update to 2.0.2b

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1337 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
kapeka 2004-05-18 14:30:22 +00:00
parent a546817aa6
commit 12e1ed1375
4 changed files with 89 additions and 43 deletions

View File

@ -225,7 +225,7 @@ SHOREWALL_SHELL=/bin/sh
# use lock files, set this to "". # use lock files, set this to "".
# #
SUBSYSLOCK=/var/run/shorewall SUBSYSLOCK=/var/lock/subsys/shorewall
# #
# SHOREWALL TEMPORARY STATE DIRECTORY # SHOREWALL TEMPORARY STATE DIRECTORY
@ -234,7 +234,7 @@ SUBSYSLOCK=/var/run/shorewall
# it is running # it is running
# #
STATEDIR=/var/state/shorewall STATEDIR=/var/lib/shorewall
# #
# KERNEL MODULE DIRECTORY # KERNEL MODULE DIRECTORY

View File

@ -42,6 +42,15 @@
# to a separate log through use of ulogd # to a separate log through use of ulogd
# (http://www.gnumonks.org/projects/ulogd). # (http://www.gnumonks.org/projects/ulogd).
# #
# Actions specifying logging may be followed by a
# log tag (a string of alphanumeric characters)
# are appended to the string generated by the
# LOGPREFIX (in /etc/shorewall/shorewall.conf).
#
# Example: ACCEPT:info:ftp would include 'ftp '
# at the end of the log prefix generated by the
# LOGPREFIX setting.
#
# SOURCE Source hosts to which the rule applies. # SOURCE Source hosts to which the rule applies.
# A comma-separated list of subnets # A comma-separated list of subnets
# and/or hosts. Hosts may be specified by IP or MAC # and/or hosts. Hosts may be specified by IP or MAC

View File

@ -87,6 +87,7 @@ startup_error() # $* = Error Message
echo " Error: $@" >&2 echo " Error: $@" >&2
my_mutex_off my_mutex_off
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
kill $$ kill $$
exit 2 exit 2
} }
@ -1213,6 +1214,9 @@ stop_firewall() {
# #
# Turn off trace unless we were tracing "stop" or "clear" # Turn off trace unless we were tracing "stop" or "clear"
# #
rm -f /var/lib/shorewall/restore-$$
case $COMMAND in case $COMMAND in
stop|clear) stop|clear)
;; ;;
@ -1222,8 +1226,6 @@ stop_firewall() {
;; ;;
*) *)
set +x set +x
rm -f /var/lib/shorewall/restore-$$
if [ -f /var/lib/shorewall/restore ]; then if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall... echo Restoring Shorewall...
. /var/lib/shorewall/restore . /var/lib/shorewall/restore
@ -2325,6 +2327,7 @@ check_config() {
process_actions2 process_actions2
rm -rf $TMP_DIR rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
echo "Configuration Validated" echo "Configuration Validated"
@ -2722,7 +2725,7 @@ process_actions1() {
case $temp in case $temp in
ACCEPT|REJECT|DROP) ACCEPT|REJECT|DROP)
eval ${temp}_common=$xaction eval ${temp}_common=$xaction
if ! list_search $xaction $USEDACTIONS; then if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then
USEDACTIONS="$USEDACTIONS $xaction" USEDACTIONS="$USEDACTIONS $xaction"
[ $COMMAND = check ] || createactionchain $xaction [ $COMMAND = check ] || createactionchain $xaction
fi fi
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
run_iptables -t mangle -A OUTPUT -j outtos run_iptables -t mangle -A OUTPUT -j outtos
} }
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename
;;
esac
return
fi
done
fi
}
# #
# Display elements of a list with leading white space # Display elements of a list with leading white space
# #
@ -4570,6 +4537,20 @@ load_kernel_modules() {
if [ -f $modules -a -d $MODULESDIR ]; then if [ -f $modules -a -d $MODULESDIR ]; then
echo "Loading Modules..." echo "Loading Modules..."
. $modules . $modules
if [ "$command" != check ]; then
save_command "reload_kernel_modules <<EOF"
while read command; do
case "$command" in
loadmodule*)
save_command $command
;;
esac
done < $modules
save_command EOF
fi
fi fi
} }
@ -5420,6 +5401,15 @@ define_firewall() # $1 = Command (Start or Restart)
verify_os_version verify_os_version
verify_ip verify_ip
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
save_command "MODULESDIR=\"$MODULESDIR\""
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
load_kernel_modules load_kernel_modules
echo "Initializing..."; initialize_netfilter echo "Initializing..."; initialize_netfilter
@ -6078,8 +6068,6 @@ do_initialize() {
rm -f $TMP_DIR/physdev rm -f $TMP_DIR/physdev
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
} }
# #

View File

@ -162,6 +162,55 @@ separate_list() {
echo "$newlist" echo "$newlist"
} }
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
return
fi
done
fi
}
#
# Reload the Modules
#
reload_kernel_modules() {
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
while read command; do
eval $command
done
}
# #
# Find the zones # Find the zones
# #