From a508bcf6d73c062f9e1e787d692062cfafea768d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 5 May 2015 14:35:42 -0700 Subject: [PATCH 1/4] Refer to directory relocation from the Anatomy article Signed-off-by: Tom Eastep --- docs/Anatomy.xml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/Anatomy.xml b/docs/Anatomy.xml index 47b7333f7..27ac2f014 100644 --- a/docs/Anatomy.xml +++ b/docs/Anatomy.xml @@ -24,6 +24,8 @@ 2012 + 2015 + Thomas M. Eastep @@ -93,13 +95,16 @@
Shorewall - The Shorewall package includes a large number of files which are - installed in /sbin, /usr/share/shorewall, The Shorewall package includes a large number of files which were + traditionally installed in /sbin, + /usr/share/shorewall, /etc/shorewall, /etc/init.d and /var/lib/shorewall/. These are described in - the sub-sections that follow. + the sub-sections that follow. Since Shorewall 4.5.2, each of these + directories is now relocatable using the configure scripts included with Shorewall + Core.
/sbin @@ -504,8 +509,8 @@
/sbin - The /sbin/shorewall-lite shell program is used - to interact with Shorewall lite. See The /sbin/shorewall-lite shell program is + used to interact with Shorewall lite. See shorewall-lite(8).
From 7a9270136c70025bb5cb269f2cdb21bab9ea1103 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 6 May 2015 18:39:32 -0700 Subject: [PATCH 2/4] Clarify Shorewall-core's contribution in the Anatomy article. Signed-off-by: Tom Eastep --- docs/Anatomy.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/Anatomy.xml b/docs/Anatomy.xml index 27ac2f014..831d9fe27 100644 --- a/docs/Anatomy.xml +++ b/docs/Anatomy.xml @@ -175,7 +175,8 @@ lib.* - Shell function libraries used by - the other shell programs. + the other shell programs. Most of these are actually provided by + Shorewall-core. @@ -199,6 +200,12 @@ containing the Shorewall Perl modules used by the compiler. + + shorewallrc - A file that specifies where + all of the other installed components (from all packages) are + installed. + + version - A file containing the currently install version of Shorewall. From 548c0558c15f1ec10b3782014cefa996c58db03f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 7 May 2015 12:31:46 -0700 Subject: [PATCH 3/4] Shorewall-init improvements Signed-off-by: Tom Eastep --- Shorewall-init/init.debian.sh | 38 +++++++++++++++++------------------ Shorewall-init/init.sh | 26 ++++++++++++------------ Shorewall-init/init.suse.sh | 26 +++++++++++------------- 3 files changed, 43 insertions(+), 47 deletions(-) diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh index 81ad9ea1c..0ea068d33 100755 --- a/Shorewall-init/init.debian.sh +++ b/Shorewall-init/init.debian.sh @@ -74,7 +74,9 @@ setstatedir() { [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT} if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then - ${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || echo_notdone + ${SBINDIR}/$PRODUCT ${OPTIONS} compile -c + else + return 0 fi } @@ -103,21 +105,17 @@ shorewall_start () { echo -n "Initializing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x ${STATEDIR}/firewall ]; then - # - # Run in a sub-shell to avoid name collisions - # - ( - if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then - ${STATEDIR}/firewall ${OPTIONS} stop || echo_notdone - else - echo_notdone - fi - ) - else - echo_notdone + if setstatedir; then + if [ -x ${STATEDIR}/firewall ]; then + # + # Run in a sub-shell to avoid name collisions + # + ( + if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then + ${STATEDIR}/firewall ${OPTIONS} stop + fi + ) + fi fi done @@ -144,10 +142,10 @@ shorewall_stop () { echo -n "Clearing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x ${STATEDIR}/firewall ]; then - ${STATEDIR}/firewall ${OPTIONS} clear || echo_notdone + if setstatedir; then + if [ -x ${STATEDIR}/firewall ]; then + ${STATEDIR}/firewall ${OPTIONS} clear + fi fi done diff --git a/Shorewall-init/init.sh b/Shorewall-init/init.sh index e335780ab..9d05b408b 100755 --- a/Shorewall-init/init.sh +++ b/Shorewall-init/init.sh @@ -69,10 +69,10 @@ setstatedir() { [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT} - if [ ! -x $STATEDIR/firewall ]; then - if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then - ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall - fi + if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then + ${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall + else + return 0 fi } @@ -83,11 +83,11 @@ shorewall_start () { echo -n "Initializing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x ${STATEDIR}/firewall ]; then - if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then - ${STATEDIR}/firewall ${OPTIONS} stop || exit 1 + if setstatedir; then + if [ -x ${STATEDIR}/firewall ]; then + if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then + ${STATEDIR}/firewall ${OPTIONS} stop + fi fi fi done @@ -106,10 +106,10 @@ shorewall_stop () { echo -n "Clearing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x ${STATEDIR}/firewall ]; then - ${STATEDIR}/firewall ${OPTIONS} clear || exit 1 + if setstatedir; then + if [ -x ${STATEDIR}/firewall ]; then + ${STATEDIR}/firewall ${OPTIONS} clear + fi fi done diff --git a/Shorewall-init/init.suse.sh b/Shorewall-init/init.suse.sh index a9a4c729e..fd5b9d875 100755 --- a/Shorewall-init/init.suse.sh +++ b/Shorewall-init/init.suse.sh @@ -80,7 +80,9 @@ setstatedir() { [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT} if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then - ${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit + ${SBINDIR}/$PRODUCT ${OPTIONS} compile -c + else + return 0 fi } @@ -91,14 +93,12 @@ shorewall_start () { echo -n "Initializing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x $STATEDIR/firewall ]; then - if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then - $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop || exit + if setstatedir; then + if [ -x $STATEDIR/firewall ]; then + if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then + $STATEDIR/$PRODUCT/firewall ${OPTIONS} stop + fi fi - else - exit 6 fi done @@ -114,12 +114,10 @@ shorewall_stop () { echo -n "Clearing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - setstatedir - - if [ -x ${STATEDIR}/firewall ]; then - ${STATEDIR}/firewall ${OPTIONS} clear || exit - else - exit 6 + if setstatedir; then + if [ -x ${STATEDIR}/firewall ]; then + ${STATEDIR}/firewall ${OPTIONS} clear + fi fi done From 4b27c72c7944043a73261f1f8310fe5c1e89daec Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 7 May 2015 14:12:41 -0700 Subject: [PATCH 4/4] Set exit code to 6 when startup is disabled Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 6 +++--- Shorewall/lib.cli-std | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 8ce5c80bf..c318763de 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -1683,7 +1683,7 @@ restore_command() { if [ -z "$STARTUP_ENABLED" ]; then error_message "ERROR: Startup is disabled" - exit 2 + exit 6 fi g_restorepath=${VARDIR}/$RESTOREFILE @@ -3680,7 +3680,7 @@ start_command() { else error_message "${VARDIR}/firewall is missing or is not executable" logger -p kern.err "ERROR:$g_product start failed" - rc=2 + rc=6 fi [ -n "$g_nolock" ] || mutex_off @@ -3813,7 +3813,7 @@ restart_command() { else error_message "${VARDIR}/firewall is missing or is not executable" logger -p kern.err "ERROR:$g_product restart failed" - rc=2 + rc=6 fi [ -n "$g_nolock" ] || mutex_off diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 74603d1fb..cce2c1755 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -169,7 +169,7 @@ get_config() { *) if [ -n "$STARTUP_ENABLED" ]; then fatal_error "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED" - exit 2 + exit 6 fi ;; esac