extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.2.0'

Browse Source
This commit is contained in:
Tom Eastep 2018-05-20 14:48:40 -07:00
commit b6d1293b2e
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
6 changed files with 69 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall-core/lib.cli
View File

@ -1201,11 +1201,17 @@ show_saves_command() {
echo echo
for f in ${VARDIR}/*-iptables; do for f in ${VARDIR}/*-iptables; do
fn=$(basename $f) case $f in
fn=${fn%-iptables} *\**)
mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' ) ;;
[ $fn = "$RESTOREFILE" ] && fn="$fn (default)" *)
echo " $mtime ${fn%-iptables}" fn=$(basename $f)
fn=${fn%-iptables}
mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' )
[ $fn = "$RESTOREFILE" ] && fn="$fn (default)"
echo " $mtime ${fn%-iptables}"
;;
esac
done done
echo echo

9
Shorewall/Macros/macro.IPFS-swarm Normal file
View File

@ -0,0 +1,9 @@
#
# Shorewall -- /usr/share/shorewall/macro.IPFS-swarm
#
# This macro handles IPFS data traffic (the connection to IPFS swarm).
#
###############################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
PARAM - - tcp 4001

8
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2529,6 +2529,10 @@ sub split_rawline2( $$;$$$ ) {
# Delete trailing comment # Delete trailing comment
# #
$currentline =~ s/\s*#.*//; $currentline =~ s/\s*#.*//;
#
# Convert ${...} to $...
#
$currentline =~ s/\$\{(.*?)\}/\$$1/g;
my @result = &split_line2( @_ ); my @result = &split_line2( @_ );
@ -5459,7 +5463,7 @@ sub update_config_file( $ ) {
update_default( 'BLACKLIST_DEFAULT', 'AllowICMPs,dropBcasts,dropNotSyn,dropInvalid' ); update_default( 'BLACKLIST_DEFAULT', 'AllowICMPs,dropBcasts,dropNotSyn,dropInvalid' );
} }
for ( qw/DROP_DEFAULT REJECT_DEFAULT/ ) { for ( qw/DROP_DEFAULT REJECT_DEFAULT BLACKLIST_DEFAULT/ ) {
my $policy = $config{ $_ }; my $policy = $config{ $_ };
if ( $policy =~ /\bA_(?:Drop|Reject)\b/ ) { if ( $policy =~ /\bA_(?:Drop|Reject)\b/ ) {
@ -6599,7 +6603,7 @@ sub get_configuration( $$$ ) {
default_yes_no 'BALANCE_PROVIDERS' , $config{USE_DEFAULT_RT} ? 'Yes' : ''; default_yes_no 'BALANCE_PROVIDERS' , $config{USE_DEFAULT_RT} ? 'Yes' : '';
default_yes_no 'USE_NFLOG_SIZE' , ''; default_yes_no 'USE_NFLOG_SIZE' , '';
if ( ( $val = $config{AUTOMAKE} ) !~ /^[Rr]ecursive$/ ) { if ( ( $val = ( $config{AUTOMAKE} || '' ) ) !~ /^[Rr]ecursive$/ ) {
default_yes_no( 'AUTOMAKE' , '' ) unless $val && $val =~ /^\d{1,2}$/; default_yes_no( 'AUTOMAKE' , '' ) unless $val && $val =~ /^\d{1,2}$/;
} }

2
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -810,7 +810,7 @@ sub add_common_rules ( $ ) {
$dbl_dst_target = $dbl_src_target; $dbl_dst_target = $dbl_src_target;
} }
} elsif ( $dbl_level ) { } elsif ( $dbl_level ) {
my $chainref = set_optflags( new_standard_chain( $dbl_src_target = 'dbl_log' ) , DONT_OPTIMIZE | DONT_DELETE ); my $chainref = set_optflags( new_standard_chain( $dbl_src_target = $dbl_dst_target = 'dbl_log' ) , DONT_OPTIMIZE | DONT_DELETE );
log_rule_limit( $dbl_level, log_rule_limit( $dbl_level,
$chainref, $chainref,

4
Shorewall/Perl/lib.runtime
View File

@ -675,7 +675,7 @@ interface_is_usable() # $1 = interface
status=0 status=0
if ! loopback_interface $1; then if ! loopback_interface $1; then
if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then
if [ "$COMMAND" != enable ]; then if [ "$COMMAND" != enable ]; then
[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
status=$? status=$?
@ -1101,7 +1101,7 @@ interface_is_usable() # $1 = interface
status=0 status=0
if [ "$1" != lo ]; then if [ "$1" != lo ]; then
if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ]; then if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then
if [ "$COMMAND" != enable ]; then if [ "$COMMAND" != enable ]; then
[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
status=$? status=$?

41
Shorewall/lib.cli-std
View File

@ -412,10 +412,14 @@ uptodate() {
elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print)" ]; then elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print)" ]; then
return 1; return 1;
fi fi
elif [ $AUTOMAKE = recursive ]; then elif [ "$AUTOMAKE" = recursive ]; then
if [ -n "$(${find} ${dir} -newer $1 -print -quit)" ]; then if [ -n "$(${find} ${dir} -newer $1 -print -quit)" ]; then
return 1; return 1;
fi fi
elif [ -z "$AUTOMAKE" ]; then
if [ -n "$(${find} ${dir} -maxdepth 1 -type f -newer $1 -print -quit)" ]; then
return 1;
fi
elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print -quit)" ]; then elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print -quit)" ]; then
return 1; return 1;
fi fi
@ -1063,6 +1067,41 @@ restart_command() {
return $rc return $rc
} }
read_yesno_with_timeout() {
local timeout
timeout=${1:-60}
case $timeout in
*s)
;;
*m)
timeout=$((${timeout%m} * 60))
;;
*h)
timeout=$((${timeout%h} * 3600))
;;
esac
read -t $timeout yn 2> /dev/null
if [ $? -eq 2 ]
then
# read doesn't support timeout
test -x /bin/bash || return 2 # bash is not installed so the feature is not available
/bin/bash -c "read -t $timeout yn ; if [ \"\$yn\" == \"y\" ] ; then exit 0 ; else exit 1 ; fi" # invoke bash and use its version of read
return $?
else
# read supports timeout
case "$yn" in
y|Y)
return 0
;;
*)
return 1
;;
esac
fi
}
# #
# Safe-start/safe-reload/safe-restart Command Executor # Safe-start/safe-reload/safe-restart Command Executor
# #