Shorewall 2.0.2a

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-14 19:54:06 +01:00 · 2004-05-16 17:10:55 +00:00 · 2004-05-16 17:10:55 +00:00 · b6f49d77ac
commit b6f49d77ac
parent ae9ccea280
10 changed files with 108 additions and 49 deletions
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -59,3 +59,7 @@ Changes since 2.0.1
 28) Correct typo that broke "shorewall delete"

 29) Apply Stijn Jonker's -q fix.
+
+30) Remove restore-$$ files.
+
+31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base.
--- a/STABLE2/fallback.sh
+++ b/STABLE2/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=2.0.2
+VERSION=2.0.2a

 usage() # $1 = exit status
 {
--- a/STABLE2/firewall
+++ b/STABLE2/firewall
@ -87,6 +87,7 @@ startup_error() # $* = Error Message
    echo "   Error: $@" >&2
    my_mutex_off
    [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
+    rm -f /var/lib/shorewall/restore-$$
    kill $$
    exit 2
 }
@ -1213,6 +1214,9 @@ stop_firewall() {
    #
    # Turn off trace unless we were tracing "stop" or "clear"
    #
+
+    rm -f /var/lib/shorewall/restore-$$
+
    case $COMMAND in
 	stop|clear)
 	    ;;
@ -1222,8 +1226,6 @@ stop_firewall() {
 	    ;;
 	*)
 	    set +x
-	    rm -f /var/lib/shorewall/restore-$$
-
 	    if [ -f /var/lib/shorewall/restore ]; then
 		echo Restoring Shorewall...
 		. /var/lib/shorewall/restore
@ -2325,6 +2327,7 @@ check_config() {
    process_actions2

    rm -rf $TMP_DIR
+    rm -f /var/lib/shorewall/restore-$$

    echo "Configuration Validated"

@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
    run_iptables -t mangle -A OUTPUT	 -j outtos
 }

-#
-# Load a Kernel Module
-#
-loadmodule() # $1 = module name, $2 - * arguments
-{
-    local modulename=$1
-    local modulefile
-    local suffix
-    moduleloader=modprobe
-
-    if ! qt which modprobe; then 
-	moduleloader=insmod
-    fi
-
-    if [ -z "$(lsmod | grep $modulename)" ]; then
-	shift
-	
-	for suffix in $MODULE_SUFFIX ; do
-	    modulefile=$MODULESDIR/${modulename}.${suffix}
-
-	    if [ -f $modulefile ]; then
-		case $moduleloader in
-		    insmod)
-			insmod $modulefile $*
-			;;
-		    *)
-			modprobe $modulename
-			;;
-		esac
-
-		return
-	    fi
-	done
-    fi
-}
-
 #
 # Display elements of a list with leading white space
 #
@ -4570,6 +4537,20 @@ load_kernel_modules() {
    if [ -f $modules -a -d $MODULESDIR ]; then
 	echo "Loading Modules..."
 	. $modules
+
+	if [ "$command" != check ]; then
+	    save_command "reload_kernel_modules <<EOF"
+
+	    while read command; do
+		case "$command" in
+		loadmodule*)
+		    save_command $command
+		    ;;
+		esac
+	    done < $modules
+	    
+	    save_command EOF
+	fi
    fi
 }

@ -5420,6 +5401,13 @@ define_firewall() # $1 = Command (Start or Restart)

    verify_os_version
    verify_ip
+
+    echo '#bin/sh' > /var/lib/shorewall/restore-$$
+    echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
+
+    save_command "MODULESDIR=\"$MODULESDIR\""
+    save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
+
    load_kernel_modules

    echo "Initializing...";                    initialize_netfilter
@ -6078,8 +6066,6 @@ do_initialize() {

    rm -f $TMP_DIR/physdev

-    echo '#bin/sh' > /var/lib/shorewall/restore-$$
-    echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
 }

 #
--- a/STABLE2/functions
+++ b/STABLE2/functions
@ -162,6 +162,55 @@ separate_list() {
    echo "$newlist"
 }

+#
+# Load a Kernel Module
+#
+loadmodule() # $1 = module name, $2 - * arguments
+{
+    local modulename=$1
+    local modulefile
+    local suffix
+    moduleloader=modprobe
+
+    if ! qt which modprobe; then 
+	moduleloader=insmod
+    fi
+
+    if [ -z "$(lsmod | grep $modulename)" ]; then
+	shift
+	
+	for suffix in $MODULE_SUFFIX ; do
+	    modulefile=$MODULESDIR/${modulename}.${suffix}
+
+	    if [ -f $modulefile ]; then
+		case $moduleloader in
+		    insmod)
+			insmod $modulefile $*
+			;;
+		    *)
+			modprobe $modulename $*
+			;;
+		esac
+
+		return
+	    fi
+	done
+    fi
+}
+
+#
+# Reload the Modules
+#
+reload_kernel_modules() {
+
+    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
+
+    while read command; do 
+	eval $command
+    done
+
+}
+
 #
 # Find the zones
 #
--- a/STABLE2/install.sh
+++ b/STABLE2/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
 #

-VERSION=2.0.2
+VERSION=2.0.2a

 usage() # $1 = exit status
 {
--- a/STABLE2/maclist
+++ b/STABLE2/maclist
@ -5,7 +5,10 @@
 #
 # Columns are:
 #
-#	INTERFACE	Network interface to a host
+#	INTERFACE	Network interface to a host. If the interface
+#			names a bridge, it may be optionally followed by
+#			a colon (":") and a physical port name (e.g.,
+#			br0:eth4).
 #
 #	MAC		MAC address of the host -- you do not need to use
 #			the Shorewall format for MAC addresses here
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -1,4 +1,4 @@
-Shorewall 2.0.2
+Shorewall 2.0.2a

 ----------------------------------------------------------------------
 Problems Corrected since 2.0.1
@ -16,8 +16,17 @@ Problems Corrected since 2.0.1
   rules pertaining to the host(s) being deleted. Thanks to Stefan 
   Engel for this correction.

+Problems Corrected since 2.0.2
+
+1) The 'firewall' script is not purging temporary restore files in
+   /var/lib/shorewall. These files have names of the form
+   "restore-nnnnn".
+
+2) The /var/lib/shorewall/restore script did not load the kernel
+   modules specified in /etc/shorewall/modules.
+
 -----------------------------------------------------------------------
-Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
+Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:

 1) Extension Scripts

--- a/STABLE2/routestopped
+++ b/STABLE2/routestopped
@ -14,12 +14,18 @@
 #	HOST(S)		- (Optional) Comma-separated list of IP/subnet
 #			  If left empty or supplied as "-",
 #			  0.0.0.0/0 is assumed.
+#	OPTIONS         - (Optional) A comma-separated list of
+#			  options. The currently-supported options are:
+#
+#			  routeback - Set up a rule to ACCEPT traffic from
+#			  these hosts back to themselves. 
 #
 # Example:
 #
-#	INTERFACE	HOST(S)
+#	INTERFACE	HOST(S)			OPTIONS
 #	eth2		192.168.1.0/24
 #	eth0		192.0.2.44
+#	br0		-			routeback
 ##############################################################################
-#INTERFACE	HOST(S)
+#INTERFACE	HOST(S)		OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/STABLE2/shorewall.spec
+++ b/STABLE2/shorewall.spec
@ -1,5 +1,5 @@
 %define name shorewall
-%define version 2.0.2
+%define version 2.0.2a
 %define release 1
 %define prefix /usr

@ -141,6 +141,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel

 %changelog
+* Sat May 15 2004 Tom Eastep tom@shorewall.net
+- Updated for 2.0.2a-1
 * Thu May 13 2004 Tom Eastep tom@shorewall.net
 - Updated for 2.0.2-1
 * Mon May 10 2004 Tom Eastep tom@shorewall.net
--- a/STABLE2/uninstall.sh
+++ b/STABLE2/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall

-VERSION=2.0.2
+VERSION=2.0.2a

 usage() # $1 = exit status
 {