extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-18 19:48:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Getting started on a 3.2.x-compatible release

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4027 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
paulgear 2006-06-08 07:01:29 +00:00
parent 5588635046
commit 888f9351b5
6 changed files with 40 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/shoregen/BUGS
View File

@ -1,6 +1 @@
Sat Apr 24 23:10:10 EST 2004: None known at present.
- The "minimal" in "Only the minimal information necessary for operation is
stored on each firewall" is a bit of an overstatement. This could
probably use some work.

14
contrib/shoregen/ChangeLog Normal file
View File

@ -0,0 +1,14 @@
0.1.1 Paul Gear <paul@gear.dyndns.org> No idea when
- Initial release.
0.1.2 Paul Gear <paul@gear.dyndns.org> No idea when
- Removed filtering of zones that are on the same interface.
This caused problems when a zone was accessible via more than
one interface.
0.1.3 Paul Gear <paul@gear.dyndns.org> No idea when
- Optimisation to detect whether system is a router and remove
redundant zones from rules and policies if so.
3.2.0-beta1 Paul Gear <paul@gear.dyndns.org>
- First attempt at compatibility with Shorewall 3.2.x.

13
contrib/shoregen/README
View File

@ -1,6 +1,5 @@
shoregen 0.1
Shoreline Firewall configuration generator Shoreline Firewall configuration generator
(c) Copyright 2004 Paul D. Gear <paul@gear.dyndns.org> (c) Copyright 2004-2006 Paul D. Gear <paul@gear.dyndns.org>
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -21,7 +20,7 @@ SHOREWALL
The quick plug: The quick plug:
- I love shorewall. Shorewall is the only firewall i trust. - Shorewall is the only firewall i trust.
The IT Manager plug: The IT Manager plug:
@ -69,10 +68,10 @@ you're probably not reading this document. :-)
DESIGN DESIGN
Shoregen distinguishes between two different types of shorewall Shoregen distinguishes between two different types of shorewall
configurations. Most shorewall configuration files are simply concatenated configuration files. Most shorewall configuration files are simply
together from parts constructed from common and host-specific parts. These concatenated together from parts constructed from common and host-specific
are called simple configs, and shoregen doesn't substantially alter them, parts. These are called simple configs; shoregen doesn't substantially
and uses little information from them. alter them, and uses little information from them.
Configs with which shoregen is more concerned are treated separately, and Configs with which shoregen is more concerned are treated separately, and
additional features beyond the scope of shorewall itself are implemented. additional features beyond the scope of shorewall itself are implemented.

10
contrib/shoregen/TODO
View File

@ -1,14 +1,14 @@
As at Wed Apr 21 22:30:12 EST 2004:
- Need to make it possible for a host to have the same $FW name as the zone - Make it possible for a host to have the same $FW name as the zone in
in which it belongs, and have shoregen automatically create appropriate which it belongs, and have shoregen automatically create appropriate
rules. rules.
- At the moment, if a fully-expanded policy file (such as is shown - At the moment, if a fully-expanded policy file (such as is shown
- Better documentation & samples. I'm sure there is room for improvement. - Better rule & policy sanitisation.
- Better rule & policy sanitisation. Again, there is room for improvement. - Hosts and interfaces could be reduced based on what's used in the policy
and rules files.
- The Makefile could be improved to detect changes in the lower level - The Makefile could be improved to detect changes in the lower level
config files and call shoregen automatically when they are out-of-date. config files and call shoregen automatically when they are out-of-date.

2
contrib/shoregen/samples/Makefile
View File

@ -6,5 +6,5 @@ default: $(HOSTS)
$(HOSTS): $(HOSTS):
shoregen $@ shoregen $@
install: install: $(HOSTS)
install_shoregen -c -r $(HOSTS) install_shoregen -c -r $(HOSTS)

26
contrib/shoregen/shoregen
View File

@ -48,23 +48,28 @@ my $dir = "$spool/$host";
# usual perl 'die' or 'warn' functions. # usual perl 'die' or 'warn' functions.
# #
sub info
{
print "$0: @_\n";
}
sub mesg sub mesg
{ {
my $type = shift; my $type = shift;
print STDERR "$0: $type - @_\n"; print STDERR "$0: $type - @_\n";
} }
sub warning
{
mesg "WARNING", @_;
}
sub error sub error
{ {
mesg "ERROR", @_; mesg "ERROR", @_;
++$ret; ++$ret;
} }
sub warning
{
mesg "WARNING", @_;
}
sub fatal sub fatal
{ {
mesg "FATAL", @_; mesg "FATAL", @_;
@ -72,11 +77,6 @@ sub fatal
exit $ret; exit $ret;
} }
sub message
{
print "$0: @_\n";
}
# #
# These bits make the files that actually get copied to the target host # These bits make the files that actually get copied to the target host
@ -105,7 +105,7 @@ sub constructfile
my $dst = shift; my $dst = shift;
my $foundone = 0; my $foundone = 0;
message "Constructing $confname" if $VERBOSE > 1; info "Constructing $confname" if $VERBOSE > 1;
open( my $DST, ">$dst" ) or die "Can't create $dst: $!"; open( my $DST, ">$dst" ) or die "Can't create $dst: $!";
printf $DST $HEADER, $confname; printf $DST $HEADER, $confname;
@ -275,8 +275,8 @@ undef %tmpzones;
my @tmp = sort keys %hostzones; my @tmp = sort keys %hostzones;
message "FW zone for $host: $fw" if $VERBOSE > 0; info "FW zone for $host: $fw" if $VERBOSE > 0;
message "Other zones for $host: @tmp" if $VERBOSE > 0; info "Other zones for $host: @tmp" if $VERBOSE > 0;
# #
# Add 'all' as a valid source or destination. Added here so it doesn't get # Add 'all' as a valid source or destination. Added here so it doesn't get