From 74cee48bc06dfb44523966f356f7c3d706d968ff Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 19 Dec 2011 15:52:42 -0800 Subject: [PATCH] Change /sbin/shorewall6 back into a file Signed-off-by: Tom Eastep --- Shorewall/lib.cli | 304 ++++++++++++++++++++++++++++++++++++++++ Shorewall/shorewall | 314 +----------------------------------------- Shorewall6/install.sh | 19 ++- 3 files changed, 325 insertions(+), 312 deletions(-) diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index 5a617810e..58fc9b08d 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -2830,3 +2830,307 @@ usage() # $1 = exit status exit $1 } +shorewall_cli() { + finished=0 + + while [ $finished -eq 0 ]; do + [ $# -eq 0 ] && usage 1 + option=$1 + case $option in + -) + finished=1 + ;; + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + c) + [ $# -eq 1 -o -n "$g_lite" ] && usage 1 + + if [ ! -d $2 ]; then + if [ -e $2 ]; then + echo "$2 is not a directory" >&2 && exit 2 + else + echo "Directory $2 does not exist" >&2 && exit 2 + fi + fi + + SHOREWALL_DIR=$(resolve_file $2) + option= + shift + ;; + e*) + [ -n "$g_lite" ] && usage 1 + g_export=Yes + option=${option#e} + ;; + x*) + g_ipt_options="-xnv" + option=${option#x} + ;; + q*) + g_verbose_offset=$(($g_verbose_offset - 1 )) + option=${option#q} + ;; + f*) + g_fast=Yes + option=${option#f} + ;; + v*) + option=${option#v} + case $option in + -1*) + g_use_verbosity=-1 + option=${option#-1} + ;; + 0*) + g_use_verbosity=0 + option=${option#0} + ;; + 1*) + g_use_verbosity=1 + option=${option#1} + ;; + 2*) + g_use_verbosity=2 + option=${option#2} + ;; + *) + g_verbose_offset=$(($g_verbose_offset + 1 )) + g_use_verbosity= + ;; + esac + ;; + n*) + g_noroutes=Yes + option=${option#n} + ;; + t*) + g_timestamp=Yes + option=${option#t} + ;; + -) + finished=1 + option= + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + + if [ $# -eq 0 ]; then + usage 1 + fi + + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin + MUTEX_TIMEOUT= + + [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir + + [ -n "${VARDIR:=/var/lib/$g_program}" ] + + if [ ! -f ${VARDIR}/firewall ]; then + [ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.rstore ${VARDIR}/firewall + fi + + g_firewall=${VARDIR}/firewall + + version_file=$SHAREDIR/version + if [ -f $version_file ]; then + SHOREWALL_VERSION=$(cat $version_file) + else + echo " ERROR: $g_product is not properly installed" >&2 + echo " The file $version_file does not exist" >&2 + exit 1 + fi + + banner="${g_product}-${SHOREWALL_VERSION} Status at $g_hostname -" + + case $(echo -e) in + -e*) + g_ring_bell="echo \a" + g_echo_e="echo" + ;; + *) + g_ring_bell="echo -e \a" + g_echo_e="echo -e" + ;; + esac + + case $(echo -n "Testing") in + -n*) + g_echo_n= + ;; + *) + g_echo_n=-n + ;; + esac + + COMMAND=$1 + + case "$COMMAND" in + start) + get_config Yes Yes + shift + start_command $@ + ;; + stop|clear) + [ $# -ne 1 ] && usage 1 + get_config + [ -x $g_firewall ] || fatal_error "$g_product has never been started" + [ -n "$g_nolock" ] || mutex_on + run_it $g_firewall $g_debugging $COMMAND + [ -n "$g_nolock" ] || mutex_off + ;; + reset) + get_config + shift + [ -n "$g_nolock" ] || mutex_on + [ -x $g_firewall ] || fatal_error "$g_product has never been started" + run_it $g_firewall $g_debugging reset $@ + [ -n "$g_nolock" ] || mutex_off + ;; + restart) + get_config Yes Yes + shift + restart_command $@ + ;; + disable|enable) + get_config Yes + if product_is_started; then + run_it ${VARDIR}/firewall $g_debugging $@ + else + fatal_error "Shorewall is not running" + fi + ;; + show|list) + get_config Yes No Yes + shift + show_command $@ + ;; + status) + [ $# -eq 1 ] || usage 1 + [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root" + get_config + status_command + ;; + dump) + get_config Yes No Yes + shift + dump_command $@ + ;; + hits) + [ $g_family -eq 6 ] && usage 1 + get_config Yes No Yes + [ -n "$g_debugging" ] && set -x + shift + hits_command $@ + ;; + version) + shift + version_command $@ + ;; + logwatch) + get_config Yes Yes Yes + banner="${g_product}-$SHOREWALL_VERSION Logwatch at $g_hostname -" + logwatch_command $@ + ;; + drop) + get_config + [ -n "$g_debugging" ] && set -x + [ $# -eq 1 ] && usage 1 + drop_command $@ + ;; + logdrop) + get_config + [ -n "$g_debugging" ] && set -x + [ $# -eq 1 ] && usage 1 + logdrop_command $@ + ;; + reject|logreject) + get_config + [ -n "$g_debugging" ] && set -x + [ $# -eq 1 ] && usage 1 + reject_command $@ + ;; + allow) + get_config + allow_command $@ + ;; + add) + get_config + shift + add_command $@ + ;; + delete) + get_config + shift + delete_command $@ + ;; + save) + get_config + [ -n "$g_debugging" ] && set -x + save_command $@ + ;; + forget) + get_config + forget_command $@ + ;; + ipcalc) + [ -n "$g_debugging" ] && set -x + ipcalc_command $@ + ;; + iprange) + [ -n "$g_debugging" ] && set -x + iprange_command $@ + ;; + ipdecimal) + [ -n "$g_debugging" ] && set -x + ipdecimal_command $@ + ;; + restore) + get_config + shift + restore_command $@ + ;; + call) + get_config + [ -n "$g_debugging" ] && set -x + # + # Undocumented way to call functions in the libraries directly + # + shift + $@ + ;; + help) + shift + usage + ;; + iptrace) + get_config + shift + iptrace_command $@ + ;; + noiptrace) + get_config + shift + noiptrace_command $@ + ;; + *) + if [ -z "$g_lite" ]; then + compiler_command $@ + else + usage 1 + fi + ;; + esac +} diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 5b5f6c7d6..d9c7e6954 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -53,7 +53,10 @@ g_confess= g_update= g_convert= g_annotate= - +g_recovering= +g_timestamp= +g_libexec=/usr/share +g_perllib=/usr/share/shorewall # # Make sure that these variables are cleared # @@ -99,124 +102,6 @@ else g_lite= fi -finished=0 - -while [ $finished -eq 0 ]; do - [ $# -eq 0 ] && usage 1 - option=$1 - case $option in - -) - finished=1 - ;; - -*) - option=${option#-} - - while [ -n "$option" ]; do - case $option in - c) - [ $# -eq 1 -o -n "$g_lite" ] && usage 1 - - if [ ! -d $2 ]; then - if [ -e $2 ]; then - echo "$2 is not a directory" >&2 && exit 2 - else - echo "Directory $2 does not exist" >&2 && exit 2 - fi - fi - - SHOREWALL_DIR=$(resolve_file $2) - option= - shift - ;; - e*) - [ -n "$g_lite" ] && usage 1 - g_export=Yes - option=${option#e} - ;; - x*) - g_ipt_options="-xnv" - option=${option#x} - ;; - q*) - g_verbose_offset=$(($g_verbose_offset - 1 )) - option=${option#q} - ;; - f*) - g_fast=Yes - option=${option#f} - ;; - v*) - option=${option#v} - case $option in - -1*) - g_use_verbosity=-1 - option=${option#-1} - ;; - 0*) - g_use_verbosity=0 - option=${option#0} - ;; - 1*) - g_use_verbosity=1 - option=${option#1} - ;; - 2*) - g_use_verbosity=2 - option=${option#2} - ;; - *) - g_verbose_offset=$(($g_verbose_offset + 1 )) - g_use_verbosity= - ;; - esac - ;; - n*) - g_noroutes=Yes - option=${option#n} - ;; - t*) - g_timestamp=Yes - option=${option#t} - ;; - -) - finished=1 - option= - ;; - *) - usage 1 - ;; - esac - done - shift - ;; - *) - finished=1 - ;; - esac -done - -if [ $# -eq 0 ]; then - usage 1 -fi - -PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin -MUTEX_TIMEOUT= - -g_recovering= -g_timestamp= -g_libexec=/usr/share -g_perllib=/usr/share/shorewall - -[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir - -[ -n "${VARDIR:=/var/lib/$g_program}" ] - -if [ ! -f ${VARDIR}/firewall ]; then - [ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.rstore ${VARDIR}/firewall -fi - -g_firewall=${VARDIR}/firewall - if [ -z "$g_lite" ]; then for library in base cli cli-std; do . /usr/share/shorewall/lib.$library @@ -227,193 +112,4 @@ else done fi -version_file=$SHAREDIR/version -if [ -f $version_file ]; then - SHOREWALL_VERSION=$(cat $version_file) -else - echo " ERROR: $g_product is not properly installed" >&2 - echo " The file $version_file does not exist" >&2 - exit 1 -fi - -banner="${g_product}-${SHOREWALL_VERSION} Status at $g_hostname -" - -case $(echo -e) in - -e*) - g_ring_bell="echo \a" - g_echo_e="echo" - ;; - *) - g_ring_bell="echo -e \a" - g_echo_e="echo -e" - ;; -esac - -case $(echo -n "Testing") in - -n*) - g_echo_n= - ;; - *) - g_echo_n=-n - ;; -esac - -COMMAND=$1 - -case "$COMMAND" in - start) - get_config Yes Yes - shift - start_command $@ - ;; - stop|clear) - [ $# -ne 1 ] && usage 1 - get_config - [ -x $g_firewall ] || fatal_error "$g_product has never been started" - [ -n "$g_nolock" ] || mutex_on - run_it $g_firewall $g_debugging $COMMAND - [ -n "$g_nolock" ] || mutex_off - ;; - reset) - get_config - shift - [ -n "$g_nolock" ] || mutex_on - [ -x $g_firewall ] || fatal_error "$g_product has never been started" - run_it $g_firewall $g_debugging reset $@ - [ -n "$g_nolock" ] || mutex_off - ;; - restart) - get_config Yes Yes - shift - restart_command $@ - ;; - disable|enable) - get_config Yes - if product_is_started; then - run_it ${VARDIR}/firewall $g_debugging $@ - else - fatal_error "Shorewall is not running" - fi - ;; - show|list) - get_config Yes No Yes - shift - show_command $@ - ;; - status) - [ $# -eq 1 ] || usage 1 - [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root" - get_config - status_command - ;; - dump) - get_config Yes No Yes - shift - dump_command $@ - ;; - hits) - [ $g_family -eq 6 ] && usage 1 - get_config Yes No Yes - [ -n "$g_debugging" ] && set -x - shift - hits_command $@ - ;; - version) - shift - version_command $@ - ;; - logwatch) - get_config Yes Yes Yes - banner="${g_product}-$SHOREWALL_VERSION Logwatch at $g_hostname -" - logwatch_command $@ - ;; - drop) - get_config - [ -n "$g_debugging" ] && set -x - [ $# -eq 1 ] && usage 1 - drop_command $@ - ;; - logdrop) - get_config - [ -n "$g_debugging" ] && set -x - [ $# -eq 1 ] && usage 1 - logdrop_command $@ - ;; - reject|logreject) - get_config - [ -n "$g_debugging" ] && set -x - [ $# -eq 1 ] && usage 1 - reject_command $@ - ;; - allow) - get_config - allow_command $@ - ;; - add) - get_config - shift - add_command $@ - ;; - delete) - get_config - shift - delete_command $@ - ;; - save) - get_config - [ -n "$g_debugging" ] && set -x - save_command $@ - ;; - forget) - get_config - forget_command $@ - ;; - ipcalc) - [ -n "$g_debugging" ] && set -x - ipcalc_command $@ - ;; - - iprange) - [ -n "$g_debugging" ] && set -x - iprange_command $@ - ;; - ipdecimal) - [ -n "$g_debugging" ] && set -x - ipdecimal_command $@ - ;; - restore) - get_config - shift - restore_command $@ - ;; - call) - get_config - [ -n "$g_debugging" ] && set -x - # - # Undocumented way to call functions in the libraries directly - # - shift - $@ - ;; - help) - shift - usage - ;; - iptrace) - get_config - shift - iptrace_command $@ - ;; - noiptrace) - get_config - shift - noiptrace_command $@ - ;; - *) - if [ -z "$g_lite" ]; then - compiler_command $@ - else - usage 1 - fi - ;; -esac +shorewall_cli $@ diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 835c24f62..964598219 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -282,9 +282,22 @@ else first_install="Yes" fi -ln -sf shorewall ${DESTDIR}/sbin/shorewall6 - -echo "/sbin/shorewall6 linked to /sbin/shorewall" +if [ -z "$CYGWIN" ]; then + install_file shorewall6 ${DESTDIR}/sbin/shorewall6 0755 ${DESTDIR}/var/lib/shorewall6-${VERSION}.bkout + if [ -z "$MACHOST" ]; then + eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/sbin/shorewall6 + eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/sbin/shorewall6 + else + eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/sbin/shorewall6 + eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/sbin/shorewall6 + fi + echo "shorewall6 control program installed in ${DESTDIR}/sbin/shorewall6" +else + install_file shorewall6 ${DESTDIR}/bin/shorewall6 0755 ${DESTDIR}/var/lib/shorewall6-${VERSION}.bkout + eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/bin/shorewall6 + eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/bin/shorewall6 + echo "shorewall6 control program installed in ${DESTDIR}/bin/shorewall6" +fi # # Install the Firewall Script