From 8525c8ccdf536ec27e43c756ea350eccd857554b Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 2 Jun 2008 19:39:35 +0000 Subject: [PATCH] Update version git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8551 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-common/fallback.sh | 2 +- Shorewall-common/install.sh | 2 +- Shorewall-common/lib.cli | 6 ++++-- Shorewall-common/releasenotes.txt | 30 ++++++++++++++++++++++++++ Shorewall-common/shorewall | 8 +++++++ Shorewall-common/shorewall-common.spec | 4 +++- Shorewall-common/uninstall.sh | 2 +- Shorewall-lite/fallback.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +++- Shorewall-lite/uninstall.sh | 2 +- Shorewall-perl/Shorewall/Chains.pm | 8 +++---- Shorewall-perl/Shorewall/Config.pm | 2 +- Shorewall-perl/Shorewall/Zones.pm | 8 +++---- Shorewall-perl/install.sh | 2 +- Shorewall-perl/shorewall-perl.spec | 4 +++- Shorewall-shell/install.sh | 2 +- Shorewall-shell/shorewall-shell.spec | 4 +++- 19 files changed, 73 insertions(+), 23 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 194ccce52..d617246bd 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -2,6 +2,8 @@ Changes in 4.2.0-Beta2 1) Only issue a warning on RFC 1918 violation. +2) Implement 'save' user exit. + Changes in 4.2.0-Beta1 1) Fix handling of firewall marks. diff --git a/Shorewall-common/fallback.sh b/Shorewall-common/fallback.sh index fad896ef5..88f46a629 100755 --- a/Shorewall-common/fallback.sh +++ b/Shorewall-common/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-common/install.sh b/Shorewall-common/install.sh index 3752bc41a..160b5b81f 100755 --- a/Shorewall-common/install.sh +++ b/Shorewall-common/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-common/lib.cli b/Shorewall-common/lib.cli index 4298d880d..930a80242 100644 --- a/Shorewall-common/lib.cli +++ b/Shorewall-common/lib.cli @@ -290,7 +290,7 @@ save_config() { if $IPTABLES -L dynamic -n > ${VARDIR}/save; then echo " Dynamic Rules Saved" if [ -f ${VARDIR}/.restore ]; then - if iptables-save | iptablesbug > ${VARDIR}/restore-$$; then + if $iptables_save | iptablesbug > ${VARDIR}/restore-$$; then cp -f ${VARDIR}/.restore $RESTOREPATH mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables chmod +x $RESTOREPATH @@ -333,6 +333,8 @@ save_config() { echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved" >&2 ;; esac + + run_user_exit save else rm -f ${VARDIR}/restore-$$ echo " ERROR: Currently-running Configuration Not Saved" >&2 @@ -838,7 +840,7 @@ restore_command() { [ -n "$nolock" ] || mutex_off else - echo "File ${VARDIR}/$RESTOREFILE: file not found" + echo "File $RESTOREPATH: file not found" [ -n "$nolock" ] || mutex_off exit 2 fi diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index f05af1dcf..31ff8839e 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -84,6 +84,36 @@ Problems Corrected in Shorewall 4.2.0 Beta 2 Other Changes in Shoreall 4.2.0 Beta 2. +1) A 'save' extension script is added. The script is run after + iptables-save has completed successfully. + + The 'load' and 'reload' commands copy the save script (if any) to + /etc/shorewall-lite/ on the remove firewall system. The 'export' + command copies the file to the same directory as the 'firewall' and + 'firewall.conf' scripts. + + I have the following commands in my 'save' script: + + [ -s /root/ipsets.save ] && cp -a /root/ipsets.save /root/ipsets.save.backup + ipset -S > /root/ipsets.save + + These commands complement my 'init' script: + + qt modprobe ifb numifbs=1 + qt ip link set dev ifb0 up + + if [ "$COMMAND" = start ]; then + ipset -U :all: :all: + ipset -U :all: :default: + ipset -F + ipset -X + ipset -R < /root/ipsets.save + fi + + Those two scripts allow me to save and restore the contents of my + ipsets automatically under Shorewall-perl/Shorewall-lite (my + routestopped file does not use ipsets). + None. New Features in Shorewall 4.2. diff --git a/Shorewall-common/shorewall b/Shorewall-common/shorewall index 65210912d..01e3e9065 100755 --- a/Shorewall-common/shorewall +++ b/Shorewall-common/shorewall @@ -1303,6 +1303,10 @@ reload_command() # $* = original arguments less the command. progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \ rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR} then + save=$(find_file save); + + [ -f $save ] && progress_message3 "Copying $save to ${system}:/etc/shorewall-lite/" && rcp_command $save /etc/shorewall-lite/ + progress_message3 "Copy complete" if [ $COMMAND = reload ]; then rsh_command "/sbin/shorewall-lite $debugging $verbose $timestamp restart" && \ @@ -1394,6 +1398,10 @@ export_command() # $* = original arguments less the command. echo "Copying $file and ${file}.conf to ${target#*@}..." && \ scp $directory/firewall $directory/firewall.conf $target then + save=(find_file save); + + [ -f $save ] && progress_message3 "Copying $save to ${target#*}..." && rcp_command $save $target + progress_message3 "Copy complete" fi } diff --git a/Shorewall-common/shorewall-common.spec b/Shorewall-common/shorewall-common.spec index 092e88471..618d13ed3 100644 --- a/Shorewall-common/shorewall-common.spec +++ b/Shorewall-common/shorewall-common.spec @@ -1,6 +1,6 @@ %define name shorewall-common %define version 4.2.0 -%define release 0Beta1 +%define release 0Beta2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -175,6 +175,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %changelog +* Mon Jun 02 2008 Tom Eastep tom@shorewall.net +- Updated to 4.2.0-0Beta2 * Wed May 07 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta1 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net diff --git a/Shorewall-common/uninstall.sh b/Shorewall-common/uninstall.sh index 6b014c114..53808bd0c 100755 --- a/Shorewall-common/uninstall.sh +++ b/Shorewall-common/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index 3fe6721ca..afd3266ec 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 34bc2c18b..1053082c0 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index bb3bf2d83..9079e3aa9 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.2.0 -%define release 0Beta1 +%define release 0Beta2 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Name: %{name} @@ -98,6 +98,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Mon Jun 02 2008 Tom Eastep tom@shorewall.net +- Updated to 4.2.0-0Beta2 * Wed May 07 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta1 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 8090d774a..e1fb7d558 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 687cf820e..4cdf39dfa 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -652,13 +652,13 @@ sub use_input_chain($) { # # Interface associated with a single zone -- use the zone's input chain if it has one # - my $chainref = $filter_table->{zone_input_chain $interfaceref->{zone}}; + my $chainref = $filter_table->{zone_input_chain $interfaceref->{zone4}}; return 0 if $chainref; # # Use the '2fw' chain if it is referenced. # - $chainref = $filter_table->{join( '' , $interfaceref->{zone} , '2' , firewall_zone )}; + $chainref = $filter_table->{join( '' , $interfaceref->{zone4} , '2' , firewall_zone )}; ! $chainref->{referenced}; } @@ -696,13 +696,13 @@ sub use_output_chain($) { # # Interface associated with a single zone -- use the zone's output chain if it has one # - my $chainref = $filter_table->{zone_output_chain $interfaceref->{zone}}; + my $chainref = $filter_table->{zone_output_chain $interfaceref->{zone4}}; return 0 if $chainref; # # Use the 'fw2' chain if it is referenced. # - $chainref = $filter_table->{join( '', firewall_zone , '2', $interfaceref->{zone} )}; + $chainref = $filter_table->{join( '', firewall_zone , '2', $interfaceref->{zone4} )}; ! $chainref->{referenced}; } diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index cce72af4b..8bae5ca95 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -265,7 +265,7 @@ sub initialize() { ORIGINAL_POLICY_MATCH => '', LOGPARMS => '', TC_SCRIPT => '', - VERSION => "4.2.0-Beta1", + VERSION => "4.2.0-Beta2", CAPVERSION => 40100 , ); # diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index dd42b94bb..ea4a8f902 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -127,7 +127,7 @@ our %reservedName = ( all => 1, # options => { = , # ... # } -# zone => +# zone4 => # nets => # bridge => # broadcasts => 'none', 'detect' or [ , , ... ] @@ -455,7 +455,7 @@ sub add_group_to_zone($$$$$) my $arrayref; my $zoneref = $zones{$zone}; my $zonetype = $zoneref->{type}; - my $ifacezone = $interfaces{$interface}{zone}; + my $ifacezone = $interfaces{$interface}{zone4}; $zoneref->{interfaces}{$interface} = 1; @@ -752,7 +752,7 @@ sub validate_interfaces_file( $ ) add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if $zone; - $interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone() + $interfaces{$interface}{zone4} = $zone; #Must follow the call to add_group_to_zone() progress_message " Interface \"$currentline\" Validated"; @@ -1028,7 +1028,7 @@ sub find_hosts_by_option( $ ) { } for my $interface ( @interfaces ) { - if ( ! $interfaces{$interface}{zone} && $interfaces{$interface}{options}{$option} ) { + if ( ! $interfaces{$interface}{zone4} && $interfaces{$interface}{options}{$option} ) { push @hosts, [ $interface, 'none', ALLIPv4 ]; } } diff --git a/Shorewall-perl/install.sh b/Shorewall-perl/install.sh index 18993e3de..31ce56543 100755 --- a/Shorewall-perl/install.sh +++ b/Shorewall-perl/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-perl/shorewall-perl.spec b/Shorewall-perl/shorewall-perl.spec index 5689cb19d..efd81c6b2 100644 --- a/Shorewall-perl/shorewall-perl.spec +++ b/Shorewall-perl/shorewall-perl.spec @@ -1,6 +1,6 @@ %define name shorewall-perl %define version 4.2.0 -%define release 0Beta1 +%define release 0Beta2 Summary: Shoreline Firewall Perl-based compiler. Name: %{name} @@ -64,6 +64,8 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING releasenotes.txt %changelog +* Mon Jun 02 2008 Tom Eastep tom@shorewall.net +- Updated to 4.2.0-0Beta2 * Wed May 07 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta1 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net diff --git a/Shorewall-shell/install.sh b/Shorewall-shell/install.sh index ee9bf57ff..ca56e6503 100755 --- a/Shorewall-shell/install.sh +++ b/Shorewall-shell/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.2.0-Beta1 +VERSION=4.2.0-Beta2 usage() # $1 = exit status { diff --git a/Shorewall-shell/shorewall-shell.spec b/Shorewall-shell/shorewall-shell.spec index 59e8f5596..72f049efb 100644 --- a/Shorewall-shell/shorewall-shell.spec +++ b/Shorewall-shell/shorewall-shell.spec @@ -1,6 +1,6 @@ %define name shorewall-shell %define version 4.2.0 -%define release 0Beta1 +%define release 0Beta2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -81,6 +81,8 @@ fi %doc COPYING INSTALL %changelog +* Mon Jun 02 2008 Tom Eastep tom@shorewall.net +- Updated to 4.2.0-0Beta2 * Wed May 07 2008 Tom Eastep tom@shorewall.net - Updated to 4.2.0-0Beta1 * Mon Apr 28 2008 Tom Eastep tom@shorewall.net