extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 14:20:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2015-06-08 13:50:47 -07:00
commit 7f50557250
3 changed files with 78 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall-core/lib.common
View File

@ -79,6 +79,15 @@ fatal_error() # $@ = Message
exit 2 exit 2
} }
#
# Not configured Error
#
not_configured() # $@ = Message
{
echo " ERROR: $@" >&2
exit 6
}
# #
# Get the Shorewall version of the passed script # Get the Shorewall version of the passed script
# #

126
Shorewall-init/shorewall-init
View File

@ -1,18 +1,19 @@
#! /bin/bash #!/bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
# #
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net) # (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
# #
# On most distributions, this file should be called /etc/init.d/shorewall. # On most distributions, this file should be called
# /etc/init.d/shorewall.
# #
# Complete documentation is available at http://shorewall.net # Complete documentation is available at http://shorewall.net
# #
# This program is part of Shorewall. # This program is part of Shorewall.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the # it under the terms of the GNU General Public License as published by
# Free Software Foundation, either version 2 of the license or, at your # the Free Software Foundation, either version 2 of the license or,
# option, any later version. # at your option, any later version.
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -22,7 +23,7 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>. # along with this program; if not, see <http://www.gnu.org/licenses/>.
# #
######################################################################################### ###############################################################################
# set the STATEDIR variable # set the STATEDIR variable
setstatedir() { setstatedir() {
local statedir local statedir
@ -33,7 +34,9 @@ setstatedir() {
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT} [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1 ${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
else
return 0
fi fi
} }
@ -46,7 +49,7 @@ setstatedir() {
if [ -f "$SYSCONFDIR/shorewall-init" ]; then if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. $SYSCONFDIR/shorewall-init . $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2 echo "ERROR: No products configured" >&2
exit 1 exit 1
fi fi
else else
@ -56,71 +59,66 @@ fi
# Initialize the firewall # Initialize the firewall
shorewall_start () { shorewall_start () {
local PRODUCT local PRODUCT
local STATEDIR local STATEDIR
echo -n "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
setstatedir if setstatedir; then
if [ -x ${STATEDIR}/firewall ]; then
#
# Run in a sub-shell to avoid name collisions
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop
fi
)
fi
fi
done
if [ -x ${STATEDIR}/firewall ]; then if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
# ipset -R < "$SAVE_IPSETS"
# Run in a sub-shell to avoid name collisions fi
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop || exit 1
else
exit 1
fi
)
else
echo ERROR: ${STATEDIR}/firewall does not exist or is not executable!
exit 1
fi
done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then return 0
ipset -R < "$SAVE_IPSETS"
fi
return 0
} }
# Clear the firewall # Clear the firewall
shorewall_stop () { shorewall_stop () {
local PRODUCT local PRODUCT
local STATEDIR local STATEDIR
echo -n "Clearing \"Shorewall-based firewalls\": " echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
setstatedir if setstatedir; then
if [ -x ${STATEDIR}/firewall ]; then
${STATEDIR}/firewall ${OPTIONS} clear
fi
fi
done
if [ -x ${STATEDIR}/firewall ]; then if [ -n "$SAVE_IPSETS" ]; then
${STATEDIR}/firewall ${OPTIONS} clear || exit 1 mkdir -p $(dirname "$SAVE_IPSETS")
fi if ipset -S > "${SAVE_IPSETS}.tmp"; then
done grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
fi
fi
if [ -n "$SAVE_IPSETS" ]; then return 0
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
fi
fi
return 0
} }
case "$1" in case "$1" in
start) start)
shorewall_start shorewall_start
;; ;;
stop) stop)
shorewall_stop shorewall_stop
;; ;;
*) *)
echo "Usage: $0 {start|stop}" echo "Usage: $0 {start|stop}"
exit 1 exit 1
esac esac
exit 0 exit 0

15
Shorewall/lib.cli-std
View File

@ -162,14 +162,13 @@ get_config() {
if [ "$2" = Yes ]; then if [ "$2" = Yes ]; then
case $STARTUP_ENABLED in case $STARTUP_ENABLED in
No|no|NO) No|no|NO)
fatal_error "$g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf" not_configured "$g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf"
;; ;;
Yes|yes|YES) Yes|yes|YES)
;; ;;
*) *)
if [ -n "$STARTUP_ENABLED" ]; then if [ -n "$STARTUP_ENABLED" ]; then
fatal_error "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED" not_configured "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED"
exit 6
fi fi
;; ;;
esac esac
@ -510,7 +509,7 @@ start_command() {
exit 0 exit 0
fi fi
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1 option=$1
@ -1002,7 +1001,7 @@ restart_command() {
;; ;;
esac esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then
uptodate ${VARDIR}/firewall && g_fast=Yes uptodate ${VARDIR}/firewall && g_fast=Yes
@ -1101,7 +1100,7 @@ refresh_command() {
product_is_started || fatal_error "$g_product is not running" product_is_started || fatal_error "$g_product is not running"
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if compiler $g_debugging $nolock compile ${VARDIR}/.refresh; then if compiler $g_debugging $nolock compile ${VARDIR}/.refresh; then
run_postcompile ${VARDIR}/.refresh run_postcompile ${VARDIR}/.refresh
@ -1190,7 +1189,7 @@ safe_commands() {
;; ;;
esac esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if product_is_started; then if product_is_started; then
running=Yes running=Yes
@ -1327,7 +1326,7 @@ try_command() {
;; ;;
esac esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if product_is_started; then if product_is_started; then
running=Yes running=Yes