extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-30 03:23:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

Browse Source
This commit is contained in:
Tuomo Soini 2015-11-02 00:02:56 +02:00
commit 85df53841b
17 changed files with 316 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall-core/configure vendored
View File

@ -158,6 +158,9 @@ else
if [ ! -f $rcfile ]; then if [ ! -f $rcfile ]; then
echo "ERROR: $vendor is not a recognized host type" >&2 echo "ERROR: $vendor is not a recognized host type" >&2
exit 1 exit 1
elif [ $vendor = default ]; then
params[HOST]=linux
vendor=linux
fi fi
fi fi

6
Shorewall-core/configure.pl
View File

@ -82,7 +82,11 @@ unless ( defined $vendor ) {
if ( defined $vendor ) { if ( defined $vendor ) {
$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename; unless ( -f $rcfilename ) {
die qq("ERROR: $vendor" is not a recognized host type);
} elsif ( $vendor eq 'default' ) {
$params{HOST} = $vendor = 'linux';
}
} else { } else {
if ( -f '/etc/debian_version' ) { if ( -f '/etc/debian_version' ) {
$vendor = 'debian'; $vendor = 'debian';

6
Shorewall-core/install.sh
View File

@ -133,6 +133,8 @@ while [ $finished -eq 0 ]; do
esac esac
done done
[ -n $(mywhich install) ] || fatal_error "This installer requires the 'install' utility"
# #
# Read the RC file # Read the RC file
# #
@ -407,9 +409,9 @@ fi
if [ ${SHAREDIR} != /usr/share ]; then if [ ${SHAREDIR} != /usr/share ]; then
for f in lib.*; do for f in lib.*; do
if [ $BUILD != apple ]; then if [ $BUILD != apple ]; then
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
else else
eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
fi fi
done done
fi fi

178
Shorewall-core/lib.cli
View File

@ -149,23 +149,56 @@ syslog_circular_buffer() {
local pid local pid
local tty local tty
local flags local flags
local cputime local time
local path local path
local args local args
local arg local arg
ps ax 2> /dev/null | while read pid tty flags cputime path args; do ps w 2> /dev/null | while read pid tty stat time path args; do
case $path in case $path in
syslogd|*/syslogd) syslogd|*/syslogd)
for arg in $args; do for arg in $args; do
if [ x$arg = x-C ]; then case $arg in
echo Yes -C*)
return return 0
fi ;;
esac
done
;;
logd|*/logd)
for arg in $args; do
case $arg in
-S*)
return 0
;;
esac
done done
;; ;;
esac esac
done done
return 1
}
setup_logread() {
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
if syslog_circular_buffer; then
LOGFILE=logread
if qt mywhich tac; then
g_logread="logread | tac"
else
g_logread="logread"
fi
elif [ -r $LOGFILE ]; then
if qt mywhich tac; then
g_logread="tac $LOGFILE"
else
g_logread="cat $LOGFILE"
fi
else
fatal_error "LOGFILE ($LOGFILE) does not exist or is not readable!"
fi
} }
# #
@ -173,6 +206,7 @@ syslog_circular_buffer() {
# #
packet_log() # $1 = number of messages packet_log() # $1 = number of messages
{ {
if qt mywhich tac; then
if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
@ -184,10 +218,24 @@ packet_log() # $1 = number of messages
else else
$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi fi
else
if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
if [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
else
$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi
elif [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
else
$g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi
fi
} }
search_log() # $1 = IP address to search for search_log() # $1 = IP address to search for
{ {
if qt mywhich tac; then
if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
@ -199,6 +247,19 @@ search_log() # $1 = IP address to search for
else else
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi fi
else
if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
if [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
else
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi
elif [ $g_family -eq 4 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
else
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/
fi
fi
} }
# #
@ -280,17 +341,7 @@ show_bl() {
logwatch() # $1 = timeout -- if negative, prompt each time that logwatch() # $1 = timeout -- if negative, prompt each time that
# an 'interesting' packet count changes # an 'interesting' packet count changes
{ {
if [ -z "$LOGFILE" ]; then setup_logread
LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
fatal_error "LOGFILE ($LOGFILE) does not exist!"
fi
fi
host=$(echo $g_hostname | sed 's/\..*$//') host=$(echo $g_hostname | sed 's/\..*$//')
oldrejects=$($g_tool -L -v -n | grep 'LOG') oldrejects=$($g_tool -L -v -n | grep 'LOG')
@ -1038,17 +1089,7 @@ show_command() {
log) log)
[ $# -gt 2 ] && usage 1 [ $# -gt 2 ] && usage 1
if [ -z "$LOGFILE" ]; then setup_logread
LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
fatal_error "LOGFILE ($LOGFILE) does not exist!"
fi
fi
echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)" echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
echo echo
@ -1427,17 +1468,7 @@ do_dump_command() {
esac esac
done done
if [ -z "$LOGFILE" ]; then setup_logread
LOGFILE=/var/log/messages
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html"
fi
fi
g_ipt_options="$g_ipt_options $g_ipt_options1" g_ipt_options="$g_ipt_options $g_ipt_options1"
@ -3495,10 +3526,34 @@ noiptrace_command() {
fatal_error "$g_product is not started" fatal_error "$g_product is not started"
fi fi
} }
# #
# Set the configuration variables from shorewall-lite.conf # Verify that we have a compiled firewall script
#
verify_firewall_script() {
if [ ! -f $g_firewall ]; then
echo " ERROR: $g_product is not properly installed" >&2
if [ -L $g_firewall ]; then
echo " $g_firewall is a symbolic link to a" >&2
echo " non-existant file" >&2
else
echo " The file $g_firewall does not exist" >&2
fi
exit 2
fi
}
################################################################################
# The remaining functions are used by the Lite cli - they are overloaded by
# the Standard CLI by loading lib.cli-std
################################################################################
#
# Set the configuration variables from shorewall[6]-lite.conf.
# #
get_config() { get_config() {
local config
local lib
ensure_config_path ensure_config_path
@ -3520,15 +3575,7 @@ get_config() {
[ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages setup_logread
if ( ps ax 2> /dev/null | grep -v grep | qt grep 'syslogd.*-C' ) ; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
fatal_error "LOGFILE ($LOGFILE) does not exist!"
fi
# #
# See if we have a real version of "tail" -- use separate redirection so # See if we have a real version of "tail" -- use separate redirection so
# that ash (aka /bin/sh on LRP) doesn't crap # that ash (aka /bin/sh on LRP) doesn't crap
@ -3636,29 +3683,11 @@ get_config() {
g_loopback=$(find_loopback_interfaces) g_loopback=$(find_loopback_interfaces)
lib=$(find_file lib.cli-user)
[ -f $lib ] && . $lib
} }
#
# Verify that we have a compiled firewall script
#
verify_firewall_script() {
if [ ! -f $g_firewall ]; then
echo " ERROR: $g_product is not properly installed" >&2
if [ -L $g_firewall ]; then
echo " $g_firewall is a symbolic link to a" >&2
echo " non-existant file" >&2
else
echo " The file $g_firewall does not exist" >&2
fi
exit 2
fi
}
################################################################################
# The remaining functions are used by the Lite cli - they are overloaded by
# the Standard CLI by loading lib.cli-std
################################################################################
# #
# Start Command Executor # Start Command Executor
# #
@ -3885,6 +3914,13 @@ usage() # $1 = exit status
ecko " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]" ecko " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
echo " reject <address> ..." echo " reject <address> ..."
ecko " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>" ecko " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
if [ -z "$g_lite" ]; then
echo " remote-reload [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
echo " remote-restart [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
echo " remote-start [ -s ] [ -c ] [ -r <root-name> ] [ -T ] [ -i ] [ <directory> ] <system>"
fi
echo " reset [ <chain> ... ]" echo " reset [ <chain> ... ]"
if [ -n "$g_lite" ]; then if [ -n "$g_lite" ]; then

4
Shorewall-core/lib.common
View File

@ -33,7 +33,7 @@ startup_error() # $* = Error Message
echo " ERROR: $@: Firewall state not changed" >&2 echo " ERROR: $@: Firewall state not changed" >&2
if [ $LOG_VERBOSITY -ge 0 ]; then if [ $LOG_VERBOSITY -ge 0 ]; then
timestamp="$(date +'%_b %d %T') " timestamp="$(date +'%b %d %T') "
echo "${timestamp} ERROR: $@" >> $STARTUP_LOG echo "${timestamp} ERROR: $@" >> $STARTUP_LOG
fi fi
@ -50,7 +50,7 @@ startup_error() # $* = Error Message
esac esac
if [ $LOG_VERBOSITY -ge 0 ]; then if [ $LOG_VERBOSITY -ge 0 ]; then
timestamp="$(date +'%_b %d %T') " timestamp="$(date +'%b %d %T') "
case $COMMAND in case $COMMAND in
start) start)

18
Shorewall-lite/install.sh
View File

@ -151,6 +151,8 @@ while [ $finished -eq 0 ] ; do
esac esac
done done
[ -n $(mywhich install) ] || fatal_error "This installer requires the 'install' utility"
# #
# Read the RC file # Read the RC file
# #
@ -187,7 +189,7 @@ elif [ -z "${VARDIR}" ]; then
VARDIR=${VARLIB}/${PRODUCT} VARDIR=${VARLIB}/${PRODUCT}
fi fi
for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
require $var require $var
done done
@ -316,7 +318,7 @@ if [ -n "$DESTDIR" ]; then
OWNERSHIP="" OWNERSHIP=""
fi fi
install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR} install -d $OWNERSHIP -m 755 ${DESTDIR}${SBINDIR}
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
else else
if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then
@ -422,8 +424,8 @@ fi
# Install the Makefile # Install the Makefile
# #
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
[ $SBINDIR = /sbin ] || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile [ $SBINDIR = /sbin ] || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile
echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile" echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
# #
@ -438,7 +440,7 @@ echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/confi
for f in lib.* ; do for f in lib.* ; do
if [ -f $f ]; then if [ -f $f ]; then
install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644 install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f" echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
fi fi
done done
@ -451,7 +453,7 @@ echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
# #
install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap
echo echo
echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap" echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
@ -538,8 +540,8 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
fi fi
if [ ${SHAREDIR} != /usr/share ]; then if [ ${SHAREDIR} != /usr/share ]; then
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
fi fi
if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then

5
Shorewall-lite/uninstall.sh
View File

@ -168,7 +168,11 @@ if [ $configure -eq 1 ]; then
fi fi
if [ -L ${SHAREDIR}/shorewall-lite/init ]; then if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
if [ $HOST = "linux" ] && [ -f /etc/openwrt_release -o -f /etc/openwrt_version ]; then
FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init)
else
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init) FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
fi
elif [ -n "$INITFILE" ]; then elif [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE} FIREWALL=${INITDIR}/${INITFILE}
fi fi
@ -199,6 +203,7 @@ rm -rf ${VARDIR}/shorewall-lite
rm -rf ${SHAREDIR}/shorewall-lite rm -rf ${SHAREDIR}/shorewall-lite
rm -rf ${LIBEXECDIR}/shorewall-lite rm -rf ${LIBEXECDIR}/shorewall-lite
rm -f ${CONFDIR}/logrotate.d/shorewall-lite rm -f ${CONFDIR}/logrotate.d/shorewall-lite
rm -f ${SYSCONFDIR}/shorewall-lite
rm -f ${MANDIR}/man5/shorewall-lite* rm -f ${MANDIR}/man5/shorewall-lite*
rm -f ${MANDIR}/man8/shorewall-lite* rm -f ${MANDIR}/man8/shorewall-lite*

43
Shorewall/Perl/Shorewall/Config.pm
View File

@ -5147,6 +5147,7 @@ sub unsupported_yes_no_warning( $ ) {
# #
sub get_params( $ ) { sub get_params( $ ) {
my $export = $_[0]; my $export = $_[0];
my $cygwin = ( $shorewallrc{HOST} eq 'cygwin' );
my $fn = find_file 'params'; my $fn = find_file 'params';
@ -5188,14 +5189,16 @@ sub get_params( $ ) {
$shell = BASH; $shell = BASH;
for ( @params ) { for ( @params ) {
if ( /^declare -x (.*?)="(.*[^\\])"$/ ) { chomp;
if ( $cygwin && /^declare -x (.*?)="(.*)"$/ ) {
$params{$1} = $2 unless $1 eq '_';
} elsif ( /^declare -x (.*?)="(.*[^\\])"$/ ) {
$params{$1} = $2 unless $1 eq '_'; $params{$1} = $2 unless $1 eq '_';
} elsif ( /^declare -x (.*?)="(.*)$/ ) { } elsif ( /^declare -x (.*?)="(.*)$/ ) {
$params{$variable=$1} = $2 eq '"' ? '' : "${2}\n"; $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n";
} elsif ( /^declare -x (.*)\s+$/ || /^declare -x (.*)=""$/ ) { } elsif ( /^declare -x (.*)\s+$/ || /^declare -x (.*)=""$/ ) {
$params{$1} = ''; $params{$1} = '';
} else { } else {
chomp;
if ($variable) { if ($variable) {
s/"$//; s/"$//;
$params{$variable} .= $_; $params{$variable} .= $_;
@ -5216,14 +5219,16 @@ sub get_params( $ ) {
$shell = OLDBASH; $shell = OLDBASH;
for ( @params ) { for ( @params ) {
if ( /^export (.*?)="(.*[^\\])"$/ ) { chomp;
if ( $cygwin && /^export (.*?)="(.*)"$/ ) {
$params{$1} = $2 unless $1 eq '_';
} elsif ( /^export (.*?)="(.*[^\\])"$/ ) {
$params{$1} = $2 unless $1 eq '_'; $params{$1} = $2 unless $1 eq '_';
} elsif ( /^export (.*?)="(.*)$/ ) { } elsif ( /^export (.*?)="(.*)$/ ) {
$params{$variable=$1} = $2 eq '"' ? '' : "${2}\n"; $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n";
} elsif ( /^export ([^\s=]+)\s*$/ || /^export (.*)=""$/ ) { } elsif ( /^export ([^\s=]+)\s*$/ || /^export (.*)=""$/ ) {
$params{$1} = ''; $params{$1} = '';
} else { } else {
chomp;
if ($variable) { if ($variable) {
s/"$//; s/"$//;
$params{$variable} .= $_; $params{$variable} .= $_;
@ -5243,6 +5248,7 @@ sub get_params( $ ) {
$shell = ASH; $shell = ASH;
for ( @params ) { for ( @params ) {
chomp;
if ( /^export (.*?)='(.*'"'"')$/ ) { if ( /^export (.*?)='(.*'"'"')$/ ) {
$params{$variable=$1}="${2}\n"; $params{$variable=$1}="${2}\n";
} elsif ( /^export (.*?)='(.*)'$/ ) { } elsif ( /^export (.*?)='(.*)'$/ ) {
@ -5250,7 +5256,6 @@ sub get_params( $ ) {
} elsif ( /^export (.*?)='(.*)$/ ) { } elsif ( /^export (.*?)='(.*)$/ ) {
$params{$variable=$1}="${2}\n"; $params{$variable=$1}="${2}\n";
} else { } else {
chomp;
if ($variable) { if ($variable) {
s/'$//; s/'$//;
$params{$variable} .= $_; $params{$variable} .= $_;
@ -5262,10 +5267,24 @@ sub get_params( $ ) {
} }
for ( keys %params ) { for ( keys %params ) {
if ( /[^\w]/ ) {
#
# Useless variable with special characters in its name
#
delete $params{$_};
} elsif ( /^(?:SHLVL|OLDPWD)$/ ) {
#
# The shell running getparams generates those
#
delete $params{$_};
} else {
unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) { unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) {
fatal_error "The variable name $_ is reserved and may not be set in the params file" fatal_error "The variable name $_ is reserved and may not be set in the params file"
if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_}; if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_};
} }
$params{$_} = '' unless defined $params{$_};
}
} }
if ( $debug ) { if ( $debug ) {
@ -5314,6 +5333,8 @@ sub export_params() {
next if exists $compiler_params{$param}; next if exists $compiler_params{$param};
my $value = $params{$param}; my $value = $params{$param};
chomp $value;
# #
# Values in %params are generated from the output of 'export -p'. # Values in %params are generated from the output of 'export -p'.
# The different shells have different conventions for delimiting # The different shells have different conventions for delimiting
@ -5324,19 +5345,27 @@ sub export_params() {
$value =~ s/\\"/"/g; $value =~ s/\\"/"/g;
} elsif ( $shell == OLDBASH ) { } elsif ( $shell == OLDBASH ) {
$value =~ s/\\'/'/g; $value =~ s/\\'/'/g;
$value =~ s/\\"/"/g;
$value =~ s/\\\\/\\/g;
} else { } else {
$value =~ s/'"'"'/'/g; $value =~ s/'"'"'/'/g;
} }
# #
# Don't export pairs from %ENV # Don't export pairs from %ENV
# #
next if defined $ENV{$param} && $value eq $ENV{$param}; if ( defined $ENV{$param} ) {
next if $value eq $ENV{$param};
} elsif ( exists $ENV{$param} ) {
next unless supplied $value;
}
emit "#\n# From the params file\n#" unless $count++; emit "#\n# From the params file\n#" unless $count++;
# #
# We will use double quotes and escape embedded quotes with \. # We will use double quotes and escape embedded quotes with \.
# #
if ( $value =~ /[\s()['"]/ ) { if ( $value =~ /^"[^"]*"$/ ) {
emit "$param=$value";
} elsif ( $value =~ /[\s()['"]/ ) {
$value =~ s/"/\\"/g; $value =~ s/"/\\"/g;
emit "$param='$value'"; emit "$param='$value'";
} else { } else {

8
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -661,6 +661,10 @@ sub process_a_provider( $ ) {
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' unless $copy eq 'none'; fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' unless $copy eq 'none';
} }
if ( $persistent ) {
warning_message( "Provider $table is not optional -- the 'persistent' option is ignored" ), $persistent = 0 unless $optional;
}
$providers{$table} = { provider => $table, $providers{$table} = { provider => $table,
number => $number , number => $number ,
id => $config{USE_RT_NAMES} ? $table : $number, id => $config{USE_RT_NAMES} ? $table : $number,
@ -702,7 +706,7 @@ sub process_a_provider( $ ) {
if ( $track ) { if ( $track ) {
if ( $routemarked_interfaces{$interface} ) { if ( $routemarked_interfaces{$interface} ) {
fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface} == ROUTEMARKED_UNSHARED; fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface} == ROUTEMARKED_UNSHARED;
fatal_error "Multiple providers through the same interface must their IP address specified in the INTERFACES" unless $shared; fatal_error "Multiple providers through the same interface must have their IP address specified in the INTERFACES column" unless $shared;
} else { } else {
$routemarked_interfaces{$interface} = $shared ? ROUTEMARKED_SHARED : ROUTEMARKED_UNSHARED; $routemarked_interfaces{$interface} = $shared ? ROUTEMARKED_SHARED : ROUTEMARKED_UNSHARED;
push @routemarked_interfaces, $interface; push @routemarked_interfaces, $interface;
@ -1346,7 +1350,7 @@ sub add_a_route( ) {
my $persistent; my $persistent;
if ( $options != '-' ) { if ( $options ne '-' ) {
for ( split_list1( 'option', $options ) ) { for ( split_list1( 'option', $options ) ) {
my ( $option, $value ) = split /=/, $options; my ( $option, $value ) = split /=/, $options;

24
Shorewall/install.sh
View File

@ -389,7 +389,7 @@ if [ -z "${DESTDIR}" -a $PRODUCT = shorewall -a ! -f ${SHAREDIR}/$PRODUCT/coreve
fi fi
install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0755 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0755
[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/${PRODUCT} [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/${PRODUCT}
echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT" echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
# #
@ -468,16 +468,16 @@ if [ -z "$first_install" ]; then
# #
# Delete obsolete config files and manpages # Delete obsolete config files and manpages
# #
delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/tos delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/tos
delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/tcrules delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/tcrules
delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/stoppedrules delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/stoppedrules
delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/notrack delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/notrack
delete_file ${DESTDIR}/${SHAREDIR}/$PRODUCT/configfiles/blacklist delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/blacklist
delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-tos delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-tos
delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-tcrules delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-tcrules
delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-stoppedrules delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-stoppedrules
delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-notrack delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-notrack
delete_file ${DESTDIR}/${MANDIR}/man5/$PRODUCT/${PRODUCT}-blacklist delete_file ${DESTDIR}${MANDIR}/man5/$PRODUCT/${PRODUCT}-blacklist
fi fi
# #
@ -1082,7 +1082,7 @@ if [ $PRODUCT = shorewall6 ]; then
# Symbolically link 'functions' to lib.base # Symbolically link 'functions' to lib.base
# #
ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base
fi fi
if [ -d Perl ]; then if [ -d Perl ]; then

72
Shorewall/lib.cli-std
View File

@ -31,6 +31,7 @@
# #
get_config() { get_config() {
local prog local prog
local lib
ensure_config_path ensure_config_path
@ -70,15 +71,7 @@ get_config() {
# This block is avoided for compile for export and when the user isn't root # This block is avoided for compile for export and when the user isn't root
# #
if [ "$3" = Yes ]; then if [ "$3" = Yes ]; then
if [ -n "$LOGFILE" ]; then setup_logread
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
elif [ -r $LOGFILE ]; then
g_logread="tac $LOGFILE"
else
fatal_error "LOGFILE ($LOGFILE) does not exist!"
fi
fi
fi fi
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
@ -322,6 +315,10 @@ get_config() {
fi fi
g_loopback=$(find_loopback_interfaces) g_loopback=$(find_loopback_interfaces)
lib=$(find_file lib.cli-user)
[ -f $lib ] && . $lib
} }
# #
@ -1394,6 +1391,7 @@ remote_reload_command() # $* = original arguments less the command.
local sharedir local sharedir
sharedir=${SHAREDIR} sharedir=${SHAREDIR}
local litedir local litedir
local exitstatus
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1 option=$1
@ -1510,32 +1508,60 @@ remote_reload_command() # $* = original arguments less the command.
g_file="$g_shorewalldir/firewall" g_file="$g_shorewalldir/firewall"
if compiler $g_debugging compiler "$g_file" && \ exitstatus=0
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir} if compiler $g_debugging compiler "$g_file"; then
then progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..."
if rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir}; then
save=$(find_file save); save=$(find_file save);
[ -f $save ] && progress_message3 "Copying $save to ${system}:${confdir}/${g_program}-lite/" && rcp_command $save ${confdir}/shorewall-lite/ if [ -f $save ]; then
progress_message3 "Copying $save to ${system}:${confdir}/${g_program}-lite/"
rcp_command $save ${confdir}/shorewall-lite/
exitstatus=$?
fi
if [ $exitstatus -eq 0 ]; then
progress_message3 "Copy complete" progress_message3 "Copy complete"
if [ $COMMAND = remote-reload ]; then if [ $COMMAND = remote-reload ]; then
rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp reload" && \ if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp reload"; then
progress_message3 "System $system reloaded" || saveit= progress_message3 "System $system reloaded"
elif [ $COMMAND = remote-restart ]; then
rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
progress_message3 "System $system restarted" || saveit=
else else
rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start" && \ exitstatus=$?
progress_message3 "System $system started" || saveit= savit=
fi
elif [ $COMMAND = remote-restart ]; then
if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart"; then
progress_message3 "System $system restarted"
else
exitstatus=$?
saveit=
fi
elif rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start"; then
progress_message3 "System $system started"
else
exitstatus=$?
saveit=
fi fi
if [ -n "$saveit" ]; then if [ -n "$saveit" ]; then
rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save" && \ if rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save"; then
progress_message3 "Configuration on system $system saved" progress_message3 "Configuration on system $system saved"
else
exitstatus=$?
fi fi
fi fi
fi
else
exitstatus=$?
fi
else
exitstatus=$?
fi
return $exitstatus
} }
# #
@ -1645,7 +1671,7 @@ compiler_command() {
shift shift
update_command $@ update_command $@
;; ;;
remote-start|remote-reload-reload|remote-restart) remote-start|remote-reload|remote-restart)
shift shift
remote_reload_command $@ remote_reload_command $@
;; ;;

14
Shorewall/manpages/shorewall.xml
View File

@ -424,7 +424,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_start</option></arg> <arg choice="plain"><option>remote-start</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -448,7 +448,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_reload</option></arg> <arg choice="plain"><option>remote-reload</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -472,7 +472,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_restart</option></arg> <arg choice="plain"><option>remote-restart</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -1522,7 +1522,7 @@
<listitem> <listitem>
<para>This command was re-implemented in Shorewall 5.0.0. The <para>This command was re-implemented in Shorewall 5.0.0. The
pre-5.0.0 <command>reload</command> command is now called pre-5.0.0 <command>reload</command> command is now called
<command>remote_restart</command> (see below).</para> <command>remote-restart</command> (see below).</para>
<para>Reload is similar to <emphasis role="bold">shorewall <para>Reload is similar to <emphasis role="bold">shorewall
start</emphasis> except that it assumes that the firewall is already start</emphasis> except that it assumes that the firewall is already
@ -1575,7 +1575,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_start</emphasis> <term><emphasis role="bold">remote-start</emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option> [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>] <replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ] [-<option>i</option>] [ <replaceable>directory</replaceable> ]
@ -1637,7 +1637,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_reload <term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [
@ -1699,7 +1699,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_restart <term><emphasis role="bold">remote-restart
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [

1
Shorewall6-lite/uninstall.sh
View File

@ -196,6 +196,7 @@ rm -rf ${VARDIR}/shorewall6-lite
rm -rf ${SHAREDIR}/shorewall6-lite rm -rf ${SHAREDIR}/shorewall6-lite
rm -rf ${LIBEXECDIR}/shorewall6-lite rm -rf ${LIBEXECDIR}/shorewall6-lite
rm -f ${CONFDIR}/logrotate.d/shorewall6-lite rm -f ${CONFDIR}/logrotate.d/shorewall6-lite
rm -f ${SYSCONFDIR}/shorewall6-lite
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6-lite.service [ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6-lite.service
rm -f ${MANDIR}/man5/shorewall6-lite* rm -f ${MANDIR}/man5/shorewall6-lite*

14
Shorewall6/manpages/shorewall6.xml
View File

@ -378,7 +378,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_start</option></arg> <arg choice="plain"><option>remote-start</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -402,7 +402,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_reload</option></arg> <arg choice="plain"><option>remote-reload</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -426,7 +426,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>remote_restart</option></arg> <arg choice="plain"><option>remote-restart</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -1457,7 +1457,7 @@
<listitem> <listitem>
<para>This command was re-implemented in Shorewall 5.0.0. The <para>This command was re-implemented in Shorewall 5.0.0. The
pre-5.0.0 <command>reload</command> command is now called pre-5.0.0 <command>reload</command> command is now called
<command>remote_restart</command> (see below).</para> <command>remote-restart</command> (see below).</para>
<para>Reload is similar to <command>shorewall6 start</command> <para>Reload is similar to <command>shorewall6 start</command>
except that it assumes that the firewall is already started. except that it assumes that the firewall is already started.
@ -1511,7 +1511,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_reload <term><emphasis role="bold">remote-reload
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [
@ -1573,7 +1573,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_ restart <term><emphasis role="bold">remote- restart
</emphasis>[-<option>s</option>] [-<option>c</option>] </emphasis>[-<option>s</option>] [-<option>c</option>]
[-<option>r</option> <replaceable>root-user-name</replaceable>] [-<option>r</option> <replaceable>root-user-name</replaceable>]
[-<option>T</option>] [-<option>i</option>] [ [-<option>T</option>] [-<option>i</option>] [
@ -1636,7 +1636,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">remote_start </emphasis> <term><emphasis role="bold">remote-start </emphasis>
[-<option>s</option>] [-<option>c</option>] [-<option>r</option> [-<option>s</option>] [-<option>c</option>] [-<option>r</option>
<replaceable>root-user-name</replaceable>] [-<option>T</option>] <replaceable>root-user-name</replaceable>] [-<option>T</option>]
[-<option>i</option>] [ <replaceable>directory</replaceable> ] [-<option>i</option>] [ <replaceable>directory</replaceable> ]

4
docs/Shorewall-5.xml
View File

@ -323,7 +323,7 @@
<title>load</title> <title>load</title>
<para>The function performed by the Shorewall-4 <command>load</command> <para>The function performed by the Shorewall-4 <command>load</command>
command is now performed by the <command>remote_start</command> command is now performed by the <command>remote-start</command>
command.</para> command.</para>
</section> </section>
@ -334,7 +334,7 @@
the same function as the <command>restart</command> command did in the same function as the <command>restart</command> command did in
Shorewall 4. The action taken by the Shorewall-4 Shorewall 4. The action taken by the Shorewall-4
<command>reload</command> command is now performed by the <command>reload</command> command is now performed by the
<command>remote_restart</command> command.</para> <command>remote-restart</command> command.</para>
<para>For those that can't get used to the idea of using <para>For those that can't get used to the idea of using
<command>reload</command> in place of <command>restart</command>, a <command>reload</command> in place of <command>restart</command>, a

33
docs/shorewall_extension_scripts.xml
View File

@ -227,6 +227,13 @@ cat -</programlisting>
/sbin/shorewall</emphasis> after a script has been compiled. $1 is the /sbin/shorewall</emphasis> after a script has been compiled. $1 is the
path name of the compiled script.</para> path name of the compiled script.</para>
</listitem> </listitem>
<listitem>
<para><filename>lib.cli-user</filename> -- Added in Shorewall 5.0.2.
This is actually a shell library (set of function declarations) that
can be used to augment or replace functions in the standard CLI
libraries.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para><emphasis role="bold">If your version of Shorewall doesn't have the <para><emphasis role="bold">If your version of Shorewall doesn't have the
@ -264,7 +271,7 @@ cat -</programlisting>
<row> <row>
<entry>continue</entry> <entry>continue</entry>
<entry></entry> <entry/>
</row> </row>
<row> <row>
@ -459,10 +466,10 @@ cat -</programlisting>
<para>VARDIR - The product state directory. Defaults <filename <para>VARDIR - The product state directory. Defaults <filename
class="directory">/var/lib/shorewall</filename>, <filename class="directory">/var/lib/shorewall</filename>, <filename
class="directory">/var/lib/shorewall6/</filename>, <filename class="directory">/var/lib/shorewall6/</filename>, <filename
class="directory">/var/lib/shorewall-lite</filename>, or class="directory">/var/lib/shorewall-lite</filename>, or <filename
<filename class="directory">/var/lib/shorewall6-lite</filename> class="directory">/var/lib/shorewall6-lite</filename> depending on
depending on which product is running, but may be overridden by an which product is running, but may be overridden by an entry in
entry in ${CONFDIR}/vardir.</para> ${CONFDIR}/vardir.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
@ -474,7 +481,7 @@ cat -</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para></para> <para/>
<section id="Perl"> <section id="Perl">
<title>Compile-time vs Run-time Scripts</title> <title>Compile-time vs Run-time Scripts</title>
@ -524,43 +531,43 @@ cat -</programlisting>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>stop</entry> <entry>stop</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>stopped</entry> <entry>stopped</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>tcclear</entry> <entry>tcclear</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>refresh</entry> <entry>refresh</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>refreshed</entry> <entry>refreshed</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>restored</entry> <entry>restored</entry>
</row> </row>
<row> <row>
<entry></entry> <entry/>
<entry>scfilter</entry> <entry>scfilter</entry>
</row> </row>

11
docs/upgrade_issues.xml
View File

@ -37,7 +37,7 @@
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
<holder></holder> <holder/>
</copyright> </copyright>
<legalnotice> <legalnotice>
@ -78,6 +78,13 @@
zones.</para> zones.</para>
</section> </section>
<section>
<title>Version &gt;= 5.0.0</title>
<para>See the <ulink url="Shorewall-5.html">Shorewall 5
documentation</ulink>.</para>
</section>
<section> <section>
<title>Version &gt;= 4.6.0</title> <title>Version &gt;= 4.6.0</title>
@ -325,7 +332,7 @@
<para>?ENDIF.</para> <para>?ENDIF.</para>
</blockquote> </blockquote>
<para></para> <para/>
</listitem> </listitem>
<listitem> <listitem>