extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 08:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Deimplement distribution-specific compilation in favor of Shorewall Lite

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3979 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-03 17:05:43 +00:00
parent ca017e532b
commit 906f11c814
11 changed files with 20 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall/compiler
View File

@ -8081,16 +8081,11 @@ compile_firewall() # $1 = File Name
# #
__EOF__ __EOF__
if [ -n "$EXPORT" ]; then cat >&3 << __EOF__
cat /usr/share/shorewall/functions >&3
else
cat >&3 << __EOF__
. /usr/share/shorewall/functions . /usr/share/shorewall/functions
__EOF__ __EOF__
fi
compile_stop_firewall compile_stop_firewall
cat >&3 << __EOF__ cat >&3 << __EOF__
@ -8215,20 +8210,18 @@ initialize() {
__EOF__ __EOF__
INDENT=" " INDENT=" "
if [ -z "$EXPORT" ]; then cat >&3 << __EOF__
cat >&3 << __EOF__
if [ ! -f /usr/share/shorewall/version ]; then if [ ! -f /usr/share/shorewall/version ]; then
fatal_error "This script requires Shorewall which does not appear to be installed on this system" fatal_error "This script requires Shorewall or Shorewall Lite which do not appear to be installed on this system"
fi fi
local version=\$(cat /usr/share/shorewall/version) local version=\$(cat /usr/share/shorewall/version)
if [ \${LIBVERSION:-0} -lt 30191 ]; then if [ \${LIBVERSION:-0} -lt 30191 ]; then
fatal_error "This script requires Shorewall version 3.2.0-Beta7 or later; current version is \$version" fatal_error "This script requires Shorewall [Lite] version 3.2.0-Beta7 or later; current version is \$version"
fi fi
__EOF__ __EOF__
fi
cat >&3 << __EOF__ cat >&3 << __EOF__
# #
@ -8456,7 +8449,7 @@ __EOF__
progress_message3 "Shorewall configuration verified" progress_message3 "Shorewall configuration verified"
else else
INDENT= INDENT=
cat $(find_file prog.header${DISTRIBUTION}) $OUTPUT $(find_file prog.footer${DISTRIBUTION}) > $outfile cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
chmod 700 $outfile chmod 700 $outfile
progress_message3 "Shorewall configuration compiled to $outfile" progress_message3 "Shorewall configuration compiled to $outfile"
rm -f $OUTPUT rm -f $OUTPUT

15
Shorewall/help
View File

@ -92,7 +92,7 @@ clear)
;; ;;
compile) compile)
echo "compile: compile [ -e ] [ -d <distro> ] [ <directory name> ] <path name> echo "compile: compile [ -e ] [ <directory name> ] <path name>
Compiles the current configuration into the executable file Compiles the current configuration into the executable file
<path name>. If <path name> names a file in /var/lib/shorewall then <path name>. If <path name> names a file in /var/lib/shorewall then
the file may be executed using the \"restore\" command. the file may be executed using the \"restore\" command.
@ -102,19 +102,6 @@ compile)
certain configuration options that require the script to be compiled certain configuration options that require the script to be compiled
where it is to be run. where it is to be run.
When -d <distribution> is given, the script is built for execution
on the distribution specified by <distro>. Currently supported
distributions are:
suse
redhat (which is also appropriate for Fedora Core and CentOS).
Usually specified together with -e.
Example:
shorewall compile -ed redhat foo
Additional distributions are expected to be supported shortly." Additional distributions are expected to be supported shortly."
;; ;;

137
Shorewall/prog.footer.debian
View File

@ -1,137 +0,0 @@
#
# Give Usage Information
#
usage() {
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|restart|status|version ]"
exit $1
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
initialize
#
# Start trace if first arg is "debug"
#
[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
[ -z "$option" ] && usage 1
while [ -n "$option" ]; do
case $option in
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
q*)
VERBOSE=$(($VERBOSE - 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
if [ $# -ne 1 ]; then
usage 2
else
COMMAND="$1"
fi
case "$COMMAND" in
start)
if shorewall_is_started; then
error_message "Shorewall is already Running"
status=1
else
progress_message3 "Starting Shorewall...."
define_firewall
status=$?
progress_message3 "done."
fi
;;
stop)
progress_message3 "Stopping Shorewall...."
stop_firewall
status=0
progress_message3 "done."
;;
restart)
if shorewall_is_started; then
progress_message3 "Restarting Shorewall...."
else
echo "Shorewall is not running" >&2
progress_message3 "Starting Shorewall...."
fi
define_firewall
status=$?
progress_message3 "done."
;;
restore)
restore_firewall
status=$?
;;
clear)
progress_message3 "Clearing Shorewall...."
clear_firewall
status=0
progress_message3 "done."
;;
status)
echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
echo
if shorewall_is_started; then
echo "Shorewall is running"
status=0
else
echo "Shorewall is stopped"
status=4
fi
if [ -f /var/lib/shorewall/state ]; then
state="$(cat /var/lib/shorewall/state)"
case $state in
Stopped*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
;;
version)
echo $VERSION
status=0
;;
help)
usage 0
;;
*)
usage 2
;;
esac
exit $status

160
Shorewall/prog.footer.redhat
View File

@ -1,160 +0,0 @@
#
# Give Usage Information
#
usage() {
echo $"Usage: $BASENAME [ -q ] [ -v ] [ -n ] {start|stop|clear|restart|condrestart|status|version}"
exit $1
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
initialize
#
# Start trace if first arg is "debug"
#
[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
[ -z "$option" ] && usage 1
while [ -n "$option" ]; do
case $option in
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
q*)
VERBOSE=$(($VERBOSE - 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
if [ $# -ne 1 ]; then
usage 2
else
COMMAND="$1"
fi
case "$COMMAND" in
start)
if shorewall_is_started; then
echo -n $"$BASENAME already running."
echo_failure
echo
status=1
else
echo -n $"Starting $BASENAME: "
define_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
[ $status -eq 0 ] && echo_success || echo_failure
echo
fi
;;
stop)
echo -n $"Shutting down $BASENAME: "
stop_firewall
status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
echo_success
echo
;;
restart)
if shorewall_is_started; then
echo -n $"Restarting $BASENAME: "
else
echo -n $"Starting $BASENAME: "
fi
define_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
[ $status -eq 0 ] && echo_success || echo_failure
echo
;;
condrestart)
if shorewall_is_started; then
echo -n $"Restarting $BASENAME: "
define_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
[ $status -eq 0 ] && echo_success || echo_failure
echo
fi
;;
restore)
echo -n $"Restoring $BASENAME: "
restore_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
[ $status -eq 0 ] && echo_success || echo_failure
echo
;;
clear)
echo -n $"Clearing $BASENAME: "
clear_firewall
status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
echo_success
echo
;;
status)
echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
echo
if shorewall_is_started; then
echo "Shorewall is running"
status=0
else
echo "Shorewall is stopped"
status=4
fi
if [ -f /var/lib/shorewall/state ]; then
state="$(cat /var/lib/shorewall/state)"
case $state in
Stopped*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
;;
version)
echo $VERSION
status=0
;;
help)
usage 0
;;
*)
usage 2
;;
esac
exit $status

141
Shorewall/prog.footer.suse
View File

@ -1,141 +0,0 @@
#
# Give Usage Information
#
usage() {
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|restart|status|version ]"
exit $1
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
initialize
#
# Start trace if first arg is "debug"
#
[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
[ -z "$option" ] && usage 1
while [ -n "$option" ]; do
case $option in
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
q*)
VERBOSE=$(($VERBOSE - 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
if [ $# -ne 1 ]; then
usage 2
else
COMMAND="$1"
fi
case "$COMMAND" in
start)
if shorewall_is_started; then
error_message "Shorewall is already Running"
status=1
else
progress_message3 "Starting Shorewall...."
define_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
progress_message3 "done."
fi
;;
stop)
progress_message3 "Stopping Shorewall...."
stop_firewall
status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
progress_message3 "done."
;;
restart)
if shorewall_is_started; then
progress_message3 "Restarting Shorewall...."
else
echo "Shorewall is not running" >&2
progress_message3 "Starting Shorewall...."
fi
define_firewall
status=$?
progress_message3 "done."
;;
restore)
restore_firewall
status=$?
[ $status = 0 -a -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
;;
clear)
progress_message3 "Clearing Shorewall...."
clear_firewall
status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
progress_message3 "done."
;;
status)
echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
echo
if shorewall_is_started; then
echo "Shorewall is running"
status=0
else
echo "Shorewall is stopped"
status=4
fi
if [ -f /var/lib/shorewall/state ]; then
state="$(cat /var/lib/shorewall/state)"
case $state in
Stopped*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
;;
version)
echo $VERSION
status=0
;;
help)
usage 0
;;
*)
usage 2
;;
esac
exit $status

25
Shorewall/prog.header.debian
View File

@ -1,25 +0,0 @@
#!/bin/sh
#
# Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
#
#
# Options are:
#
# -n Don't alter Routing
# -v and -q Standard Shorewall Verbosity control
#
# Commands are:
#
# start Starts the firewall
# restart Restarts the firewall
# reload Reload the firewall
# clear Removes all firewall rules
# stop Stops the firewall
# status Displays firewall status
# version Displays the version of Shorewall that
# generated this program
#

45
Shorewall/prog.header.redhat
View File

@ -1,45 +0,0 @@
#!/bin/sh
#
# chkconfig: 2345 25 90
#
# description: Firewall script for configuring Netfilter generated by \
# the Shoreline Firewall.
#
# Options are:
#
# -n Don't alter Routing
# -v and -q Standard Shorewall Verbosity control
#
# Commands are:
#
# start Starts the firewall
# restart Restarts the firewall
# reload Reload the firewall
# clear Removes all firewall rules
# stop Stops the firewall
# status Displays firewall status
# version Displays the version of Shorewall that
# generated this program
# Source function library
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# This is our service name
BASENAME=$(basename $0)
if [ -L $0 ]; then
BASENAME=$(find $0 -name $BASENAME -printf %l)
BASENAME=$(basename $BASENAME)
fi

59
Shorewall/prog.header.suse
View File

@ -1,59 +0,0 @@
#!/bin/sh
RCDLINKS="2,S41 3,S41 6,K41"
#
# Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
#
# On most distributions, this file should be called /etc/init.d/firewall.
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically restored if there is a current
# restore file (created by "shorewall save"). If there is no restore
# file, the firewall is stopped.
#
# Options are:
#
# -n Don't alter Routing
# -v and -q Standard Shorewall Verbosity control
#
# Commands are:
#
# start Starts the firewall
# restart Restarts the firewall
# reload Reload the firewall
# clear Removes all firewall rules
# stop Stops the firewall
# status Displays firewall status
# version Displays the version of Shorewall that
# generated this program
#
# chkconfig: 2345 25 90
# description: Packet filtering firewall
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall-generated firewall
### END INIT INFO

72
Shorewall/releasenotes.txt
View File

@ -37,7 +37,9 @@ None.
Other changes in 3.2.0 RC 1 Other changes in 3.2.0 RC 1
None. 1) Support for distribution-specific compilation has been removed. In
it's place, a new "Shorewall Lite" product has been created. See
the Shorewall Lite documentation for details.
Migration Considerations: Migration Considerations:
@ -191,39 +193,17 @@ New Features:
2) A new 'shorewall compile' command has been added. 2) A new 'shorewall compile' command has been added.
shorewall compile [ -e ] [ -d <distro> ] [ <config directory> ] <script file> shorewall compile [ -e ] [ <config directory> ] <script file>
where: where:
-e Allows the generated script to run -e Allows the generated script to run
on a system without Shorewall installed. on a system with Shorewall Lite installed.
Generates an error if the configuration uses Generates an error if the configuration uses
an option that would prevent the generated an option that would prevent the generated
script from running on a system other than script from running on a system other than
where the 'compile' command is running (see where the 'compile' command is running (see
additional consideration a) below). additional consideration a) below).
-d <distro> Compile the script for execution on the
distribution specified by <distro>. Currently,
the supported distributions are:
suse
redhat (which includes Fedora Core and
CentOS).
debian
Note that specifying a distribution should
only be required if you intend to install
the compiled script in /etc/init.d on the
target system and the target system runs
a distribution different from the system
where you are doing your compiles.
Example:
shorewall compile -e -d redhat foo
Additional distributions are expected to be
supported shortly.
<config directory> Is an optional directory to be searched for <config directory> Is an optional directory to be searched for
configuration files prior to those listed configuration files prior to those listed
@ -252,55 +232,29 @@ New Features:
generated script on another system but there are certain generated script on another system but there are certain
limitations. limitations.
1) A compatible version of Shorewall must be running on the remote 1) A compatible version of Shorewall Lite must be running on the remote
system unless you use the "-e" option when you compile the script. system.
Currently, "compatible" means Shorewall 3.1.5 or later.
2) The 'detectnets' interface option is not allowed. 2) The 'detectnets' interface option is not allowed.
3) You must supply the file /etc/shorewall/capabilities to provide 3) You must supply the file /etc/shorewall/capabilities to provide
the compiler with knowledge of the capabilities of the system the compiler with knowledge of the capabilities of the system
where the script is to be run. The /etc/shorewall/capabilities where the script is to be run. See below.
file included in this release includes instructions for its
use. Also, find information below about how to create the
file using the 'shorecap' program.
4) If your /etc/shorewall/params file contains code other than simple 4) If your /etc/shorewall/params file contains code other than simple
assignment statements with contant values, then you should move assignment statements with contant values, then you should move
that code to /etc/shorewall/init. That way, the code will be that code to /etc/shorewall/init. That way, the code will be
executed on the target system when the compiled script is run rather executed on the target system when the compiled script is run and
than on the local system at compile time. not on the local system at compile time.
b) If you run the "shorewall compile" or "shorewall check" commands under b) If you run the "shorewall compile" or "shorewall check" commands under
a user other than 'root', then you must supply a user other than 'root', then you must supply
/etc/shorewall/capabilities. /etc/shorewall/capabilities.
c) To aid in building /etc/shorewall/capabilities, a 'shorecap' program c) To aid in building /etc/shorewall/capabilities, a 'shorecap' program
is provided. The program is installed in the /usr/share/shorewall/ is provided in the Shorewall Lite package and is installed in
directory. /usr/share/shorewall/shorecap when you install Shorewall Lite.
The program can be copied to the target system and run there to
produce a capabilities file taylored for that system. The capabilities
file can then be copied to the local system where it can be used
when compiling firewall programs targeted for the remote system.
For instructions about running shorecap, see the comments at the For instructions about running shorecap, see the comments at the
top of the program file (it's a simple shell script). top of the program file (it's a simple shell script).
Compilation generates a complete program. This program is suitable for
installation into /etc/init.d and, when generated with the "-e" option,
can serve as your firewall on a system that doesn't even have Shorewall
installed.
The generated program supports the following commands:
<program> [ -q ] [ -v ] [ -n ] start
<program> [ -q ] [ -v ] [ -n ] stop
<program> [ -q ] [ -v ] [ -n ] clear
<program> [ -q ] [ -v ] [ -n ] restart
<program> [ -q ] [ -v ] [ -n ] status
<program> [ -q ] [ -v ] [ -n ] version
The options have the same meaning as they do with /sbin/shorewall
(see above).
The "shorewall start" and "shorewall restart" commands have been The "shorewall start" and "shorewall restart" commands have been
rewritten to use compilation. They both compile a temporary program rewritten to use compilation. They both compile a temporary program
then run it. This results in a slightly longer elapsed time than the then run it. This results in a slightly longer elapsed time than the
@ -354,7 +308,7 @@ New Features:
As a final part of this change, the "check" command now compiles the As a final part of this change, the "check" command now compiles the
current configuration and writes the compiled output to /dev/null. So current configuration and writes the compiled output to /dev/null. So
"check" performs all of the same checks that compile does. Note that "check" performs all of the same valication that compile does. Note that
there is still no guarantee that the generated script won't encounter there is still no guarantee that the generated script won't encounter
run-time errors. run-time errors.

12
Shorewall/shorewall
View File

@ -641,16 +641,6 @@ compile_command() {
EXPORT=Yes EXPORT=Yes
option=${option#e} option=${option#e}
;; ;;
d)
[ -n "$DISTRIBUTION" -o $# -lt 2 ] && usage 2
[ -f /usr/share/shorewall/prog.header.$1 -a -f /usr/share/shorewall/prog.footer.$1 ] || \
{ echo "Distribution $1 is not supported" >&2 && exit 2; }
DISTRIBUTION=".$1"
export DISTRIBUTION
shift
option=${option#d}
;;
-) -)
finished=1 finished=1
option= option=
@ -1307,7 +1297,7 @@ usage() # $1 = exit status
echo " allow <address> ..." echo " allow <address> ..."
echo " check [ -e ] [ <directory> ]" echo " check [ -e ] [ <directory> ]"
echo " clear" echo " clear"
echo " compile [ -e ] [ -d <distribution> ] [ <directory name> ] <path name>" echo " compile [ -e ] [ <directory name> ] <path name>"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"

6
Shorewall/shorewall.spec
View File

@ -168,12 +168,6 @@ fi
%attr(0644,root,root) /usr/share/shorewall/modules %attr(0644,root,root) /usr/share/shorewall/modules
%attr(0644,root,root) /usr/share/shorewall/prog.footer %attr(0644,root,root) /usr/share/shorewall/prog.footer
%attr(0644,root,root) /usr/share/shorewall/prog.header %attr(0644,root,root) /usr/share/shorewall/prog.header
%attr(0644,root,root) /usr/share/shorewall/prog.footer.debian
%attr(0644,root,root) /usr/share/shorewall/prog.header.debian
%attr(0644,root,root) /usr/share/shorewall/prog.footer.redhat
%attr(0644,root,root) /usr/share/shorewall/prog.header.redhat
%attr(0644,root,root) /usr/share/shorewall/prog.footer.suse
%attr(0644,root,root) /usr/share/shorewall/prog.header.suse
%attr(0644,root,root) /usr/share/shorewall/rfc1918 %attr(0644,root,root) /usr/share/shorewall/rfc1918
%attr(0644,root,root) /usr/share/shorewall/configpath %attr(0644,root,root) /usr/share/shorewall/configpath
%attr(0644,root,root) /usr/share/shorewall/xmodules %attr(0644,root,root) /usr/share/shorewall/xmodules