Update version

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8551 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-22 22:30:58 +01:00 · 2008-06-02 19:39:35 +00:00 · 2008-06-02 19:39:35 +00:00 · 8525c8ccdf
commit 8525c8ccdf
parent 5666833021
19 changed files with 73 additions and 23 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -2,6 +2,8 @@ Changes in 4.2.0-Beta2

 1)  Only issue a warning on RFC 1918 violation.

+2)  Implement 'save' user exit.
+
 Changes in 4.2.0-Beta1

 1)  Fix handling of firewall marks.
--- a/Shorewall-common/fallback.sh
+++ b/Shorewall-common/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-common/install.sh
+++ b/Shorewall-common/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-common/lib.cli
+++ b/Shorewall-common/lib.cli
@ -290,7 +290,7 @@ save_config() {
 		    if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
 			echo "   Dynamic Rules Saved"
 			if [ -f ${VARDIR}/.restore ]; then
-			    if iptables-save | iptablesbug > ${VARDIR}/restore-$$; then
+			    if $iptables_save | iptablesbug > ${VARDIR}/restore-$$; then
 				cp -f ${VARDIR}/.restore $RESTOREPATH
 				mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
 				chmod +x $RESTOREPATH
@ -333,6 +333,8 @@ save_config() {
 					echo "   WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved" >&2
 					;;
 				esac
+
+				run_user_exit save
 			    else
 			        rm -f ${VARDIR}/restore-$$
 				echo "   ERROR: Currently-running Configuration Not Saved" >&2
@ -838,7 +840,7 @@ restore_command() {

 	[ -n "$nolock" ] || mutex_off
    else
-	echo "File ${VARDIR}/$RESTOREFILE: file not found"
+	echo "File $RESTOREPATH: file not found"
 	[ -n "$nolock" ] || mutex_off
 	exit 2
    fi
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -84,6 +84,36 @@ Problems Corrected in Shorewall 4.2.0 Beta 2

 Other Changes in Shoreall 4.2.0 Beta 2.

+1) A 'save' extension script is added. The script is run after
+   iptables-save has completed successfully.
+
+   The 'load' and 'reload' commands copy the save script (if any) to
+   /etc/shorewall-lite/ on the remove firewall system. The 'export'
+   command copies the file to the same directory as the 'firewall' and
+   'firewall.conf' scripts.
+
+   I have the following commands in my 'save' script:
+
+     [ -s /root/ipsets.save ] && cp -a /root/ipsets.save /root/ipsets.save.backup
+     ipset -S > /root/ipsets.save
+
+   These commands complement my 'init' script:
+
+     qt modprobe ifb numifbs=1
+     qt ip link set dev ifb0 up
+
+     if [ "$COMMAND" = start ]; then
+         ipset -U :all: :all:
+   	 ipset -U :all: :default:
+   	 ipset -F
+   	 ipset -X
+   	 ipset -R < /root/ipsets.save
+     fi
+
+   Those two scripts allow me to save and restore the contents of my
+   ipsets automatically under Shorewall-perl/Shorewall-lite (my
+   routestopped file does not use ipsets).
+    
 None.

 New Features in Shorewall 4.2.
--- a/Shorewall-common/shorewall
+++ b/Shorewall-common/shorewall
@ -1303,6 +1303,10 @@ reload_command() # $* = original arguments less the command.
 	progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
 	rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR}
    then
+	save=$(find_file save);
+
+	[ -f $save ] && progress_message3 "Copying $save to ${system}:/etc/shorewall-lite/" && rcp_command $save /etc/shorewall-lite/
+
 	progress_message3 "Copy complete"
 	if [ $COMMAND = reload ]; then
 	    rsh_command "/sbin/shorewall-lite $debugging $verbose $timestamp restart" && \
@ -1394,6 +1398,10 @@ export_command() # $* = original arguments less the command.
 	echo "Copying $file and ${file}.conf to ${target#*@}..." && \
 	scp $directory/firewall $directory/firewall.conf $target
    then
+	save=(find_file save);
+
+	[ -f $save ] && progress_message3 "Copying $save to ${target#*}..." && rcp_command $save $target
+
 	progress_message3 "Copy complete"
    fi
 }
--- a/Shorewall-common/shorewall-common.spec
+++ b/Shorewall-common/shorewall-common.spec
@ -1,6 +1,6 @@
 %define name shorewall-common
 %define version 4.2.0
-%define release 0Beta1
+%define release 0Beta2

 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -175,6 +175,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples

 %changelog
+* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
+- Updated to 4.2.0-0Beta2
 * Wed May 07 2008 Tom Eastep tom@shorewall.net
 - Updated to 4.2.0-0Beta1
 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net
--- a/Shorewall-common/uninstall.sh
+++ b/Shorewall-common/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.2.0
-%define release 0Beta1
+%define release 0Beta2

 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt

 %changelog
+* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
+- Updated to 4.2.0-0Beta2
 * Wed May 07 2008 Tom Eastep tom@shorewall.net
 - Updated to 4.2.0-0Beta1
 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -652,13 +652,13 @@ sub use_input_chain($) {
    #
    # Interface associated with a single zone -- use the zone's input chain if it has one
    #
-    my $chainref = $filter_table->{zone_input_chain $interfaceref->{zone}};
+    my $chainref = $filter_table->{zone_input_chain $interfaceref->{zone4}};

    return 0 if $chainref;
    #
    # Use the '<zone>2fw' chain if it is referenced.
    #
-    $chainref = $filter_table->{join( '' , $interfaceref->{zone} , '2' , firewall_zone )};
+    $chainref = $filter_table->{join( '' , $interfaceref->{zone4} , '2' , firewall_zone )};

    ! $chainref->{referenced};
 }   
@ -696,13 +696,13 @@ sub use_output_chain($) {
    #
    # Interface associated with a single zone -- use the zone's output chain if it has one
    #    
-    my $chainref = $filter_table->{zone_output_chain $interfaceref->{zone}};
+    my $chainref = $filter_table->{zone_output_chain $interfaceref->{zone4}};

    return 0 if $chainref;
    #
    # Use the 'fw2<zone>' chain if it is referenced.
    #
-    $chainref = $filter_table->{join( '', firewall_zone , '2', $interfaceref->{zone} )};
+    $chainref = $filter_table->{join( '', firewall_zone , '2', $interfaceref->{zone4} )};

    ! $chainref->{referenced};
 }
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -265,7 +265,7 @@ sub initialize() {
 		    ORIGINAL_POLICY_MATCH => '',
 		    LOGPARMS => '',
 		    TC_SCRIPT => '',
-		    VERSION => "4.2.0-Beta1",
+		    VERSION => "4.2.0-Beta2",
 		    CAPVERSION => 40100 ,
 		  );
    #
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@ -127,7 +127,7 @@ our %reservedName = ( all => 1,
 #                                     options     => { <option1> = <val1> ,
 #                                                      ...
 #                                                    }
-#                                     zone        => <zone name>
+#                                     zone4       => <zone name>
 #                                     nets        => <number of nets in interface/hosts records referring to this interface>
 #                                     bridge      => <bridge>
 #                                     broadcasts  => 'none', 'detect' or [ <addr1>, <addr2>, ... ]
@ -455,7 +455,7 @@ sub add_group_to_zone($$$$$)
    my $arrayref;
    my $zoneref  = $zones{$zone};
    my $zonetype = $zoneref->{type};
-    my $ifacezone = $interfaces{$interface}{zone};
+    my $ifacezone = $interfaces{$interface}{zone4};

    $zoneref->{interfaces}{$interface} = 1;

@ -752,7 +752,7 @@ sub validate_interfaces_file( $ )

 	add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if $zone;

-    	$interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone()
+    	$interfaces{$interface}{zone4} = $zone; #Must follow the call to add_group_to_zone()

 	progress_message "   Interface \"$currentline\" Validated";

@ -1028,7 +1028,7 @@ sub find_hosts_by_option( $ ) {
    }

    for my $interface ( @interfaces ) {
-	if ( ! $interfaces{$interface}{zone} && $interfaces{$interface}{options}{$option} ) {
+	if ( ! $interfaces{$interface}{zone4} && $interfaces{$interface}{options}{$option} ) {
 	    push @hosts, [ $interface, 'none', ALLIPv4 ];
 	}
    }
--- a/Shorewall-perl/install.sh
+++ b/Shorewall-perl/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-perl/shorewall-perl.spec
+++ b/Shorewall-perl/shorewall-perl.spec
@ -1,6 +1,6 @@
 %define name shorewall-perl
 %define version 4.2.0
-%define release 0Beta1
+%define release 0Beta2

 Summary: Shoreline Firewall Perl-based compiler.
 Name: %{name}
@ -64,6 +64,8 @@ rm -rf $RPM_BUILD_ROOT
 %doc COPYING releasenotes.txt

 %changelog
+* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
+- Updated to 4.2.0-0Beta2
 * Wed May 07 2008 Tom Eastep tom@shorewall.net
 - Updated to 4.2.0-0Beta1
 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net
--- a/Shorewall-shell/install.sh
+++ b/Shorewall-shell/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.2.0-Beta1
+VERSION=4.2.0-Beta2

 usage() # $1 = exit status
 {
--- a/Shorewall-shell/shorewall-shell.spec
+++ b/Shorewall-shell/shorewall-shell.spec
@ -1,6 +1,6 @@
 %define name shorewall-shell
 %define version 4.2.0
-%define release 0Beta1
+%define release 0Beta2

 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -81,6 +81,8 @@ fi
 %doc COPYING INSTALL 

 %changelog
+* Mon Jun 02 2008 Tom Eastep tom@shorewall.net
+- Updated to 4.2.0-0Beta2
 * Wed May 07 2008 Tom Eastep tom@shorewall.net
 - Updated to 4.2.0-0Beta1
 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net