mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-28 18:43:30 +01:00
Package the scfilter along with the generated script for -lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
91dbae9476
commit
ac71868cc1
@ -247,18 +247,6 @@ if [ -n "$ARCHLINUX" ] ; then
|
||||
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Scfilter file
|
||||
#
|
||||
if [ ! -f ${DESTDIR}/etc/shorewall-lite/scfilter ]; then
|
||||
run_install $OWNERSHIP -m 0744 scfilter ${DESTDIR}/etc/shorewall-lite
|
||||
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall-lite/scfilter"
|
||||
fi
|
||||
|
||||
if [ -n "$ARCHLINUX" ] ; then
|
||||
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall-lite/shorewall.conf
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Makefile
|
||||
#
|
||||
|
@ -348,6 +348,15 @@ sub generate_script_3($) {
|
||||
} else {
|
||||
emit 'load_kernel_modules Yes';
|
||||
}
|
||||
|
||||
$fn = find_file 'scfilter';
|
||||
|
||||
if ( -f $fn ) {
|
||||
emit( '',
|
||||
'cat << __EOF__ > ${VARDIR}/scfilter' );
|
||||
append_file $fn,1 or emit 'cat -';
|
||||
emit_unindented( "__EOF__\n" );
|
||||
}
|
||||
} else {
|
||||
emit 'load_kernel_modules Yes';
|
||||
}
|
||||
|
@ -301,7 +301,7 @@ fi
|
||||
run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
|
||||
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/zones ]; then
|
||||
run_install $OWNERSHIP -m 0744 configfiles/zones ${DESTDIR}/etc/shorewall
|
||||
run_install $OWNERSHIP -m 0644 configfiles/zones ${DESTDIR}/etc/shorewall
|
||||
echo "Zones file installed as ${DESTDIR}/etc/shorewall/zones"
|
||||
fi
|
||||
|
||||
@ -739,10 +739,10 @@ fi
|
||||
#
|
||||
# Install the Scfilter file
|
||||
#
|
||||
run_install $OWNERSHIP -m 744 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
run_install $OWNERSHIP -m 644 configfiles/scfilter ${DESTDIR}/usr/share/shorewall/configfiles
|
||||
|
||||
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/scfilter ]; then
|
||||
run_install $OWNERSHIP -m 0700 configfiles/scfilter ${DESTDIR}/etc/shorewall
|
||||
run_install $OWNERSHIP -m 0600 configfiles/scfilter ${DESTDIR}/etc/shorewall
|
||||
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall/scfilter"
|
||||
fi
|
||||
#
|
||||
|
@ -437,11 +437,24 @@ list_zone() {
|
||||
# Show Filter
|
||||
#
|
||||
show_connections_filter() {
|
||||
my filter
|
||||
filter=$(find_file scfilter)
|
||||
local filter
|
||||
local command
|
||||
local first
|
||||
|
||||
if [ -x $filter ]; then
|
||||
$filter
|
||||
command=${SHOREWALL_SHELL}
|
||||
|
||||
[ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
|
||||
|
||||
if [ -f $filter ]; then
|
||||
first=$(head -n1 $filter)
|
||||
|
||||
case $first in
|
||||
\#!*)
|
||||
command=${first#\#!}
|
||||
;;
|
||||
esac
|
||||
|
||||
$command $filter
|
||||
else
|
||||
cat -
|
||||
fi
|
||||
|
@ -51,30 +51,6 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
with a letter and be composed of letters, digits, underscores ("_")
|
||||
and hyphens ("-").
|
||||
|
||||
5) An 'scfilter' extension script has been added. This extension
|
||||
script differs from other such scripts in that it is invoked by the
|
||||
command line tools (/sbin/shorewall, /sbin/shorewall6,
|
||||
/sbin/shorewall-lite and /sbin/shorewall6-lite). In order to be
|
||||
used, the script must be executable.
|
||||
|
||||
The script acts as a filter for the output of the 'show
|
||||
connections' command. Each connection is piped through the filter
|
||||
which can modify and/or drop information as desired.
|
||||
|
||||
Example:
|
||||
|
||||
#!/bin/sh
|
||||
sed 's/secmark=0 //'
|
||||
|
||||
That script will remove 'secmark=0 ' from each line.
|
||||
|
||||
The default script is:
|
||||
|
||||
#!/bin/sh
|
||||
cat -
|
||||
|
||||
which passes the output through unmodified.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
@ -99,6 +75,36 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
|
||||
3) The CPU time required for optimization has been reduced by 2/3.
|
||||
|
||||
4) An 'scfilter' extension script has been added. This extension
|
||||
script differs from other such scripts in that it is invoked by the
|
||||
command line tools (/sbin/shorewall, /sbin/shorewall6,
|
||||
/sbin/shorewall-lite and /sbin/shorewall6-lite).
|
||||
|
||||
The script acts as a filter for the output of the 'show
|
||||
connections' command. Each connection is piped through the filter
|
||||
which can modify and/or drop information as desired.
|
||||
|
||||
Example:
|
||||
|
||||
#!/bin/sh
|
||||
sed 's/secmark=0 //'
|
||||
|
||||
That script will remove 'secmark=0 ' from each line.
|
||||
|
||||
The default script is:
|
||||
|
||||
#!/bin/sh
|
||||
cat -
|
||||
|
||||
which passes the output through unmodified.
|
||||
|
||||
If you are using Shorewall-lite and/or Shorewall6-lite, the
|
||||
scfilter file is kept on the administrative system and is copied
|
||||
into the generated script just like other scripts. When the script
|
||||
is run to start or restart the firewall, the scfilter script is
|
||||
copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite)
|
||||
where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -245,14 +245,6 @@ if [ -n "$ARCHLINUX" ] ; then
|
||||
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6-lite/shorewall.conf
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Scfilter file
|
||||
#
|
||||
if [ ! -f ${DESTDIR}/etc/shorewall6-lite/scfilter ]; then
|
||||
install_file scfilter ${DESTDIR}/etc/shorewall6-lite/scfilter 0744
|
||||
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6-lite/scfilter"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Makefile
|
||||
#
|
||||
|
@ -296,7 +296,7 @@ fi
|
||||
run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/usr/share/shorewall6/configfiles/zones
|
||||
|
||||
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/zones ]; then
|
||||
run_install $OWNERSHIP -m 0744 zones ${DESTDIR}/etc/shorewall6/zones
|
||||
run_install $OWNERSHIP -m 0644 zones ${DESTDIR}/etc/shorewall6/zones
|
||||
echo "Zones file installed as ${DESTDIR}/etc/shorewall6/zones"
|
||||
fi
|
||||
|
||||
@ -633,10 +633,10 @@ fi
|
||||
#
|
||||
# Install the Scfilter file
|
||||
#
|
||||
run_install $OWNERSHIP -m 0744 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
|
||||
run_install $OWNERSHIP -m 0644 tcclear ${DESTDIR}/usr/share/shorewall6/configfiles/scfilter
|
||||
|
||||
if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall6/scfilter ]; then
|
||||
run_install $OWNERSHIP -m 0700 scfilter ${DESTDIR}/etc/shorewall6/scfilter
|
||||
run_install $OWNERSHIP -m 0600 scfilter ${DESTDIR}/etc/shorewall6/scfilter
|
||||
echo "Scfilter file installed as ${DESTDIR}/etc/shorewall6/scfilter"
|
||||
fi
|
||||
#
|
||||
|
@ -361,11 +361,24 @@ show_routing() {
|
||||
# Show Connections Filter
|
||||
#
|
||||
show_connections_filter() {
|
||||
my filter
|
||||
filter=$(find_file scfilter)
|
||||
local filter
|
||||
local command
|
||||
local first
|
||||
|
||||
if [ -x $filter ]; then
|
||||
$filter
|
||||
command=${SHOREWALL_SHELL}
|
||||
|
||||
[ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
|
||||
|
||||
if [ -f $filter ]; then
|
||||
first=$(head -n1 $filter)
|
||||
|
||||
case $first in
|
||||
\#!*)
|
||||
command=${first#\#!}
|
||||
;;
|
||||
esac
|
||||
|
||||
$command $filter
|
||||
else
|
||||
cat -
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user