From 28f637995600d0288dc707ad2b99f212468c1591 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 26 Dec 2017 16:56:37 -0800 Subject: [PATCH 1/4] Fix broken links in the blacklisting article Signed-off-by: Tom Eastep --- docs/blacklisting_support.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/blacklisting_support.xml b/docs/blacklisting_support.xml index 59c786d82..ec3b6cbed 100644 --- a/docs/blacklisting_support.xml +++ b/docs/blacklisting_support.xml @@ -85,7 +85,7 @@ url="manpages/shorewall-blrules.html">shorewall-blrules (5)). There you have access to the DROP, ACCEPT, REJECT and WHITELIST actions, standard and custom macros as well as standard and custom actions. See - shorewall-blrules (5) + shorewall-blrules (5) for details. Example: @@ -265,7 +265,7 @@ DROP net:200.55.14.18 all Beginning with Shorewall 5.1.1, it is possible to specify BLACKLIST in the POLICY column of shorewall-policies(5) when + url="manpages/shorewall-policy.html">shorewall-policy(5) when ipset-based dynamic blacklisting is being used. When a packet is disposed of via the BLACKLIST policy, the packet's sender is added to the dynamic blacklist ipset and the packet is dropped. From 377c9f57089e8c74676ebbfc0ac1d134a5236076 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 29 Dec 2017 15:32:05 -0800 Subject: [PATCH 2/4] Only search files in each CONFIG_PATH directory - no recursion Signed-off-by: Tom Eastep --- Shorewall/lib.cli-std | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index cfcc89d5e..a63254d5a 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -376,7 +376,7 @@ uptodate() { IFS=':' for dir in $g_shorewalldir $CONFIG_PATH; do - if [ -n "$(find ${dir} -newer $1)" ]; then + if [ -n "$(find ${dir} -mindepth 1 -maxdepth 1 -newer $1)" ]; then IFS="$ifs" return 1; fi From 71f8bad30070a8d474712ecb1231538cdf05ce83 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 28 Dec 2017 13:26:39 -0800 Subject: [PATCH 3/4] Tweak Shared Config doc Signed-off-by: Tom Eastep --- docs/SharedConfig.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/SharedConfig.xml b/docs/SharedConfig.xml index 0d1d03b14..2637188b2 100644 --- a/docs/SharedConfig.xml +++ b/docs/SharedConfig.xml @@ -963,7 +963,7 @@ SMBBI(ACCEPT) { SOURCE=vpn, DEST=$FW } ###################################################################################################### # IRC # -IRC(ACCEPT) { SOURCE=loc,vpn,apps:IRC_IF, DEST=net } +IRC(ACCEPT) { SOURCE=loc,apps, DEST=net } ###################################################################################################### # Rsync # From 5053999442e7e6ada58a69518a9d366bd6f1fb6b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 31 Dec 2017 13:06:49 -0800 Subject: [PATCH 4/4] Don't run 'find' in the PWD - Also remove -mindepth so as to catch deletions in the directories Signed-off-by: Tom Eastep --- Shorewall/lib.cli-std | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index a63254d5a..e220f9e0e 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -372,13 +372,21 @@ uptodate() { local dir local ifs + if [ -n "$g_shorewalldir" ]; then + if [ -n "$(find ${dir} -maxdepth 1 -newer $1)" ]; then + return 1; + fi + fi + ifs="$IFS" IFS=':' - for dir in $g_shorewalldir $CONFIG_PATH; do - if [ -n "$(find ${dir} -mindepth 1 -maxdepth 1 -newer $1)" ]; then - IFS="$ifs" - return 1; + for dir in $CONFIG_PATH; do + if [ -n "$dir" ]; then + if [ -n "$(find ${dir} -maxdepth 1 -newer $1)" ]; then + IFS="$ifs" + return 1; + fi fi done