mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-14 19:54:06 +01:00
Shorewall 2.0.2a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ae9ccea280
commit
b6f49d77ac
@ -59,3 +59,7 @@ Changes since 2.0.1
|
||||
28) Correct typo that broke "shorewall delete"
|
||||
|
||||
29) Apply Stijn Jonker's -q fix.
|
||||
|
||||
30) Remove restore-$$ files.
|
||||
|
||||
31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base.
|
||||
|
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=2.0.2
|
||||
VERSION=2.0.2a
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -87,6 +87,7 @@ startup_error() # $* = Error Message
|
||||
echo " Error: $@" >&2
|
||||
my_mutex_off
|
||||
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
kill $$
|
||||
exit 2
|
||||
}
|
||||
@ -1213,6 +1214,9 @@ stop_firewall() {
|
||||
#
|
||||
# Turn off trace unless we were tracing "stop" or "clear"
|
||||
#
|
||||
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
|
||||
case $COMMAND in
|
||||
stop|clear)
|
||||
;;
|
||||
@ -1222,8 +1226,6 @@ stop_firewall() {
|
||||
;;
|
||||
*)
|
||||
set +x
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
|
||||
if [ -f /var/lib/shorewall/restore ]; then
|
||||
echo Restoring Shorewall...
|
||||
. /var/lib/shorewall/restore
|
||||
@ -2325,6 +2327,7 @@ check_config() {
|
||||
process_actions2
|
||||
|
||||
rm -rf $TMP_DIR
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
|
||||
echo "Configuration Validated"
|
||||
|
||||
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
|
||||
run_iptables -t mangle -A OUTPUT -j outtos
|
||||
}
|
||||
|
||||
#
|
||||
# Load a Kernel Module
|
||||
#
|
||||
loadmodule() # $1 = module name, $2 - * arguments
|
||||
{
|
||||
local modulename=$1
|
||||
local modulefile
|
||||
local suffix
|
||||
moduleloader=modprobe
|
||||
|
||||
if ! qt which modprobe; then
|
||||
moduleloader=insmod
|
||||
fi
|
||||
|
||||
if [ -z "$(lsmod | grep $modulename)" ]; then
|
||||
shift
|
||||
|
||||
for suffix in $MODULE_SUFFIX ; do
|
||||
modulefile=$MODULESDIR/${modulename}.${suffix}
|
||||
|
||||
if [ -f $modulefile ]; then
|
||||
case $moduleloader in
|
||||
insmod)
|
||||
insmod $modulefile $*
|
||||
;;
|
||||
*)
|
||||
modprobe $modulename
|
||||
;;
|
||||
esac
|
||||
|
||||
return
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Display elements of a list with leading white space
|
||||
#
|
||||
@ -4570,6 +4537,20 @@ load_kernel_modules() {
|
||||
if [ -f $modules -a -d $MODULESDIR ]; then
|
||||
echo "Loading Modules..."
|
||||
. $modules
|
||||
|
||||
if [ "$command" != check ]; then
|
||||
save_command "reload_kernel_modules <<EOF"
|
||||
|
||||
while read command; do
|
||||
case "$command" in
|
||||
loadmodule*)
|
||||
save_command $command
|
||||
;;
|
||||
esac
|
||||
done < $modules
|
||||
|
||||
save_command EOF
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
@ -5420,6 +5401,13 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
|
||||
verify_os_version
|
||||
verify_ip
|
||||
|
||||
echo '#bin/sh' > /var/lib/shorewall/restore-$$
|
||||
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
|
||||
|
||||
save_command "MODULESDIR=\"$MODULESDIR\""
|
||||
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
||||
|
||||
load_kernel_modules
|
||||
|
||||
echo "Initializing..."; initialize_netfilter
|
||||
@ -6078,8 +6066,6 @@ do_initialize() {
|
||||
|
||||
rm -f $TMP_DIR/physdev
|
||||
|
||||
echo '#bin/sh' > /var/lib/shorewall/restore-$$
|
||||
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -162,6 +162,55 @@ separate_list() {
|
||||
echo "$newlist"
|
||||
}
|
||||
|
||||
#
|
||||
# Load a Kernel Module
|
||||
#
|
||||
loadmodule() # $1 = module name, $2 - * arguments
|
||||
{
|
||||
local modulename=$1
|
||||
local modulefile
|
||||
local suffix
|
||||
moduleloader=modprobe
|
||||
|
||||
if ! qt which modprobe; then
|
||||
moduleloader=insmod
|
||||
fi
|
||||
|
||||
if [ -z "$(lsmod | grep $modulename)" ]; then
|
||||
shift
|
||||
|
||||
for suffix in $MODULE_SUFFIX ; do
|
||||
modulefile=$MODULESDIR/${modulename}.${suffix}
|
||||
|
||||
if [ -f $modulefile ]; then
|
||||
case $moduleloader in
|
||||
insmod)
|
||||
insmod $modulefile $*
|
||||
;;
|
||||
*)
|
||||
modprobe $modulename $*
|
||||
;;
|
||||
esac
|
||||
|
||||
return
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Reload the Modules
|
||||
#
|
||||
reload_kernel_modules() {
|
||||
|
||||
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||
|
||||
while read command; do
|
||||
eval $command
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
# Find the zones
|
||||
#
|
||||
|
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||
#
|
||||
|
||||
VERSION=2.0.2
|
||||
VERSION=2.0.2a
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -5,7 +5,10 @@
|
||||
#
|
||||
# Columns are:
|
||||
#
|
||||
# INTERFACE Network interface to a host
|
||||
# INTERFACE Network interface to a host. If the interface
|
||||
# names a bridge, it may be optionally followed by
|
||||
# a colon (":") and a physical port name (e.g.,
|
||||
# br0:eth4).
|
||||
#
|
||||
# MAC MAC address of the host -- you do not need to use
|
||||
# the Shorewall format for MAC addresses here
|
||||
|
@ -1,4 +1,4 @@
|
||||
Shorewall 2.0.2
|
||||
Shorewall 2.0.2a
|
||||
|
||||
----------------------------------------------------------------------
|
||||
Problems Corrected since 2.0.1
|
||||
@ -16,8 +16,17 @@ Problems Corrected since 2.0.1
|
||||
rules pertaining to the host(s) being deleted. Thanks to Stefan
|
||||
Engel for this correction.
|
||||
|
||||
Problems Corrected since 2.0.2
|
||||
|
||||
1) The 'firewall' script is not purging temporary restore files in
|
||||
/var/lib/shorewall. These files have names of the form
|
||||
"restore-nnnnn".
|
||||
|
||||
2) The /var/lib/shorewall/restore script did not load the kernel
|
||||
modules specified in /etc/shorewall/modules.
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
|
||||
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:
|
||||
|
||||
1) Extension Scripts
|
||||
|
||||
|
@ -14,12 +14,18 @@
|
||||
# HOST(S) - (Optional) Comma-separated list of IP/subnet
|
||||
# If left empty or supplied as "-",
|
||||
# 0.0.0.0/0 is assumed.
|
||||
# OPTIONS - (Optional) A comma-separated list of
|
||||
# options. The currently-supported options are:
|
||||
#
|
||||
# routeback - Set up a rule to ACCEPT traffic from
|
||||
# these hosts back to themselves.
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# INTERFACE HOST(S)
|
||||
# INTERFACE HOST(S) OPTIONS
|
||||
# eth2 192.168.1.0/24
|
||||
# eth0 192.0.2.44
|
||||
# br0 - routeback
|
||||
##############################################################################
|
||||
#INTERFACE HOST(S)
|
||||
#INTERFACE HOST(S) OPTIONS
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
@ -1,5 +1,5 @@
|
||||
%define name shorewall
|
||||
%define version 2.0.2
|
||||
%define version 2.0.2a
|
||||
%define release 1
|
||||
%define prefix /usr
|
||||
|
||||
@ -141,6 +141,8 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||
|
||||
%changelog
|
||||
* Sat May 15 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated for 2.0.2a-1
|
||||
* Thu May 13 2004 Tom Eastep tom@shorewall.net
|
||||
- Updated for 2.0.2-1
|
||||
* Mon May 10 2004 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Seattle Firewall
|
||||
|
||||
VERSION=2.0.2
|
||||
VERSION=2.0.2a
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user