From 4ffcd80b024c05992cc6551974ce5cd1f4179dc3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 11 Mar 2012 09:48:46 -0700 Subject: [PATCH 1/6] Don't test compilation if $DESTDIR Signed-off-by: Tom Eastep --- Shorewall/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 76eddd198..dd0a8bb46 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -236,7 +236,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin # Determine where to install the firewall script # -if [ $PRODUCT = shorewall ]; then +if [ $PRODUCT = shorewall -a -z "${DESTDIR}" ]; then # # Verify that Perl is installed # From e839648b8e4eb9f0d58bbc6b7755b95cadfea1ca Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 13 Mar 2012 12:27:04 -0700 Subject: [PATCH 2/6] Add a restriction to the SHELL and PERL directives. Signed-off-by: Tom Eastep --- docs/configuration_file_basics.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 8b922eee5..c132ad02b 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -1438,7 +1438,9 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true While inline scripts may be written in either Shell or Perl, those - written in Perl have a lot more power. + written in Perl have a lot more power. They may be used in all + configuration files except /etc/shorewall/params and + /etc/shorewall/shorewall.conf. Embedded scripts can be either single-line or multi-line. Single line scripts take one of the following forms: From 1dd6a8b291fe973df418289bdbbf9af4079f4067 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 13 Mar 2012 13:25:37 -0700 Subject: [PATCH 3/6] Document use of chain designators with DSCP and TOS Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-tcrules.xml | 42 ++++++++++++++++++++++ Shorewall6/manpages/shorewall6-tcrules.xml | 42 ++++++++++++++++++++++ 2 files changed, 84 insertions(+) diff --git a/Shorewall/manpages/shorewall-tcrules.xml b/Shorewall/manpages/shorewall-tcrules.xml index 602d9629f..415122277 100644 --- a/Shorewall/manpages/shorewall-tcrules.xml +++ b/Shorewall/manpages/shorewall-tcrules.xml @@ -502,6 +502,27 @@ SAME $FW 0.0.0.0/0 tcp 80,443 AF42 => 0x24 AF43 => 0x26 EF => 0x2e + + May be optionally followed by ':' and a capital letter + designating the chain where classification is to occur. + + + + F + + + FORWARD chain. + + + + + T + + + POSTROUTING chain (default). + + + @@ -531,6 +552,27 @@ Normal-Service => 0x00 The action performed is to zero out the bits specified by the mask, then set the bits specified by tos. + + May be optionally followed by ':' and a capital letter + designating the chain where classification is to occur. + + + + F + + + FORWARD chain. + + + + + T + + + POSTROUTING chain (default). + + + diff --git a/Shorewall6/manpages/shorewall6-tcrules.xml b/Shorewall6/manpages/shorewall6-tcrules.xml index b1af88ff7..007d28885 100644 --- a/Shorewall6/manpages/shorewall6-tcrules.xml +++ b/Shorewall6/manpages/shorewall6-tcrules.xml @@ -399,6 +399,27 @@ SAME $FW 0.0.0.0/0 tcp 80,443 AF42 => 0x24 AF43 => 0x26 EF => 0x2e + + May be optionally followed by ':' and a capital letter + designating the chain where classification is to occur. + + + + F + + + FORWARD chain. + + + + + T + + + POSTROUTING chain (default). + + + @@ -428,6 +449,27 @@ Normal-Service => 0x00 The action performed is to zero out the bits specified by the mask, then set the bits specified by tos. + + May be optionally followed by ':' and a capital letter + designating the chain where classification is to occur. + + + + F + + + FORWARD chain. + + + + + T + + + POSTROUTING chain (default). + + + From 98f8edbde599c250f8dffea2b0df4d6d53dd492a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 12 Mar 2012 13:57:37 -0700 Subject: [PATCH 4/6] Apply two patches from Tuomo Soini Signed-off-by: Tom Eastep --- Shorewall/install.sh | 4 ++++ Shorewall6/configfiles/isusable | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index dd0a8bb46..7fc03f7fc 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -917,6 +917,10 @@ if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/$PRODUCT/clear ]; then echo "Clear file installed as ${DESTDIR}/etc/$PRODUCT/clear" fi # +# Install the Isusable file +# +run_install $OWNERSHIP -m 0644 isusable ${DESTDIR}/usr/share/$PRODUCT/configfiles/isusable +# # Install the Refresh file # run_install $OWNERSHIP -m 0644 refresh ${DESTDIR}/usr/share/$PRODUCT/configfiles/refresh diff --git a/Shorewall6/configfiles/isusable b/Shorewall6/configfiles/isusable index 4225743c8..7a4dd97fc 100644 --- a/Shorewall6/configfiles/isusable +++ b/Shorewall6/configfiles/isusable @@ -8,13 +8,15 @@ # # The script is invoked inside a function that accepts an interface # name as a single argument. The file below is designed to work with -# both swping and lsm as described at http://www.shorewall.net/MultiISP.html +# both swping and lsm as described at +# http://www.shorewall.net/MultiISP.html # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. # ############################################################################### -local status=0 +local status +status=0 [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status) From c1d0681e17101555f97c4784e0a4fc8a05ac30c6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 13 Mar 2012 17:58:18 -0700 Subject: [PATCH 5/6] Correct LENGTH column validation Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 16dd68439..1b531f60f 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -4206,10 +4206,10 @@ sub do_length( $ ) { require_capability( 'LENGTH_MATCH' , 'A Non-empty LENGTH' , 's' ); - fatal_error "Invalid LENGTH ($length)" unless $length =~/^(\d+)(:(\d+))$/; + fatal_error "Invalid LENGTH ($length)" unless $length =~/^(\d+)(:(\d+))?$/; - if ( supplied $3 ) { - fatal_error "First length must be < second length" unless $1 < $2; + if ( supplied $2 ) { + fatal_error "First length must be < second length" unless $1 < $3; } "-m length --length $length "; From 7e14777b8fd71cd60b67adc9068741e3dd0be8c8 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 13 Mar 2012 19:54:58 -0700 Subject: [PATCH 6/6] Fix typo Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 1b531f60f..a36d9440d 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -4451,7 +4451,7 @@ sub get_set_flags( $$ ) { my %typemap = ( src => 'Source', dst => 'Destination' ); for ( @options ) { - warning_messsage( "The '$_' ipset flag is used in a $typemap{$option} column" ), last unless $_ eq $option; + warning_message( "The '$_' ipset flag is used in a $typemap{$option} column" ), last unless $_ eq $option; } }