From 8b8140cc9f4178b00d69d37f619aeab650fb1932 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Nov 2011 06:34:57 -0700 Subject: [PATCH] Add 'Basic Filter' capability Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 10 +++++++++- Shorewall/lib.base | 2 +- Shorewall/lib.cli | 4 ++++ Shorewall6/lib.base | 2 +- Shorewall6/lib.cli | 4 ++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 736787e2f..694c2ae61 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -282,6 +282,7 @@ my %capdesc = ( NAT_ENABLED => 'NAT', RAWPOST_TABLE => 'Rawpost Table', CONDITION_MATCH => 'Condition Match', IPTABLES_S => 'iptables -S', + BASIC_FILTER => 'Basic Filter', CAPVERSION => 'Capability Version', KERNELVERSION => 'Kernel Version', ); @@ -446,7 +447,7 @@ sub initialize( $ ) { STATEMATCH => '-m state --state', UNTRACKED => 0, VERSION => "4.4.22.1", - CAPVERSION => 40424 , + CAPVERSION => 40425 , ); # # From shorewall.conf file @@ -668,6 +669,7 @@ sub initialize( $ ) { AUDIT_TARGET => undef, CONDITION_MATCH => undef, IPTABLES_S => undef, + BASIC_FILTER => undef, CAPVERSION => undef, KERNELVERSION => undef, ); @@ -2675,6 +2677,10 @@ sub Flow_Filter() { $tc && system( "$tc filter add flow help 2>&1 | grep -q ^Usage" ) == 0; } +sub Basic_Filter() { + $tc && system( "$tc filter add basic help 2>&1 | grep -q ^Usage" ) == 0; +} + sub Fwmark_Rt_Mask() { $ip && system( "$ip rule add help 2>&1 | grep -q /MASK" ) == 0; } @@ -2711,6 +2717,7 @@ our %detect_capability = ( ACCOUNT_TARGET =>\&Account_Target, AUDIT_TARGET => \&Audit_Target, ADDRTYPE => \&Addrtype, + BASIC_FILTER => \&Basic_Filter, CLASSIFY_TARGET => \&Classify_Target, CONDITION_MATCH => \&Condition_Match, COMMENTS => \&Comments, @@ -2889,6 +2896,7 @@ sub determine_capabilities() { $capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' ); $capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' ); $capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' ); + $capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' ); qt1( "$iptables -F $sillyname" ); diff --git a/Shorewall/lib.base b/Shorewall/lib.base index cae2fdb9e..0d55ac651 100644 --- a/Shorewall/lib.base +++ b/Shorewall/lib.base @@ -28,7 +28,7 @@ # SHOREWALL_LIBVERSION=40407 -SHOREWALL_CAPVERSION=40424 +SHOREWALL_CAPVERSION=40425 [ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ] diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index 1029cb336..eb3894609 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -1733,6 +1733,7 @@ determine_capabilities() { AUDIT_TARGET= CONDITION_MATCH= IPTABLES_S= + BASIC_FILTER= chain=fooX$$ @@ -1891,6 +1892,7 @@ determine_capabilities() { qt $IPTABLES -X $chain1 [ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes + [ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes CAPVERSION=$SHOREWALL_CAPVERSION @@ -1981,6 +1983,7 @@ report_capabilities() { report_capability "ipset V5" $IPSET_V5 report_capability "Condition Match" $CONDITION_MATCH report_capability "iptables -S" $IPTABLES_S + report_capability "Basic Filter" $BASIC_FILTER fi [ -n "$PKTTYPE" ] || USEPKTTYPE= @@ -2053,6 +2056,7 @@ report_capabilities1() { report_capability1 IPSET_V5 report_capability1 CONDITION_MATCH report_capability1 IPTABLES_S + report_capability1 BASIC_FILTER echo CAPVERSION=$SHOREWALL_CAPVERSION echo KERNELVERSION=$KERNELVERSION diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base index 76d1422f1..2f42e2249 100644 --- a/Shorewall6/lib.base +++ b/Shorewall6/lib.base @@ -32,7 +32,7 @@ # SHOREWALL_LIBVERSION=40407 -SHOREWALL_CAPVERSION=40424 +SHOREWALL_CAPVERSION=40425 [ -n "${VARDIR:=/var/lib/shorewall6}" ] [ -n "${SHAREDIR:=/usr/share/shorewall6}" ] diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index c2db44fd0..b9fef3d08 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -1560,6 +1560,7 @@ determine_capabilities() { IPSET_V5= CONDITION_MATCH= IPTABLES_S= + BASIC_FILTER= chain=fooX$$ @@ -1721,6 +1722,7 @@ determine_capabilities() { qt $IP6TABLES -X $chain1 [ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes + [ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes CAPVERSION=$SHOREWALL_CAPVERSION @@ -1808,6 +1810,7 @@ report_capabilities() { report_capability "ipset V5" $IPSET_V5 report_capability "Condition Match" $CONDITION_MATCH report_capability "ip6tables -S" $IPTABLES_S + report_capability "Basic Filter" $BASIC_FILTER fi [ -n "$PKTTYPE" ] || USEPKTTYPE= @@ -1877,6 +1880,7 @@ report_capabilities1() { report_capability1 IPSET_V5 report_capability1 CONDITION_MATCH report_capability1 IPTABLES_S + report_capability1 BASIC_FILTER echo CAPVERSION=$SHOREWALL_CAPVERSION echo KERNELVERSION=$KERNELVERSION