diff --git a/Shorewall-lite/configpath b/Shorewall-lite/configpath index b968c0ab5..61f7a17e6 100644 --- a/Shorewall-lite/configpath +++ b/Shorewall-lite/configpath @@ -5,3 +5,19 @@ # CONFIG_PATH=/etc/shorewall-lite:/usr/share/shorewall-lite + +# +# SHOREWALL LITE'S FIREWALL SCRIPT DIRECTORY +# +# There is lack of agreement about where exactly in the file hierarchy the +# firewall script in Shorewall Lite systems should be stored. To allow +# everyone's opinion to prevail (and to prevent the Shorewall author from +# going crazy), the LITEDIR option allows you to decide where the file will +# be stored on Shorewall Lite systems under your distribution. +# +# a) You *must* set a value for this option +# b) The same value must be configured in +# /usr/share/shorewall/configpath in your Shorewall package +# system(s). + +LITEDIR=/var/lib/shorewall-lite diff --git a/Shorewall-lite/releasenotes.txt b/Shorewall-lite/releasenotes.txt index f5b5a82e7..19c98b28c 100644 --- a/Shorewall-lite/releasenotes.txt +++ b/Shorewall-lite/releasenotes.txt @@ -23,13 +23,19 @@ Other changes in 3.2.0 RC 4 installed on your administrative system(s) and Shorewall Lite RC4 on the firewall system(s). -2) To appease the LHS police, the file - /usr/share/shorewall-lite/firewall has been moved to +2) /usr/share/shorewall-lite/firewall has been moved to /var/lib/shorewall-lite/firewall. When upgrading to this release of Shorewall Lite, please execute the following command: cp -a /usr/share/shorewall-lite/firewall /var/lib/shorewall-lite/ + Note : The 'firewall' script is in /var/lib/shorewall-lite in + packages from shorewall.net. The package maintainers for the + various distributions are free to choose the directory where the + script will be stored under their distribution. You can look in + your /usr/share/shorewall-lite/configpath file to see what your + distribution defines for the value of LITEDIR. + New Features: Shorewall Lite is a companion product to Shorewall and is designed to @@ -65,6 +71,13 @@ e) On the administrative system, for each firewall system you: /sbin/shorewall compile -e . firewall scp firewall root@:/var/lib/shorewall-lite/ + Note : The 'firewall' script is in /var/lib/shorewall-lite in + packages from shorewall.net. The package maintainers for the + various distributions are free to choose the directory where the + script will be stored under their distribution. You can look in + your /usr/share/shorewall-lite/configpath file to see what your + distribution defines for the value of LITEDIR. + 3) On the firewall system, 'shorewall-lite start'. It is possible to have both shorewall and Shorewall Lite diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index eda368a73..2b9df32d2 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -220,6 +220,11 @@ get_config() { export VERBOSE + if [ -n "$LITEDIR" ]; then + echo " ERROR: You must set the LITEDIR option in /etc/shorewall-lite/shorewall.conf" >&2 + exit 2 + fi + } # @@ -462,10 +467,10 @@ start_command() { do_it() { [ -n "$nolock" ] || mutex_on - if [ -x ${VARDIR}/firewall ]; then - ${VARDIR}/firewall $debugging start + if [ -x ${LITEDIR}/firewall ]; then + ${LITEDIR}/firewall $debugging start else - error_message "${VARDIR}/firewall is missing or is not executable" + error_message "${LITEDIR}/firewall is missing or is not executable" fi [ -n "$nolock" ] || mutex_off @@ -629,10 +634,10 @@ restart_command() { [ -n "$nolock" ] || mutex_on - if [ -x ${VARDIR}/firewall ]; then - $SHOREWALL_SHELL ${VARDIR}/firewall $debugging restart + if [ -x ${LITEDIR}/firewall ]; then + $SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart else - error_message "${VARDIR}/firewall is missing or is not executable" + error_message "${LITEDIR}/firewall is missing or is not executable" fi [ -n "$nolock" ] || mutex_off @@ -1171,7 +1176,6 @@ VARDIR=/var/lib/shorewall-lite CONFDIR=/etc/shorewall-lite export PRODUCT="Shorewall Lite" -FIREWALL=$VARDIR/firewall FUNCTIONS=$SHAREDIR/functions VERSION_FILE=$SHAREDIR/version HELP=$SHAREDIR/help @@ -1204,6 +1208,8 @@ export CONFIG_PATH get_config +FIREWALL=$LITEDIR/firewall + if [ ! -f $FIREWALL ]; then echo " ERROR: Shorewall Lite is not properly installed" >&2 if [ -L $FIREWALL ]; then diff --git a/Shorewall/configpath b/Shorewall/configpath index 771283e12..5fc29c4b1 100644 --- a/Shorewall/configpath +++ b/Shorewall/configpath @@ -11,3 +11,18 @@ # from trying to use configuration information from /etc/shorewall. CONFIG_PATH=${CONFDIR}:/usr/share/shorewall + +# +# SHOREWALL LITE'S FIREWALL SCRIPT DIRECTORY +# +# There is lack of agreement about where exactly in the file hierarchy the +# firewall script in Shorewall Lite systems should be stored. To allow +# everyone's opinion to prevail (and to prevent the Shorewall author from +# going crazy), the LITEDIR option allows you to decide where the file will +# be stored on Shorewall Lite systems under your distribution. +# +# a) You *must* set a value for this option +# b) The same value must be configured in +# /usr/share/shorewall-lite/configpath in your Shorewall Lite package. + +LITEDIR=/var/lib/shorewall-lite diff --git a/Shorewall/functions b/Shorewall/functions index 8db8113a1..9f2e4a29c 100644 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -219,6 +219,8 @@ ensure_config_path() { [ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; } . $F fi + + [ -n "$LITEDIR" ] || { echo " ERROR: LITEDIR not defined in $F"; exit 2; } } # diff --git a/Shorewall/help b/Shorewall/help index 57edbaa96..2e9e55887 100755 --- a/Shorewall/help +++ b/Shorewall/help @@ -257,7 +257,7 @@ reload) Causes the shorewall configuration in to be compiled into a program called '/firewall'. If compilation is successful, the '/firewall' script is copied via scp to the - /var/lib/shorewall-lite/ directory on . If the script is copied + ${LITEDIR} directory on . If the script is copied successfully, Shorewall Lite on is restarted via ssh." ;; diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index a3a693bf9..be2dc83af 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -72,8 +72,12 @@ Other changes in 3.2.0 RC 4 Shorewall Lite on is restarted via ssh. Note 1: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved - from /usr/share/shorewall/ to /var/lib/shorewall/ in order to - appease the LHS police. + from /usr/share/shorewall-lite/ to /var/lib/shorewall-lite in + packages from shorewall.net. The package maintainers for the + various distributions are free to choose the directory where the + script will be stored under their distribution. You can look in + your /usr/share/shorewall/configpath file to see what your + distribution defines for the value of LITEDIR. Migration Considerations: diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 32d36f824..882d7a01f 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1301,8 +1301,8 @@ reload_command() local verbose=$(make_verbose) shorewall $debugging $verbose compile -e $1 $1/firewall && \ - echo "Copying firewall to ${2}/var/lib/shorewall-lite/..." && \ - scp $1/firewall root@${2}:/var/lib/shorewall-lite/ && \ + echo "Copying ${1}/firewall to ${2}:${LITEDIR}..." && \ + scp $1/firewall root@${2}:${LITEDIR}/ && \ echo "Copy complete" && \ ssh root@${2} "/sbin/shorewall-lite $debugging $verbose restart" && \ progress_message3 "System $2 reloaded" diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 823533cb4..ee6d49926 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -15,7 +15,7 @@ - 2006-06-16 + 2006-06-17 2006 @@ -241,6 +241,16 @@ cd <configuration directory> /sbin/shorewall compile -e . firewall scp firewall root@<firewall system>:/var/lib/shorewall-lite/ + + + The 'firewall' script is in /var/lib/shorewall-lite in packages + from shorewall.net. The package maintainers for the various + distributions are free to choose the directory where the script + will be stored under their distribution. You can look in your + /usr/share/shorewall/configpath file to see what your + distribution defines for the value of LITEDIR. + diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml index 3984576b3..731320731 100644 --- a/docs/starting_and_stopping_shorewall.xml +++ b/docs/starting_and_stopping_shorewall.xml @@ -15,7 +15,7 @@ - 2006-06-16 + 2006-06-17 2004 @@ -977,6 +977,16 @@ <system> using scp. If the copy succeeds, Shorewall Lite on <system> is restarted via ssh. + + The 'firewall' script is in /var/lib/shorewall-lite in packages + from shorewall.net. The package maintainers for the various + distributions are free to choose the directory where the script + will be stored under their distribution. You can look in your + /usr/share/shorewall/configpath file to see what your distribution + defines for the value of LITEDIR. + + Example: shorewall reload gateway