extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rename variables that control RTC. Add RTC control to /sbin/shorewall[6]

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9334 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-01-24 17:42:58 +00:00
parent d737ee0896
commit 0d87cecbad
8 changed files with 130 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Shorewall-common/shorewall
View File

@ -216,6 +216,9 @@ get_config() {
No|NO|no) No|NO|no)
TC_ENABLED= TC_ENABLED=
;; ;;
RTC)
NORTC=Yes
;;
esac esac
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
@ -480,6 +483,16 @@ start_command() {
DEBUG=Yes DEBUG=Yes
option=${option#d} option=${option#d}
;; ;;
n*)
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
f*) f*)
FAST=Yes FAST=Yes
option=${option#f} option=${option#f}
@ -524,7 +537,8 @@ start_command() {
;; ;;
esac esac
export NOROUTES export NORTC
export RTCONLY
export PURGE export PURGE
if [ -n "$FAST" ]; then if [ -n "$FAST" ]; then
@ -766,9 +780,15 @@ restart_command() {
option=${option#f} option=${option#f}
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C) C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2 SHOREWALL_COMPILER=$2
@ -818,7 +838,8 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES export NORTC
export RTCONLY
export PURGE export PURGE
if [ -z "$FAST" ]; then if [ -z "$FAST" ]; then
@ -896,7 +917,8 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES export NORTC
export RTCONLY
progress_message3 "Compiling..." progress_message3 "Compiling..."
@ -939,9 +961,15 @@ safe_commands() {
option= option=
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C) C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2 SHOREWALL_COMPILER=$2
@ -1088,9 +1116,15 @@ try_command() {
option= option=
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C) C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2 SHOREWALL_COMPILER=$2
@ -1485,7 +1519,8 @@ IPT_OPTIONS="-nv"
FAST= FAST=
VERBOSE_OFFSET=0 VERBOSE_OFFSET=0
USE_VERBOSITY= USE_VERBOSITY=
NOROUTES= NORTC=
RTC=
PURGE= PURGE=
EXPORT= EXPORT=
export TIMESTAMP= export TIMESTAMP=
@ -1562,9 +1597,15 @@ while [ $finished -eq 0 ]; do
esac esac
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
t*) t*)
TIMESTAMP=Yes TIMESTAMP=Yes
option=${option#t} option=${option#t}
@ -1724,14 +1765,16 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
get_config get_config
export NOROUTES export NORTC
export RTCONLY
mutex_on mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
mutex_off mutex_off
;; ;;
reset) reset)
get_config get_config
export NOROUTE export NORTC
export RTCONLY
shift shift
mutex_on mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock reset $@ $SHOREWALL_SHELL $FIREWALL $debugging $nolock reset $@

12
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -415,7 +415,7 @@ EOF
if [ -f ${VARDIR}/proxyarp ]; then if [ -f ${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do while read address interface external haveroute; do
qt arp -i $external -d $address pub qt arp -i $external -d $address pub
[ -z "${haveroute}${NOTCR}" ] && qt ip route del $address dev $interface [ -z "${haveroute}${NORTC}" ] && qt ip route del $address dev $interface
f=/proc/sys/net/ipv4/conf/$interface/proxy_arp f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
[ -f $f ] && echo 0 > $f [ -f $f ] && echo 0 > $f
done < ${VARDIR}/proxyarp done < ${VARDIR}/proxyarp
@ -710,7 +710,7 @@ sub generate_script_4($) {
} }
emit ( '', emit ( '',
'if [ -n "$TCRONLY" ]; then' , 'if [ -n "$RTCONLY" ]; then' ,
' delete_tc1' , ' delete_tc1' ,
'else' ); 'else' );
@ -758,7 +758,7 @@ sub generate_script_4($) {
} }
emit qq([ -n "\$NOTCR" ] && delete_tc1\n) if $config{CLEAR_TC}; emit qq([ -n "\$NORTC" ] && delete_tc1\n) if $config{CLEAR_TC};
pop_indent; pop_indent;
@ -768,11 +768,11 @@ sub generate_script_4($) {
emit ''; emit '';
emit( '[ -n "$TCRONLY" ] || setup_common_rules', emit( '[ -n "$RTCONLY" ] || setup_common_rules',
'', '',
'[ -n "$NOTCR" ] || setup_routing_and_traffic_shaping', '[ -n "$NORTC" ] || setup_routing_and_traffic_shaping',
'', '',
'if [ -z "$TCRONLY" ]; then' ); 'if [ -z "$RTCONLY" ]; then' );
push_indent; push_indent;

2
Shorewall-perl/Shorewall/Config.pm
View File

@ -2183,6 +2183,8 @@ sub get_configuration( $ ) {
$globals{TC_SCRIPT} = $file; $globals{TC_SCRIPT} = $file;
} elsif ( $val eq 'internal' ) { } elsif ( $val eq 'internal' ) {
$config{TC_ENABLED} = 'Internal'; $config{TC_ENABLED} = 'Internal';
} elsif ( $val eq 'rtc' ) {
$config{TC_ENABLED} = 'RTC';
} else { } else {
fatal_error "Invalid value ($config{TC_ENABLED}) for TC_ENABLED" unless $val eq 'no'; fatal_error "Invalid value ($config{TC_ENABLED}) for TC_ENABLED" unless $val eq 'no';
$config{TC_ENABLED} = ''; $config{TC_ENABLED} = '';

2
Shorewall-perl/Shorewall/Proc.pm
View File

@ -123,7 +123,7 @@ sub setup_route_filtering() {
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter'; emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
} }
emit "[ -n \"\$NOTCR\" ] || ip -4 route flush cache"; emit "[ -n \"\$NORTC\" ] || ip -4 route flush cache";
} }
} }

4
Shorewall-perl/Shorewall/Providers.pm
View File

@ -568,7 +568,7 @@ sub setup_providers() {
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED}; fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
emit "\nif [ -z \"\$NOTCR\" ]; then"; emit "\nif [ -z \"\$NORTC\" ]; then";
push_indent; push_indent;
@ -708,7 +708,7 @@ sub setup_providers() {
emit "\nundo_routing"; emit "\nundo_routing";
emit 'restore_default_route'; emit 'restore_default_route';
if ( $config{NULL_ROUTE_RFC1918} ) { if ( $config{NULL_ROUTE_RFC1918} ) {
emit "\nif [ -z \"\$NOTCR\" ]; then"; emit "\nif [ -z \"\$NORTC\" ]; then";
push_indent; push_indent;

22
Shorewall-perl/prog.footer
View File

@ -1,4 +1,4 @@
# #
# Give Usage Information # Give Usage Information
# #
usage() { usage() {
@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
option=${option#q} option=${option#q}
;; ;;
r*) r*)
if [ -n "$NOTCR" ]; then if [ -n "$NORTC" ]; then
error_message "The -n and -r options are mutually exclusive" error_message "The -n and -r options are mutually exclusive"
exit 1 exit 1
fi fi
TCRONLY=Yes RTCONLY=Yes
option=${option#r} option=${option#r}
PRODUCT="$PRODUCT Traffic Control and Routing" PRODUCT="$PRODUCT Traffic Control and Routing"
;; ;;
n*) n*)
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
error_message "The -n and -r options are mutually exclusive" error_message "The -n and -r options are mutually exclusive"
exit 1 exit 1
fi fi
NOTCR=Yes NORTC=Yes
option=${option#n} option=${option#n}
;; ;;
*) *)
@ -82,7 +82,7 @@ COMMAND="$1"
case "$COMMAND" in case "$COMMAND" in
start) start)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
progress_message3 "Starting $PRODUCT...." progress_message3 "Starting $PRODUCT...."
define_firewall define_firewall
status=$? status=$?
@ -101,7 +101,7 @@ case "$COMMAND" in
stop) stop)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
progress_message3 "Stopping $PRODUCT...." progress_message3 "Stopping $PRODUCT...."
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
delete_tc1 delete_tc1
else else
stop_firewall stop_firewall
@ -111,7 +111,7 @@ case "$COMMAND" in
progress_message3 "done." progress_message3 "done."
;; ;;
reset) reset)
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'reset'" error_message "The -n and -r options may not be used with 'reset'"
status=1 status=1
elif ! shorewall_is_started ; then elif ! shorewall_is_started ; then
@ -160,7 +160,7 @@ case "$COMMAND" in
;; ;;
refresh) refresh)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'refresh'" error_message "The -n and -r options may not be used with 'refresh'"
status=1 status=1
elif shorewall_is_started; then elif shorewall_is_started; then
@ -175,7 +175,7 @@ case "$COMMAND" in
;; ;;
restore) restore)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'restart'" error_message "The -n and -r options may not be used with 'restart'"
status=1 status=1
else else
@ -188,7 +188,7 @@ case "$COMMAND" in
;; ;;
clear) clear)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'clear'" error_message "The -n and -r options may not be used with 'clear'"
status=1 status=1
else else

22
Shorewall-perl/prog.footer6
View File

@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
option=${option#q} option=${option#q}
;; ;;
r*) r*)
if [ -n "$NOTCR" ]; then if [ -n "$NORTC" ]; then
error_message "The -n and -r options are mutually exclusive" error_message "The -n and -r options are mutually exclusive"
exit 1 exit 1
fi fi
TCRONLY=Yes RTCONLY=Yes
option=${option#r} option=${option#r}
PRODUCT="$PRODUCT Traffic Control and Routing" PRODUCT="$PRODUCT Traffic Control and Routing"
;; ;;
n*) n*)
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
error_message "The -n and -r options are mutually exclusive" error_message "The -n and -r options are mutually exclusive"
exit 1 exit 1
fi fi
NOTCR=Yes NORTC=Yes
option=${option#n} option=${option#n}
;; ;;
*) *)
@ -87,7 +87,7 @@ else
case "$COMMAND" in case "$COMMAND" in
start) start)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
progress_message3 "Starting $PRODUCT...." progress_message3 "Starting $PRODUCT...."
define_firewall define_firewall
status=$? status=$?
@ -106,7 +106,7 @@ else
stop) stop)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
progress_message3 "Stopping $PRODUCT...." progress_message3 "Stopping $PRODUCT...."
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
delete_tc1 delete_tc1
else else
stop_firewall stop_firewall
@ -116,7 +116,7 @@ else
progress_message3 "done." progress_message3 "done."
;; ;;
reset) reset)
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'reset'" error_message "The -n and -r options may not be used with 'reset'"
status=1 status=1
elif ! shorewall6_is_started ; then elif ! shorewall6_is_started ; then
@ -148,7 +148,7 @@ else
;; ;;
restart) restart)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then if [ -n "$RTCONLY" ]; then
progress_message3 "Restarting $PRODUCT...." progress_message3 "Restarting $PRODUCT...."
define_firewall define_firewall
status=$? status=$?
@ -171,7 +171,7 @@ else
;; ;;
refresh) refresh)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'refresh'" error_message "The -n and -r options may not be used with 'refresh'"
status=1 status=1
elif shorewall6_is_started; then elif shorewall6_is_started; then
@ -186,7 +186,7 @@ else
;; ;;
restore) restore)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'restore'" error_message "The -n and -r options may not be used with 'restore'"
status=1 status=1
else else
@ -199,7 +199,7 @@ else
;; ;;
clear) clear)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'clear'" error_message "The -n and -r options may not be used with 'clear'"
status=1 status=1
else else

54
Shorewall6/shorewall6
View File

@ -216,6 +216,10 @@ get_config() {
No|NO|no) No|NO|no)
TC_ENABLED= TC_ENABLED=
;; ;;
RTC)
NORTC=Yes
RTCONLY=
;;
esac esac
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
@ -466,7 +470,8 @@ start_command() {
;; ;;
esac esac
export NOROUTES export NORTC
export RTCONLY
export PURGE export PURGE
if [ -n "$FAST" ]; then if [ -n "$FAST" ]; then
@ -685,9 +690,15 @@ restart_command() {
option=${option#f} option=${option#f}
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
p*) p*)
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system" [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
PURGE=Yes PURGE=Yes
@ -731,7 +742,8 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES export NORTC
export RTCONLY
export PURGE export PURGE
if [ -z "$FAST" ]; then if [ -z "$FAST" ]; then
@ -803,7 +815,8 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES export NORTC
export RTCONLY
progress_message3 "Compiling..." progress_message3 "Compiling..."
@ -846,9 +859,15 @@ safe_commands() {
option= option=
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
*) *)
usage 1 usage 1
;; ;;
@ -989,9 +1008,15 @@ try_command() {
option= option=
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
*) *)
usage 1 usage 1
;; ;;
@ -1364,7 +1389,8 @@ IPT_OPTIONS="-nv"
FAST= FAST=
VERBOSE_OFFSET=0 VERBOSE_OFFSET=0
USE_VERBOSITY= USE_VERBOSITY=
NOROUTES= NORTC=
RTCONLY=
PURGE= PURGE=
EXPORT= EXPORT=
export TIMESTAMP= export TIMESTAMP=
@ -1441,9 +1467,15 @@ while [ $finished -eq 0 ]; do
esac esac
;; ;;
n*) n*)
NOROUTES=Yes NORTC=Yes
RTCONLY=
option=${option#n} option=${option#n}
;; ;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
t*) t*)
TIMESTAMP=Yes TIMESTAMP=Yes
option=${option#t} option=${option#t}
@ -1583,14 +1615,16 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
get_config get_config
[ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started" [ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started"
export NOROUTES export NORTC
export RTCONLY
mutex_on mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
mutex_off mutex_off
;; ;;
reset) reset)
get_config get_config
export NOROUTE export NORTC
export RTCONLY
shift shift
mutex_on mutex_on
[ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started" [ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started"