\ #Mail
|
||||
206.124.146.178\ #Server
|
||||
...
|
||||
|
||||
|
||||
Now, unless a line ends with '\', any trailing comment is stripped
|
||||
off (including any white-space preceding the '#'). Then if the line
|
||||
ends with '\', it is treated as a continuation line as normal.
|
||||
@ -1407,7 +1407,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
7) MULTICAST=Yes generates an incorrect rule that limits its
|
||||
effectiveness to a small part of the multicast address space.
|
||||
|
||||
8) Checking for zone membership has been tighened up. Previously,
|
||||
8) Checking for zone membership has been tighened up. Previously,
|
||||
a zone could contain <interface>:0.0.0.0/0 along with other hosts;
|
||||
now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
|
||||
then it may have no additional members in /etc/shorewall/hosts.
|
||||
@ -1431,7 +1431,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
eth0 0.0.0.0/0 206.124.146.177-206.124.146.179:persistent
|
||||
|
||||
This feature requires Persistent SNAT support in your kernel and
|
||||
iptables.
|
||||
iptables.
|
||||
|
||||
If you use a capabilities file, you will need to create a new one
|
||||
as a result of this feature.
|
||||
@ -1444,7 +1444,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
iptables when asked.
|
||||
|
||||
2) A 'clean' target has been added to the Makefiles. It removes backup
|
||||
files (*~ and .*~).
|
||||
files (*~ and .*~).
|
||||
|
||||
3) The meaning of 'full' has been redefined when used in the context
|
||||
of a traffic shaping sub-class. Previously, 'full' always meant the
|
||||
@ -1580,7 +1580,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
As always, /var/lib/shorewall[6] is the default directory which may
|
||||
be overridden using the /etc/shorewall[6]/vardir file.
|
||||
|
||||
5) Dynamic zone support is once again available for IPv4. This support
|
||||
5) Dynamic zone support is once again available for IPv4. This support
|
||||
is built on top of ipsets so you must have the xtables-addons
|
||||
installed on the firewall system.
|
||||
|
||||
@ -1598,7 +1598,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
- By specifying <interface>:dynamic in the HOST(S) column of an
|
||||
entry for the zone in /etc/shorewall/hosts.
|
||||
|
||||
When there are any dynamic zones present in your configuration,
|
||||
When there are any dynamic zones present in your configuration,
|
||||
Shorewall (Shorewall-lite) will:
|
||||
|
||||
a) Execute the following commands during 'shorewall start' or
|
||||
@ -1607,7 +1607,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
ipset -U :all: :all:
|
||||
ipset -U :all: :default:
|
||||
ipset -F
|
||||
ipset -X
|
||||
ipset -X
|
||||
ipset -R < ${VARDIR}/ipsets.save
|
||||
|
||||
where $VARDIR normally contains /var/lib/shorewall
|
||||
@ -1700,7 +1700,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
gateway:~ # shorewall restart
|
||||
Restarting Shorewall....
|
||||
done.
|
||||
gateway:~ #
|
||||
gateway:~ #
|
||||
|
||||
In other words, you can compile the current configuration then
|
||||
install it at a later time.
|
||||
@ -1750,8 +1750,8 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
This previously generated these two rules (long rules folded):
|
||||
|
||||
-A loc2net -p 6 --dport 25 -j LOG --log-level 6
|
||||
--log-prefix "Shorewall:loc2net:reject:"
|
||||
-A loc2net -p 6 --dport 25 -j reject
|
||||
--log-prefix "Shorewall:loc2net:reject:"
|
||||
-A loc2net -p 6 --dport 25 -j reject
|
||||
|
||||
It now generates these rules:
|
||||
|
||||
@ -1760,8 +1760,8 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
-A loc2net -p 6 --dport 25 -g log0
|
||||
...
|
||||
-A log0 -j LOG --log-level 6
|
||||
--log-prefix "Shorewall:loc2net:REJECT:"
|
||||
-A log0 -j reject
|
||||
--log-prefix "Shorewall:loc2net:REJECT:"
|
||||
-A log0 -j reject
|
||||
|
||||
Notice that now there is only a single rule generated in the
|
||||
'loc2net' chain where before there were two. Packets for other than
|
||||
@ -1861,7 +1861,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
It is important to realize that, while class IDs are composed of a
|
||||
<major> and a <minor> value, the set of <minor> values must be
|
||||
unique. You must keep this in mind when deciding how to map IP
|
||||
addresses to class IDs.
|
||||
addresses to class IDs.
|
||||
|
||||
For example, suppose that your internal network is 192.168.1.0/29
|
||||
(host IP addresses 192.168.1.1 - 192.168.1.6). Your first notion
|
||||
@ -1974,7 +1974,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
1:100 - 16mbit 20mbit 2
|
||||
1:100:101 - 8mbit 20mbit 3 default
|
||||
1:100:102 - 8mbit 20mbit 3
|
||||
|
||||
|
||||
/etc/shorewall/tcrules
|
||||
|
||||
#MARK SOURCE DEST
|
||||
@ -1990,7 +1990,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
Local traffic (that coming from the firewall and from the DMZ
|
||||
server) is placed in the effectively unrestricted class 1:10. The
|
||||
default class is guaranteed half of the download capacity and my
|
||||
work system (172.20.1.107) is guarandeed the other half.
|
||||
work system (172.20.1.107) is guarandeed the other half.
|
||||
|
||||
19) Support for the "Hierarchical Fair Service Curve" (HFSC) queuing
|
||||
discipline has been added. HFSC is claimed to be superior to the
|
||||
@ -2018,7 +2018,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
in the class should experience. The delay is expressed
|
||||
in milliseconds and may be followed by 'ms' (e.g.,
|
||||
10ms. Note that there may be no white space between the
|
||||
number and 'ms').
|
||||
number and 'ms').
|
||||
3. The maximum transmission unit (UMAX) for this class of
|
||||
traffic. If not specified, the MTU of the interface is
|
||||
used. The length is specified in bytes and may be
|
||||
@ -2101,7 +2101,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
25) A new extension script, 'lib.private' has been added. This file is
|
||||
intended to include declarations of shell functions that will be
|
||||
called by the other run-time extension scripts.
|
||||
called by the other run-time extension scripts.
|
||||
|
||||
26) Paul Gear has contributed the following macros:
|
||||
|
||||
@ -2178,7 +2178,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
If flow is not supported, you will see:
|
||||
|
||||
Unknown filter "flow", hence option "help" is unparsable
|
||||
|
||||
|
||||
If your kernel supports module autoloading, just type (as root):
|
||||
|
||||
modprobe cls_flow
|
||||
@ -2187,7 +2187,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
see:
|
||||
|
||||
FATAL: Module cls_flow not found.
|
||||
|
||||
|
||||
If your kernel is not modularized or does not support module
|
||||
autoloading, look at your kernel configuration (either
|
||||
/proc/config.gz or the .config file in
|
||||
@ -2195,7 +2195,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
If 'flow' is supported, you will see:
|
||||
|
||||
NET_CLS_FLOW=m
|
||||
NET_CLS_FLOW=m
|
||||
|
||||
or
|
||||
|
||||
@ -2203,4 +2203,4 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
For modularized kernels, Shorewall will attempt to load
|
||||
/lib/modules/<kernel-version>/net/sched/cls_flow.ko by default.
|
||||
|
||||
|
||||
|
@ -32,7 +32,7 @@
|
||||
# $1 = Yes: read the params file
|
||||
# $2 = Yes: check for STARTUP_ENABLED
|
||||
# $3 = Yes: Check for LOGFILE
|
||||
#
|
||||
#
|
||||
get_config() {
|
||||
local prog
|
||||
|
||||
@ -47,7 +47,7 @@ get_config() {
|
||||
fi
|
||||
|
||||
config=$(find_file shorewall.conf)
|
||||
|
||||
|
||||
if [ -f $config ]; then
|
||||
if [ -r $config ]; then
|
||||
. $config
|
||||
@ -61,7 +61,7 @@ get_config() {
|
||||
fi
|
||||
|
||||
ensure_config_path
|
||||
|
||||
|
||||
if [ -z "$g_export" -a "$(id -u)" = 0 ]; then
|
||||
#
|
||||
# This block is avoided for compile for export and when the user isn't root
|
||||
@ -109,7 +109,7 @@ get_config() {
|
||||
IP=$prog
|
||||
;;
|
||||
esac
|
||||
else
|
||||
else
|
||||
IP='ip'
|
||||
fi
|
||||
|
||||
@ -130,7 +130,7 @@ get_config() {
|
||||
IPSET=$prog
|
||||
;;
|
||||
esac
|
||||
else
|
||||
else
|
||||
IPSET='ipset'
|
||||
fi
|
||||
|
||||
@ -151,7 +151,7 @@ get_config() {
|
||||
TC=$prog
|
||||
;;
|
||||
esac
|
||||
else
|
||||
else
|
||||
TC='tc'
|
||||
fi
|
||||
#
|
||||
@ -196,7 +196,7 @@ get_config() {
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -z "$LOGFORMAT" ] && LOGFORMAT='Shorewall:%s.%s'
|
||||
[ -z "$LOGFORMAT" ] && LOGFORMAT='Shorewall:%s.%s'
|
||||
|
||||
[ -n "$LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
|
||||
|
||||
@ -222,7 +222,7 @@ get_config() {
|
||||
else
|
||||
STARTUP_LOG=
|
||||
LOG_VERBOSITY=-1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$SHOREWALL_SHELL" ]; then
|
||||
if [ ! -x "$SHOREWALL_SHELL" ]; then
|
||||
@ -313,7 +313,7 @@ startup_error() {
|
||||
# Run the compiler
|
||||
#
|
||||
compiler() {
|
||||
|
||||
|
||||
if [ $(id -u) -ne 0 ]; then
|
||||
if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then
|
||||
startup_error "Ordinary users may not compile the /etc/shorewall configuration"
|
||||
@ -338,10 +338,10 @@ compiler() {
|
||||
[ -n "$g_profile" ] && debugflags='-wd:DProf'
|
||||
|
||||
# Perl compiler only takes the output file as a argument
|
||||
|
||||
|
||||
[ "$1" = debug -o "$1" = trace ] && shift;
|
||||
[ "$1" = nolock ] && shift;
|
||||
shift
|
||||
shift
|
||||
|
||||
options="--verbose=$VERBOSITY"
|
||||
[ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG"
|
||||
@ -356,7 +356,7 @@ compiler() {
|
||||
#
|
||||
# Run the appropriate params file
|
||||
#
|
||||
set -a;
|
||||
set -a;
|
||||
run_user_exit params
|
||||
set +a
|
||||
|
||||
@ -537,7 +537,7 @@ compile_command() {
|
||||
t*)
|
||||
g_test=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
;;
|
||||
d*)
|
||||
g_debug=Yes;
|
||||
option=${option#d}
|
||||
@ -755,7 +755,7 @@ restart_command() {
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$g_fast" ]; then
|
||||
if [ -z "$g_fast" ]; then
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if compiler $g_debugging $nolock compile ${VARDIR}/.restart; then
|
||||
@ -774,7 +774,7 @@ restart_command() {
|
||||
rc=$?
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
fi
|
||||
|
||||
|
||||
return $rc
|
||||
}
|
||||
|
||||
@ -958,7 +958,7 @@ safe_commands() {
|
||||
else
|
||||
${VARDIR}/.$command clear
|
||||
fi
|
||||
|
||||
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
|
||||
echo "New configuration has been rejected and the old one restored"
|
||||
@ -989,7 +989,7 @@ try_command() {
|
||||
echo "Directory $1 does not exist" >&2 && exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
}
|
||||
|
||||
@ -1032,7 +1032,7 @@ try_command() {
|
||||
2)
|
||||
handle_directory $1
|
||||
timeout=$2
|
||||
case $timeout in
|
||||
case $timeout in
|
||||
*[!0-9]*)
|
||||
echo " ERROR: Invalid timeout ($timeout)" >&2;
|
||||
exit 1
|
||||
@ -1084,12 +1084,12 @@ try_command() {
|
||||
|
||||
if ${VARDIR}/.$command $command && [ -n "$timeout" ]; then
|
||||
sleep $timeout
|
||||
|
||||
|
||||
if [ "$command" = "restart" ]; then
|
||||
${VARDIR}/.try restore
|
||||
else
|
||||
${VARDIR}/.$command clear
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
@ -1106,7 +1106,7 @@ rsh_command() {
|
||||
rcp_command() {
|
||||
files="$1"
|
||||
destination=$2
|
||||
|
||||
|
||||
eval $RCP_COMMAND
|
||||
}
|
||||
|
||||
@ -1247,12 +1247,12 @@ reload_command() # $* = original arguments less the command.
|
||||
export_command() # $* = original arguments less the command.
|
||||
{
|
||||
local verbose
|
||||
verbose=$(make_verbose)
|
||||
verbose=$(make_verbose)
|
||||
local file
|
||||
file=
|
||||
file=
|
||||
local finished
|
||||
finished=0
|
||||
local directory
|
||||
finished=0
|
||||
local directory
|
||||
local target
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
@ -1455,7 +1455,7 @@ while [ $finished -eq 0 ]; do
|
||||
;;
|
||||
v*)
|
||||
option=${option#v}
|
||||
case $option in
|
||||
case $option in
|
||||
-1*)
|
||||
g_use_verbosity=-1
|
||||
option=${option#-1}
|
||||
@ -1542,7 +1542,7 @@ version_command() {
|
||||
[ $# -gt 0 ] && usage 1
|
||||
|
||||
echo $SHOREWALL_VERSION
|
||||
|
||||
|
||||
if [ -n "$all" ]; then
|
||||
for product in shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
|
||||
if [ -f /usr/share/$product/version ]; then
|
||||
@ -1570,7 +1570,7 @@ g_timestamp=
|
||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||
|
||||
if [ ! -f ${VARDIR}/firewall ]; then
|
||||
[ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.restore ${VARDIR}/firewall
|
||||
[ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.restore ${VARDIR}/firewall
|
||||
fi
|
||||
|
||||
g_firewall=${VARDIR}/firewall
|
||||
@ -1920,7 +1920,7 @@ case "$COMMAND" in
|
||||
else
|
||||
fatal_error "Shorewall is not started"
|
||||
fi
|
||||
;;
|
||||
;;
|
||||
noiptrace)
|
||||
get_config
|
||||
shift
|
||||
@ -1930,7 +1930,7 @@ case "$COMMAND" in
|
||||
else
|
||||
fatal_error "Shorewall is not started"
|
||||
fi
|
||||
;;
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
|
@ -105,7 +105,7 @@ fi
|
||||
%attr(0644,root,root) %{_mandir}/man5/*
|
||||
%attr(0644,root,root) %{_mandir}/man8/*
|
||||
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||
|
||||
%changelog
|
||||
* Sun Jun 06 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -33,7 +33,7 @@
|
||||
#
|
||||
|
||||
interface_is_up() {
|
||||
[ -n "$(/sbin/ip link list dev $1 2> /dev/null | /bin/grep -e '[<,]UP[,>]')" ]
|
||||
[ -n "$(/sbin/ip link list dev $1 2> /dev/null | /bin/grep -e '[<,]UP[,>]')" ]
|
||||
}
|
||||
|
||||
case $# in
|
||||
@ -57,4 +57,4 @@ done
|
||||
|
||||
exit 1
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user