mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-23 16:13:18 +01:00
Remove shorewall-shell support from /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9482 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
a3d0f8e222
commit
70b817fb4c
@ -207,7 +207,7 @@ if [ -n "$PREFIX" ]; then
|
||||
install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
|
||||
fi
|
||||
else
|
||||
[ -x /usr/share/shorewall-shell/compiler -o -x /usr/share/shorewall-perl/compiler.pl ] || \
|
||||
[ -x /usr/share/shorewall-perl/compiler.pl ] || \
|
||||
{ echo " ERROR: No Shorewall compiler is installed" >&2; exit 1; }
|
||||
if [ -z "$CYGWIN" ]; then
|
||||
if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
|
||||
|
||||
@ -23,15 +23,10 @@
|
||||
#
|
||||
# This library contains the code common to all Shorewall components.
|
||||
#
|
||||
# - It is copied into the compiled script with the -e compiler flag is specified to
|
||||
# shorewall-shell.
|
||||
# - It is loaded by /sbin/shorewall.
|
||||
# - It is loaded by /usr/share/shorewall/firewall.
|
||||
# - It is loaded by /usr/share/shorewall-shell/compiler.
|
||||
# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
|
||||
# and /usr/share/shorewall-lite/shorecap.
|
||||
# - It is released as part of Shorewall Perl where it is copied into the compiled script
|
||||
# by the compiler.
|
||||
#
|
||||
|
||||
SHOREWALL_LIBVERSION=40000
|
||||
@ -40,7 +35,6 @@ SHOREWALL_CAPVERSION=40205
|
||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||
[ -n "${CONFDIR:=/etc/shorewall}" ]
|
||||
SHELLSHAREDIR=/usr/share/shorewall-shell
|
||||
PERLSHAREDIR=/usr/share/shorewall-perl
|
||||
|
||||
#
|
||||
|
||||
@ -696,13 +696,7 @@ dump_command() {
|
||||
clear_term
|
||||
echo "$PRODUCT $version Dump at $HOSTNAME - $(date)"
|
||||
echo
|
||||
if [ -f /usr/share/shorewall-shell/version ]; then
|
||||
echo " Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
|
||||
if [ -f /usr/share/shorewall-perl/version ]; then
|
||||
echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
|
||||
fi
|
||||
echo
|
||||
elif [ -f /usr/share/shorewall-perl/version ]; then
|
||||
if [ -f /usr/share/shorewall-perl/version ]; then
|
||||
echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
|
||||
echo
|
||||
fi
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Shorewall Packet Filtering Firewall Control Program - V4.2
|
||||
# Shorewall Packet Filtering Firewall Control Program - V4.4
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# This file should be placed in /sbin/shorewall.
|
||||
#
|
||||
@ -212,6 +212,19 @@ get_config() {
|
||||
esac
|
||||
fi
|
||||
|
||||
case ${SHOREWALL_COMPILER:=perl} in
|
||||
perl|Perl)
|
||||
;;
|
||||
shell|Shell)
|
||||
echo " ERROR: SHOREWALL_COMPILER=shell is no longer supported"
|
||||
exit 2
|
||||
;;
|
||||
*)
|
||||
echo " ERROR: Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER"
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
|
||||
case ${TC_ENABLED:=Internal} in
|
||||
No|NO|no)
|
||||
TC_ENABLED=
|
||||
@ -313,24 +326,14 @@ get_config() {
|
||||
}
|
||||
|
||||
#
|
||||
# Run the appropriate compiler
|
||||
# Run the compiler
|
||||
#
|
||||
compiler() {
|
||||
local sc
|
||||
sc=${SHELLSHAREDIR}/compiler
|
||||
local pc
|
||||
pc=${PERLSHAREDIR}/compiler.pl
|
||||
|
||||
startup_error() {
|
||||
echo " ERROR: $@" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
local command
|
||||
command=$1
|
||||
|
||||
shift
|
||||
|
||||
if [ $(id -u) -ne 0 ]; then
|
||||
if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then
|
||||
startup_error "Ordinary users may not compile the /etc/shorewall configuration"
|
||||
@ -341,49 +344,6 @@ compiler() {
|
||||
#
|
||||
ensure_config_path
|
||||
|
||||
compiler=
|
||||
haveparams=
|
||||
|
||||
if [ -n "$SHOREWALL_COMPILER" ]; then
|
||||
compiler="$SHOREWALL_COMPILER" #Compiler specified in /etc/shorewall/shorewall.conf or on the run-line
|
||||
elif [ -x $sc ]; then
|
||||
if [ ! -x $pc ]; then
|
||||
compiler=shell
|
||||
fi
|
||||
elif [ -x $pc ]; then
|
||||
compiler=perl
|
||||
else
|
||||
fatal_error "No shorewall compiler installed"
|
||||
fi
|
||||
|
||||
if [ -z "$compiler" ]; then
|
||||
#
|
||||
# Both compilers installed. Read the appropriate shorewall.conf to learn the setting of SHOREWALL_COMPILER
|
||||
#
|
||||
if [ -n "$SHOREWALL_DIR" ]; then
|
||||
shell=$SHOREWALL_SHELL
|
||||
|
||||
[ -x $pc ] && set -a
|
||||
run_user_exit params
|
||||
set +a
|
||||
haveparams=Yes
|
||||
|
||||
get_config No No No
|
||||
|
||||
SHOREWALL_SHELL=$shell
|
||||
fi
|
||||
#
|
||||
# And initiate the appropriate compiler
|
||||
#
|
||||
if [ -n "$SHOREWALL_COMPILER" ]; then
|
||||
compiler="$SHOREWALL_COMPILER"
|
||||
elif [ -x $sc ]; then
|
||||
compiler=shell
|
||||
else
|
||||
compiler=perl
|
||||
fi
|
||||
fi
|
||||
|
||||
case $COMMAND in
|
||||
*start|try|refresh)
|
||||
;;
|
||||
@ -393,50 +353,33 @@ compiler() {
|
||||
;;
|
||||
esac
|
||||
|
||||
[ $command = exec ] || command=
|
||||
|
||||
case "$compiler" in
|
||||
perl)
|
||||
debugflags="-w"
|
||||
[ -n "$DEBUG" ] && debugflags='-wd'
|
||||
[ -n "$PROFILE" ] && debugflags='-wd:DProf'
|
||||
debugflags="-w"
|
||||
[ -n "$DEBUG" ] && debugflags='-wd'
|
||||
[ -n "$PROFILE" ] && debugflags='-wd:DProf'
|
||||
|
||||
# Perl compiler only takes the output file as a argument
|
||||
# Perl compiler only takes the output file as a argument
|
||||
|
||||
[ "$1" = debug -o "$1" = trace ] && shift;
|
||||
[ "$1" = nolock ] && shift;
|
||||
shift
|
||||
[ "$1" = debug -o "$1" = trace ] && shift;
|
||||
[ "$1" = nolock ] && shift;
|
||||
shift
|
||||
|
||||
options="--verbose=$VERBOSE"
|
||||
[ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG"
|
||||
[ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY";
|
||||
[ -n "$EXPORT" ] && options="$options --export"
|
||||
[ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR"
|
||||
[ -n "$TIMESTAMP" ] && options="$options --timestamp"
|
||||
[ -n "$TEST" ] && options="$options --test"
|
||||
[ "$debugging" = trace ] && options="$options --debug"
|
||||
[ -n "$REFRESHCHAINS" ] && options="$options --refresh=$REFRESHCHAINS"
|
||||
[ -x $pc ] || startup_error "SHOREWALL_COMPILER=perl requires the shorewall-perl package which is not installed"
|
||||
#
|
||||
# Run the appropriate params file
|
||||
#
|
||||
if [ -z "$haveparams" ]; then
|
||||
set -a;
|
||||
run_user_exit params
|
||||
set +a
|
||||
fi
|
||||
options="--verbose=$VERBOSE"
|
||||
[ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG"
|
||||
[ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY";
|
||||
[ -n "$EXPORT" ] && options="$options --export"
|
||||
[ -n "$SHOREWALL_DIR" ] && options="$options --directory=$SHOREWALL_DIR"
|
||||
[ -n "$TIMESTAMP" ] && options="$options --timestamp"
|
||||
[ -n "$TEST" ] && options="$options --test"
|
||||
[ "$debugging" = trace ] && options="$options --debug"
|
||||
[ -n "$REFRESHCHAINS" ] && options="$options --refresh=$REFRESHCHAINS"
|
||||
#
|
||||
# Run the appropriate params file
|
||||
#
|
||||
set -a;
|
||||
run_user_exit params
|
||||
set +a
|
||||
|
||||
$command perl $debugflags $pc $options $@
|
||||
;;
|
||||
shell)
|
||||
[ -x $sc ] || startup_error "SHOREWALL_COMPILER=shell requires the shorewall-shell package which is not installed"
|
||||
[ -n "$REFRESHCHAINS" ] && startup_error "Shorewall-shell does not support refresh of specific chains"
|
||||
$command $SHOREWALL_SHELL $sc $@
|
||||
;;
|
||||
*)
|
||||
startup_error "Invalid value ($SHOREWALL_COMPILER) for SHOREWALL_COMPILER"
|
||||
;;
|
||||
esac
|
||||
perl $debugflags /usr/share/shorewall-perl/compiler.pl $options $@
|
||||
}
|
||||
|
||||
#
|
||||
@ -452,7 +395,7 @@ start_command() {
|
||||
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if compiler run $debugging $nolock compile ${VARDIR}/.start; then
|
||||
if compiler $debugging $nolock compile ${VARDIR}/.start; then
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
${VARDIR}/.start $debugging start
|
||||
rc=$?
|
||||
@ -484,12 +427,6 @@ start_command() {
|
||||
finished=1
|
||||
option=
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
d*)
|
||||
DEBUG=Yes
|
||||
option=${option#d}
|
||||
@ -607,12 +544,6 @@ compile_command() {
|
||||
PROFILE=Yes
|
||||
option=${option#p}
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 0 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$1
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
t*)
|
||||
TEST=Yes
|
||||
option=${option#t}
|
||||
@ -668,7 +599,7 @@ compile_command() {
|
||||
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
compiler exec $debugging compile $file
|
||||
compiler $debugging compile $file
|
||||
}
|
||||
|
||||
#
|
||||
@ -702,12 +633,6 @@ check_command() {
|
||||
DEBUG=Yes;
|
||||
option=${option#d}
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 0 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -747,7 +672,7 @@ check_command() {
|
||||
|
||||
progress_message3 "Checking..."
|
||||
|
||||
compiler exec $debugging $nolock check
|
||||
compiler $debugging $nolock check
|
||||
}
|
||||
|
||||
#
|
||||
@ -783,12 +708,6 @@ restart_command() {
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
p*)
|
||||
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
|
||||
PURGE=Yes
|
||||
@ -838,7 +757,7 @@ restart_command() {
|
||||
if [ -z "$FAST" ]; then
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if compiler run $debugging $nolock compile ${VARDIR}/.restart; then
|
||||
if compiler $debugging $nolock compile ${VARDIR}/.restart; then
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
|
||||
rc=$?
|
||||
@ -877,12 +796,6 @@ refresh_command() {
|
||||
finished=1
|
||||
option=
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -914,7 +827,7 @@ refresh_command() {
|
||||
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if compiler run $debugging $nolock compile ${VARDIR}/.refresh; then
|
||||
if compiler $debugging $nolock compile ${VARDIR}/.refresh; then
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
$SHOREWALL_SHELL ${VARDIR}/.refresh $debugging refresh
|
||||
rc=$?
|
||||
@ -956,12 +869,6 @@ safe_commands() {
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -1021,7 +928,7 @@ safe_commands() {
|
||||
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if ! compiler run $debugging nolock compile ${VARDIR}/.$command; then
|
||||
if ! compiler $debugging nolock compile ${VARDIR}/.$command; then
|
||||
status=$?
|
||||
exit $status
|
||||
fi
|
||||
@ -1105,12 +1012,6 @@ try_command() {
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
SHOREWALL_COMPILER=$2
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -1164,7 +1065,7 @@ try_command() {
|
||||
|
||||
progress_message3 "Compiling..."
|
||||
|
||||
if ! compiler run $debugging $nolock compile ${VARDIR}/.$command; then
|
||||
if ! compiler $debugging $nolock compile ${VARDIR}/.$command; then
|
||||
status=$?
|
||||
exit $status
|
||||
fi
|
||||
@ -1234,8 +1135,6 @@ reload_command() # $* = original arguments less the command.
|
||||
getcaps=
|
||||
local root
|
||||
root=root
|
||||
local compiler
|
||||
compiler=
|
||||
|
||||
LITEDIR=/var/lib/shorewall-lite
|
||||
|
||||
@ -1265,12 +1164,6 @@ reload_command() # $* = original arguments less the command.
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
compiler="-C $2"
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -1325,7 +1218,7 @@ reload_command() # $* = original arguments less the command.
|
||||
|
||||
[ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp=
|
||||
|
||||
if shorewall $debugging $verbose $timestamp compile -e $compiler $directory $directory/firewall && \
|
||||
if shorewall $debugging $verbose $timestamp compile -e $directory $directory/firewall && \
|
||||
progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
|
||||
rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR}
|
||||
then
|
||||
@ -1362,8 +1255,6 @@ export_command() # $* = original arguments less the command.
|
||||
finished=0
|
||||
local directory
|
||||
local target
|
||||
local compiler
|
||||
compiler=
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
option=$1
|
||||
@ -1377,12 +1268,6 @@ export_command() # $* = original arguments less the command.
|
||||
finished=1
|
||||
option=
|
||||
;;
|
||||
C)
|
||||
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
|
||||
compiler="-C $2"
|
||||
option=
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
fatal_error "Unrecognized option \"$option\""
|
||||
;;
|
||||
@ -1420,7 +1305,7 @@ export_command() # $* = original arguments less the command.
|
||||
|
||||
file=$(resolve_file $directory/firewall)
|
||||
|
||||
if shorewall $debugging $verbose compile -e $compiler $directory $directory/firewall && \
|
||||
if shorewall $debugging $verbose compile -e $directory $directory/firewall && \
|
||||
echo "Copying $file and ${file}.conf to ${target#*@}..." && \
|
||||
scp $directory/firewall $directory/firewall.conf $target
|
||||
then
|
||||
@ -1441,38 +1326,38 @@ usage() # $1 = exit status
|
||||
echo "where <command> is one of:"
|
||||
echo " add <interface>[:<host-list>] ... <zone>"
|
||||
echo " allow <address> ..."
|
||||
echo " check [ -e ] [ -C {shell|perl} ] [ <directory> ]"
|
||||
echo " check [ -e ] [ <directory> ]"
|
||||
echo " clear [ -f ]"
|
||||
echo " compile [ -e ] [ -C {shell|perl} ] [ <directory name> ] <path name>"
|
||||
echo " compile [ -e ] [ <directory name> ] <path name>"
|
||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
echo " export [ -C {shell|perl} ] [ <directory1> ] [<user>@]<system>[:<directory2>]"
|
||||
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
|
||||
echo " forget [ <file name> ]"
|
||||
echo " help"
|
||||
echo " hits [ -t ]"
|
||||
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
|
||||
echo " ipdecimal { <address> | <integer> }"
|
||||
echo " iprange <address>-<address>"
|
||||
echo " load [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>"
|
||||
echo " load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
|
||||
echo " logdrop <address> ..."
|
||||
echo " logreject <address> ..."
|
||||
echo " logwatch [<refresh interval>]"
|
||||
echo " refresh [ -C {shell|perl} ] [ <chain>... ]"
|
||||
echo " refresh [ <chain>... ]"
|
||||
echo " reject <address> ..."
|
||||
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>"
|
||||
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
|
||||
echo " reset [ <chain> ... ]"
|
||||
echo " restart [ -n ] [ -p ] [ -f ] [ -C {shell|perl} ] [ <directory> ]"
|
||||
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"
|
||||
echo " start [ -f ] [ -n ] [ -p ] [ -C {shell|perl} ] [ <directory> ]"
|
||||
echo " start [ -f ] [ -n ] [ -p ] [ <directory> ]"
|
||||
echo " stop [ -f ]"
|
||||
echo " status"
|
||||
echo " try [ -C {shell|perl} ] <directory> [ <timeout> ]"
|
||||
echo " try <directory> [ <timeout> ]"
|
||||
echo " version [ -a ]"
|
||||
echo " safe-start [ -C {shell|perl} ] [ <directory> ]"
|
||||
echo " safe-restart [ -C {shell|perl} ] [ <directory> ]"
|
||||
echo " safe-start [ <directory> ]"
|
||||
echo " safe-restart [ <directory> ]"
|
||||
echo
|
||||
exit $1
|
||||
}
|
||||
@ -1640,10 +1525,6 @@ version_command() {
|
||||
echo $version
|
||||
|
||||
if [ -n "$all" ]; then
|
||||
if [ -f /usr/share/shorewall-shell/version ]; then
|
||||
echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
|
||||
fi
|
||||
|
||||
if [ -f /usr/share/shorewall-perl/version ]; then
|
||||
echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user