mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Add Shorewall Lite
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3971 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
8cb7933f4f
commit
ae9d76b881
340
Shorewall-lite/COPYING
Normal file
340
Shorewall-lite/COPYING
Normal file
@ -0,0 +1,340 @@
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) 19yy <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) 19yy name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
48
Shorewall-lite/INSTALL
Normal file
48
Shorewall-lite/INSTALL
Normal file
@ -0,0 +1,48 @@
|
||||
Shoreline Firewall (Shorewall) Version 3.2
|
||||
----- ----
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of Version 2 of the GNU General Public License
|
||||
as published by the Free Software Foundation.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
If your system supports rpm, I recommend that you install the Shorewall
|
||||
.rpm. If you want to install from the tarball:
|
||||
|
||||
o Unpack the tarball
|
||||
o cd to the shorewall-<version> directory
|
||||
o If you have an earlier version of Shoreline Firewall installed,see the
|
||||
upgrade instructions below
|
||||
o Edit the configuration files to fit your environment.
|
||||
|
||||
To do this, I strongly advise you to follow the instructions at:
|
||||
|
||||
http://www.shorewall.net/shorewall_quickstart_guide.htm
|
||||
|
||||
o Type:
|
||||
|
||||
./install.sh
|
||||
|
||||
o Start the firewall by typing "shorewall start"
|
||||
o If the install script was unable to configure Shoreline Firewall to
|
||||
start automatically at boot, you will have to used your
|
||||
distribution's runlevel editor to configure Shorewall manually.
|
||||
|
||||
Upgrade:
|
||||
|
||||
o run the install script as described above.
|
||||
o "shorewall check" and correct any errors found.
|
||||
o "shorewall restart"
|
||||
|
||||
|
1
Shorewall-lite/README.txt
Normal file
1
Shorewall-lite/README.txt
Normal file
@ -0,0 +1 @@
|
||||
This is the Shorewall Development 3.2 branch of CVS.
|
3
Shorewall-lite/changelog.txt
Normal file
3
Shorewall-lite/changelog.txt
Normal file
@ -0,0 +1,3 @@
|
||||
Changes in 3.2.0 RC 1
|
||||
|
||||
1) First Release.
|
103
Shorewall-lite/fallback.sh
Executable file
103
Shorewall-lite/fallback.sh
Executable file
@ -0,0 +1,103 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Script to back out the installation of Shorewall Lite and to restore the previous version of
|
||||
# the program
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Shorewall documentation is available at http://shorewall.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
# You may only use this script to back out the installation of the version
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=3.2.0-RC1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
echo "usage: $(basename $0)"
|
||||
exit $1
|
||||
}
|
||||
|
||||
restore_directory() # $1 = directory to restore
|
||||
{
|
||||
if [ -d ${1}-${VERSION}.bkout ]; then
|
||||
if mv -f $1 ${1}-${VERSION} && mv ${1}-${VERSION}.bkout $1; then
|
||||
echo
|
||||
echo "$1 restored"
|
||||
rm -rf ${1}-${VERSION}
|
||||
else
|
||||
echo "ERROR: Could not restore $1"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
restore_file() # $1 = file to restore, $2 = (Optional) Directory to restore from
|
||||
{
|
||||
if [ -n "$2" ]; then
|
||||
local file=$(basename $1)
|
||||
|
||||
if [ -f $2/$file ]; then
|
||||
if mv -f $2/$file $1 ; then
|
||||
echo
|
||||
echo "$1 restored"
|
||||
return
|
||||
fi
|
||||
|
||||
echo "ERROR: Could not restore $1"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
|
||||
if (mv -f ${1}-${VERSION}.bkout $1); then
|
||||
echo
|
||||
echo "$1 restored"
|
||||
else
|
||||
echo "ERROR: Could not restore $1"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ ! -f /usr/share/shorewall-${VERSION}.bkout/version ]; then
|
||||
echo "Shorewall Version $VERSION is not installed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Backing Out Installation of Shorewall $VERSION"
|
||||
|
||||
if [ -L /usr/share/shorewall/init ]; then
|
||||
FIREWALL=$(ls -l /usr/share/shorewall/init | sed 's/^.*> //')
|
||||
restore_file $FIREWALL /usr/share/shorewall-${VERSION}.bkout
|
||||
else
|
||||
restore_file /etc/init.d/shorewall /usr/share/shorewall-${VERSION}.bkout
|
||||
fi
|
||||
|
||||
restore_file /sbin/shorewall /var/lib/shorewall-${VERSION}.bkout
|
||||
|
||||
restore_directory /etc/shorewall
|
||||
restore_directory /usr/share/shorewall
|
||||
restore_directory /var/lib/shorewall
|
||||
|
||||
echo "Shorewall Lite Restored to Version $(cat /usr/share/shorewall/version)"
|
||||
|
||||
|
2202
Shorewall-lite/functions
Normal file
2202
Shorewall-lite/functions
Normal file
File diff suppressed because it is too large
Load Diff
414
Shorewall-lite/help
Executable file
414
Shorewall-lite/help
Executable file
@ -0,0 +1,414 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Shorewall help subsystem - V3.2
|
||||
#
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net)
|
||||
# Steve Herber (herber@thing.com)
|
||||
#
|
||||
# This file should be placed in /usr/share/shorewall/help
|
||||
#
|
||||
# Shorewall documentation is available at http://shorewall.sourceforge.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
##################################################################################
|
||||
|
||||
case $1 in
|
||||
|
||||
add)
|
||||
echo "add: add <interface>[:<host-list>] ... <zone>
|
||||
Adds a list of hosts or subnets to a dynamic zone usually used with VPN's.
|
||||
|
||||
shorewall add interface:host-list ... zone - Adds the specified interface
|
||||
(and host-list if included) to the specified zone.
|
||||
|
||||
A host-list is a comma-separated list whose elements are:
|
||||
|
||||
A host or network address
|
||||
The name of a bridge port
|
||||
The name of a bridge port followed by a colon (":") and a host or
|
||||
network address.
|
||||
|
||||
Example:
|
||||
|
||||
shorewall add ipsec0:192.0.2.24 vpn1 -- adds the address 192.0.2.24
|
||||
from interface ipsec0 to the zone vpn1.
|
||||
|
||||
See also \"help host\""
|
||||
;;
|
||||
|
||||
address|host)
|
||||
echo "<$1>:
|
||||
May be either a host IP address such as 192.168.1.4 or a network address in
|
||||
CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange
|
||||
match support then IP address ranges of the form <low address>-<high address>
|
||||
are also permitted. If your kernel and iptables contain ipset match support
|
||||
then you may specify the name of an ipset prefaced by "+". The name of the
|
||||
ipsec may be optionally followed by a number of levels of ipset bindings
|
||||
(1 - 6) that are to be followed"
|
||||
;;
|
||||
|
||||
allow)
|
||||
echo "allow: allow <address> ...
|
||||
Re-enables receipt of packets from hosts previously blacklisted
|
||||
by a drop or reject command.
|
||||
|
||||
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help address\""
|
||||
;;
|
||||
|
||||
check)
|
||||
echo "check: check [ -e ] [ <configuration-directory> ]
|
||||
Performs a cursory validation of the zones, interfaces, hosts,
|
||||
rules, policy, masq, blacklist, proxyarp, nat and provider files. Use this
|
||||
if you are unsure of any edits you have made to the shorewall configuration.
|
||||
See the try command examples for a recommended way to make changes.
|
||||
|
||||
The \"-e\" option causes Shorewall to use the /etc/shorewall/capabilities
|
||||
file to determine the capabilities of the target system rather than probing
|
||||
for them on the local system."
|
||||
;;
|
||||
|
||||
clear)
|
||||
echo "clear: clear
|
||||
Clear will remove all rules and chains installed by Shoreline.
|
||||
The firewall is then wide open and unprotected. Existing
|
||||
connections are untouched. Clear is often used to see if the
|
||||
firewall is causing connection problems."
|
||||
;;
|
||||
|
||||
compile)
|
||||
echo "compile: compile [ -e ] [ -d <distro> ] [ <directory name> ] <path name>
|
||||
Compiles the current configuration into the executable file
|
||||
<path name>. If <path name> names a file in /var/lib/shorewall then
|
||||
the file may be executed using the \"restore\" command.
|
||||
|
||||
When -e is specified, the compilation is being performed on a system
|
||||
other than where the compiled script will run. This option disables
|
||||
certain configuration options that require the script to be compiled
|
||||
where it is to be run.
|
||||
|
||||
When -d <distribution> is given, the script is built for execution
|
||||
on the distribution specified by <distro>. Currently supported
|
||||
distributions are:
|
||||
|
||||
suse
|
||||
redhat (which is also appropriate for Fedora Core and CentOS).
|
||||
|
||||
Usually specified together with -e.
|
||||
|
||||
Example:
|
||||
|
||||
shorewall compile -ed redhat foo
|
||||
|
||||
Additional distributions are expected to be supported shortly."
|
||||
;;
|
||||
|
||||
debug)
|
||||
echo "debug: debug
|
||||
If you include the keyword debug as the first argument to any
|
||||
of these commands:
|
||||
|
||||
start|stop|restart|reset|clear|refresh|check|add|delete
|
||||
|
||||
then a shell trace of the command is produced. For example:
|
||||
|
||||
shorewall debug start 2> /tmp/trace
|
||||
|
||||
The above command would trace the 'start' command and
|
||||
place the trace information in the file /tmp/trace.
|
||||
|
||||
The word 'trace' is a synonym for 'debug'."
|
||||
;;
|
||||
|
||||
delete)
|
||||
echo "delete: delete <interface>[:<host-list>] ... <zone>
|
||||
Deletes a list of hosts or networks from a dynamic zone usually used with VPN's.
|
||||
|
||||
shorewall delete interface[:host-list] ... zone - Deletes the specified
|
||||
interfaces (and host list if included) from the specified zone.
|
||||
|
||||
A host-list is a comma-separated list whose elements are:
|
||||
|
||||
A host or network address
|
||||
The name of a bridge port
|
||||
The name of a bridge port followed by a colon (":") and a host or
|
||||
network address.
|
||||
|
||||
Example:
|
||||
|
||||
shorewall delete ipsec0:192.0.2.24 vpn1 -- deletes the address
|
||||
192.0.2.24 from interface ipsec0 from zone vpn1
|
||||
|
||||
See also \"help host\""
|
||||
;;
|
||||
|
||||
drop)
|
||||
echo "$1: $1 <address> ...
|
||||
Causes packets from the specified <address> to be ignored
|
||||
|
||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help address\""
|
||||
;;
|
||||
|
||||
dump)
|
||||
echo "dump: dump
|
||||
|
||||
shorewall [-x] dump
|
||||
|
||||
Produce a verbose report about the firewall for problem analysis.
|
||||
|
||||
(iptables -L -n -)
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
forget)
|
||||
echo "forget: forget [ <file name> ]
|
||||
Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
|
||||
the file specified by RESTOREFILE in shorewall.conf is removed.
|
||||
|
||||
See also \"help save\""
|
||||
;;
|
||||
|
||||
help)
|
||||
echo "help: help [<command> | host | address ]
|
||||
Display helpful information about the shorewall commands."
|
||||
;;
|
||||
|
||||
hits)
|
||||
echo "hits: hits
|
||||
Produces several reports about the Shorewall packet log messages
|
||||
in the current /var/log/messages file."
|
||||
;;
|
||||
|
||||
ipcalc)
|
||||
echo "ipcalc: ipcalc { address mask | address/vlsm }
|
||||
Ipcalc displays the network address, broadcast address,
|
||||
network in CIDR notation and netmask corresponding to the input[s]."
|
||||
;;
|
||||
|
||||
ipdecimal)
|
||||
echo "ipdecimal: ipdecimal { <IP address> | <integer> }
|
||||
Converts an IP address into its 32-bit decimal equivalent and
|
||||
vice versa"
|
||||
;;
|
||||
|
||||
iprange)
|
||||
echo "iprange: iprange address1-address2
|
||||
Iprange decomposes the specified range of IP addresses into the
|
||||
equivalent list of network/host addresses."
|
||||
;;
|
||||
|
||||
logdrop)
|
||||
echo "$1: $1 <address> ...
|
||||
Causes packets from the specified <address> to be ignored and loged.
|
||||
|
||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help address\""
|
||||
;;
|
||||
|
||||
logwatch)
|
||||
echo "logwatch: logwatch [ -m ] [<refresh interval>]
|
||||
Monitors the LOGFILE, $LOGFILE,
|
||||
and produces an audible alarm when new Shorewall messages are logged.
|
||||
If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed."
|
||||
;;
|
||||
|
||||
logreject)
|
||||
echo "$1: $1 <address> ...
|
||||
Causes packets from the specified <address> to be rejected and logged.
|
||||
|
||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help address\""
|
||||
;;
|
||||
|
||||
refresh)
|
||||
echo "refresh: refresh
|
||||
The rules involving the broadcast addresses of firewall interfaces,
|
||||
the black list, and ECN control rules are recreated to reflect any
|
||||
changes made. Existing connections are untouched."
|
||||
;;
|
||||
|
||||
reject)
|
||||
echo "$1: $1 <address> ...
|
||||
Causes packets from the specified <address> to be rejected
|
||||
|
||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help address\""
|
||||
;;
|
||||
|
||||
reset)
|
||||
echo "reset: reset
|
||||
All the packet and byte counters in the firewall are reset."
|
||||
;;
|
||||
|
||||
restart)
|
||||
echo "restart: restart [ -n ] [ <configuration-directory> ]
|
||||
Restart is the same as a shorewall stop && shorewall start.
|
||||
Existing connections are maintained.
|
||||
|
||||
If \"-n\" is specified, no changes to routing will be made"
|
||||
;;
|
||||
|
||||
safe-restart)
|
||||
echo "safe-restart: safe-restart
|
||||
Restart the same way as a shorewall restart except that previous firewall
|
||||
configuration is backed up and will be restored if you notice any anomalies
|
||||
or you are not able to reach the firewall any more."
|
||||
;;
|
||||
|
||||
safe-start)
|
||||
echo "safe-start: safe-start
|
||||
Start the same way as a shorewall start except that in case of anomalies
|
||||
shorewall clear is issued. "
|
||||
;;
|
||||
|
||||
restore)
|
||||
echo "restore: restore [ -n ] [ <file name> ]
|
||||
Restore Shorewall to a state saved using the 'save' command
|
||||
Existing connections are maintained. The <file name> names a restore file in
|
||||
/var/lib/shorewall created using \"shorewall save\"; if no <file name> is given
|
||||
then Shorewall will be restored from the file specified by the RESTOREFILE
|
||||
option in shorewall.conf.
|
||||
|
||||
If \"-n\" is specified, no changes to routing will be made.
|
||||
|
||||
See also \"help save\", \"help compile\" and \"help forget\""
|
||||
;;
|
||||
|
||||
save)
|
||||
echo "save: save [ <file name> ]
|
||||
The dynamic data is stored in /var/lib/shorewall/save. The state of the
|
||||
firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
|
||||
and 'shorewall -f start' commands. If <file name> is not given then the state is saved
|
||||
in the file specified by the RESTOREFILE option in shorewall.conf.
|
||||
|
||||
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
|
||||
|
||||
See also \"help restore\" and \"help forget\""
|
||||
;;
|
||||
|
||||
show)
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|macros|mangle|nat|tc|zones]
|
||||
|
||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
(iptables -L chain -n -v)
|
||||
|
||||
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
|
||||
|
||||
shorewall [-x] show mangle - produce a verbose report about the mangle table.
|
||||
(iptables -t mangle -L -n -v)
|
||||
|
||||
shorewall [-x] show nat - produce a verbose report about the nat table.
|
||||
(iptables -t nat -L -n -v)
|
||||
|
||||
shorewall show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then
|
||||
MAC addresses in the log entries (if any) are displayed.
|
||||
|
||||
shorewall show macros -- displays the standard macros.
|
||||
|
||||
shorewall show connections - displays the IP connections currently
|
||||
being tracked by the firewall.
|
||||
|
||||
shorewall show tc - displays information about the traffic
|
||||
control/shaping configuration.
|
||||
|
||||
shorewall show zones - displays the contents of all zones.
|
||||
|
||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
start)
|
||||
echo "start: start [ -f ] [ -n ] [ <configuration-directory> ]
|
||||
Start shorewall. Existing connections through shorewall managed
|
||||
interfaces are untouched. New connections will be allowed only
|
||||
if they are allowed by the firewall rules or policies.
|
||||
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
|
||||
in shorewall.conf will be restored if that saved configuration exists. In that
|
||||
case, a <configuration-directory> may not be specified.
|
||||
If \"-n\" is specified, no changes to routing will be made."
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo "stop: stop
|
||||
Stops the firewall. All existing connections, except those
|
||||
listed in /etc/shorewall/routestopped, are taken down.
|
||||
The only new traffic permitted through the firewall
|
||||
is from systems listed in /etc/shorewall/routestopped."
|
||||
;;
|
||||
|
||||
status)
|
||||
echo "status: status
|
||||
|
||||
shorewall status
|
||||
|
||||
Displays the Shorewall status (running/not-running).
|
||||
|
||||
Also displays the Shorewall state as shown in the state diagram at
|
||||
http://www.shorewall.net/starting_and_stopping_shorewall. The time and
|
||||
date when that state was reached is also displayed."
|
||||
;;
|
||||
|
||||
trace)
|
||||
echo "trace: trace
|
||||
If you include the keyword trace as the first argument to any
|
||||
of these commands:
|
||||
|
||||
start|stop|restart|reset|clear|refresh|check|add|delete
|
||||
|
||||
then a shell trace of the command is produced. For example:
|
||||
|
||||
shorewall trace start 2> /tmp/trace
|
||||
|
||||
The above command would trace the 'start' command and
|
||||
place the trace information in the file /tmp/trace.
|
||||
|
||||
The word 'debug' is a synonym for 'trace'."
|
||||
;;
|
||||
|
||||
try)
|
||||
echo "try: try [ -n ] <configuration-directory> [ <timeout> ]
|
||||
Restart shorewall using the specified configuration. If an error
|
||||
occurs during the restart, then another shorewall restart is performed
|
||||
using the default configuration. If a timeout is specified then
|
||||
the restart is always performed after the timeout occurs and uses
|
||||
the default configuration.
|
||||
|
||||
The \"-n\" option will be passed down to the underlying commands (see
|
||||
'start', 'restart' and 'restore')"
|
||||
;;
|
||||
|
||||
version)
|
||||
echo "version: version
|
||||
Show the current shorewall version which is: $version"
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "$1: $1 is not recognized by the help command"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
exit 0 # always ok
|
||||
|
58
Shorewall-lite/init.archlinux.sh
Executable file
58
Shorewall-lite/init.archlinux.sh
Executable file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
|
||||
OPTIONS="-f"
|
||||
|
||||
if [ -f /etc/sysconfig/shorewall ] ; then
|
||||
. /etc/sysconfig/shorewall
|
||||
elif [ -f /etc/default/shorewall ] ; then
|
||||
. /etc/default/shorewall
|
||||
fi
|
||||
|
||||
# if you want to override options, do so in /etc/sysconfig/shorewall or
|
||||
# in /etc/default/shorewall --
|
||||
# i strongly encourage you use the latter, since /etc/sysconfig/ does not exist.
|
||||
|
||||
. /etc/rc.conf
|
||||
. /etc/rc.d/functions
|
||||
|
||||
DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
stat_busy "Starting $DAEMON_NAME"
|
||||
/sbin/shorewall $OPTIONS start &>/dev/null
|
||||
if [ $? -gt 0 ]; then
|
||||
stat_fail
|
||||
else
|
||||
add_daemon $DAEMON_NAME
|
||||
stat_done
|
||||
fi
|
||||
;;
|
||||
|
||||
|
||||
stop)
|
||||
stat_busy "Stopping $DAEMON_NAME"
|
||||
/sbin/shorewall stop &>/dev/null
|
||||
if [ $? -gt 0 ]; then
|
||||
stat_fail
|
||||
else
|
||||
rm_daemon $DAEMON_NAME
|
||||
stat_done
|
||||
fi
|
||||
;;
|
||||
|
||||
restart|reload)
|
||||
stat_busy "Restarting $DAEMON_NAME"
|
||||
/sbin/shorewall restart &>/dev/null
|
||||
if [ $? -gt 0 ]; then
|
||||
stat_fail
|
||||
else
|
||||
stat_done
|
||||
fi
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "usage: $0 {start|stop|restart}"
|
||||
esac
|
||||
exit 0
|
||||
|
130
Shorewall-lite/init.debian.sh
Executable file
130
Shorewall-lite/init.debian.sh
Executable file
@ -0,0 +1,130 @@
|
||||
#!/bin/sh
|
||||
|
||||
SRWL=/sbin/shorewall
|
||||
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
|
||||
# Note, set INITLOG to /dev/null if you do not want to
|
||||
# keep logs of the firewall (not recommended)
|
||||
INITLOG=/var/log/shorewall-init.log
|
||||
OPTIONS="-f"
|
||||
|
||||
test -x $SRWL || exit 0
|
||||
test -n $INITLOG || {
|
||||
echo "INITLOG cannot be empty, please configure $0" ;
|
||||
exit 1;
|
||||
}
|
||||
|
||||
if [ "$(id -u)" != "0" ]
|
||||
then
|
||||
echo "You must be root to start, stop or restart \"Shorewall firewall\"."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo_notdone () {
|
||||
|
||||
if [ "$INITLOG" = "/dev/null" ] ; then
|
||||
"not done."
|
||||
else
|
||||
"not done (check $INITLOG)."
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
not_configured () {
|
||||
echo "#### WARNING ####"
|
||||
echo "the firewall won't be started/stopped unless it is configured"
|
||||
if [ "$1" != "stop" ]
|
||||
then
|
||||
echo ""
|
||||
echo "please configure it and then edit /etc/default/shorewall"
|
||||
echo "and set the \"startup\" variable to 1 in order to allow "
|
||||
echo "shorewall to start"
|
||||
fi
|
||||
echo "#################"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# parse the shorewall params file in order to use params in
|
||||
# /etc/default/shorewall
|
||||
if [ -f "/etc/shorewall/params" ]
|
||||
then
|
||||
. /etc/shorewall/params
|
||||
fi
|
||||
|
||||
# check if shorewall is configured or not
|
||||
if [ -f "/etc/default/shorewall" ]
|
||||
then
|
||||
. /etc/default/shorewall
|
||||
if [ "$startup" != "1" ]
|
||||
then
|
||||
not_configured
|
||||
fi
|
||||
else
|
||||
not_configured
|
||||
fi
|
||||
|
||||
# wait an unconfigured interface
|
||||
wait_for_pppd () {
|
||||
if [ "$wait_interface" != "" ]
|
||||
then
|
||||
if [ -f $WAIT_FOR_IFUP ]
|
||||
then
|
||||
for i in $wait_interface
|
||||
do
|
||||
$WAIT_FOR_IFUP $i 90
|
||||
done
|
||||
else
|
||||
echo "$WAIT_FOR_IFUP: File not found" >> $INITLOG
|
||||
echo_notdone
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# start the firewall
|
||||
shorewall_start () {
|
||||
echo -n "Starting \"Shorewall firewall\": "
|
||||
wait_for_pppd
|
||||
$SRWL $OPTIONS start >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
||||
return 0
|
||||
}
|
||||
|
||||
# stop the firewall
|
||||
shorewall_stop () {
|
||||
echo -n "Stopping \"Shorewall firewall\": "
|
||||
$SRWL stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
||||
return 0
|
||||
}
|
||||
|
||||
# restart the firewall
|
||||
shorewall_restart () {
|
||||
echo -n "Restarting \"Shorewall firewall\": "
|
||||
$SRWL restart >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
||||
return 0
|
||||
}
|
||||
|
||||
# refresh the firewall
|
||||
shorewall_refresh () {
|
||||
echo -n "Refreshing \"Shorewall firewall\": "
|
||||
$SRWL refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
shorewall_start
|
||||
;;
|
||||
stop)
|
||||
shorewall_stop
|
||||
;;
|
||||
refresh)
|
||||
shorewall_refresh
|
||||
;;
|
||||
force-reload|restart)
|
||||
shorewall_restart
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/shorewall {start|stop|refresh|restart|force-reload}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit 0
|
89
Shorewall-lite/init.sh
Executable file
89
Shorewall-lite/init.sh
Executable file
@ -0,0 +1,89 @@
|
||||
#!/bin/sh
|
||||
RCDLINKS="2,S41 3,S41 6,K41"
|
||||
#
|
||||
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# On most distributions, this file should be called /etc/init.d/shorewall.
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
# If an error occurs while starting or restarting the firewall, the
|
||||
# firewall is automatically stopped.
|
||||
#
|
||||
# Commands are:
|
||||
#
|
||||
# shorewall start Starts the firewall
|
||||
# shorewall restart Restarts the firewall
|
||||
# shorewall reload Reload the firewall
|
||||
# (same as restart)
|
||||
# shorewall stop Stops the firewall
|
||||
# shorewall status Displays firewall status
|
||||
#
|
||||
|
||||
# chkconfig: 2345 25 90
|
||||
# description: Packet filtering firewall
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: shorewall
|
||||
# Required-Start: $network
|
||||
# Required-Stop:
|
||||
# Default-Start: 2 3 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Description: starts and stops the shorewall firewall
|
||||
### END INIT INFO
|
||||
|
||||
################################################################################
|
||||
# Give Usage Information #
|
||||
################################################################################
|
||||
usage() {
|
||||
echo "Usage: $0 start|stop|reload|restart|status"
|
||||
exit 1
|
||||
}
|
||||
|
||||
################################################################################
|
||||
# Get startup options (override default)
|
||||
################################################################################
|
||||
OPTIONS="-f"
|
||||
if [ -f /etc/sysconfig/shorewall ]; then
|
||||
. /etc/sysconfig/shorewall
|
||||
elif [ -f /etc/default/shorewall ] ; then
|
||||
. /etc/default/shorewall
|
||||
fi
|
||||
|
||||
################################################################################
|
||||
# E X E C U T I O N B E G I N S H E R E #
|
||||
################################################################################
|
||||
command="$1"
|
||||
|
||||
case "$command" in
|
||||
start)
|
||||
exec /sbin/shorewall $OPTIONS $@
|
||||
;;
|
||||
stop|restart|status)
|
||||
exec /sbin/shorewall $@
|
||||
;;
|
||||
reload)
|
||||
shift
|
||||
exec /sbin/shorewall restart $@
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
645
Shorewall-lite/install.sh
Executable file
645
Shorewall-lite/install.sh
Executable file
@ -0,0 +1,645 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Script to install Shoreline Firewall
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Shorewall documentation is available at http://shorewall.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
|
||||
VERSION=3.2.0-RC1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
ME=$(basename $0)
|
||||
echo "usage: $ME"
|
||||
echo " $ME -v"
|
||||
echo " $ME -h"
|
||||
exit $1
|
||||
}
|
||||
|
||||
split() {
|
||||
local ifs=$IFS
|
||||
IFS=:
|
||||
set -- $1
|
||||
echo $*
|
||||
IFS=$ifs
|
||||
}
|
||||
|
||||
qt()
|
||||
{
|
||||
"$@" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
mywhich() {
|
||||
local dir
|
||||
|
||||
for dir in $(split $PATH); do
|
||||
if [ -x $dir/$1 ]; then
|
||||
echo $dir/$1
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
|
||||
return 2
|
||||
}
|
||||
|
||||
run_install()
|
||||
{
|
||||
if ! install $*; then
|
||||
echo
|
||||
echo "ERROR: Failed to install $*" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
cant_autostart()
|
||||
{
|
||||
echo
|
||||
echo "WARNING: Unable to configure shorewall to start automatically at boot" >&2
|
||||
}
|
||||
|
||||
backup_directory() # $1 = directory to backup
|
||||
{
|
||||
if [ -d $1 ]; then
|
||||
if cp -a $1 ${1}-${VERSION}.bkout ; then
|
||||
echo
|
||||
echo "$1 saved to ${1}-${VERSION}.bkout"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
backup_file() # $1 = file to backup, $2 = (optional) Directory in which to create the backup
|
||||
{
|
||||
if [ -z "$PREFIX" ]; then
|
||||
if [ -f $1 -a ! -f ${1}-${VERSION}.bkout ]; then
|
||||
if [ -n "$2" ]; then
|
||||
if [ -d $2 ]; then
|
||||
if cp -f $1 $2 ; then
|
||||
echo
|
||||
echo "$1 saved to $2/$(basename $1)"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
elif cp $1 ${1}-${VERSION}.bkout; then
|
||||
echo
|
||||
echo "$1 saved to ${1}-${VERSION}.bkout"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
delete_file() # $1 = file to delete
|
||||
{
|
||||
rm -f $1
|
||||
}
|
||||
|
||||
install_file() # $1 = source $2 = target $3 = mode
|
||||
{
|
||||
run_install $OWNERSHIP -m $3 $1 ${2}
|
||||
}
|
||||
|
||||
install_file_with_backup() # $1 = source $2 = target $3 = mode $4 = (optional) backup directory
|
||||
{
|
||||
backup_file $2 $4
|
||||
run_install $OWNERSHIP -m $3 $1 ${2}
|
||||
}
|
||||
|
||||
#
|
||||
# Parse the run line
|
||||
#
|
||||
# DEST is the SysVInit script directory
|
||||
# INIT is the name of the script in the $DEST directory
|
||||
# RUNLEVELS is the chkconfig parmeters for firewall
|
||||
# ARGS is "yes" if we've already parsed an argument
|
||||
#
|
||||
ARGS=""
|
||||
|
||||
if [ -z "$DEST" ] ; then
|
||||
DEST="/etc/init.d"
|
||||
fi
|
||||
|
||||
if [ -z "$INIT" ] ; then
|
||||
INIT="shorewall"
|
||||
fi
|
||||
|
||||
if [ -z "$RUNLEVELS" ] ; then
|
||||
RUNLEVELS=""
|
||||
fi
|
||||
|
||||
if [ -z "$OWNER" ] ; then
|
||||
OWNER=root
|
||||
fi
|
||||
|
||||
if [ -z "$GROUP" ] ; then
|
||||
GROUP=root
|
||||
fi
|
||||
|
||||
while [ $# -gt 0 ] ; do
|
||||
case "$1" in
|
||||
-h|help|?)
|
||||
usage 0
|
||||
;;
|
||||
-v)
|
||||
echo "Shorewall Firewall Installer Version $VERSION"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
ARGS="yes"
|
||||
done
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
#
|
||||
# Determine where to install the firewall script
|
||||
#
|
||||
DEBIAN=
|
||||
|
||||
OWNERSHIP="-o $OWNER -g $GROUP"
|
||||
|
||||
if [ -n "$PREFIX" ]; then
|
||||
if [ `id -u` != 0 ] ; then
|
||||
echo "Not setting file owner/group permissions, not running as root."
|
||||
OWNERSHIP=""
|
||||
fi
|
||||
|
||||
install -d $OWNERSHIP -m 755 ${PREFIX}/sbin
|
||||
install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
|
||||
elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
|
||||
DEBIAN=yes
|
||||
elif [ -f /etc/slackware-version ] ; then
|
||||
DEST="/etc/rc.d"
|
||||
INIT="rc.firewall"
|
||||
elif [ -f /etc/arch-release ] ; then
|
||||
DEST="/etc/rc.d"
|
||||
INIT="shorewall"
|
||||
ARCHLINUX=yes
|
||||
fi
|
||||
|
||||
#
|
||||
# Change to the directory containing this script
|
||||
#
|
||||
cd "$(dirname $0)"
|
||||
|
||||
echo "Installing Shorewall Version $VERSION"
|
||||
|
||||
#
|
||||
# First do Backups
|
||||
#
|
||||
|
||||
#
|
||||
# Check for /etc/shorewall
|
||||
#
|
||||
if [ -d ${PREFIX}/etc/shorewall ]; then
|
||||
first_install=""
|
||||
backup_directory ${PREFIX}/etc/shorewall
|
||||
backup_directory ${PREFIX}/usr/share/shorewall
|
||||
backup_directory ${PREFIX}/var/lib/shorewall
|
||||
else
|
||||
first_install="Yes"
|
||||
fi
|
||||
|
||||
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
|
||||
|
||||
echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
|
||||
|
||||
#
|
||||
# Install the Firewall Script
|
||||
#
|
||||
if [ -n "$DEBIAN" ]; then
|
||||
install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
|
||||
elif [ -n "$ARCHLINUX" ]; then
|
||||
install_file_with_backup init.archlinux.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
|
||||
|
||||
else
|
||||
install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
|
||||
fi
|
||||
|
||||
echo "Shorewall script installed in ${PREFIX}${DEST}/$INIT"
|
||||
|
||||
#
|
||||
# Create /etc/shorewall, /usr/share/shorewall and /var/shorewall if needed
|
||||
#
|
||||
mkdir -p ${PREFIX}/etc/shorewall
|
||||
mkdir -p ${PREFIX}/usr/share/shorewall
|
||||
mkdir -p ${PREFIX}/var/lib/shorewall
|
||||
|
||||
chmod 755 ${PREFIX}/etc/shorewall
|
||||
chmod 755 ${PREFIX}/usr/share/shorewall
|
||||
|
||||
#
|
||||
# Install the config file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
|
||||
run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
|
||||
echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf"
|
||||
fi
|
||||
|
||||
if [ -n "$ARCHLINUX" ] ; then
|
||||
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf
|
||||
fi
|
||||
#
|
||||
# Install the zones file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then
|
||||
run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones
|
||||
echo "Zones file installed as ${PREFIX}/etc/shorewall/zones"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the functions file
|
||||
#
|
||||
|
||||
install_file functions ${PREFIX}/usr/share/shorewall/functions 0444
|
||||
|
||||
echo "Common functions installed in ${PREFIX}/usr/share/shorewall/functions"
|
||||
|
||||
#
|
||||
# Install the Compiler
|
||||
#
|
||||
|
||||
install_file compiler ${PREFIX}/usr/share/shorewall/compiler 0555
|
||||
|
||||
echo
|
||||
echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler"
|
||||
|
||||
#
|
||||
# Install Shorecap
|
||||
#
|
||||
|
||||
install_file shorecap ${PREFIX}/usr/share/shorewall/shorecap 0555
|
||||
|
||||
echo
|
||||
echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall/shorecap"
|
||||
|
||||
|
||||
# Install the Help file
|
||||
#
|
||||
install_file help ${PREFIX}/usr/share/shorewall/help 0544
|
||||
|
||||
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall/help"
|
||||
|
||||
#
|
||||
# Install the policy file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/policy ]; then
|
||||
run_install $OWNERSHIP -m 0600 policy ${PREFIX}/etc/shorewall/policy
|
||||
echo "Policy file installed as ${PREFIX}/etc/shorewall/policy"
|
||||
fi
|
||||
#
|
||||
# Install the interfaces file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/interfaces ]; then
|
||||
run_install $OWNERSHIP -m 0600 interfaces ${PREFIX}/etc/shorewall/interfaces
|
||||
echo "Interfaces file installed as ${PREFIX}/etc/shorewall/interfaces"
|
||||
fi
|
||||
#
|
||||
# Install the ipsec file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/ipsec ]; then
|
||||
run_install $OWNERSHIP -m 0600 ipsec ${PREFIX}/etc/shorewall/ipsec
|
||||
echo "Dummy IPSEC file installed as ${PREFIX}/etc/shorewall/ipsec"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the hosts file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/hosts ]; then
|
||||
run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/etc/shorewall/hosts
|
||||
echo "Hosts file installed as ${PREFIX}/etc/shorewall/hosts"
|
||||
fi
|
||||
#
|
||||
# Install the rules file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/rules ]; then
|
||||
run_install $OWNERSHIP -m 0600 rules ${PREFIX}/etc/shorewall/rules
|
||||
echo "Rules file installed as ${PREFIX}/etc/shorewall/rules"
|
||||
fi
|
||||
#
|
||||
# Install the NAT file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/nat ]; then
|
||||
run_install $OWNERSHIP -m 0600 nat ${PREFIX}/etc/shorewall/nat
|
||||
echo "NAT file installed as ${PREFIX}/etc/shorewall/nat"
|
||||
fi
|
||||
#
|
||||
# Install the NETMAP file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/netmap ]; then
|
||||
run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap
|
||||
echo "NETMAP file installed as ${PREFIX}/etc/shorewall/netmap"
|
||||
fi
|
||||
#
|
||||
# Install the Parameters file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/params ]; then
|
||||
run_install $OWNERSHIP -m 0600 params ${PREFIX}/etc/shorewall/params
|
||||
echo "Parameter file installed as ${PREFIX}/etc/shorewall/params"
|
||||
fi
|
||||
#
|
||||
# Install the proxy ARP file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/proxyarp ]; then
|
||||
run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/etc/shorewall/proxyarp
|
||||
echo "Proxy ARP file installed as ${PREFIX}/etc/shorewall/proxyarp"
|
||||
fi
|
||||
#
|
||||
# Install the Stopped Routing file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/routestopped ]; then
|
||||
run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped
|
||||
echo "Stopped Routing file installed as ${PREFIX}/etc/shorewall/routestopped"
|
||||
fi
|
||||
#
|
||||
# Install the Mac List file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/maclist ]; then
|
||||
run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/etc/shorewall/maclist
|
||||
echo "MAC list file installed as ${PREFIX}/etc/shorewall/maclist"
|
||||
fi
|
||||
#
|
||||
# Install the Masq file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then
|
||||
run_install $OWNERSHIP -m 0600 masq ${PREFIX}/etc/shorewall/masq
|
||||
echo "Masquerade file installed as ${PREFIX}/etc/shorewall/masq"
|
||||
fi
|
||||
#
|
||||
# Install the Modules file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/modules ]; then
|
||||
run_install $OWNERSHIP -m 0600 modules ${PREFIX}/etc/shorewall/modules
|
||||
echo "Modules file installed as ${PREFIX}/etc/shorewall/modules"
|
||||
fi
|
||||
#
|
||||
# Install the TC Rules file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/tcrules ]; then
|
||||
run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/etc/shorewall/tcrules
|
||||
echo "TC Rules file installed as ${PREFIX}/etc/shorewall/tcrules"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the TOS file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then
|
||||
run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos
|
||||
echo "TOS file installed as ${PREFIX}/etc/shorewall/tos"
|
||||
fi
|
||||
#
|
||||
# Install the Tunnels file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/tunnels ]; then
|
||||
run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/etc/shorewall/tunnels
|
||||
echo "Tunnels file installed as ${PREFIX}/etc/shorewall/tunnels"
|
||||
fi
|
||||
#
|
||||
# Install the blacklist file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/blacklist ]; then
|
||||
run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/etc/shorewall/blacklist
|
||||
echo "Blacklist file installed as ${PREFIX}/etc/shorewall/blacklist"
|
||||
fi
|
||||
#
|
||||
# Delete the Routes file
|
||||
#
|
||||
delete_file ${PREFIX}/etc/shorewall/routes
|
||||
#
|
||||
# Delete the tcstart file
|
||||
#
|
||||
|
||||
delete_file ${PREFIX}/usr/share/shorewall/tcstart
|
||||
|
||||
#
|
||||
# Install the Providers file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/providers ]; then
|
||||
run_install $OWNERSHIP -m 0600 providers ${PREFIX}/etc/shorewall/providers
|
||||
echo "Providers file installed as ${PREFIX}/etc/shorewall/providers"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Route Rules file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/route_rules ]; then
|
||||
run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/etc/shorewall/route_rules
|
||||
echo "Routing rules file installed as ${PREFIX}/etc/shorewall/route_rules"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the tcclasses file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/tcclasses ]; then
|
||||
run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/etc/shorewall/tcclasses
|
||||
echo "TC Classes file installed as ${PREFIX}/etc/shorewall/tcclasses"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the tcdevices file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/tcdevices ]; then
|
||||
run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/etc/shorewall/tcdevices
|
||||
echo "TC Devices file installed as ${PREFIX}/etc/shorewall/tcdevices"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the rfc1918 file
|
||||
#
|
||||
install_file rfc1918 ${PREFIX}/usr/share/shorewall/rfc1918 0600
|
||||
echo "RFC 1918 file installed as ${PREFIX}/usr/share/shorewall/rfc1918"
|
||||
#
|
||||
# Install the default config path file
|
||||
#
|
||||
install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0600
|
||||
echo "Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath"
|
||||
#
|
||||
# Install the init file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/init ]; then
|
||||
run_install $OWNERSHIP -m 0600 init ${PREFIX}/etc/shorewall/init
|
||||
echo "Init file installed as ${PREFIX}/etc/shorewall/init"
|
||||
fi
|
||||
#
|
||||
# Install the initdone file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/initdone ]; then
|
||||
run_install $OWNERSHIP -m 0600 initdone ${PREFIX}/etc/shorewall/initdone
|
||||
echo "Initdone file installed as ${PREFIX}/etc/shorewall/initdone"
|
||||
fi
|
||||
#
|
||||
# Install the start file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/start ]; then
|
||||
run_install $OWNERSHIP -m 0600 start ${PREFIX}/etc/shorewall/start
|
||||
echo "Start file installed as ${PREFIX}/etc/shorewall/start"
|
||||
fi
|
||||
#
|
||||
# Install the stop file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/stop ]; then
|
||||
run_install $OWNERSHIP -m 0600 stop ${PREFIX}/etc/shorewall/stop
|
||||
echo "Stop file installed as ${PREFIX}/etc/shorewall/stop"
|
||||
fi
|
||||
#
|
||||
# Install the stopped file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/stopped ]; then
|
||||
run_install $OWNERSHIP -m 0600 stopped ${PREFIX}/etc/shorewall/stopped
|
||||
echo "Stopped file installed as ${PREFIX}/etc/shorewall/stopped"
|
||||
fi
|
||||
#
|
||||
# Install the ECN file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/ecn ]; then
|
||||
run_install $OWNERSHIP -m 0600 ecn ${PREFIX}/etc/shorewall/ecn
|
||||
echo "ECN file installed as ${PREFIX}/etc/shorewall/ecn"
|
||||
fi
|
||||
#
|
||||
# Install the Accounting file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/accounting ]; then
|
||||
run_install $OWNERSHIP -m 0600 accounting ${PREFIX}/etc/shorewall/accounting
|
||||
echo "Accounting file installed as ${PREFIX}/etc/shorewall/accounting"
|
||||
fi
|
||||
#
|
||||
# Install the Continue file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/continue ]; then
|
||||
run_install $OWNERSHIP -m 0600 continue ${PREFIX}/etc/shorewall/continue
|
||||
echo "Continue file installed as ${PREFIX}/etc/shorewall/continue"
|
||||
fi
|
||||
#
|
||||
# Install the Started file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/started ]; then
|
||||
run_install $OWNERSHIP -m 0600 started ${PREFIX}/etc/shorewall/started
|
||||
echo "Started file installed as ${PREFIX}/etc/shorewall/started"
|
||||
fi
|
||||
#
|
||||
# Install the Standard Actions file
|
||||
#
|
||||
install_file actions.std ${PREFIX}/usr/share/shorewall/actions.std 0644
|
||||
echo "Standard actions file installed as ${PREFIX}/etc/shorewall/actions.std"
|
||||
|
||||
#
|
||||
# Install the Actions file
|
||||
#
|
||||
if [ ! -f ${PREFIX}/etc/shorewall/actions ]; then
|
||||
run_install $OWNERSHIP -m 0644 actions ${PREFIX}/etc/shorewall/actions
|
||||
echo "Actions file installed as ${PREFIX}/etc/shorewall/actions"
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the Makefile
|
||||
#
|
||||
run_install $OWNERSHIP -m 0600 Makefile ${PREFIX}/etc/shorewall/Makefile
|
||||
echo "Makefile installed as ${PREFIX}/etc/shorewall/Makefile"
|
||||
|
||||
#
|
||||
# Install the Action files
|
||||
#
|
||||
for f in action.* ; do
|
||||
install_file $f ${PREFIX}/usr/share/shorewall/$f 0644
|
||||
echo "Action ${f#*.} file installed as ${PREFIX}/usr/share/shorewall/$f"
|
||||
done
|
||||
|
||||
install_file Limit ${PREFIX}/usr/share/shorewall/Limit 0600
|
||||
echo "Limit action extension script installed as ${PREFIX}/usr/share/shorewall/Limit"
|
||||
#
|
||||
# Install the Macro files
|
||||
#
|
||||
for f in macro.* ; do
|
||||
install_file $f ${PREFIX}/usr/share/shorewall/$f 0644
|
||||
echo "Macro ${f#*.} file installed as ${PREFIX}/usr/share/shorewall/$f"
|
||||
done
|
||||
#
|
||||
# Install the program skeleton files
|
||||
#
|
||||
for f in prog.* ; do
|
||||
install_file $f ${PREFIX}/usr/share/shorewall/$f 0644
|
||||
echo "Program skeleton file ${f#*.} installed as ${PREFIX}/usr/share/shorewall/$f"
|
||||
done
|
||||
#
|
||||
# Create the version file
|
||||
#
|
||||
echo "$VERSION" > ${PREFIX}/usr/share/shorewall/version
|
||||
chmod 644 ${PREFIX}/usr/share/shorewall/version
|
||||
#
|
||||
# Remove and create the symbolic link to the init script
|
||||
#
|
||||
|
||||
if [ -z "$PREFIX" ]; then
|
||||
rm -f /usr/share/shorewall/init
|
||||
ln -s ${DEST}/${INIT} /usr/share/shorewall/init
|
||||
fi
|
||||
|
||||
#
|
||||
# Install the firewall script
|
||||
#
|
||||
install_file firewall ${PREFIX}/usr/share/shorewall/firewall 0544
|
||||
|
||||
if [ -z "$PREFIX" -a -n "$first_install" ]; then
|
||||
if [ -n "$DEBIAN" ]; then
|
||||
run_install $OWNERSHIP -m 0644 default.debian /etc/default/shorewall
|
||||
ln -s ../init.d/shorewall /etc/rcS.d/S40shorewall
|
||||
echo "shorewall will start automatically at boot"
|
||||
echo "Set startup=1 in /etc/default/shorewall to enable"
|
||||
touch /var/log/shorewall-init.log
|
||||
qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/' /etc/shorewall/shorewall.conf
|
||||
else
|
||||
if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
|
||||
if insserv /etc/init.d/shorewall ; then
|
||||
echo "shorewall will start automatically at boot"
|
||||
echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable"
|
||||
else
|
||||
cant_autostart
|
||||
fi
|
||||
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
|
||||
if chkconfig --add shorewall ; then
|
||||
echo "shorewall will start automatically in run levels as follows:"
|
||||
echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable"
|
||||
chkconfig --list shorewall
|
||||
else
|
||||
cant_autostart
|
||||
fi
|
||||
elif [ -x /sbin/rc-update ]; then
|
||||
if rc-update add shorewall default; then
|
||||
echo "shorewall will start automatically at boot"
|
||||
echo "Set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf to enable"
|
||||
else
|
||||
cant_autostart
|
||||
fi
|
||||
elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
|
||||
cant_autostart
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
#
|
||||
# Report Success
|
||||
#
|
||||
echo "shorewall Version $VERSION Installed"
|
52
Shorewall-lite/releasenotes.txt
Normal file
52
Shorewall-lite/releasenotes.txt
Normal file
@ -0,0 +1,52 @@
|
||||
Shorewall Lite 3.2.0 RC 1
|
||||
|
||||
Problems Corrected in 3.2.0 RC 1
|
||||
|
||||
None.
|
||||
|
||||
Other changes in 3.2.0 RC 1
|
||||
|
||||
None.
|
||||
|
||||
New Features:
|
||||
|
||||
Shorewall Lite is a companion product to Shorewall and is designed to
|
||||
allow you to maintain all Shorewall configuration information on a
|
||||
single system within your network.
|
||||
|
||||
a) You install the full Shorewall release on one system within your
|
||||
network. You need not configure Shorewall there and you may totally
|
||||
disable startup of Shorewall in your init scripts. For ease of
|
||||
reference, we call this system the 'administrative system'.
|
||||
|
||||
b) On each system where you wish to run a Shorewall-generated firewall,
|
||||
you install Shorewall Lite. For ease of reference, we will call these
|
||||
systems the 'firewall systems'.
|
||||
|
||||
c) On the administrative system you create a separete 'configuration
|
||||
directory' for each firewall system. You copy the contents of
|
||||
/usr/share/shorewall/configfiles into each configuration directory.
|
||||
|
||||
d) On each firewall system, you run:
|
||||
|
||||
/usr/share/shorewall/shorecap > capabilities
|
||||
|
||||
The 'capabilities' file is then copied to the corresponding
|
||||
configuration directory on the administrative system.
|
||||
|
||||
e) On the administrative system, for each firewall system you:
|
||||
|
||||
1) modify the files in the corresponding configuration
|
||||
directory appropriately.
|
||||
|
||||
2) As a non-root user:
|
||||
|
||||
cd <configuration directory>
|
||||
/sbin/shorewall compile . firewall
|
||||
|
||||
Then copy the compiled 'firewall' script to
|
||||
/usr/share/shorewall/firewall on the corresponding firewall
|
||||
system.
|
||||
|
||||
3) On the firewall system, 'shorewall start'.
|
||||
|
348
Shorewall-lite/shorecap
Executable file
348
Shorewall-lite/shorecap
Executable file
@ -0,0 +1,348 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Shorewall Packet Filtering Firewall Capabilities Detector
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# This file should be placed in /sbin/shorewall.
|
||||
#
|
||||
# Shorewall documentation is available at http://shorewall.sourceforge.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
#
|
||||
# This program may be used to create a /etc/shorewall/capabilities file for
|
||||
# use in compiling Shorewall firewalls on another system.
|
||||
#
|
||||
# On the target system (the system where the firewall program is to run):
|
||||
#
|
||||
# [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
|
||||
#
|
||||
# Now move the capabilities file to the compilation system. The file must
|
||||
# be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
|
||||
# for the target system.
|
||||
#
|
||||
# Default values for the two variables are:
|
||||
#
|
||||
# IPTABLES - iptables
|
||||
# MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||
#
|
||||
# Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
|
||||
# used during firewall compilation, then the generated firewall program will likewise not
|
||||
# require Shorewall to be installed.
|
||||
|
||||
VERSION=3.2.0-RC1
|
||||
|
||||
#
|
||||
# Suppress all output for a command
|
||||
#
|
||||
qt()
|
||||
{
|
||||
"$@" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
#
|
||||
# Split a colon-separated list into a space-separated list
|
||||
#
|
||||
split() {
|
||||
local ifs=$IFS
|
||||
IFS=:
|
||||
set -- $1
|
||||
echo $*
|
||||
IFS=$ifs
|
||||
}
|
||||
|
||||
#
|
||||
# Internal version of 'which'
|
||||
#
|
||||
mywhich() {
|
||||
local dir
|
||||
|
||||
for dir in $(split $PATH); do
|
||||
if [ -x $dir/$1 ]; then
|
||||
echo $dir/$1
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
|
||||
return 2
|
||||
}
|
||||
|
||||
#
|
||||
# Load a Kernel Module
|
||||
#
|
||||
loadmodule() # $1 = module name, $2 - * arguments
|
||||
{
|
||||
local modulename=$1
|
||||
local modulefile
|
||||
local suffix
|
||||
moduleloader=modprobe
|
||||
|
||||
if ! qt mywhich modprobe; then
|
||||
moduleloader=insmod
|
||||
fi
|
||||
|
||||
if [ -z "$(lsmod | grep $modulename)" ]; then
|
||||
shift
|
||||
|
||||
for suffix in $MODULE_SUFFIX ; do
|
||||
modulefile=$MODULESDIR/${modulename}.${suffix}
|
||||
|
||||
if [ -f $modulefile ]; then
|
||||
case $moduleloader in
|
||||
insmod)
|
||||
insmod $modulefile $*
|
||||
;;
|
||||
*)
|
||||
modprobe $modulename $*
|
||||
;;
|
||||
esac
|
||||
|
||||
return
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Load kernel modules required for Shorewall
|
||||
#
|
||||
load_kernel_modules()
|
||||
{
|
||||
[ -z "$MODULESDIR" ] && \
|
||||
MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||
|
||||
#
|
||||
# Essential Modules
|
||||
#
|
||||
loadmodule ip_tables
|
||||
loadmodule iptable_filter
|
||||
loadmodule ip_conntrack
|
||||
#
|
||||
# Helpers
|
||||
#
|
||||
loadmodule ip_conntrack_ftp
|
||||
loadmodule ip_conntrack_tftp
|
||||
loadmodule ip_conntrack_irc
|
||||
loadmodule iptable_nat
|
||||
loadmodule ip_nat_ftp
|
||||
loadmodule ip_nat_tftp
|
||||
loadmodule ip_nat_irc
|
||||
loadmodule ip_set
|
||||
loadmodule ip_set_iphash
|
||||
loadmodule ip_set_ipmap
|
||||
loadmodule ip_set_macipmap
|
||||
loadmodule ip_set_portmap
|
||||
#
|
||||
# Traffic Shaping
|
||||
#
|
||||
loadmodule sch_sfq
|
||||
loadmodule sch_ingress
|
||||
loadmodule sch_htb
|
||||
loadmodule cls_u32
|
||||
#
|
||||
# Extensions
|
||||
#
|
||||
loadmodule ipt_addrtype
|
||||
loadmodule ipt_ah
|
||||
loadmodule ipt_CLASSIFY
|
||||
loadmodule ipt_CLUSTERIP
|
||||
loadmodule ipt_comment
|
||||
loadmodule ipt_connmark
|
||||
loadmodule ipt_CONNMARK
|
||||
loadmodule ipt_conntrack
|
||||
loadmodule ipt_dscp
|
||||
loadmodule ipt_DSCP
|
||||
loadmodule ipt_ecn
|
||||
loadmodule ipt_ECN
|
||||
loadmodule ipt_esp
|
||||
loadmodule ipt_hashlimit
|
||||
loadmodule ipt_helper
|
||||
loadmodule ipt_ipp2p
|
||||
loadmodule ipt_iprange
|
||||
loadmodule ipt_length
|
||||
loadmodule ipt_limit
|
||||
loadmodule ipt_LOG
|
||||
loadmodule ipt_mac
|
||||
loadmodule ipt_mark
|
||||
loadmodule ipt_MARK
|
||||
loadmodule ipt_MASQUERADE
|
||||
loadmodule ipt_multiport
|
||||
loadmodule ipt_NETMAP
|
||||
loadmodule ipt_NOTRACK
|
||||
loadmodule ipt_owner
|
||||
loadmodule ipt_physdev
|
||||
loadmodule ipt_pkttype
|
||||
loadmodule ipt_policy
|
||||
loadmodule ipt_realm
|
||||
loadmodule ipt_recent
|
||||
loadmodule ipt_REDIRECT
|
||||
loadmodule ipt_REJECT
|
||||
loadmodule ipt_SAME
|
||||
loadmodule ipt_sctp
|
||||
loadmodule ipt_set
|
||||
loadmodule ipt_state
|
||||
loadmodule ipt_tcpmss
|
||||
loadmodule ipt_TCPMSS
|
||||
loadmodule ipt_tos
|
||||
loadmodule ipt_TOS
|
||||
loadmodule ipt_ttl
|
||||
loadmodule ipt_TTL
|
||||
loadmodule ipt_ULOG
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
# Determine which optional facilities are supported by iptables/netfilter
|
||||
#
|
||||
determine_capabilities() {
|
||||
[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables)
|
||||
|
||||
[ -z "$IPTABLES" ] && { echo "ERROR: Can't find IPTABLES executable" ; exit 2; }
|
||||
|
||||
qt $IPTABLES -t nat -L -n && NAT_ENABLED=Yes || NAT_ENABLED=
|
||||
qt $IPTABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
|
||||
|
||||
CONNTRACK_MATCH=
|
||||
MULTIPORT=
|
||||
XMULTIPORT=
|
||||
POLICY_MATCH=
|
||||
PHYSDEV_MATCH=
|
||||
IPRANGE_MATCH=
|
||||
RECENT_MATCH=
|
||||
OWNER_MATCH=
|
||||
IPSET_MATCH=
|
||||
CONNMARK=
|
||||
CONNMARK_MATCH=
|
||||
RAW_TABLE=
|
||||
IPP2P_MATCH=
|
||||
LENGTH_MATCH=
|
||||
CLASSIFY_TARGET=
|
||||
ENHANCED_REJECT=
|
||||
USEPKTTYPE=
|
||||
KLUDGEFREE=
|
||||
MARK=
|
||||
XMARK=
|
||||
MANGLE_FORWARD=
|
||||
|
||||
qt $IPTABLES -N fooX1234
|
||||
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
|
||||
qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21:22 -j ACCEPT && XMULTIPORT=Yes
|
||||
qt $IPTABLES -A fooX1234 -m policy --pol ipsec --mode tunnel --dir in -j ACCEPT && POLICY_MATCH=Yes
|
||||
|
||||
if qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT; then
|
||||
PHYSDEV_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth1 -m physdev --physdev-out eth1 -j ACCEPT && KLUDGEFREE=Yes
|
||||
fi
|
||||
|
||||
if qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT; then
|
||||
IPRANGE_MATCH=Yes
|
||||
if [ -z "${KLUDGEFREE}${PHYSDEV_MATCH}" ]; then
|
||||
qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -m iprange --dst-range 192.168.1.5-192.168.1.124 -j ACCEPT && KLUDGEFREE=Yes
|
||||
fi
|
||||
fi
|
||||
|
||||
qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT && RECENT_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m owner --uid-owner 0 -j ACCEPT && OWNER_MATCH=Yes
|
||||
|
||||
if qt $IPTABLES -A fooX1234 -m connmark --mark 2 -j ACCEPT; then
|
||||
CONNMARK_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m connmark --mark 2/0xFF -j ACCEPT && XCONNMARK_MATCH=Yes
|
||||
fi
|
||||
|
||||
qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT && IPP2P_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m length --length 10:20 -j ACCEPT && LENGTH_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -j REJECT --reject-with icmp-host-prohibited && ENHANCED_REJECT=Yes
|
||||
|
||||
if [ -n "$MANGLE_ENABLED" ]; then
|
||||
qt $IPTABLES -t mangle -N fooX1234
|
||||
|
||||
if qt $IPTABLES -t mangle -A fooX1234 -j MARK --set-mark 1; then
|
||||
MARK=Yes
|
||||
qt $IPTABLES -t mangle -A fooX1234 -j MARK --and-mark 0xFF && XMARK=Yes
|
||||
fi
|
||||
|
||||
if qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark; then
|
||||
CONNMARK=Yes
|
||||
qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark --mask 0xFF && XCONNMARK=Yes
|
||||
fi
|
||||
|
||||
qt $IPTABLES -t mangle -A fooX1234 -j CLASSIFY --set-class 1:1 && CLASSIFY_TARGET=Yes
|
||||
qt $IPTABLES -t mangle -F fooX1234
|
||||
qt $IPTABLES -t mangle -X fooX1234
|
||||
qt $IPTABLES -t mangle -L FORWARD -n && MANGLE_FORWARD=Yes
|
||||
fi
|
||||
|
||||
qt $IPTABLES -t raw -L -n && RAW_TABLE=Yes
|
||||
|
||||
if qt mywhich ipset; then
|
||||
qt ipset -X fooX1234 # Just in case something went wrong the last time
|
||||
|
||||
if qt ipset -N fooX1234 iphash ; then
|
||||
if qt $IPTABLES -A fooX1234 -m set --set fooX1234 src -j ACCEPT; then
|
||||
qt $IPTABLES -D fooX1234 -m set --set fooX1234 src -j ACCEPT
|
||||
IPSET_MATCH=Yes
|
||||
fi
|
||||
qt ipset -X fooX1234
|
||||
fi
|
||||
fi
|
||||
|
||||
qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT && USEPKTTYPE=Yes
|
||||
|
||||
qt $IPTABLES -F fooX1234
|
||||
qt $IPTABLES -X fooX1234
|
||||
}
|
||||
|
||||
report_capability() # $1 = Capability
|
||||
{
|
||||
eval echo $1=\$$1
|
||||
}
|
||||
|
||||
report_capabilities() {
|
||||
echo "#"
|
||||
echo "# Shorewall $VERSION detected the following iptables/netfilter capabilities - $(date)"
|
||||
echo "#"
|
||||
report_capability NAT_ENABLED
|
||||
report_capability MANGLE_ENABLED
|
||||
report_capability MULTIPORT
|
||||
report_capability XMULTIPORT
|
||||
report_capability CONNTRACK_MATCH
|
||||
report_capability USEPKTTYPE
|
||||
report_capability POLICY_MATCH
|
||||
report_capability PHYSDEV_MATCH
|
||||
report_capability LENGTH_MATCH
|
||||
report_capability IPRANGE_MATCH
|
||||
report_capability RECENT_MATCH
|
||||
report_capability OWNER_MATCH
|
||||
report_capability IPSET_MATCH
|
||||
report_capability CONNMARK
|
||||
report_capability XCONNMARK
|
||||
report_capability CONNMARK_MATCH
|
||||
report_capability XCONNMARK_MATCH
|
||||
report_capability RAW_TABLE
|
||||
report_capability IPP2P_MATCH
|
||||
report_capability CLASSIFY_TARGET
|
||||
report_capability ENHANCED_REJECT
|
||||
report_capability KLUDGEFREE
|
||||
report_capability MARK
|
||||
report_capability XMARK
|
||||
report_capability MANGLE_FORWARD
|
||||
}
|
||||
|
||||
load_kernel_modules
|
||||
determine_capabilities
|
||||
report_capabilities
|
1648
Shorewall-lite/shorewall
Executable file
1648
Shorewall-lite/shorewall
Executable file
File diff suppressed because it is too large
Load Diff
148
Shorewall-lite/shorewall.conf
Normal file
148
Shorewall-lite/shorewall.conf
Normal file
@ -0,0 +1,148 @@
|
||||
###############################################################################
|
||||
# /etc/shorewall/shorewall.conf V3.0 - Change the following variables to
|
||||
# match your setup
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# This file should be placed in /etc/shorewall
|
||||
#
|
||||
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
###############################################################################
|
||||
# V E R B O S I T Y
|
||||
###############################################################################
|
||||
#
|
||||
# Shorewall has traditionally been very noisy. You may now set the default
|
||||
# level of verbosity here.
|
||||
#
|
||||
# Values are:
|
||||
#
|
||||
# 0 -- Silent. You may make it more verbose using the -v option
|
||||
# 1 -- Major progress messages displayed
|
||||
# 2 -- All progress messages displayed (old default behavior)
|
||||
#
|
||||
# If not specified, then 2 is assumed
|
||||
|
||||
VERBOSITY=1
|
||||
|
||||
###############################################################################
|
||||
# L O G G I N G
|
||||
###############################################################################
|
||||
#
|
||||
# General note about log levels. Log levels are a method of describing
|
||||
# to syslog (8) the importance of a message and a number of parameters
|
||||
# in this file have log levels as their value.
|
||||
#
|
||||
# These levels are defined by syslog and are used to determine the destination
|
||||
# of the messages through entries in /etc/syslog.conf (5). The syslog
|
||||
# documentation refers to these as "priorities"; Netfilter calls them "levels"
|
||||
# and Shorewall also uses that term.
|
||||
#
|
||||
# Valid levels are:
|
||||
#
|
||||
# 7 debug
|
||||
# 6 info
|
||||
# 5 notice
|
||||
# 4 warning
|
||||
# 3 err
|
||||
# 2 crit
|
||||
# 1 alert
|
||||
# 0 emerg
|
||||
#
|
||||
# For most Shorewall logging, a level of 6 (info) is appropriate. Shorewall
|
||||
# log messages are generated by NetFilter and are logged using facility
|
||||
# 'kern' and the level that you specifify. If you are unsure of the level
|
||||
# to choose, 6 (info) is a safe bet. You may specify levels by name or by
|
||||
# number.
|
||||
#
|
||||
# If you have built your kernel with ULOG target support, you may also
|
||||
# specify a log level of ULOG (must be all caps). Rather than log its
|
||||
# messages to syslogd, Shorewall will direct netfilter to log the messages
|
||||
# via the ULOG target which will send them to a process called 'ulogd'.
|
||||
# ulogd is available with most Linux distributions (although it probably isn't
|
||||
# installed by default). Ulogd is also available from
|
||||
# http://www.gnumonks.org/projects/ulogd and can be configured to log all
|
||||
# Shorewall message to their own log file
|
||||
###############################################################################
|
||||
#
|
||||
# LOG FILE LOCATION
|
||||
#
|
||||
# This variable tells the /sbin/shorewall program where to look for Shorewall
|
||||
# log messages. If not set or set to an empty string (e.g., LOGFILE="") then
|
||||
# /var/log/messages is assumed.
|
||||
#
|
||||
# WARNING: The LOGFILE variable simply tells the 'shorewall' program where to
|
||||
# look for Shorewall messages.It does NOT control the destination for
|
||||
# these messages. For information about how to do that, see
|
||||
#
|
||||
# http://www.shorewall.net/shorewall_logging.html
|
||||
#
|
||||
|
||||
LOGFILE=/var/log/messages
|
||||
|
||||
#
|
||||
# LOG FORMAT
|
||||
#
|
||||
# Shell 'printf' Formatting template for the --log-prefix value in log messages
|
||||
# generated by Shorewall to identify Shorewall log messages. The supplied
|
||||
# template is expected to accept either two or three arguments; the first is
|
||||
# the chain name, the second (optional) is the logging rule number within that
|
||||
# chain and the third is the ACTION specifying the disposition of the packet
|
||||
# being logged. You must use the %d formatting type for the rule number; if
|
||||
# your template does not contain %d then the rule number will not be included.
|
||||
#
|
||||
# If you want to integrate Shorewall with fireparse, then set LOGFORMAT as:
|
||||
#
|
||||
# LOGFORMAT="fp=%s:%d a=%s "
|
||||
#
|
||||
# If not specified or specified as empty (LOGFORMAT="") then the value
|
||||
# "Shorewall:%s:%s:" is assumed.
|
||||
#
|
||||
# CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT string (up
|
||||
# to but not including the first '%') to find log messages in the 'show log',
|
||||
# 'status' and 'hits' commands. This part should not be omitted (the
|
||||
# LOGFORMAT should not begin with "%") and the leading part should be
|
||||
# sufficiently unique for /sbin/shorewall to identify Shorewall messages.
|
||||
#
|
||||
|
||||
LOGFORMAT="Shorewall:%s:%s:"
|
||||
|
||||
###############################################################################
|
||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||
###############################################################################
|
||||
#
|
||||
# IPTABLES
|
||||
#
|
||||
# Full path to iptables executable Shorewall uses to build the firewall. If
|
||||
# not specified or if specified with an empty value (e.g., IPTABLES="") then
|
||||
# the iptables executable located via the PATH setting below is used.
|
||||
#
|
||||
|
||||
IPTABLES=
|
||||
|
||||
#
|
||||
# PATH - Change this if you want to change the order in which Shorewall
|
||||
# searches directories for executable files.
|
||||
#
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
#
|
||||
# SHELL
|
||||
#
|
||||
# The firewall script is normally interpreted by /bin/sh. If you wish to change
|
||||
# the shell used to interpret that script, specify the shell here.
|
||||
#
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
||||
# SUBSYSTEM LOCK FILE
|
||||
#
|
||||
# Set this to the name of the lock file expected by your init scripts. For
|
||||
# RedHat, this should be /var/lock/subsys/shorewall. If your init scripts don't
|
||||
# use lock files, set this to "".
|
||||
#
|
||||
|
||||
SUBSYSLOCK=/var/lock/subsys/shorewall
|
||||
|
||||
#LAST LINE -- DO NOT REMOVE
|
313
Shorewall-lite/shorewall.spec
Normal file
313
Shorewall-lite/shorewall.spec
Normal file
@ -0,0 +1,313 @@
|
||||
%define name shorewall
|
||||
%define version 3.2.0
|
||||
%define release 0Beta4
|
||||
%define prefix /usr
|
||||
|
||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||
Name: %{name}
|
||||
Version: %{version}
|
||||
Release: %{release}
|
||||
Prefix: %{prefix}
|
||||
License: GPL
|
||||
Packager: Tom Eastep <teastep@shorewall.net>
|
||||
Group: Networking/Utilities
|
||||
Source: %{name}-%{version}.tgz
|
||||
URL: http://www.shorewall.net/
|
||||
BuildArch: noarch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
Requires: iptables iproute
|
||||
|
||||
%description
|
||||
|
||||
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
|
||||
(iptables) based firewall that can be used on a dedicated firewall system,
|
||||
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
|
||||
|
||||
%prep
|
||||
|
||||
%setup
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
export PREFIX=$RPM_BUILD_ROOT ; \
|
||||
export OWNER=`id -n -u` ; \
|
||||
export GROUP=`id -n -g` ;\
|
||||
./install.sh
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
|
||||
if [ $1 -eq 1 ]; then
|
||||
if [ -x /sbin/insserv ]; then
|
||||
/sbin/insserv /etc/rc.d/shorewall
|
||||
elif [ -x /sbin/chkconfig ]; then
|
||||
/sbin/chkconfig --add shorewall;
|
||||
fi
|
||||
fi
|
||||
|
||||
%preun
|
||||
|
||||
if [ $1 = 0 ]; then
|
||||
if [ -x /sbin/insserv ]; then
|
||||
/sbin/insserv -r /etc/init.d/shorewall
|
||||
elif [ -x /sbin/chkconfig ]; then
|
||||
/sbin/chkconfig --del shorewall
|
||||
fi
|
||||
|
||||
rm -f /etc/shorewall/startup_disabled
|
||||
|
||||
fi
|
||||
|
||||
%files
|
||||
%defattr(0644,root,root,0755)
|
||||
%attr(0544,root,root) /etc/init.d/shorewall
|
||||
%attr(0755,root,root) %dir /etc/shorewall
|
||||
%attr(0755,root,root) %dir /usr/share/shorewall
|
||||
%attr(0700,root,root) %dir /var/lib/shorewall
|
||||
%attr(0644,root,root) %config(noreplace) /etc/shorewall/shorewall.conf
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/zones
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/policy
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/interfaces
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/ipsec
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/rules
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/nat
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/netmap
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/params
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/proxyarp
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/routestopped
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/maclist
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/masq
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/modules
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcrules
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tos
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tunnels
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/initdone
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/ecn
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/actions
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/continue
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/started
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/providers
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/route_rules
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcclasses
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcdevices
|
||||
%attr(0600,root,root) /etc/shorewall/Makefile
|
||||
|
||||
%attr(0555,root,root) /sbin/shorewall
|
||||
|
||||
%attr(0644,root,root) /usr/share/shorewall/version
|
||||
%attr(0644,root,root) /usr/share/shorewall/actions.std
|
||||
%attr(0644,root,root) /usr/share/shorewall/action.Drop
|
||||
%attr(0644,root,root) /usr/share/shorewall/action.Limit
|
||||
%attr(0644,root,root) /usr/share/shorewall/action.Reject
|
||||
%attr(0644,root,root) /usr/share/shorewall/action.template
|
||||
%attr(0555,root,root) /usr/share/shorewall/compiler
|
||||
%attr(0444,root,root) /usr/share/shorewall/functions
|
||||
%attr(0544,root,root) /usr/share/shorewall/firewall
|
||||
%attr(0544,root,root) /usr/share/shorewall/shorecap
|
||||
%attr(0544,root,root) /usr/share/shorewall/help
|
||||
%attr(0644,root,root) /usr/share/shorewall/Limit
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.AllowICMPs
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Amanda
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Auth
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.BitTorrent
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.CVS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Distcc
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.DNS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.DropDNSrep
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.DropUPnP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Edonkey
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.FTP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Gnutella
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.HTTP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.HTTPS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.ICQ
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.IMAP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.IMAPS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.LDAP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.LDAPS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.MySQL
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.NNTP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.NNTPS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.NTP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.NTPbrd
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.PCA
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Ping
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.POP3
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.POP3S
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.PostgreSQL
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Rdate
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Rsync
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SMB
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SMBBI
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SMBswat
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SMTP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SMTPS
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SNMP
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SPAMD
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SSH
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Submission
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.SVN
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Syslog
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Telnet
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.template
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Trcrt
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.VNC
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.VNCL
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Web
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Webmin
|
||||
%attr(0644,root,root) /usr/share/shorewall/macro.Whois
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.footer
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.header
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.footer.debian
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.header.debian
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.footer.redhat
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.header.redhat
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.footer.suse
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.header.suse
|
||||
%attr(0644,root,root) /usr/share/shorewall/rfc1918
|
||||
%attr(0644,root,root) /usr/share/shorewall/configpath
|
||||
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
|
||||
|
||||
%changelog
|
||||
* Fri Apr 14 2006 Tom Eastep tom@shorewall.net
|
||||
- Renamed rtrules to route_rules
|
||||
* Sun Apr 02 2006 Tom Eastep tom@shorewall.net
|
||||
- Added rtrules file
|
||||
- Updated to 3.2.0-0Beta4
|
||||
* Mon Mar 27 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.2.0-0Beta3
|
||||
* Sat Mar 25 2006 Tom Eastep tom@shorewall.net
|
||||
- Remove '%config' from Makefile
|
||||
* Thu Mar 23 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.2.0-0Beta2
|
||||
* Thu Mar 09 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.2.0-0Beta1
|
||||
* Sat Mar 04 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.9-1
|
||||
- Added debian and redhat prog header/footers
|
||||
* Wed Mar 01 2006 Tom Eastep tom@shorewall.net
|
||||
- Moved shorecap to /usr/share/shorewall
|
||||
* Fri Feb 24 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.8-1
|
||||
* Fri Feb 10 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.7-1
|
||||
* Fri Feb 10 2006 Tom Eastep tom@shorewall.net
|
||||
- Added shorecap
|
||||
- Updated to 3.1.6-1
|
||||
* Fri Feb 03 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.5-1
|
||||
- Added new program header/footer files
|
||||
* Sun Jan 29 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.4-1
|
||||
- Added new Macros
|
||||
* Fri Jan 20 2006 Tom Eastep tom@shorewall.net
|
||||
- Change permissions for compile by ordinary user
|
||||
* Fri Jan 20 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.3-1
|
||||
* Tue Jan 17 2006 Tom Eastep tom@shorewall.net
|
||||
- Added program skeleton Files
|
||||
* Sun Jan 15 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.2-1
|
||||
* Thu Jan 12 2006 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.1-1
|
||||
* Sat Dec 24 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.1.0-1
|
||||
* Thu Dec 15 2005 Tom Eastep tom@shorewall.net
|
||||
- Add Limit action
|
||||
* Mon Dec 12 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.3-1
|
||||
* Tue Nov 22 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.2-1
|
||||
* Thu Nov 17 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.1-1
|
||||
* Wed Nov 03 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.0-1
|
||||
* Wed Nov 02 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.0-0RC3
|
||||
Sat Oct 22 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.0-0RC2
|
||||
* Mon Oct 17 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.0-0RC1
|
||||
* Sun Oct 09 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 3.0.0-0Beta1
|
||||
* Fri Oct 07 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.7-1
|
||||
* Tue Oct 04 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.7-1
|
||||
* Sat Sep 17 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.6-1
|
||||
* Tue Aug 30 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.4-1
|
||||
* Fri Aug 26 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.3-1
|
||||
* Tue Aug 16 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.2-1
|
||||
* Sun Aug 07 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.1-1
|
||||
* Tue Jul 26 2005 Tom Eastep tom@shorewall.net
|
||||
- Fix omissions/errors
|
||||
* Mon Jul 25 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.5.0-1
|
||||
- Add macros and convert most actions to macros
|
||||
* Thu Jun 02 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.4.0-1
|
||||
* Sun May 30 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.4.0-0RC2
|
||||
* Thu May 19 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.4.0-0RC1
|
||||
* Thu May 19 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.3.2-1
|
||||
* Sun May 15 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.3.1-1
|
||||
* Mon Apr 11 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.4-1
|
||||
* Fri Apr 08 2005 Tom Eastep tom@shorewall.net
|
||||
- Added /etc/shorewall/started
|
||||
* Tue Apr 05 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.3-1
|
||||
* Mon Mar 07 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.2-1
|
||||
* Mon Jan 24 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.1-1
|
||||
* Mon Jan 24 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-1
|
||||
* Mon Jan 17 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0RC5
|
||||
* Thu Jan 06 2005 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0RC4
|
||||
* Thu Dec 30 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0RC3
|
||||
* Fri Dec 24 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0RC2
|
||||
* Sun Dec 19 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0RC1
|
||||
- Added ipsecvpn file
|
||||
* Sat Dec 11 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta8
|
||||
* Mon Nov 29 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta7
|
||||
* Fri Nov 26 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta6
|
||||
* Fri Nov 26 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta5
|
||||
* Fri Nov 19 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta4
|
||||
* Tue Nov 09 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta3
|
||||
* Tue Nov 02 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta2
|
||||
* Fri Oct 22 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated to 2.2.0-0Beta1
|
||||
|
||||
|
112
Shorewall-lite/uninstall.sh
Executable file
112
Shorewall-lite/uninstall.sh
Executable file
@ -0,0 +1,112 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Script to back uninstall Shoreline Firewall
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
#
|
||||
# (c) 2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Shorewall documentation is available at http://shorewall.sourceforge.net
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of Version 2 of the GNU General Public License
|
||||
# as published by the Free Software Foundation.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=3.2.0-RC1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
ME=$(basename $0)
|
||||
echo "usage: $ME"
|
||||
exit $1
|
||||
}
|
||||
|
||||
qt()
|
||||
{
|
||||
"$@" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
restore_file() # $1 = file to restore
|
||||
{
|
||||
if [ -f ${1}-shorewall.bkout ]; then
|
||||
if (mv -f ${1}-shorewall.bkout $1); then
|
||||
echo
|
||||
echo "$1 restored"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
remove_file() # $1 = file to restore
|
||||
{
|
||||
if [ -f $1 -o -L $1 ] ; then
|
||||
rm -f $1
|
||||
echo "$1 Removed"
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -f /usr/share/shorewall/version ]; then
|
||||
INSTALLED_VERSION="$(cat /usr/share/shorewall/version)"
|
||||
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
|
||||
echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
|
||||
echo " and this is the $VERSION uninstaller."
|
||||
VERSION="$INSTALLED_VERSION"
|
||||
fi
|
||||
else
|
||||
echo "WARNING: Shorewall Version $VERSION is not installed"
|
||||
VERSION=""
|
||||
fi
|
||||
|
||||
echo "Uninstalling shorewall $VERSION"
|
||||
|
||||
if qt iptables -L shorewall -n; then
|
||||
/sbin/shorewall clear
|
||||
fi
|
||||
|
||||
if [ -L /usr/share/shorewall/init ]; then
|
||||
FIREWALL=$(ls -l /usr/share/shorewall/init | sed 's/^.*> //')
|
||||
else
|
||||
FIREWALL=/etc/init.d/shorewall
|
||||
fi
|
||||
|
||||
if [ -n "$FIREWALL" ]; then
|
||||
if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
|
||||
insserv -r $FIREWALL
|
||||
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
|
||||
chkconfig --del $(basename $FIREWALL)
|
||||
else
|
||||
rm -f /etc/rc*.d/*$(basename $FIREWALL)
|
||||
fi
|
||||
|
||||
remove_file $FIREWALL
|
||||
rm -f ${FIREWALL}-*.bkout
|
||||
fi
|
||||
|
||||
rm -f /sbin/shorewall
|
||||
rm -f /sbin/shorewall-*.bkout
|
||||
|
||||
rm -rf /etc/shorewall
|
||||
rm -rf /etc/shorewall-*.bkout
|
||||
rm -rf /var/lib/shorewall
|
||||
rm -rf /var/lib/shorewall-*.bkout
|
||||
rm -rf /usr/share/shorewall
|
||||
rm -rf /usr/share/shorewall-*.bkout
|
||||
|
||||
echo "Shorewall Uninstalled"
|
||||
|
||||
|
@ -223,7 +223,7 @@ else
|
||||
first_install="Yes"
|
||||
fi
|
||||
|
||||
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
|
||||
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0555 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
|
||||
|
||||
echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
|
||||
|
||||
@ -527,7 +527,7 @@ echo "RFC 1918 file installed as ${PREFIX}/usr/share/shorewall/rfc1918"
|
||||
#
|
||||
# Install the default config path file
|
||||
#
|
||||
install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0600
|
||||
install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0644
|
||||
echo "Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath"
|
||||
#
|
||||
# Install the init file
|
||||
|
@ -307,7 +307,7 @@
|
||||
column must exist at the time that Shorewall is started, restarted
|
||||
or refreshed. Beginning with Shorewall 3.0.8 and 3.2.0 Beta 8,
|
||||
Shorewall will determine if the device exists and will only
|
||||
configure the device if it exists. If it doesn't exist, the
|
||||
configure the device if it does exist. If it doesn't exist, the
|
||||
following warning is issued:</para>
|
||||
|
||||
<para><emphasis role="bold">WARNING: Device <device name> not
|
||||
|
@ -42,7 +42,7 @@
|
||||
#
|
||||
# XSL Stylesheet to use for XML->HTML conversion
|
||||
#
|
||||
STYLESHEET=/usr/share/xml/docbook/stylesheet/nwalsh/current/xhtml/docbook.xsl
|
||||
STYLESHEET=/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl
|
||||
#
|
||||
# Directory where the build log will be placed. The log has the name
|
||||
# shorewall_build_<version>.log
|
||||
@ -196,7 +196,7 @@ esac
|
||||
VERSION=$1
|
||||
LOGFILE=$LOGDIR/shorewall_build_${VERSION}.log
|
||||
# location and options for GnuPG
|
||||
GPG="/usr/bin/gpg -ab --batch --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key'"
|
||||
GPG="/usr/bin/gpg -ab --no-use-agent --comment 'To verify this, you can download our public key at https://lists.shorewall.net/shorewall.gpg.key'"
|
||||
touch $LOGFILE
|
||||
progress_message "Build of Shorewall $VERSION on $(date)"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user