extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-23 14:48:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make all references to directories indirect

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4033 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-09 16:35:55 +00:00
parent 1605f6d9bd
commit 6f073f6cfd
4 changed files with 142 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
Shorewall/compiler
View File

@ -40,6 +40,10 @@
# SHOREWALL_DIR A directory name was passed to /sbin/shorewall
# VERBOSE Standard Shorewall verbosity control.
SHAREDIR=/usr/share/shorewall
VARDIR=/var/lib/shorewall
CONFDIR=/etc/shorewall
# Fatal error -- stops the compiler after issuing the error message
#
fatal_error() # $* = Error Message
@ -783,11 +787,11 @@ match_dest_hosts()
#
# Similarly, the source or destination in a rule can be qualified by a device name. If
# the device is defined in /etc/shorewall/interfaces then a normal interface match is
# the device is defined in ${CONFDIR}/interfaces then a normal interface match is
# generated (-i or -o); otherwise, a physdev match is generated.
#-------------------------------------------------------------------------------------
#
# loosely match the passed interface with those in /etc/shorewall/interfaces.
# loosely match the passed interface with those in ${CONFDIR}/interfaces.
#
known_interface() # $1 = interface name
{
@ -1466,7 +1470,7 @@ validate_hosts_file() {
case $host in
*:*)
known_interface ${host%:*} && \
fatal_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
fatal_error "Bridged interfaces may not be defined in ${CONFDIR}/interfaces: $host"
check_bridge_port ${host%%:*}
;;
*.*.*)
@ -1476,7 +1480,7 @@ validate_hosts_file() {
;;
*)
known_interface $host && \
fatal_error "Bridged interfaces may not be defined in /etc/shorewall/interfaces: $host"
fatal_error "Bridged interfaces may not be defined in ${CONFDIR}/interfaces: $host"
check_bridge_port $host
;;
esac
@ -2692,13 +2696,13 @@ setup_syn_flood_chains()
#
delete_proxy_arp() {
indent >&3 << __EOF__
if [ -f /var/lib/shorewall/proxyarp ]; then
if [ -f \${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do
qt arp -i \$external -d \$address pub
[ -z "\$haveroute" -a -z "\$NOROUTE" ] && qt ip route del \$address dev \$interface
done < /var/lib/shorewall/proxyarp
done < \${VARDIR}/proxyarp
rm -f {/var/lib/shorewall}/nat
rm -f ${VARDIR}/nat
fi
for f in /proc/sys/net/ipv4/conf/*; do
@ -2800,12 +2804,12 @@ delete_nat() {
indent >&3 << __EOF__
if [ -f /var/lib/shorewall/nat ]; then
if [ -f \${VARDIR}/nat ]; then
while read external interface; do
ip_addr_del \$external \$interface
done < /var/lib/shorewall/nat
done < \${VARDIR}/nat
rm -f {/var/lib/shorewall}/nat
rm -f \${VARDIR}/nat
fi
__EOF__
@ -3689,7 +3693,7 @@ process_action() # $1 = chain (Chain to add the rules to)
}
#
# Append a file in /var/lib/shorewall to $OUTPUT
# Append a file in ${VARDIR} to $OUTPUT
#
append_action_file() # $1 = File Name
{
@ -3987,8 +3991,8 @@ merge_macro_source_dest() # $1 = source/dest from macro body, $2 = source/dest f
#
# The next three functions implement the three phases of action processing.
#
# The first phase (process_actions1) occurs before the rules file is processed. /usr/share/shorewall/actions.std
# and /etc/shorewall/actions are scanned (in that order) and for each action:
# The first phase (process_actions1) occurs before the rules file is processed. ${SHAREDIR}/actions.std
# and ${CONFDIR}/actions are scanned (in that order) and for each action:
#
# a) The related action definition file is located and scanned.
# b) Forward and unresolved action references are trapped as errors.
@ -4018,7 +4022,7 @@ process_actions1() {
strip_file actions
strip_file actions.std /usr/share/shorewall/actions.std
strip_file actions.std ${SHAREDIR}/actions.std
for inputfile in actions.std actions; do
while read xaction rest; do
@ -4486,7 +4490,7 @@ add_nat_rule() {
# Parse SNAT address if any
if [ "$addr" != "${addr%:*}" ]; then
fatal_error "SNAT may no longer be specified in a DNAT rule; use /etc/shorewall/masq instead"
fatal_error "SNAT may no longer be specified in a DNAT rule; use ${CONFDIR}/masq instead"
fi
# Set original destination address
@ -6908,7 +6912,7 @@ initialize_netfilter () {
indent >&3 << __EOF__
if [ -f /var/lib/shorewall/save ]; then
if [ -f \${VARDIR}/save ]; then
progress_message2 "Setting up dynamic rules..."
while read target ignore1 ignore2 address rest; do
case \$target in
@ -6916,7 +6920,7 @@ if [ -f /var/lib/shorewall/save ]; then
run_iptables -A dynamic -s \$address -j \$target
;;
esac
done < /var/lib/shorewall/save
done < \${VARDIR}/save
fi
__EOF__
@ -7785,12 +7789,12 @@ stop_firewall() {
\$IPTABLES -t nat -F
\$IPTABLES -t nat -X
if [ -f /var/lib/shorewall/nat ]; then
if [ -f \${VARDIR}/nat ]; then
while read external interface; do
ip_addr_del \$external dev \$interface
done < /var/lib/shorewall/nat
done < \${VARDIR}/nat
rm -f /var/lib/shorewall/nat
rm -f \${VARDIR}/nat
fi
}
@ -7802,7 +7806,7 @@ stop_firewall() {
[ -n "\${RESTOREFILE:=restore}" ]
RESTOREPATH=/var/lib/shorewall/\$RESTOREFILE
RESTOREPATH=\${VARDIR}/\$RESTOREFILE
if [ -x \$RESTOREPATH ]; then
@ -7874,11 +7878,11 @@ __EOF__
done
fi
if [ -f /var/lib/shorewall/proxyarp ]; then
if [ -f \${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do
qt arp -i \$external -d \$address pub
[ -z "\${haveroute}\${NOROUTES}" ] && qt ip route del \$address dev \$interface
done < /var/lib/shorewall/proxyarp
done < \${VARDIR}/proxyarp
fi
for f in /proc/sys/net/ipv4/conf/*; do
@ -8081,9 +8085,23 @@ compile_firewall() # $1 = File Name
#
__EOF__
if [ -n "$EXPORT" ]; then
cat >&3 << __EOF__
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
VARDIR=/var/lib/shorewall
__EOF__
else
cat >&3 << __EOF__
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
VARDIR=/var/lib/shorewall
__EOF__
fi
cat >&3 << __EOF__
. /usr/share/shorewall/functions
. \${SHAREDIR}/functions
__EOF__
compile_stop_firewall
@ -8211,11 +8229,11 @@ __EOF__
INDENT=" "
cat >&3 << __EOF__
if [ ! -f /usr/share/shorewall/version ]; then
if [ ! -f \${SHAREDIR}/version ]; then
fatal_error "This script requires Shorewall or Shorewall Lite which do not appear to be installed on this system"
fi
local version=\$(cat /usr/share/shorewall/version)
local version=\$(cat \${SHAREDIR}/version)
if [ \${LIBVERSION:-0} -lt 30191 ]; then
fatal_error "This script requires Shorewall [Lite] version 3.2.0-Beta7 or later; current version is \$version"
@ -8275,9 +8293,9 @@ __EOF__
STOPPING=
#
# The library requires that /var/lib/shorewall exist
# The library requires that ${VARDIR} exist
#
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
[ -d \${VARDIR} ] || mkdir -p \${VARDIR}
}
@ -8378,7 +8396,7 @@ __EOF__
fi
for file in chains nat proxyarp zones; do
save_command "cat > /var/lib/shorewall/$file $LEFTSHIFT __EOF__"
save_command "cat > \${VARDIR}/$file $LEFTSHIFT __EOF__"
cat $STATEDIR/$file >&3
save_command_unindented __EOF__
done
@ -8390,7 +8408,7 @@ __EOF__
fi
__EOF__
save_command "date > /var/lib/shorewall/restarted"
save_command "date > \${VARDIR}/restarted"
append_file start
@ -8404,7 +8422,7 @@ __EOF__
cat >&3 << __EOF__
cp -f \$(my_pathname) /var/lib/shorewall/.restore
cp -f \$(my_pathname) \${VARDIR}/.restore
case \$COMMAND in
start)
@ -8425,7 +8443,7 @@ __EOF__
#
restore_firewall()
{
iptables_save_file=/var/lib/shorewall/\$(basename \$0)-iptables
iptables_save_file=\${VARDIR}/\$(basename \$0)-iptables
fatal_error()
{
@ -8565,7 +8583,7 @@ do_initialize() {
TCP_FLAGS_LOG_LEVEL=
RFC1918_LOG_LEVEL=
MARK_IN_FORWARD_CHAIN=
SHARED_DIR=/usr/share/shorewall
SHARED_DIR=${SHAREDIR}
FUNCTIONS=
VERSION_FILE=
LOGFORMAT=
@ -8905,7 +8923,7 @@ case "$COMMAND" in
call)
#
# Undocumented way to call functions in /usr/share/shorewall/compiler directly
# Undocumented way to call functions in ${SHAREDIR}/compiler directly
#
shift
do_initialize

59
Shorewall/firewall
View File

@ -40,6 +40,9 @@
# and rules/policies.
# shorewall refresh . Rebuild the common chain
#
SHAREDIR=/usr/share/shorewall
VARDIR=/var/lib/shorewall
CONFDIR=/etc/shorewall
# Mutual exclusion -- These functions are jackets for the mutual exclusion
# routines in $FUNCTIONS. They invoke
# the corresponding function in that file if the user did
@ -551,11 +554,11 @@ match_dest_hosts()
#
# Similarly, the source or destination in a rule can be qualified by a device name. If
# the device is defined in /etc/shorewall/interfaces then a normal interface match is
# the device is defined in ${CONFDIR}/interfaces then a normal interface match is
# generated (-i or -o); otherwise, a physdev match is generated.
#-------------------------------------------------------------------------------------
#
# loosely match the passed interface with those in /etc/shorewall/interfaces.
# loosely match the passed interface with those in ${CONFDIR}/interfaces.
#
known_interface() # $1 = interface name
{
@ -1126,7 +1129,7 @@ stop_firewall() {
[ -n "${RESTOREFILE:=restore}" ]
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
RESTOREPATH=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then
@ -1422,7 +1425,7 @@ setup_ipsec() {
# Delete existing Proxy ARP
#
delete_proxy_arp() {
if [ -f /var/lib/shorewall/proxyarp ]; then
if [ -f ${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do
case $COMMAND in
stop|clear)
@ -1442,9 +1445,9 @@ delete_proxy_arp() {
fi
;;
esac
done < /var/lib/shorewall/proxyarp
done < ${VARDIR}/proxyarp
rm -f /var/lib/shorewall/proxyarp
rm -f ${VARDIR}/proxyarp
fi
[ -d $STATEDIR ] && touch $STATEDIR/proxyarp
@ -1476,12 +1479,12 @@ delete_nat() {
run_iptables -t nat -F
run_iptables -t nat -X
if [ -f /var/lib/shorewall/nat ]; then
if [ -f ${VARDIR}/nat ]; then
while read external interface; do
qt ip addr del $external dev $interface
done < /var/lib/shorewall/nat
done < ${VARDIR}/nat
rm -f {/var/lib/shorewall}/nat
rm -f ${VARDIR}/nat
fi
[ -d $STATEDIR ] && touch $STATEDIR/nat
@ -1734,7 +1737,7 @@ check_disabled_startup() {
echo " Shorewall Startup is disabled -- to enable startup"
echo " after you have completed Shorewall configuration,"
echo " change the setting of STARTUP_ENABLED to Yes in"
echo " /etc/shorewall/shorewall.conf"
echo " ${CONFDIR}/shorewall.conf"
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
my_mutex_off
@ -1921,12 +1924,12 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
#
# Be sure that Shorewall has been restarted using a DZ-aware version of the code
#
[ -f /var/lib/shorewall/chains ] || startup_error "/var/lib/shorewall/chains -- file not found"
[ -f /var/lib/shorewall/zones ] || startup_error "/var/lib/shorewall/zones -- file not found"
[ -f ${VARDIR}/chains ] || startup_error "${VARDIR}/chains -- file not found"
[ -f ${VARDIR}/zones ] || startup_error "${VARDIR}/zones -- file not found"
#
# Check for duplicates and create a new zone state file
#
> /var/lib/shorewall/zones_$$
> ${VARDIR}/zones_$$
while read z type hosts; do
if [ "$z" = "$zone" ]; then
@ -1944,10 +1947,10 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
eval ${z}_hosts=\"$hosts\"
echo "$z $type $hosts" >> /var/lib/shorewall/zones_$$
done < /var/lib/shorewall/zones
echo "$z $type $hosts" >> ${VARDIR}/zones_$$
done < ${VARDIR}/zones
mv -f /var/lib/shorewall/zones_$$ /var/lib/shorewall/zones
mv -f ${VARDIR}/zones_$$ ${VARDIR}/zones
TERMINATOR=fatal_error
#
@ -2017,7 +2020,7 @@ add_to_zone() # $1...${n-1} = <interface>[:<hosts>] $n = zone
done
fi
fi
done < /var/lib/shorewall/chains
done < ${VARDIR}/chains
progress_message "$newhost added to zone $zone"
@ -2093,12 +2096,12 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
#
# Be sure that Shorewall has been restarted using a DZ-aware version of the code
#
[ -f /var/lib/shorewall/chains ] || startup_error "/var/lib/shorewall/chains -- file not found"
[ -f /var/lib/shorewall/zones ] || startup_error "/var/lib/shorewall/zones -- file not found"
[ -f ${VARDIR}/chains ] || startup_error "${VARDIR}/chains -- file not found"
[ -f ${VARDIR}/zones ] || startup_error "${VARDIR}/zones -- file not found"
#
# Delete the passed hosts from the zone state file
#
> /var/lib/shorewall/zones_$$
> ${VARDIR}/zones_$$
while read z hosts; do
if [ "$z" = "$zone" ]; then
@ -2132,10 +2135,10 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
eval ${z}_hosts=\"$hosts\"
echo "$z $hosts" >> /var/lib/shorewall/zones_$$
done < /var/lib/shorewall/zones
echo "$z $hosts" >> ${VARDIR}/zones_$$
done < ${VARDIR}/zones
mv -f /var/lib/shorewall/zones_$$ /var/lib/shorewall/zones
mv -f ${VARDIR}/zones_$$ ${VARDIR}/zones
TERMINATOR=fatal_error
@ -2192,7 +2195,7 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
done
fi
fi
done < /var/lib/shorewall/chains
done < ${VARDIR}/chains
progress_message "$delhost removed from zone $zone"
@ -2295,7 +2298,7 @@ do_initialize() {
TCP_FLAGS_LOG_LEVEL=
RFC1918_LOG_LEVEL=
MARK_IN_FORWARD_CHAIN=
SHARED_DIR=/usr/share/shorewall
SHARED_DIR=${SHAREDIR}
FUNCTIONS=
VERSION_FILE=
LOGFORMAT=
@ -2399,7 +2402,7 @@ do_initialize() {
fi
determine_capabilities
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
else
f=$(find_file capabilities)
@ -2640,7 +2643,7 @@ case "$COMMAND" in
$IPTABLES -t nat -Z
$IPTABLES -t mangle -Z
report "Shorewall Counters Reset"
date > /var/lib/shorewall/restarted
date > ${VARDIR}/restarted
my_mutex_off
;;
@ -2701,7 +2704,7 @@ case "$COMMAND" in
call)
#
# Undocumented way to call functions in /usr/share/shorewall/firewall directly
# Undocumented way to call functions in ${SHAREDIR}/firewall directly
#
shift
do_initialize

18
Shorewall/functions
View File

@ -28,6 +28,10 @@
LIBVERSION=30191
[ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc/shorewall}" ]
#
# Message to stderr
#
@ -210,7 +214,7 @@ my_pathname() {
# Set default config path
#
ensure_config_path() {
local F=/usr/share/shorewall/configpath
local F=${SHAREDIR}/configpath
if [ -z "$CONFIG_PATH" ]; then
[ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
. $F
@ -218,7 +222,7 @@ ensure_config_path() {
}
#
# Find a File -- For relative file name, look first in $SHOREWALL_DIR then in /etc/shorewall
# Find a File -- For relative file name, look first in $SHOREWALL_DIR then in ${CONFDIR}
#
find_file()
{
@ -244,7 +248,7 @@ find_file()
IFS=$saveifs
echo /etc/shorewall/$1
echo ${CONFDIR}/$1
fi
;;
esac
@ -445,13 +449,13 @@ load_kernel_modules()
mutex_on()
{
local try=0
local lockf=/var/lib/shorewall/lock
local lockf=${VARDIR}/lock
MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
if [ $MUTEX_TIMEOUT -gt 0 ]; then
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
if qt mywhich lockfile; then
lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
@ -476,7 +480,7 @@ mutex_on()
#
mutex_off()
{
rm -f /var/lib/shorewall/lock
rm -f ${VARDIR}/lock
}
#
@ -1161,7 +1165,7 @@ mywhich() {
#
set_state () # $1 = state
{
echo "$1 ($(date))" > /var/lib/shorewall/state
echo "$1 ($(date))" > ${VARDIR}/state
}
#

92
Shorewall/shorewall
View File

@ -113,6 +113,10 @@
# shorewall compile [ <directory> ] ]<filename>
# Compile a firewall program file.
#
SHAREDIR=/usr/share/shorewall
VARDIR=/var/lib/shorewall
CONFDIR=/etc/shorewall
# Fatal Error
#
fatal_error() # $@ = Message
@ -246,7 +250,7 @@ get_config() {
case $STARTUP_ENABLED in
[Nn][Oo])
echo " WARNING: Shorewall startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf" >&2
echo " WARNING: Shorewall startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${CONFDIR}/shorewall.conf" >&2
STARTUP_ENABLED=
;;
[Yy][Ee][Ss])
@ -432,7 +436,7 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
#
save_config() {
if shorewall_is_started ; then
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
@ -442,12 +446,12 @@ save_config() {
echo " ERROR: Reserved file name: $RESTOREFILE"
;;
*)
if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
if [ -f /var/lib/shorewall/.restore ]; then
if iptables-save | iptablesbug > /var/lib/shorewall/restore-$$; then
cp -f /var/lib/shorewall/.restore $RESTOREPATH
mv -f /var/lib/shorewall/restore-$$ ${RESTOREPATH}-iptables
if [ -f ${VARDIR}/.restore ]; then
if iptables-save | iptablesbug > ${VARDIR}/restore-$$; then
cp -f ${VARDIR}/.restore $RESTOREPATH
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
@ -457,16 +461,16 @@ save_config() {
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
f=/var/lib/shorewall/restore-$$
f=${VARDIR}/restore-$$
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". /usr/share/shorewall/functions" >> $f
echo ". ${SHAREDIR}/functions" >> $f
echo >> $f
grep '^MODULE' /var/lib/shorewall/restore-base >> $f
grep '^MODULE' ${VARDIR}/restore-base >> $f
echo "reload_kernel_modules << __EOF__" >> $f
grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
grep 'loadmodule ip_set' ${VARDIR}/restore-base >> $f
echo "__EOF__" >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
@ -486,11 +490,11 @@ save_config() {
;;
esac
else
rm -f /var/lib/shorewall/restore-$$
rm -f ${VARDIR}/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: /var/lib/shorewall/.restored oes not exist"
echo " ERROR: ${VARDIR}/.restored oes not exist"
fi
else
echo "Error Saving the Dynamic Rules"
@ -515,8 +519,8 @@ start_command() {
progress_message3 "Compiling..."
if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.start; then
/var/lib/shorewall/.start $debugging start
if $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.start; then
${VARDIR}/.start $debugging start
fi
[ -n "$nolock" ] || mutex_off
@ -590,12 +594,12 @@ start_command() {
#
# RESTOREFILE is exported by get_config()
#
make -qf /etc/shorewall/Makefile || FAST=
make -qf ${CONFDIR}/Makefile || FAST=
fi
if [ -n "$FAST" ]; then
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
RESTOREPATH=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then
if [ -x ${RESTOREPATH}-ipsets ]; then
@ -611,7 +615,7 @@ start_command() {
echo Restoring Shorewall...
$SHOREWALL_SHELL $RESTOREPATH restore
date > /var/lib/shorewall/restarted
date > ${VARDIR}/restarted
progress_message3 Shorewall restored from $RESTOREPATH
else
do_it
@ -691,7 +695,7 @@ compile_command() {
progress_message3 "Compiling..."
exec $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging compile $file
exec $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging compile $file
}
#
# Check Command Executor
@ -754,7 +758,7 @@ check_command() {
progress_message3 "Checking..."
exec $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock check
exec $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock check
}
#
@ -825,8 +829,8 @@ restart_command() {
progress_message3 "Compiling..."
if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.restart; then
$SHOREWALL_SHELL /var/lib/shorewall/.restart $debugging restart
if $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.restart; then
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
fi
[ -n "$nolock" ] || mutex_off
@ -919,7 +923,7 @@ show_command() {
;;
zones)
[ $# -gt 1 ] && usage 1
if [ -f /var/lib/shorewall/zones ]; then
if [ -f ${VARDIR}/zones ]; then
echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
echo
while read zone type hosts; do
@ -927,10 +931,10 @@ show_command() {
for host in $hosts; do
echo " $host"
done
done < /var/lib/shorewall/zones
done < ${VARDIR}/zones
echo
else
echo " ERROR: /var/lib/shorewall/zones does not exist" >&2
echo " ERROR: ${VARDIR}/zones does not exist" >&2
exit 1
fi
;;
@ -951,11 +955,11 @@ show_command() {
echo "allowoutUPnP # Allow traffic from local command 'upnpd'"
echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic"
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
;;
macros)
[ $# -gt 1 ] && usage 1
for macro in /usr/share/shorewall/macro.*; do
for macro in ${SHAREDIR}/macro.*; do
foo=`grep 'This macro' $macro | head -n 1`
if [ -n "$foo" ]; then
macro=${macro#*.}
@ -1164,14 +1168,14 @@ safe_commands() {
progress_message3 "Compiling..."
if ! $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging nolock compile /var/lib/shorewall/.$command; then
if ! $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging nolock compile ${VARDIR}/.$command; then
status=$?
mutex_off
exit $status
fi
RESTOREFILE=.safe
RESTOREPATH=/var/lib/shorewall/.safe
RESTOREPATH=${VARDIR}/.safe
save_config
@ -1184,7 +1188,7 @@ safe_commands() {
;;
esac
/var/lib/shorewall/.$command $command
${VARDIR}/.$command $command
echo -n "Do you want to accept the new firewall configuration? [y/n] "
@ -1192,9 +1196,9 @@ safe_commands() {
echo "New configuration has been accepted"
else
if [ "$command" = "restart" ]; then
/var/lib/shorewall/.safe restore
${VARDIR}/.safe restore
else
/var/lib/shorewall/.$command clear
${VARDIR}/.$command clear
fi
mutex_off
@ -1258,7 +1262,7 @@ restore_command() {
exit 2
fi
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
RESTOREPATH=${VARDIR}/$RESTOREFILE
export NOROUTES
@ -1273,10 +1277,10 @@ restore_command() {
fi
progress_message3 "Restoring Shorewall..."
$SHOREWALL_SHELL $RESTOREPATH restore && progress_message3 "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
$SHOREWALL_SHELL $RESTOREPATH restore && progress_message3 "Shorewall restored from ${VARDIR}/$RESTOREFILE"
[ -n "$nolock" ] || mutex_off
else
echo "File /var/lib/shorewall/$RESTOREFILE: file not found"
echo "File ${VARDIR}/$RESTOREFILE: file not found"
[ -n "$nolock" ] || mutex_off
exit 2
fi
@ -1336,8 +1340,8 @@ usage() # $1 = exit status
# Display the time that the counters were last reset
#
show_reset() {
[ -f /var/lib/shorewall/restarted ] && \
echo "Counters reset $(cat /var/lib/shorewall/restarted)" && \
[ -f ${VARDIR}/restarted ] && \
echo "Counters reset $(cat ${VARDIR}/restarted)" && \
echo
}
@ -1512,7 +1516,7 @@ fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
MUTEX_TIMEOUT=
SHARED_DIR=/usr/share/shorewall
SHARED_DIR=${SHAREDIR}
FIREWALL=$SHARED_DIR/firewall
FUNCTIONS=$SHARED_DIR/functions
VERSION_FILE=$SHARED_DIR/version
@ -1630,8 +1634,8 @@ case "$COMMAND" in
status=4
fi
if [ -f /var/lib/shorewall/state ]; then
state="$(cat /var/lib/shorewall/state)"
if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)"
case $state in
Stopped*|Clear*)
status=3
@ -1862,7 +1866,7 @@ case "$COMMAND" in
;;
esac
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
RESTOREPATH=${VARDIR}/$RESTOREFILE
[ "$nolock" ] || mutex_on
@ -1884,7 +1888,7 @@ case "$COMMAND" in
esac
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
RESTOREPATH=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then
@ -1899,7 +1903,7 @@ case "$COMMAND" in
elif [ -f $RESTOREPATH ]; then
echo " $RESTOREPATH exists and is not a saved Shorewall configuration"
fi
rm -f /var/lib/shorewall/save
rm -f ${VARDIR}/save
;;
ipcalc)
[ -n "$debugging" ] && set -x
@ -1954,7 +1958,7 @@ case "$COMMAND" in
call)
[ -n "$debugging" ] && set -x
#
# Undocumented way to call functions in /usr/share/shorewall/functions directly
# Undocumented way to call functions in ${SHAREDIR}/functions directly
#
shift
$@