Shorewall 2.0.2a

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-16 17:10:55 +00:00
parent ae9ccea280
commit b6f49d77ac
10 changed files with 108 additions and 49 deletions

View File

@ -59,3 +59,7 @@ Changes since 2.0.1
28) Correct typo that broke "shorewall delete"
29) Apply Stijn Jonker's -q fix.
30) Remove restore-$$ files.
31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base.

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=2.0.2
VERSION=2.0.2a
usage() # $1 = exit status
{

View File

@ -87,6 +87,7 @@ startup_error() # $* = Error Message
echo " Error: $@" >&2
my_mutex_off
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
kill $$
exit 2
}
@ -1213,6 +1214,9 @@ stop_firewall() {
#
# Turn off trace unless we were tracing "stop" or "clear"
#
rm -f /var/lib/shorewall/restore-$$
case $COMMAND in
stop|clear)
;;
@ -1222,8 +1226,6 @@ stop_firewall() {
;;
*)
set +x
rm -f /var/lib/shorewall/restore-$$
if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall...
. /var/lib/shorewall/restore
@ -2325,6 +2327,7 @@ check_config() {
process_actions2
rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
echo "Configuration Validated"
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
run_iptables -t mangle -A OUTPUT -j outtos
}
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename
;;
esac
return
fi
done
fi
}
#
# Display elements of a list with leading white space
#
@ -4570,6 +4537,20 @@ load_kernel_modules() {
if [ -f $modules -a -d $MODULESDIR ]; then
echo "Loading Modules..."
. $modules
if [ "$command" != check ]; then
save_command "reload_kernel_modules <<EOF"
while read command; do
case "$command" in
loadmodule*)
save_command $command
;;
esac
done < $modules
save_command EOF
fi
fi
}
@ -5420,6 +5401,13 @@ define_firewall() # $1 = Command (Start or Restart)
verify_os_version
verify_ip
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
save_command "MODULESDIR=\"$MODULESDIR\""
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
load_kernel_modules
echo "Initializing..."; initialize_netfilter
@ -6078,8 +6066,6 @@ do_initialize() {
rm -f $TMP_DIR/physdev
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
}
#

View File

@ -162,6 +162,55 @@ separate_list() {
echo "$newlist"
}
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
return
fi
done
fi
}
#
# Reload the Modules
#
reload_kernel_modules() {
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
while read command; do
eval $command
done
}
#
# Find the zones
#

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
VERSION=2.0.2
VERSION=2.0.2a
usage() # $1 = exit status
{

View File

@ -5,7 +5,10 @@
#
# Columns are:
#
# INTERFACE Network interface to a host
# INTERFACE Network interface to a host. If the interface
# names a bridge, it may be optionally followed by
# a colon (":") and a physical port name (e.g.,
# br0:eth4).
#
# MAC MAC address of the host -- you do not need to use
# the Shorewall format for MAC addresses here

View File

@ -1,4 +1,4 @@
Shorewall 2.0.2
Shorewall 2.0.2a
----------------------------------------------------------------------
Problems Corrected since 2.0.1
@ -16,8 +16,17 @@ Problems Corrected since 2.0.1
rules pertaining to the host(s) being deleted. Thanks to Stefan
Engel for this correction.
Problems Corrected since 2.0.2
1) The 'firewall' script is not purging temporary restore files in
/var/lib/shorewall. These files have names of the form
"restore-nnnnn".
2) The /var/lib/shorewall/restore script did not load the kernel
modules specified in /etc/shorewall/modules.
-----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:
1) Extension Scripts

View File

@ -14,12 +14,18 @@
# HOST(S) - (Optional) Comma-separated list of IP/subnet
# If left empty or supplied as "-",
# 0.0.0.0/0 is assumed.
# OPTIONS - (Optional) A comma-separated list of
# options. The currently-supported options are:
#
# routeback - Set up a rule to ACCEPT traffic from
# these hosts back to themselves.
#
# Example:
#
# INTERFACE HOST(S)
# INTERFACE HOST(S) OPTIONS
# eth2 192.168.1.0/24
# eth0 192.0.2.44
# br0 - routeback
##############################################################################
#INTERFACE HOST(S)
#INTERFACE HOST(S) OPTIONS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

View File

@ -1,5 +1,5 @@
%define name shorewall
%define version 2.0.2
%define version 2.0.2a
%define release 1
%define prefix /usr
@ -141,6 +141,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog
* Sat May 15 2004 Tom Eastep tom@shorewall.net
- Updated for 2.0.2a-1
* Thu May 13 2004 Tom Eastep tom@shorewall.net
- Updated for 2.0.2-1
* Mon May 10 2004 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall
VERSION=2.0.2
VERSION=2.0.2a
usage() # $1 = exit status
{