From 14e8568d9eda1cfd1f4a221b0dd164dd752958e5 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 5 Oct 2016 15:03:54 -0700 Subject: [PATCH] Add the FIREWALL .conf option Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 1 + Shorewall/Samples/Universal/shorewall.conf | 6 ++ .../Samples/one-interface/shorewall.conf | 6 ++ .../Samples/three-interfaces/shorewall.conf | 6 ++ .../Samples/two-interfaces/shorewall.conf | 6 ++ Shorewall/configfiles/shorewall.conf | 6 ++ Shorewall/lib.cli-std | 13 ++++- Shorewall/manpages/shorewall.conf.xml | 14 +++++ Shorewall/manpages/shorewall.xml | 56 ++++++++++++------- Shorewall6/Samples6/Universal/shorewall6.conf | 6 ++ .../Samples6/one-interface/shorewall6.conf | 6 ++ .../Samples6/three-interfaces/shorewall6.conf | 6 ++ .../Samples6/two-interfaces/shorewall6.conf | 6 ++ Shorewall6/configfiles/shorewall6.conf | 6 ++ Shorewall6/manpages/shorewall6.conf.xml | 14 +++++ Shorewall6/manpages/shorewall6.xml | 56 +++++++++++++------ 16 files changed, 177 insertions(+), 37 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index df028ab8f..b0c6b4211 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -900,6 +900,7 @@ sub initialize( $;$$) { MINIUPNPD => undef , VERBOSE_MESSAGES => undef , ZERO_MARKS => undef , + FIREWALL => undef , # # Packet Disposition # diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index ecf508e4d..6033d758f 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -23,6 +23,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index ba6ce949b..38a4593a4 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -34,6 +34,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index 27013c772..693e42872 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -31,6 +31,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index f5cffe9f2..6e9fad1f6 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -34,6 +34,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 8138a85a3..07c6e7345 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -23,6 +23,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index bf82c0ea1..39eab5f0d 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1444,6 +1444,12 @@ remote_reload_command() # $* = original arguments less the command. option= shift ;; + D) + [ $# -gt 1 ] || fatal_error "Missing directory name" + g_shorewalldir=$2 + option= + shift + ;; T*) g_confess=Yes option=${option#T} @@ -1467,7 +1473,7 @@ remote_reload_command() # $* = original arguments less the command. case $# in 0) - missing_argument + [ -n "$g_shorewalldir" ] || g_shorewalldir='.' ;; 1) g_shorewalldir="." @@ -1502,6 +1508,11 @@ remote_reload_command() # $* = original arguments less the command. get_config No g_haveconfig=Yes + + if [ -z "$system" ]; then + system=$FIREWALL + [ -n "$system" ] || fatal_error "No system name given and the FIREWALL option is not set" + fi else fatal_error "$g_shorewalldir/$g_program.conf does not exist" fi diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 18568f24b..fe187c71c 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -911,6 +911,20 @@ net all DROP infothen the chain name is 'net-all' + + FIREWALL=[dnsname-or-ip-address] + + + This option was added in Shorewall 5.0.13 and may be used on + an administrative system in directories containing the + configurations of remote firewalls. The contents of the variable are + the default value for the system + parameter to the remote-reload and + remote-restart commands. + + + FORWARD_CLEAR_MARK={Yes|No} diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 24c3e2269..63ebde02c 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -451,9 +451,9 @@ - directory + directory - system + system @@ -475,9 +475,9 @@ - directory + directory - system + system @@ -499,9 +499,9 @@ - directory + directory - system + system @@ -1614,8 +1614,8 @@ remote-start [-] [-] [- root-user-name] [-] - [-] [ directory ] - system + [-] [ [ -D ] directory ] + [ system ] This command was renamed from load in @@ -1641,7 +1641,13 @@ directory. If compilation succeeds, then firewall is copied to system using scp. If the copy succeeds, Shorewall Lite on system is started via - ssh. + ssh. Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. If -s is specified and the start command succeeds, then the @@ -1676,9 +1682,9 @@ remote-reload [-] [-] [- root-user-name] - [-] [-] [ - directory ] - system + [-] [-] [ [ -D ] + directory ] [ + system ] This command was added in Shorewall 5.0.0. @@ -1702,8 +1708,14 @@ defaulted) directory is compiled to a file called firewall in that directory. If compilation succeeds, then firewall is copied to system using scp. If the copy succeeds, - Shorewall Lite on system is restarted via - ssh. + Shorewall Lite on system is restarted via ssh. + Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. If -s is specified and the restart command succeeds, then the @@ -1738,9 +1750,9 @@ remote-restart [-] [-] [- root-user-name] - [-] [-] [ - directory ] - system + [-] [-] [ [ -D ] + directory ] [ + system ] This command was renamed from reload in @@ -1765,8 +1777,14 @@ defaulted) directory is compiled to a file called firewall in that directory. If compilation succeeds, then firewall is copied to system using scp. If the copy succeeds, - Shorewall Lite on system is restarted via - ssh. + Shorewall Lite on system is restarted via ssh. + Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. If -s is specified and the restart command succeeds, then the diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index 117e2a189..5f316bd46 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -24,6 +24,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 66db511ad..1eb05c4b3 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -25,6 +25,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 69c351416..dc0a94e0a 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -24,6 +24,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index dc1917e01..c21821c48 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -24,6 +24,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 29c320c41..ab7ab765c 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -24,6 +24,12 @@ VERBOSITY=1 PAGER= +############################################################################### +# F I R E W A L L +############################################################################### + +FIREWALL= + ############################################################################### # L O G G I N G ############################################################################### diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 45a23308a..1a72f09dd 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -772,6 +772,20 @@ net all DROP infothen the chain name is 'net-all' + + FIREWALL=[dnsname-or-ip-address] + + + This option was added in Shorewall 5.0.13 and may be used on + an administrative system in directories containing the + configurations of remote firewalls. The contents of the variable are + the default value for the system + parameter to the remote-reload and + remote-restart commands. + + + FORWARD_CLEAR_MARK={Yes|No} diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index cc1dd2e0e..5caf370f3 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -403,9 +403,9 @@ - directory + directory - system + system @@ -427,9 +427,9 @@ - directory + directory - system + system @@ -451,9 +451,9 @@ - directory + directory - system + system @@ -1548,9 +1548,11 @@ remote-reload [-] [-] [- root-user-name] - [-] [-] [ - directory ] - system + [-] [-] [ [ -D ] + directory ] [ + system ] + + This command was added in Shorewall 5.0.0. @@ -1574,8 +1576,14 @@ defaulted) directory is compiled to a file called firewall in that directory. If compilation succeeds, then firewall is copied to system using scp. If the copy succeeds, - Shorewall6 Lite on system is restarted via - ssh. + Shorewall6 Lite on system is restarted via ssh. + Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. If is specified and the restart command succeeds, then the remote @@ -1610,9 +1618,9 @@ remote- restart [-] [-] [- root-user-name] - [-] [-] [ - directory ] - system + [-] [-] [ [ -D ] + directory ] [ + system ] This command was renamed from reload in @@ -1640,6 +1648,14 @@ Shorewall6 Lite on system is restarted via ssh. + Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. + If is specified and the restart command succeeds, then the remote Shorewall6-lite configuration is saved by executing @@ -1673,8 +1689,8 @@ remote-start [-] [-] [- root-user-name] [-] - [-] [ directory ] - system + [-] [ [-D ] directory ] [ + system ] This command was added in Shorewall 5.0.0. @@ -1699,7 +1715,13 @@ directory. If compilation succeeds, then firewall is copied to system using scp. If the copy succeeds, Shorewall6 Lite on system is started via - ssh. + ssh. Beginning with Shorewall 5.0.13, if + system is omitted, then the FIREWALL + option setting in shorewall6.conf(5) is assumed. In + that case, if you want to specify a + directory, then the + option must be given. If is specified and the start command succeeds, then the remote