Package the scfilter along with the generated script for -lite

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-lite/install.sh

@@ -247,18 +247,6 @@ if [ -n "$ARCHLINUX" ] ; then
    sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
 fi
 
-#
-# Install the Scfilter file
-#
-if [ ! -f ${DESTDIR}/etc/shorewall-lite/scfilter ]; then
-   run_install $OWNERSHIP -m 0744 scfilter ${DESTDIR}/etc/shorewall-lite
-   echo "Scfilter file installed as ${DESTDIR}/etc/shorewall-lite/scfilter"
-fi
-
-if [ -n "$ARCHLINUX" ] ; then
-   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
-fi
-
 #
 # Install the  Makefile
 #

Shorewall/Perl/Shorewall/Compiler.pm

@@ -348,6 +348,15 @@ sub generate_script_3($) {
 	} else {
 	    emit 'load_kernel_modules Yes';
 	}
+
+	$fn = find_file 'scfilter';
+
+	if ( -f $fn ) {
+	    emit( '',
+		  'cat << __EOF__ > ${VARDIR}/scfilter' );
+	    append_file $fn,1 or emit 'cat -';
+	    emit_unindented( "__EOF__\n" );
+	}
     } else {
 	emit 'load_kernel_modules Yes';
     }

Shorewall/install.sh

@@ -301,7 +301,7 @@ fi
 run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/usr/share/shorewall/configfiles
 
 if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/zones ]; then
-    run_install $OWNERSHIP -m 0744 configfiles/zones ${DESTDIR}/etc/shorewall
+    run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/etc/shorewall
     echo "Zones file installed as ${DESTDIR}/etc/shorewall/zones"
 fi
 
@@ -739,10 +739,10 @@ fi
 #
 # Install the Scfilter file
 #
-run_install $OWNERSHIP -m 744 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles
+run_install $OWNERSHIP -m 644 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles
 
 if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/scfilter ]; then
-    run_install $OWNERSHIP -m 0700 configfiles/scfilter ${DESTDIR}/etc/shorewall
+    run_install $OWNERSHIP -m 0600 configfiles/scfilter ${DESTDIR}/etc/shorewall
     echo "Scfilter file installed as ${DESTDIR}/etc/shorewall/scfilter"
 fi
 #

Shorewall/lib.cli

@@ -437,11 +437,24 @@ list_zone() {
 # Show Filter
 #
 show_connections_filter() {
-    my filter
+    local filter
-    filter=$(find_file scfilter)
+    local command
+    local first
 
-    if [ -x $filter ]; then
+    command=${SHOREWALL_SHELL}
-	$filter
+
+    [ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
+
+    if [ -f $filter ]; then
+	first=$(head -n1 $filter)
+
+	case $first in
+	    \#!*)
+		command=${first#\#!}
+		;;
+	esac
+
+	$command $filter
     else
 	cat -
     fi

Shorewall/releasenotes.txt

@@ -51,30 +51,6 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
     with a letter and be composed of letters, digits, underscores ("_")
     and hyphens ("-").
 
-5)  An 'scfilter' extension script has been added. This extension
-    script differs from other such scripts in that it is invoked by the
-    command line tools (/sbin/shorewall, /sbin/shorewall6,
-    /sbin/shorewall-lite and /sbin/shorewall6-lite). In order to be
-    used, the script must be executable.
-
-    The script acts as a filter for the output of the 'show
-    connections' command. Each connection is piped through the filter
-    which can modify and/or drop information as desired.
-
-    Example:
-
-	#!/bin/sh
- 	sed 's/secmark=0 //'
-
-    That script will remove 'secmark=0 ' from each line.
-
-    The default script is:
-
-    	#!/bin/sh
-	cat -
-
-    which passes the output through unmodified.
-
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------
@@ -99,6 +75,36 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 
 3)  The CPU time required for optimization has been reduced by 2/3.
 
+4)  An 'scfilter' extension script has been added. This extension
+    script differs from other such scripts in that it is invoked by the
+    command line tools (/sbin/shorewall, /sbin/shorewall6,
+    /sbin/shorewall-lite and /sbin/shorewall6-lite).
+
+    The script acts as a filter for the output of the 'show
+    connections' command. Each connection is piped through the filter
+    which can modify and/or drop information as desired.
+
+    Example:
+
+	#!/bin/sh
+ 	sed 's/secmark=0 //'
+
+    That script will remove 'secmark=0 ' from each line.
+
+    The default script is:
+
+    	#!/bin/sh
+	cat -
+
+    which passes the output through unmodified.
+
+    If you are using Shorewall-lite and/or Shorewall6-lite, the
+    scfilter file is kept on the administrative system and is copied
+    into the generated script just like other scripts. When the script
+    is run to start or restart the firewall, the scfilter script is
+    copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite)
+    where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it.
+
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------

Shorewall6-lite/install.sh

@@ -245,14 +245,6 @@ if [ -n "$ARCHLINUX" ] ; then
    sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6-lite/shorewall.conf
 fi
 
-#
-# Install the Scfilter file
-#
-if [ ! -f ${DESTDIR}/etc/shorewall6-lite/scfilter ]; then
-   install_file scfilter ${DESTDIR}/etc/shorewall6-lite/scfilter 0744
-   echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6-lite/scfilter"
-fi
-
 #
 # Install the  Makefile
 #

Shorewall6/install.sh

@@ -296,7 +296,7 @@ fi
 run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/usr/share/shorewall6/configfiles/zones
 
 if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/zones ]; then
-    run_install $OWNERSHIP -m 0744 zones ${DESTDIR}/etc/shorewall6/zones
+    run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/etc/shorewall6/zones
     echo "Zones file installed as ${DESTDIR}/etc/shorewall6/zones"
 fi
 
@@ -633,10 +633,10 @@ fi
 #
 # Install the Scfilter file
 #
-run_install $OWNERSHIP -m 0744 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
+run_install $OWNERSHIP -m 0644 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
 
 if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then
-    run_install $OWNERSHIP -m 0700 scfilter ${DESTDIR}/etc/shorewall6/scfilter
+    run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/shorewall6/scfilter
     echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter"
 fi
 #

Shorewall6/lib.cli

@@ -361,11 +361,24 @@ show_routing() {
 # Show Connections Filter
 #
 show_connections_filter() {
-    my filter
+    local filter
-    filter=$(find_file scfilter)
+    local command
+    local first
 
-    if [ -x $filter ]; then
+    command=${SHOREWALL_SHELL}
-	$filter
+
+    [ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
+
+    if [ -f $filter ]; then
+	first=$(head -n1 $filter)
+
+	case $first in
+	    \#!*)
+		command=${first#\#!}
+		;;
+	esac
+
+	$command $filter
     else
 	cat -
     fi