mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-11 16:18:13 +01:00
Implement library load on demand
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4400 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6ab40df245
commit
94ad76f97d
@ -235,8 +235,6 @@ setup_accounting() # $1 = Name of accounting file
|
|||||||
|
|
||||||
save_progress_message "Setting up Accounting..."
|
save_progress_message "Setting up Accounting..."
|
||||||
|
|
||||||
strip_file accounting $1
|
|
||||||
|
|
||||||
while read action chain source dest proto port sport user ; do
|
while read action chain source dest proto port sport user ; do
|
||||||
expandv action chain source dest proto port sport user
|
expandv action chain source dest proto port sport user
|
||||||
process_accounting_rule
|
process_accounting_rule
|
||||||
|
@ -38,8 +38,6 @@ setup_ecn() # $1 = file name
|
|||||||
local hosts=
|
local hosts=
|
||||||
local h
|
local h
|
||||||
|
|
||||||
strip_file ecn $1
|
|
||||||
|
|
||||||
progress_message2 "$DOING $1..."
|
progress_message2 "$DOING $1..."
|
||||||
|
|
||||||
while read interface host; do
|
while read interface host; do
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Shorewall 3.2 -- /usr/share/shorewall/clib.proxyarp
|
# Shorewall 3.2 -- /usr/share/shorewall/clib.maclist
|
||||||
#
|
#
|
||||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||||
#
|
#
|
||||||
|
@ -302,8 +302,6 @@ __EOF__
|
|||||||
default_number=253
|
default_number=253
|
||||||
unspec_number=0
|
unspec_number=0
|
||||||
|
|
||||||
strip_file providers $1
|
|
||||||
|
|
||||||
if [ -s $TMP_DIR/providers ]; then
|
if [ -s $TMP_DIR/providers ]; then
|
||||||
balance=
|
balance=
|
||||||
|
|
||||||
|
@ -48,8 +48,6 @@ setup_tc1() {
|
|||||||
#
|
#
|
||||||
# Process the TC Rules File
|
# Process the TC Rules File
|
||||||
#
|
#
|
||||||
strip_file tcrules
|
|
||||||
|
|
||||||
while read mark sources dests proto ports sports user testval length tos; do
|
while read mark sources dests proto ports sports user testval length tos; do
|
||||||
expandv mark sources dests proto ports sports user testval length tos
|
expandv mark sources dests proto ports sports user testval length tos
|
||||||
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
|
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
|
||||||
|
@ -198,8 +198,6 @@ process_tos() # $1 = name of tos file
|
|||||||
{
|
{
|
||||||
progress_message2 "$DOING $1..."
|
progress_message2 "$DOING $1..."
|
||||||
|
|
||||||
strip_file tos $1
|
|
||||||
|
|
||||||
if [ -s $TMP_DIR/tos ] ; then
|
if [ -s $TMP_DIR/tos ] ; then
|
||||||
createmanglechain pretos
|
createmanglechain pretos
|
||||||
createmanglechain outtos
|
createmanglechain outtos
|
||||||
|
@ -102,7 +102,6 @@ setup_ipsec() {
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
f=$IPSECFILE
|
f=$IPSECFILE
|
||||||
strip_file $f
|
|
||||||
progress_message2 "$DOING $f..."
|
progress_message2 "$DOING $f..."
|
||||||
using_ipsec=Yes
|
using_ipsec=Yes
|
||||||
;;
|
;;
|
||||||
@ -476,8 +475,6 @@ setup_tunnels() # $1 = name of tunnels file
|
|||||||
progress_message_and_save " GENERIC tunnel to $1:$p defined."
|
progress_message_and_save " GENERIC tunnel to $1:$p defined."
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_file tunnels $1
|
|
||||||
|
|
||||||
while read kind z gateway z1; do
|
while read kind z gateway z1; do
|
||||||
expandv kind z gateway z1
|
expandv kind z gateway z1
|
||||||
tunnel="$(echo $kind $z $gateway $z1)"
|
tunnel="$(echo $kind $z $gateway $z1)"
|
||||||
@ -594,8 +591,6 @@ setup_tunnels() # $1 = name of tunnels file
|
|||||||
progress_message_and_save " GENERIC tunnel to $1:$p defined."
|
progress_message_and_save " GENERIC tunnel to $1:$p defined."
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_file tunnels $1
|
|
||||||
|
|
||||||
while read kind z gateway z1; do
|
while read kind z gateway z1; do
|
||||||
expandv kind z gateway z1
|
expandv kind z gateway z1
|
||||||
tunnel="$(echo $kind $z $gateway $z1)"
|
tunnel="$(echo $kind $z $gateway $z1)"
|
||||||
|
@ -40,6 +40,7 @@
|
|||||||
# SHOREWALL_DIR A directory name was passed to /sbin/shorewall
|
# SHOREWALL_DIR A directory name was passed to /sbin/shorewall
|
||||||
# VERBOSE Standard Shorewall verbosity control.
|
# VERBOSE Standard Shorewall verbosity control.
|
||||||
|
|
||||||
|
#
|
||||||
# Fatal error -- stops the compiler after issuing the error message
|
# Fatal error -- stops the compiler after issuing the error message
|
||||||
#
|
#
|
||||||
fatal_error() # $* = Error Message
|
fatal_error() # $* = Error Message
|
||||||
@ -51,6 +52,36 @@ fatal_error() # $* = Error Message
|
|||||||
exit 2
|
exit 2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Load a compile-time library
|
||||||
|
#
|
||||||
|
clib_load() # $1 = library name, $2=name of 'loaded' symbol, $3-n = Fatal Error Message
|
||||||
|
{
|
||||||
|
eval local loaded="\$${2}"
|
||||||
|
|
||||||
|
local clib=${SHAREDIR}/clib.${1}
|
||||||
|
|
||||||
|
if [ -z "$loaded" ]; then
|
||||||
|
if [ -x $clib ]; then
|
||||||
|
. $clib
|
||||||
|
else
|
||||||
|
shift 2
|
||||||
|
fatal_error "$@"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
try_clib_load() # $1 = library name, $2=name of 'loaded' symbol
|
||||||
|
{
|
||||||
|
eval local loaded="\$${2}"
|
||||||
|
|
||||||
|
local clib=${SHAREDIR}/clib.${1}
|
||||||
|
|
||||||
|
if [ -z "$loaded" ]; then
|
||||||
|
[ -x $clib ] && . $clib
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Write the passed args to the compiler output file.
|
# Write the passed args to the compiler output file.
|
||||||
#
|
#
|
||||||
@ -460,8 +491,6 @@ determine_zones()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_file zones
|
|
||||||
|
|
||||||
ZONES=
|
ZONES=
|
||||||
IPV4_ZONES=
|
IPV4_ZONES=
|
||||||
IPSEC_ZONES=
|
IPSEC_ZONES=
|
||||||
@ -511,7 +540,7 @@ determine_zones()
|
|||||||
ipsec|IPSEC|ipsec4|IPSEC4)
|
ipsec|IPSEC|ipsec4|IPSEC4)
|
||||||
list_search $zone $ZONES $FW && fatal_error "Zone $zone is defined more than once"
|
list_search $zone $ZONES $FW && fatal_error "Zone $zone is defined more than once"
|
||||||
[ -n "$POLICY_MATCH" ] || fatal_error "Your kernel and/or iptables does not support policy match"
|
[ -n "$POLICY_MATCH" ] || fatal_error "Your kernel and/or iptables does not support policy match"
|
||||||
[ -n "$CLIB_TUNNELS_LOADED" ] || fatal_error "Shorewall clib.tunnels module not loaded"
|
clib_load tunnels CLIB_TUNNELS_LOADED "The $type zone type requires Shorewall compiler module clib.tunnels which is not installed"
|
||||||
eval ${zone}_is_ipsec=Yes
|
eval ${zone}_is_ipsec=Yes
|
||||||
eval ${zone}_is_complex=Yes
|
eval ${zone}_is_complex=Yes
|
||||||
merge_zone
|
merge_zone
|
||||||
@ -1116,12 +1145,10 @@ validate_hosts_file() {
|
|||||||
norfc1918|blacklist|tcpflags|nosmurfs|-)
|
norfc1918|blacklist|tcpflags|nosmurfs|-)
|
||||||
;;
|
;;
|
||||||
maclist)
|
maclist)
|
||||||
[ -n "$CLIB_MACLIST_LOADED" ] || \
|
clib_load maclist CLIB_MACLIST_LOADED "The maclist host option requires Shorewall compiler module clib.maclist which is not installed"
|
||||||
fatal_error "Shorewall module clib.maclist not loaded"
|
|
||||||
;;
|
;;
|
||||||
ipsec)
|
ipsec)
|
||||||
[ -n "$CLIB_TUNNELS_LOADED" ] || \
|
clib_load tunnels CLIB_TUNNELS_LOADED "The ipsec host option requires Shorewall compiler module clib.tunnels which is not installed"
|
||||||
fatal_error "Shorewall module clib.tunnels not loaded"
|
|
||||||
[ -n "$POLICY_MATCH" ] || \
|
[ -n "$POLICY_MATCH" ] || \
|
||||||
fatal_error "Your kernel and/or iptables does not support policy match: ipsec"
|
fatal_error "Your kernel and/or iptables does not support policy match: ipsec"
|
||||||
eval ${z}_ipsec_hosts=\"\$${z}_ipsec_hosts $interface:$host\"
|
eval ${z}_ipsec_hosts=\"\$${z}_ipsec_hosts $interface:$host\"
|
||||||
@ -1209,8 +1236,6 @@ validate_policy()
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
strip_file policy
|
|
||||||
|
|
||||||
while read client server policy loglevel synparams; do
|
while read client server policy loglevel synparams; do
|
||||||
expandv client server policy loglevel synparams
|
expandv client server policy loglevel synparams
|
||||||
|
|
||||||
@ -1505,8 +1530,6 @@ process_criticalhosts()
|
|||||||
{
|
{
|
||||||
local hosts= interface host h options networks criticalhosts=
|
local hosts= interface host h options networks criticalhosts=
|
||||||
|
|
||||||
[ -f $TMP_DIR/routestopped ] || strip_file routestopped
|
|
||||||
|
|
||||||
while read interface host options; do
|
while read interface host options; do
|
||||||
expandv interface host options
|
expandv interface host options
|
||||||
|
|
||||||
@ -2456,10 +2479,6 @@ process_actions1() {
|
|||||||
|
|
||||||
USEDACTIONS=
|
USEDACTIONS=
|
||||||
|
|
||||||
strip_file actions
|
|
||||||
|
|
||||||
strip_file actions.std ${SHAREDIR}/actions.std
|
|
||||||
|
|
||||||
for inputfile in actions.std actions; do
|
for inputfile in actions.std actions; do
|
||||||
while read xaction rest; do
|
while read xaction rest; do
|
||||||
[ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"
|
[ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"
|
||||||
@ -2506,6 +2525,7 @@ process_actions1() {
|
|||||||
eval requiredby=\"\$requiredby_${xaction}\"
|
eval requiredby=\"\$requiredby_${xaction}\"
|
||||||
list_search $xtarget $requiredby || eval requiredby_${xaction}=\"$requiredby $xtarget\"
|
list_search $xtarget $requiredby || eval requiredby_${xaction}=\"$requiredby $xtarget\"
|
||||||
else
|
else
|
||||||
|
try_clib_load macros CLIB_MACROS_LOADED
|
||||||
if [ -n "$CLIB_MACROS_LOADED" ]; then
|
if [ -n "$CLIB_MACROS_LOADED" ]; then
|
||||||
verify_macro_from_action
|
verify_macro_from_action
|
||||||
else
|
else
|
||||||
@ -3900,6 +3920,8 @@ process_rules()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
try_clib_load macros CLIB_MACROS_LOADED
|
||||||
|
|
||||||
if [ -n "$CLIB_MACROS_LOADED" ]; then
|
if [ -n "$CLIB_MACROS_LOADED" ]; then
|
||||||
f=macro.$xtarget1
|
f=macro.$xtarget1
|
||||||
|
|
||||||
@ -3918,7 +3940,7 @@ process_rules()
|
|||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
rule="$xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec"
|
rule="$xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec"
|
||||||
fatal_error "Invalid Action in rule \"$rule\""
|
fatal_error "Invalid Action in rule \"$rule\" (do you need the clib.macros Shorewall compile-time library?)"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
@ -4537,8 +4559,6 @@ __EOF__
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_file masq $1
|
|
||||||
|
|
||||||
if [ -n "$NAT_ENABLED" ]; then
|
if [ -n "$NAT_ENABLED" ]; then
|
||||||
progress_message2 "$DOING Masquerading/SNAT"
|
progress_message2 "$DOING Masquerading/SNAT"
|
||||||
save_progress_message "Setting up Masquerading/SNAT..."
|
save_progress_message "Setting up Masquerading/SNAT..."
|
||||||
@ -4654,15 +4674,12 @@ process_blacklist_rec() {
|
|||||||
#
|
#
|
||||||
setup_blacklist() {
|
setup_blacklist() {
|
||||||
local hosts="$(find_hosts_by_option blacklist)"
|
local hosts="$(find_hosts_by_option blacklist)"
|
||||||
local f=$(find_file blacklist)
|
|
||||||
local disposition=$BLACKLIST_DISPOSITION
|
local disposition=$BLACKLIST_DISPOSITION
|
||||||
local ipsec policy
|
local ipsec policy
|
||||||
|
|
||||||
if [ -n "$hosts" -a -f $f ]; then
|
if [ -n "$hosts" -a -s $TMP_DIR/blacklist ]; then
|
||||||
progress_message2 "$DOING Blacklisting..."
|
progress_message2 "$DOING Blacklisting..."
|
||||||
|
|
||||||
strip_file blacklist $f
|
|
||||||
|
|
||||||
createchain blacklst no
|
createchain blacklst no
|
||||||
|
|
||||||
[ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state=
|
[ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state=
|
||||||
@ -4698,14 +4715,11 @@ setup_blacklist() {
|
|||||||
# Refresh the Black List
|
# Refresh the Black List
|
||||||
#
|
#
|
||||||
refresh_blacklist() {
|
refresh_blacklist() {
|
||||||
local f=$(find_file blacklist)
|
|
||||||
local disposition=$BLACKLIST_DISPOSITION
|
local disposition=$BLACKLIST_DISPOSITION
|
||||||
|
|
||||||
progress_message2 "$DOING Black List..."
|
progress_message2 "$DOING Black List..."
|
||||||
save_progress_message "Loading Black List..."
|
save_progress_message "Loading Black List..."
|
||||||
|
|
||||||
strip_file blacklist $f
|
|
||||||
|
|
||||||
[ "$disposition" = REJECT ] && disposition=reject
|
[ "$disposition" = REJECT ] && disposition=reject
|
||||||
|
|
||||||
run_iptables -F blacklst
|
run_iptables -F blacklst
|
||||||
@ -4720,13 +4734,10 @@ refresh_blacklist() {
|
|||||||
# Verify the Black List
|
# Verify the Black List
|
||||||
#
|
#
|
||||||
validate_blacklist() {
|
validate_blacklist() {
|
||||||
local f=$(find_file blacklist)
|
|
||||||
local disposition=$BLACKLIST_DISPOSITION
|
local disposition=$BLACKLIST_DISPOSITION
|
||||||
|
|
||||||
progress_message2 "Checking Black List..."
|
progress_message2 "Checking Black List..."
|
||||||
|
|
||||||
strip_file blacklist $f
|
|
||||||
|
|
||||||
[ "$disposition" = REJECT ] && disposition=reject
|
[ "$disposition" = REJECT ] && disposition=reject
|
||||||
|
|
||||||
while read networks protocol ports; do
|
while read networks protocol ports; do
|
||||||
@ -4809,12 +4820,6 @@ initialize_netfilter () {
|
|||||||
# accepting new connections.
|
# accepting new connections.
|
||||||
#
|
#
|
||||||
|
|
||||||
strip_file rules
|
|
||||||
[ -n "$CLIB_PROXYARP_LOADED" ] && strip_file proxyarp
|
|
||||||
[ -n "$CLIB_MACLIST_LOADED" ] && strip_file maclist
|
|
||||||
strip_file nat
|
|
||||||
strip_file netmap
|
|
||||||
|
|
||||||
progress_message2 "Pre-processing Actions..."
|
progress_message2 "Pre-processing Actions..."
|
||||||
process_actions1
|
process_actions1
|
||||||
|
|
||||||
@ -4847,7 +4852,7 @@ initialize_netfilter () {
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -n "$CLIB_TCRULES_LOADED" ] && [ -n "$CLEAR_TC" ] && delete_tc
|
[ -n "$CLIB_TCRULES_LOADED" -a -n "$CLEAR_TC" ] && delete_tc
|
||||||
|
|
||||||
progress_message2 "Deleting user chains..."
|
progress_message2 "Deleting user chains..."
|
||||||
|
|
||||||
@ -4909,8 +4914,6 @@ initialize_netfilter () {
|
|||||||
|
|
||||||
progress_message2 "$DOING $f ..."
|
progress_message2 "$DOING $f ..."
|
||||||
|
|
||||||
strip_file routestopped $f
|
|
||||||
|
|
||||||
process_routestopped -A
|
process_routestopped -A
|
||||||
|
|
||||||
if [ -n "$DISABLE_IPV6" ]; then
|
if [ -n "$DISABLE_IPV6" ]; then
|
||||||
@ -4935,8 +4938,7 @@ initialize_netfilter () {
|
|||||||
|
|
||||||
if [ -n "$CLIB_ACCOUNTING_LOADED" ]; then
|
if [ -n "$CLIB_ACCOUNTING_LOADED" ]; then
|
||||||
accounting_file=$(find_file accounting)
|
accounting_file=$(find_file accounting)
|
||||||
|
setup_accounting $accounting_file
|
||||||
[ -f $accounting_file ] && setup_accounting $accounting_file
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
createchain reject no
|
createchain reject no
|
||||||
@ -5125,8 +5127,6 @@ __EOF__
|
|||||||
|
|
||||||
save_progress_message "Setting up RFC1918 Filtering..."
|
save_progress_message "Setting up RFC1918 Filtering..."
|
||||||
|
|
||||||
strip_file rfc1918
|
|
||||||
|
|
||||||
createchain norfc1918 no
|
createchain norfc1918 no
|
||||||
|
|
||||||
createchain rfc1918 no
|
createchain rfc1918 no
|
||||||
@ -6423,11 +6423,9 @@ __EOF__
|
|||||||
|
|
||||||
if [ -n "$CLIB_TUNNELS_LOADED" ]; then
|
if [ -n "$CLIB_TUNNELS_LOADED" ]; then
|
||||||
tunnels=$(find_file tunnels)
|
tunnels=$(find_file tunnels)
|
||||||
if [ -f $tunnels ]; then
|
progress_message2 "$DOING $tunnels..."
|
||||||
progress_message2 "$DOING $tunnels..."
|
save_progress_message "Setting up Tunnels..."
|
||||||
save_progress_message "Setting up Tunnels..."
|
setup_tunnels $tunnels
|
||||||
setup_tunnels $tunnels
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
save_progress_message "Setting up Actions..."
|
save_progress_message "Setting up Actions..."
|
||||||
@ -6475,13 +6473,15 @@ __EOF__
|
|||||||
save_command add_ip_aliases $ALIASES_TO_ADD
|
save_command add_ip_aliases $ALIASES_TO_ADD
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$CLIB_PROXYARP_LOADED" ]; then
|
files="zones nat"
|
||||||
for file in chains nat proxyarp zones; do
|
|
||||||
save_command "cat > \${VARDIR}/$file $LEFTSHIFT __EOF__"
|
[ -n "$CLIB_PROXYARP_LOADED" ] && files="$files proxyarp"
|
||||||
cat $STATEDIR/$file >&3
|
|
||||||
save_command_unindented __EOF__
|
for file in chains $files; do
|
||||||
done
|
save_command "cat > \${VARDIR}/$file $LEFTSHIFT __EOF__"
|
||||||
fi
|
cat $STATEDIR/$file >&3
|
||||||
|
save_command_unindented __EOF__
|
||||||
|
done
|
||||||
|
|
||||||
cat >&3 << __EOF__
|
cat >&3 << __EOF__
|
||||||
|
|
||||||
@ -6737,18 +6737,6 @@ do_initialize() {
|
|||||||
else
|
else
|
||||||
fatal_error "$FUNCTIONS does not exist!"
|
fatal_error "$FUNCTIONS does not exist!"
|
||||||
fi
|
fi
|
||||||
#
|
|
||||||
# Load compiler libraries
|
|
||||||
#
|
|
||||||
for clib in ${SHAREDIR}/clib.*; do
|
|
||||||
case $clib in
|
|
||||||
${SHAREDIR}/clib.\*)
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
. $clib
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
TMP_DIR=$(mktempdir)
|
TMP_DIR=$(mktempdir)
|
||||||
|
|
||||||
@ -6974,10 +6962,45 @@ do_initialize() {
|
|||||||
[ -n "${RESTOREFILE:=restore}" ]
|
[ -n "${RESTOREFILE:=restore}" ]
|
||||||
|
|
||||||
#
|
#
|
||||||
# Strip the files that we use often
|
# Strip the files and load modules
|
||||||
#
|
#
|
||||||
|
strip_file zones
|
||||||
|
strip_file policy
|
||||||
strip_file interfaces
|
strip_file interfaces
|
||||||
strip_file hosts
|
strip_file hosts
|
||||||
|
strip_file routestopped
|
||||||
|
strip_file actions
|
||||||
|
strip_file actions.std ${SHAREDIR}/actions.std
|
||||||
|
strip_file masq
|
||||||
|
strip_file blacklist
|
||||||
|
strip_file rules
|
||||||
|
strip_file proxyarp
|
||||||
|
[ -s $TMP_DIR/proxyarp ] && clib_load proxyarp CLIB_PROXYARP_LOADED "Use of the proxyarp file requires the Shorewall clib.proxyarp modules which is not installed"
|
||||||
|
strip_file maclist
|
||||||
|
[ -s $TMP_DIR/maclist ] && clib_load maclist CLIB_MACLIST_LOADED "Use of the maclist file requires the Shorewall clib.maclist modules which is not installed"
|
||||||
|
strip_file nat
|
||||||
|
strip_file netmap
|
||||||
|
strip_file tcrules
|
||||||
|
if [ -s $TMP_DIR/tcrules ]; then
|
||||||
|
clib_load tcrules CLIB_TCRULES_LOADED "Entries in the tcrules file require Shorewall compiler module clib.tcrules which is not installed"
|
||||||
|
lib_load tcrules LIB_TCRULES_LOADED "Entries in the tcrules file require Shorewall library module lib.tcrules which is not installed"
|
||||||
|
fi
|
||||||
|
strip_file rfc1918
|
||||||
|
strip_file accounting
|
||||||
|
[ -s $TMP_DIR/accounting ] && clib_load accounting CLIB_ACCOUNTING_LOADED "Entries in the accounting file require Shorewall compiler module clib.accounting which is not installed"
|
||||||
|
strip_file ecn
|
||||||
|
[ -s $TMP_DIR/ecn ] && clib_load ecn CLIB_ECN_LOADED "Entries in the ecn file require Shorewall compiler module clib.ecn which is not installed"
|
||||||
|
strip_file providers
|
||||||
|
[ -s $TMP_DIR/providers ] && clib_load providers CLIB_PROVIDERS_LOADED "Entries in the providers file require Shorewall compiler module clib.providers which is not installed"
|
||||||
|
strip_file tos
|
||||||
|
[ -s $TMP_DIR/tos ] && clib_load tos CLIB_TOS_LOADED "Entries in the tos file require Shorewall compiler module clib.tos which is not installed"
|
||||||
|
strip_file ipsec
|
||||||
|
[ -s $TMP_DIR/ipsec ] && clib_load tunnels CLIB_TUNNELS_LOADED "Entries in the ipsec file require Shorewall compiler module clib.tunnels which is not installed"
|
||||||
|
strip_file tunnels
|
||||||
|
[ -s $TMP_DIR/tunnels ] && clib_load tunnels CLIB_TUNNELS_LOADED "Entries in the tunnels file require Shorewall compiler module clib.tunnels which is not installed"
|
||||||
|
strip_file tcdevices $devfile
|
||||||
|
[ -s $TMP_DIR/tcdevices ] && lib_load tc LIB_TC_LOADED "Entries in the tcdevices file require Shorewall library module lib.tc which is not installed"
|
||||||
|
strip_file tcclasses $classfile
|
||||||
#
|
#
|
||||||
# Check out the user's shell
|
# Check out the user's shell
|
||||||
#
|
#
|
||||||
|
@ -1578,16 +1578,26 @@ refresh_tc() {
|
|||||||
#
|
#
|
||||||
strip_file tcrules
|
strip_file tcrules
|
||||||
|
|
||||||
while read mark sources dests proto ports sports user testval; do
|
if [ -s $TMP_DIR/tcrules ]; then
|
||||||
expandv mark sources dests proto ports sports user testval tos
|
lib_load tcrules LIB_TCRULES_LOADED "Entries in the tcrules file require the Shorewall library lib.tcrules which is not installed"
|
||||||
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $tos")
|
|
||||||
process_tc_rule
|
while read mark sources dests proto ports sports user testval; do
|
||||||
done < $TMP_DIR/tcrules
|
expandv mark sources dests proto ports sports user testval tos
|
||||||
|
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $tos")
|
||||||
|
process_tc_rule
|
||||||
|
done < $TMP_DIR/tcrules
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "$TC_SCRIPT" ]; then
|
if [ -n "$TC_SCRIPT" ]; then
|
||||||
run_user_exit $TC_SCRIPT
|
run_user_exit $TC_SCRIPT
|
||||||
elif [ -n "$TC_ENABLED" ]; then
|
elif [ -n "$TC_ENABLED" ]; then
|
||||||
setup_traffic_shaping
|
strip_file tcdevices
|
||||||
|
strip_file tcclasses
|
||||||
|
|
||||||
|
if [ -s $TMP_DIR/tcdevices ]; then
|
||||||
|
lib_load tc LIB_TC_LOADED "Entries in the tcdevices file require the Shorewall library lib.tc which is not installed"
|
||||||
|
setup_traffic_shaping
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -1615,6 +1625,8 @@ refresh_firewall()
|
|||||||
#
|
#
|
||||||
# Blacklist
|
# Blacklist
|
||||||
#
|
#
|
||||||
|
strip_file blacklist
|
||||||
|
|
||||||
refresh_blacklist
|
refresh_blacklist
|
||||||
|
|
||||||
ecn=$(find_file ecn)
|
ecn=$(find_file ecn)
|
||||||
|
@ -23,29 +23,29 @@
|
|||||||
|
|
||||||
LIBVERSION=30192
|
LIBVERSION=30192
|
||||||
|
|
||||||
|
#
|
||||||
|
# Load a run-time library
|
||||||
|
#
|
||||||
|
lib_load() # $1 = library name, $2=name of 'loaded' symbol, $3-n = Fatal Error Message
|
||||||
|
{
|
||||||
|
eval local loaded="\$${2}"
|
||||||
|
|
||||||
|
local lib=${SHAREDIR}/lib.${1}
|
||||||
|
|
||||||
|
if [ -z "$loaded" ]; then
|
||||||
|
if [ -x $lib ]; then
|
||||||
|
. $lib
|
||||||
|
else
|
||||||
|
shift 2
|
||||||
|
fatal_error "$@"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||||
[ -n "${CONFDIR:=/etc/shorewall}" ]
|
[ -n "${CONFDIR:=/etc/shorewall}" ]
|
||||||
|
|
||||||
SHOREWALL_LIBRARY=Loaded
|
SHOREWALL_LIBRARY=Loaded
|
||||||
|
|
||||||
if [ $# -gt 0 ]; then
|
lib_load base base LIB_BASE_LOADED "Installation Error: ${SHAREDIR}/lib.base not found"
|
||||||
#
|
|
||||||
# Load a specific set of libraries
|
|
||||||
#
|
|
||||||
for lib in $@; do
|
|
||||||
. ${SHAREDIR}/lib.${lib}
|
|
||||||
done
|
|
||||||
else
|
|
||||||
for lib in ${SHAREDIR}/lib.*; do
|
|
||||||
case $lib in
|
|
||||||
${SHAREDIR}/lib.\*)
|
|
||||||
echo " ERROR: ${SHAREDIR}/lib.\* not found" >&2
|
|
||||||
exit 2
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
. $lib
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
@ -1576,3 +1576,5 @@ get_device_mtu() # $1 = device
|
|||||||
echo 1500
|
echo 1500
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
LIB_BASE_LOADED=Yes
|
||||||
|
@ -305,9 +305,6 @@ setup_traffic_shaping()
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
strip_file tcdevices $devfile
|
|
||||||
strip_file tcclasses $classfile
|
|
||||||
|
|
||||||
validate_tcdevices_file
|
validate_tcdevices_file
|
||||||
validate_tcclasses_file
|
validate_tcclasses_file
|
||||||
|
|
||||||
|
@ -1683,10 +1683,9 @@ FIREWALL=$SHAREDIR/firewall
|
|||||||
FUNCTIONS=$SHAREDIR/functions
|
FUNCTIONS=$SHAREDIR/functions
|
||||||
VERSION_FILE=$SHAREDIR/version
|
VERSION_FILE=$SHAREDIR/version
|
||||||
HELP=$SHAREDIR/help
|
HELP=$SHAREDIR/help
|
||||||
LIBRARIES="base"
|
|
||||||
|
|
||||||
if [ -f $FUNCTIONS ]; then
|
if [ -f $FUNCTIONS ]; then
|
||||||
. $FUNCTIONS $LIBRARIES
|
. $FUNCTIONS
|
||||||
else
|
else
|
||||||
echo " ERROR: $FUNCTIONS does not exist!" >&2
|
echo " ERROR: $FUNCTIONS does not exist!" >&2
|
||||||
exit 2
|
exit 2
|
||||||
|
Loading…
Reference in New Issue
Block a user