diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index eecc46e8a..81a59ac77 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -247,18 +247,6 @@ if [ -n "$ARCHLINUX" ] ; then sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf fi -# -# Install the Scfilter file -# -if [ ! -f ${DESTDIR}/etc/shorewall-lite/scfilter ]; then - run_install $OWNERSHIP -m 0744 scfilter ${DESTDIR}/etc/shorewall-lite - echo "Scfilter file installed as ${DESTDIR}/etc/shorewall-lite/scfilter" -fi - -if [ -n "$ARCHLINUX" ] ; then - sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf -fi - # # Install the Makefile # diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 635ad31ec..e8b4c06f9 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -348,6 +348,15 @@ sub generate_script_3($) { } else { emit 'load_kernel_modules Yes'; } + + $fn = find_file 'scfilter'; + + if ( -f $fn ) { + emit( '', + 'cat << __EOF__ > ${VARDIR}/scfilter' ); + append_file $fn,1 or emit 'cat -'; + emit_unindented( "__EOF__\n" ); + } } else { emit 'load_kernel_modules Yes'; } diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 8e2e4c6a0..0811e4265 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -301,7 +301,7 @@ fi run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/usr/share/shorewall/configfiles if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/zones ]; then - run_install $OWNERSHIP -m 0744 configfiles/zones ${DESTDIR}/etc/shorewall + run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/etc/shorewall echo "Zones file installed as ${DESTDIR}/etc/shorewall/zones" fi @@ -739,10 +739,10 @@ fi # # Install the Scfilter file # -run_install $OWNERSHIP -m 744 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles +run_install $OWNERSHIP -m 644 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/scfilter ]; then - run_install $OWNERSHIP -m 0700 configfiles/scfilter ${DESTDIR}/etc/shorewall + run_install $OWNERSHIP -m 0600 configfiles/scfilter ${DESTDIR}/etc/shorewall echo "Scfilter file installed as ${DESTDIR}/etc/shorewall/scfilter" fi # diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index f829c3d0c..9aa2dc808 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -437,11 +437,24 @@ list_zone() { # Show Filter # show_connections_filter() { - my filter - filter=$(find_file scfilter) + local filter + local command + local first - if [ -x $filter ]; then - $filter + command=${SHOREWALL_SHELL} + + [ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter + + if [ -f $filter ]; then + first=$(head -n1 $filter) + + case $first in + \#!*) + command=${first#\#!} + ;; + esac + + $command $filter else cat - fi diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index f8baccad1..7bc57a737 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -51,30 +51,6 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES with a letter and be composed of letters, digits, underscores ("_") and hyphens ("-"). -5) An 'scfilter' extension script has been added. This extension - script differs from other such scripts in that it is invoked by the - command line tools (/sbin/shorewall, /sbin/shorewall6, - /sbin/shorewall-lite and /sbin/shorewall6-lite). In order to be - used, the script must be executable. - - The script acts as a filter for the output of the 'show - connections' command. Each connection is piped through the filter - which can modify and/or drop information as desired. - - Example: - - #!/bin/sh - sed 's/secmark=0 //' - - That script will remove 'secmark=0 ' from each line. - - The default script is: - - #!/bin/sh - cat - - - which passes the output through unmodified. - ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G ---------------------------------------------------------------------------- @@ -99,6 +75,36 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES 3) The CPU time required for optimization has been reduced by 2/3. +4) An 'scfilter' extension script has been added. This extension + script differs from other such scripts in that it is invoked by the + command line tools (/sbin/shorewall, /sbin/shorewall6, + /sbin/shorewall-lite and /sbin/shorewall6-lite). + + The script acts as a filter for the output of the 'show + connections' command. Each connection is piped through the filter + which can modify and/or drop information as desired. + + Example: + + #!/bin/sh + sed 's/secmark=0 //' + + That script will remove 'secmark=0 ' from each line. + + The default script is: + + #!/bin/sh + cat - + + which passes the output through unmodified. + + If you are using Shorewall-lite and/or Shorewall6-lite, the + scfilter file is kept on the administrative system and is copied + into the generated script just like other scripts. When the script + is run to start or restart the firewall, the scfilter script is + copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) + where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it. + ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S ---------------------------------------------------------------------------- diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index e5efeb84d..38107c00d 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -245,14 +245,6 @@ if [ -n "$ARCHLINUX" ] ; then sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6-lite/shorewall.conf fi -# -# Install the Scfilter file -# -if [ ! -f ${DESTDIR}/etc/shorewall6-lite/scfilter ]; then - install_file scfilter ${DESTDIR}/etc/shorewall6-lite/scfilter 0744 - echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6-lite/scfilter" -fi - # # Install the Makefile # diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 8b775edef..91e2ea7bc 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -296,7 +296,7 @@ fi run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/usr/share/shorewall6/configfiles/zones if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/zones ]; then - run_install $OWNERSHIP -m 0744 zones ${DESTDIR}/etc/shorewall6/zones + run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/etc/shorewall6/zones echo "Zones file installed as ${DESTDIR}/etc/shorewall6/zones" fi @@ -633,10 +633,10 @@ fi # # Install the Scfilter file # -run_install $OWNERSHIP -m 0744 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter +run_install $OWNERSHIP -m 0644 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then - run_install $OWNERSHIP -m 0700 scfilter ${DESTDIR}/etc/shorewall6/scfilter + run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/shorewall6/scfilter echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter" fi # diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index a3bc706e3..850b40c1e 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -361,11 +361,24 @@ show_routing() { # Show Connections Filter # show_connections_filter() { - my filter - filter=$(find_file scfilter) + local filter + local command + local first - if [ -x $filter ]; then - $filter + command=${SHOREWALL_SHELL} + + [ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter + + if [ -f $filter ]; then + first=$(head -n1 $filter) + + case $first in + \#!*) + command=${first#\#!} + ;; + esac + + $command $filter else cat - fi