Package the scfilter along with the generated script for -lite

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-10-01 10:59:15 -07:00
parent 91dbae9476
commit ac71868cc1
8 changed files with 79 additions and 58 deletions

View File

@ -247,18 +247,6 @@ if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
fi fi
#
# Install the Scfilter file
#
if [ ! -f ${DESTDIR}/etc/shorewall-lite/scfilter ]; then
run_install $OWNERSHIP -m 0744 scfilter ${DESTDIR}/etc/shorewall-lite
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall-lite/scfilter"
fi
if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
fi
# #
# Install the Makefile # Install the Makefile
# #

View File

@ -348,6 +348,15 @@ sub generate_script_3($) {
} else { } else {
emit 'load_kernel_modules Yes'; emit 'load_kernel_modules Yes';
} }
$fn = find_file 'scfilter';
if ( -f $fn ) {
emit( '',
'cat << __EOF__ > ${VARDIR}/scfilter' );
append_file $fn,1 or emit 'cat -';
emit_unindented( "__EOF__\n" );
}
} else { } else {
emit 'load_kernel_modules Yes'; emit 'load_kernel_modules Yes';
} }

View File

@ -301,7 +301,7 @@ fi
run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/usr/share/shorewall/configfiles run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/usr/share/shorewall/configfiles
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/zones ]; then if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/zones ]; then
run_install $OWNERSHIP -m 0744 configfiles/zones ${DESTDIR}/etc/shorewall run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/etc/shorewall
echo "Zones file installed as ${DESTDIR}/etc/shorewall/zones" echo "Zones file installed as ${DESTDIR}/etc/shorewall/zones"
fi fi
@ -739,10 +739,10 @@ fi
# #
# Install the Scfilter file # Install the Scfilter file
# #
run_install $OWNERSHIP -m 744 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles run_install $OWNERSHIP -m 644 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/scfilter ]; then if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/scfilter ]; then
run_install $OWNERSHIP -m 0700 configfiles/scfilter ${DESTDIR}/etc/shorewall run_install $OWNERSHIP -m 0600 configfiles/scfilter ${DESTDIR}/etc/shorewall
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall/scfilter" echo "Scfilter file installed as ${DESTDIR}/etc/shorewall/scfilter"
fi fi
# #

View File

@ -437,11 +437,24 @@ list_zone() {
# Show Filter # Show Filter
# #
show_connections_filter() { show_connections_filter() {
my filter local filter
filter=$(find_file scfilter) local command
local first
if [ -x $filter ]; then command=${SHOREWALL_SHELL}
$filter
[ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
if [ -f $filter ]; then
first=$(head -n1 $filter)
case $first in
\#!*)
command=${first#\#!}
;;
esac
$command $filter
else else
cat - cat -
fi fi

View File

@ -51,30 +51,6 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
with a letter and be composed of letters, digits, underscores ("_") with a letter and be composed of letters, digits, underscores ("_")
and hyphens ("-"). and hyphens ("-").
5) An 'scfilter' extension script has been added. This extension
script differs from other such scripts in that it is invoked by the
command line tools (/sbin/shorewall, /sbin/shorewall6,
/sbin/shorewall-lite and /sbin/shorewall6-lite). In order to be
used, the script must be executable.
The script acts as a filter for the output of the 'show
connections' command. Each connection is piped through the filter
which can modify and/or drop information as desired.
Example:
#!/bin/sh
sed 's/secmark=0 //'
That script will remove 'secmark=0 ' from each line.
The default script is:
#!/bin/sh
cat -
which passes the output through unmodified.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G I I. K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -99,6 +75,36 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
3) The CPU time required for optimization has been reduced by 2/3. 3) The CPU time required for optimization has been reduced by 2/3.
4) An 'scfilter' extension script has been added. This extension
script differs from other such scripts in that it is invoked by the
command line tools (/sbin/shorewall, /sbin/shorewall6,
/sbin/shorewall-lite and /sbin/shorewall6-lite).
The script acts as a filter for the output of the 'show
connections' command. Each connection is piped through the filter
which can modify and/or drop information as desired.
Example:
#!/bin/sh
sed 's/secmark=0 //'
That script will remove 'secmark=0 ' from each line.
The default script is:
#!/bin/sh
cat -
which passes the output through unmodified.
If you are using Shorewall-lite and/or Shorewall6-lite, the
scfilter file is kept on the administrative system and is copied
into the generated script just like other scripts. When the script
is run to start or restart the firewall, the scfilter script is
copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite)
where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

View File

@ -245,14 +245,6 @@ if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6-lite/shorewall.conf sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6-lite/shorewall.conf
fi fi
#
# Install the Scfilter file
#
if [ ! -f ${DESTDIR}/etc/shorewall6-lite/scfilter ]; then
install_file scfilter ${DESTDIR}/etc/shorewall6-lite/scfilter 0744
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6-lite/scfilter"
fi
# #
# Install the Makefile # Install the Makefile
# #

View File

@ -296,7 +296,7 @@ fi
run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/usr/share/shorewall6/configfiles/zones run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/usr/share/shorewall6/configfiles/zones
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/zones ]; then if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/zones ]; then
run_install $OWNERSHIP -m 0744 zones ${DESTDIR}/etc/shorewall6/zones run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/etc/shorewall6/zones
echo "Zones file installed as ${DESTDIR}/etc/shorewall6/zones" echo "Zones file installed as ${DESTDIR}/etc/shorewall6/zones"
fi fi
@ -633,10 +633,10 @@ fi
# #
# Install the Scfilter file # Install the Scfilter file
# #
run_install $OWNERSHIP -m 0744 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter run_install $OWNERSHIP -m 0644 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then
run_install $OWNERSHIP -m 0700 scfilter ${DESTDIR}/etc/shorewall6/scfilter run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/shorewall6/scfilter
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter" echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter"
fi fi
# #

View File

@ -361,11 +361,24 @@ show_routing() {
# Show Connections Filter # Show Connections Filter
# #
show_connections_filter() { show_connections_filter() {
my filter local filter
filter=$(find_file scfilter) local command
local first
if [ -x $filter ]; then command=${SHOREWALL_SHELL}
$filter
[ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
if [ -f $filter ]; then
first=$(head -n1 $filter)
case $first in
\#!*)
command=${first#\#!}
;;
esac
$command $filter
else else
cat - cat -
fi fi