Add support for compilations targeted for other distributions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3426 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -8652,7 +8652,7 @@ __EOF__
 	echo "Shorewall configuration verified"
     else
 	INDENT=
-	cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
+	cat $(find_file prog.header${DISTRIBUTION}) $OUTPUT $(find_file prog.footer${DISTRIBUTION}) > $outfile
 	chmod 700 $outfile
 	progress_message2 "Shorewall configuration compiled to $outfile"
 	rm -f $OUTPUT

Shorewall/help

@@ -88,7 +88,7 @@ clear)
 	;;
 
 compile)
-	echo "compile: compile [ -e ] [ <directory name> ] <path name>
+	echo "compile: compile [ -e ] [ -d <distro> ] [ <directory name> ] <path name>
     Compiles the current configuration into the executable file
     <path name>. If <path name> names a file in /var/lib/shorewall then
     the file may be executed using the \"restore\" command.
@@ -97,6 +97,16 @@ compile)
     other than where the compiled script will run. This option disables
     certain configuration options that require the script to be compiled
     where it is to be run.
+
+    When -d <distribution> is given, the script is built for execution
+    on the distribution specified by <distro>. Currently, 'suse' is the
+    only valid <distro>. Usually specified together with -e.
+
+    Example:
+
+	shorewall compile -ed suse foo
+
+    Additional distributions are expected to be supported shortly."
 	;;
 
 debug)

Shorewall/prog.footer.suse

@@ -0,0 +1,132 @@
+#
+# Give Usage Information
+#
+usage() {
+    echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|restart|status|version ]"
+    exit $1
+}
+################################################################################
+# E X E C U T I O N    B E G I N S   H E R E				       #
+################################################################################
+initialize
+
+finished=0
+
+while [ $finished -eq 0 -a $# -gt 0 ]; do
+    option=$1
+    case $option in
+	-*)
+	    option=${option#-}
+
+	    [ -z "$option" ] && usage 1
+
+	    while [ -n "$option" ]; do
+		case $option in
+		    v*)
+			VERBOSE=$(($VERBOSE + 1 ))
+			option=${option#v}
+			;;
+		    q*)
+			VERBOSE=$(($VERBOSE - 1 ))
+			option=${option#q}
+			;;
+		    n*)
+			NOROUTES=Yes
+			option=${option#n}
+			;;
+		    *)
+			usage 1
+			;;
+		esac
+	    done
+	    shift
+	    ;;
+	*)
+	    finished=1
+            ;;
+    esac
+done
+
+if [ $# -ne 1 ]; then
+    usage 2
+else
+    COMMAND="$1"
+fi
+
+case "$COMMAND" in
+    start)
+	if shorewall_is_started; then
+	    error_message "Shorewall is already Running"
+	    status=1
+	else
+	    progress_message3 "Starting Shorewall...."
+	    define_firewall
+	    status=$?
+	    progress_message3 "done."
+	fi
+	;;
+    stop)
+	progress_message3 "Stopping Shorewall...."
+	stop_firewall
+	status=0
+	progress_message3 "done."
+	;;
+    restart)
+	if shorewall_is_started; then
+	    progress_message3 "Restarting Shorewall...."
+	else
+	    echo "Shorewall is not running" >&2
+	    progress_message3 "Starting Shorewall...."
+	fi
+
+	define_firewall
+	status=$?
+	progress_message3 "done."
+	;;
+    restore)
+	restore_firewall
+	status=$?
+	;;
+    clear)
+	progress_message3 "Clearing Shorewall...."
+	clear_firewall
+	status=0
+	progress_message3 "done."
+	;;
+    status)
+	echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
+	echo
+	if shorewall_is_started; then
+	    echo "Shorewall is running"
+	    status=0
+	else
+	    echo "Shorewall is stopped"
+	    status=4
+	fi
+
+	if [ -f /var/lib/shorewall/state ]; then
+	    state="$(cat /var/lib/shorewall/state)"
+	    case $state in
+		Stopped*|Clear*)
+		    status=3
+		    ;;
+	    esac
+	else
+	    state=Unknown
+	fi
+	echo "State:$state"
+	echo
+	;;
+    version)
+	echo $VERSION
+	status=0
+	;;
+    help)
+	usage 0
+	;;
+    *)
+	usage 2
+	;;
+esac
+
+exit $status

Shorewall/prog.header.suse

@@ -0,0 +1,59 @@
+#!/bin/sh
+RCDLINKS="2,S41 3,S41 6,K41"
+#
+#     Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2
+#
+#     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
+#
+#     (c) 2006 - Tom Eastep (teastep@shorewall.net)
+#
+#	On most distributions, this file should be called /etc/init.d/firewall.
+#
+#	Complete documentation is available at http://shorewall.net
+#
+#	This program is free software; you can redistribute it and/or modify
+#	it under the terms of Version 2 of the GNU General Public License
+#	as published by the Free Software Foundation.
+#
+#	This program is distributed in the hope that it will be useful,
+#	but WITHOUT ANY WARRANTY; without even the implied warranty of
+#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#	GNU General Public License for more details.
+#
+#	You should have received a copy of the GNU General Public License
+#	along with this program; if not, write to the Free Software
+#	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
+#
+#	If an error occurs while starting or restarting the firewall, the
+#	firewall is automatically restored if there is a current
+#	restore file (created by "shorewall save"). If there is no restore
+#	file, the firewall is stopped.
+#
+#	Options are:
+#
+#	    -n				  Don't alter Routing
+#	    -v and -q			  Standard Shorewall Verbosity control
+#
+#	Commands are:
+#
+#	   start			  Starts the firewall
+#	   restart			  Restarts the firewall
+#	   reload			  Reload the firewall
+#	   clear			  Removes all firewall rules
+#	   stop				  Stops the firewall
+#	   status			  Displays firewall status
+#	   version			  Displays the version of Shorewall that
+#	   				  generated this program
+#
+
+# chkconfig: 2345 25 90
+# description: Packet filtering firewall
+
+### BEGIN INIT INFO
+# Provides:	  firewall
+# Required-Start: $network
+# Required-Stop:
+# Default-Start:  2 3 5
+# Default-Stop:	  0 1 6
+# Description:	  starts and stops the shorewall-generated firewall
+### END INIT INFO

Shorewall/releasenotes.txt

@@ -66,7 +66,7 @@ Migration Considerations:
 	DNAT     Z1!Z2        loc:192.168.1.4        ...
 
     That syntax has never worked correctly when Z2 is a dynamic zone.
-    Furthermore, now that Shorewall supports exclusion lists the capability
+    Furthermore, now that Shorewall supports exclusion lists, the capability
     is redundant since the above rule can now be written in the form:
 
 	DNAT     Z1:!<list of exclusions>   loc:192.168.1.4   ...
@@ -78,12 +78,11 @@ New Features:
 
 1)  A new 'shorewall compile' command has been added.
 
-     shorewall compile [ -v ] [ -q ] [ -e ] [ <config directory> ] <script
+     shorewall compile [ -e ] [ -d <distro> ] [ <config directory> ] <script
 file>
 
     where:
 
-	-v and -q             are described elsewhere in this document.
 	-e                    Generates an error if the configuration uses
 	                      an option that would prevent the generated
 	                      script from running on a system other than
@@ -91,6 +90,22 @@ file>
 	                      additional consideration a) below).
 	                      Also allows the generated script to run
 	                      on a system without Shorewall installed.
+	-d <distribution>     Compile the script for execution on the
+	                      distribution specified by <distro>. Currently,
+	                      'suse' is the only valid <distro>.
+
+			      Note that specifying a distribution should
+			      only be required if you intend to install
+			      the compiled script in /etc/init.d on the
+			      target system.
+
+	                      Example:
+
+				shorewall compile -d suse foo
+
+			      Additional distributions are expected to be
+			      supported shortly.
+
 	<config directory>    Is an optional directory to be searched for
 	                      configuration files prior to those listed
 	                      in CONFIG_DIR in
@@ -120,6 +135,11 @@ file>
        1) The same version of Shorewall must be running on the remote system
           unless you use the "-e" option when you compile the script.
        2) The 'detectnets' interface option is not allowed.
+       3) You must supply the file /etc/shorewall/capabilities to provide
+          the compiler with knowledge of the capabilities of the system
+          where the script is to be run. The /etc/shorewall/capabilities
+          file included in this release includes instructions for its
+          use.
 
     b) If you have extension scripts, they may need modification. Some of
        the scripts will be run at compile time, rather than when the

Shorewall/shorewall

@@ -613,6 +613,7 @@ compile_command() {
 	option=$1
 	case $option in
 	    -*)
+		shift
 		option=${option#-}
 
 		[ -z "$option" ] && usage 1
@@ -623,6 +624,16 @@ compile_command() {
 			    EXPORT=Yes
 			    option=${option#e}
 			    ;;
+			d)
+			    [ -n "$DISTRIBUTION" -o $# -lt 2 ] && usage 2
+
+			    [ -f /usr/share/shorewall/prog.header.$1 -a -f /usr/share/shorewall/prog.footer.$1 ] || \
+				{ echo "Distribution $1 is not supported" >&2 && exit 2; }
+			    DISTRIBUTION=".$1"
+			    export DISTRIBUTION
+			    shift
+			    option=${option#d}
+			    ;;
 			-)
 			    finished=1
 			    option=
@@ -632,7 +643,6 @@ compile_command() {
 			    ;;
 		    esac
 		done
-		shift
 		;;
 	    *)
 		finished=1
@@ -1246,7 +1256,7 @@ usage() # $1 = exit status
     echo "   allow <address> ..."
     echo "   check [ <directory> ]"
     echo "   clear"
-    echo "   compile [ -e ] [ <directory name> ] <path name>"
+    echo "   compile [ -e ] [ -d <distribution> ] [ <directory name> ] <path name>"
     echo "   delete <interface>[:<host-list>] ... <zone>"
     echo "   drop <address> ..."
     echo "   dump [ -x ]"

Shorewall/shorewall.spec

@@ -165,6 +165,8 @@ fi
 %attr(0644,root,root) /usr/share/shorewall/macro.Whois
 %attr(0644,root,root) /usr/share/shorewall/prog.footer
 %attr(0644,root,root) /usr/share/shorewall/prog.header
+%attr(0644,root,root) /usr/share/shorewall/prog.footer.suse
+%attr(0644,root,root) /usr/share/shorewall/prog.header.suse
 %attr(0644,root,root) /usr/share/shorewall/rfc1918
 %attr(0644,root,root) /usr/share/shorewall/configpath