From 45e4750219a1366a652858a1b48644e4a83f84e9 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 11 Jul 2002 00:01:45 +0000 Subject: [PATCH] Add 'routestopped' file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@131 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/fallback.sh | 2 ++ Shorewall/firewall | 6 ++++++ Shorewall/hosts | 4 +++- Shorewall/install.sh | 9 +++++++++ Shorewall/interfaces | 4 +++- Shorewall/routestopped | 21 +++++++++++++++++++++ Shorewall/shorewall.spec | 3 +++ 7 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 Shorewall/routestopped diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index 24f0f3f25..432a025ca 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -91,6 +91,8 @@ restore_file /etc/shorewall/params restore_file /etc/shorewall/proxyarp +restore_file /etc/shorewall/routestopped + restore_file /etc/shorewall/masq restore_file /etc/shorewall/modules diff --git a/Shorewall/firewall b/Shorewall/firewall index accf4e0a4..1fa17a4b3 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1015,6 +1015,12 @@ stop_firewall() { hosts="`find_hosts_by_option routestopped`" + strip_file routestopped + + while read interface host; do + hosts="$hosts $interface:${host:-0.0.0.0/0}" + done < $TMP_DIR/routestopped + for host in $hosts; do interface=${host%:*} subnet=${host#*:} diff --git a/Shorewall/hosts b/Shorewall/hosts index 91838455a..6158a3571 100644 --- a/Shorewall/hosts +++ b/Shorewall/hosts @@ -30,7 +30,9 @@ # OPTIONS - A comma-separated list of options. Currently-defined # options are: # -# routestopped - route messages to and from this +# routestopped - (Deprecated -- use +# /etc/shorewall/routestopped) +# route messages to and from this # member when the firewall is in the # stopped state # diff --git a/Shorewall/install.sh b/Shorewall/install.sh index c8661b250..45879a1f8 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -360,6 +360,15 @@ else echo -e "\nProxy ARP file installed as ${PREFIX}/etc/shorewall/proxyarp" fi # +# Install the Stopped Routing file +# +if [ -f ${PREFIX}/etc/shorewall/routestopped ]; then + backup_file /etc/shorewall/routestopped +else + run_install -o $OWNER -g $GROUP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped + echo -e "\nStopped Routing file installed as ${PREFIX}/etc/shorewall/routestopped" +fi +# # Install the Masq file # if [ -f ${PREFIX}/etc/shorewall/masq ]; then diff --git a/Shorewall/interfaces b/Shorewall/interfaces index 555a8fd27..331e62e52 100644 --- a/Shorewall/interfaces +++ b/Shorewall/interfaces @@ -48,7 +48,9 @@ # requests. 'filterping' takes # precedence over 'noping' if both are # given. -# routestopped - When the firewall is stopped, allow +# routestopped - (Deprecated -- use +# /etc/shorewall/routestopped) +# When the firewall is stopped, allow # and route traffic to and from this # interface. # norfc1918 - This interface should not receive diff --git a/Shorewall/routestopped b/Shorewall/routestopped new file mode 100644 index 000000000..1d940beff --- /dev/null +++ b/Shorewall/routestopped @@ -0,0 +1,21 @@ +############################################################################## +# +# Shorewall 1.3 -- Hosts Accessible when the Firewall is Stopped +# +# /etc/shorewall/routestopped +# +# This file is used to define the hosts that are accessible when the firewall is stopped +# +# Columns must be separated by white space and are: +# +# INTERFACE - Interface through which host(s) communicate with the firewall +# HOST(S) - Comma-separated list of IP/subnet addresses. +# +# Example: +# +# INTERFACE HOST(S) +# eth2 192.168.1.0/24 +# eth0 192.0.2.44 +############################################################################## +#INTERFACE HOST(S) +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 09ad0e076..07d5d59de 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -64,6 +64,7 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s %attr(0600,root,root) %config(noreplace) /etc/shorewall/nat %attr(0600,root,root) %config(noreplace) /etc/shorewall/params %attr(0600,root,root) %config(noreplace) /etc/shorewall/proxyarp +%attr(0600,root,root) %config(noreplace) /etc/shorewall/routestopped %attr(0600,root,root) %config(noreplace) /etc/shorewall/masq %attr(0600,root,root) %config(noreplace) /etc/shorewall/modules %attr(0600,root,root) %config(noreplace) /etc/shorewall/tcrules @@ -79,6 +80,8 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Web Jul 10 2002 Tom Eastep +- Added 'routestopped' configuration file. * Fri Jul 05 2002 Tom Eastep - Changed version to 1.3.3 * Sat Jun 15 2002 Tom Eastep