mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-03 13:03:12 +01:00
Shorewall 2.0.2a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ae9ccea280
commit
b6f49d77ac
@ -59,3 +59,7 @@ Changes since 2.0.1
|
|||||||
28) Correct typo that broke "shorewall delete"
|
28) Correct typo that broke "shorewall delete"
|
||||||
|
|
||||||
29) Apply Stijn Jonker's -q fix.
|
29) Apply Stijn Jonker's -q fix.
|
||||||
|
|
||||||
|
30) Remove restore-$$ files.
|
||||||
|
|
||||||
|
31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base.
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=2.0.2
|
VERSION=2.0.2a
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -87,6 +87,7 @@ startup_error() # $* = Error Message
|
|||||||
echo " Error: $@" >&2
|
echo " Error: $@" >&2
|
||||||
my_mutex_off
|
my_mutex_off
|
||||||
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
|
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
|
||||||
|
rm -f /var/lib/shorewall/restore-$$
|
||||||
kill $$
|
kill $$
|
||||||
exit 2
|
exit 2
|
||||||
}
|
}
|
||||||
@ -1213,6 +1214,9 @@ stop_firewall() {
|
|||||||
#
|
#
|
||||||
# Turn off trace unless we were tracing "stop" or "clear"
|
# Turn off trace unless we were tracing "stop" or "clear"
|
||||||
#
|
#
|
||||||
|
|
||||||
|
rm -f /var/lib/shorewall/restore-$$
|
||||||
|
|
||||||
case $COMMAND in
|
case $COMMAND in
|
||||||
stop|clear)
|
stop|clear)
|
||||||
;;
|
;;
|
||||||
@ -1222,8 +1226,6 @@ stop_firewall() {
|
|||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
set +x
|
set +x
|
||||||
rm -f /var/lib/shorewall/restore-$$
|
|
||||||
|
|
||||||
if [ -f /var/lib/shorewall/restore ]; then
|
if [ -f /var/lib/shorewall/restore ]; then
|
||||||
echo Restoring Shorewall...
|
echo Restoring Shorewall...
|
||||||
. /var/lib/shorewall/restore
|
. /var/lib/shorewall/restore
|
||||||
@ -2325,6 +2327,7 @@ check_config() {
|
|||||||
process_actions2
|
process_actions2
|
||||||
|
|
||||||
rm -rf $TMP_DIR
|
rm -rf $TMP_DIR
|
||||||
|
rm -f /var/lib/shorewall/restore-$$
|
||||||
|
|
||||||
echo "Configuration Validated"
|
echo "Configuration Validated"
|
||||||
|
|
||||||
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
|
|||||||
run_iptables -t mangle -A OUTPUT -j outtos
|
run_iptables -t mangle -A OUTPUT -j outtos
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Load a Kernel Module
|
|
||||||
#
|
|
||||||
loadmodule() # $1 = module name, $2 - * arguments
|
|
||||||
{
|
|
||||||
local modulename=$1
|
|
||||||
local modulefile
|
|
||||||
local suffix
|
|
||||||
moduleloader=modprobe
|
|
||||||
|
|
||||||
if ! qt which modprobe; then
|
|
||||||
moduleloader=insmod
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$(lsmod | grep $modulename)" ]; then
|
|
||||||
shift
|
|
||||||
|
|
||||||
for suffix in $MODULE_SUFFIX ; do
|
|
||||||
modulefile=$MODULESDIR/${modulename}.${suffix}
|
|
||||||
|
|
||||||
if [ -f $modulefile ]; then
|
|
||||||
case $moduleloader in
|
|
||||||
insmod)
|
|
||||||
insmod $modulefile $*
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
modprobe $modulename
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Display elements of a list with leading white space
|
# Display elements of a list with leading white space
|
||||||
#
|
#
|
||||||
@ -4570,6 +4537,20 @@ load_kernel_modules() {
|
|||||||
if [ -f $modules -a -d $MODULESDIR ]; then
|
if [ -f $modules -a -d $MODULESDIR ]; then
|
||||||
echo "Loading Modules..."
|
echo "Loading Modules..."
|
||||||
. $modules
|
. $modules
|
||||||
|
|
||||||
|
if [ "$command" != check ]; then
|
||||||
|
save_command "reload_kernel_modules <<EOF"
|
||||||
|
|
||||||
|
while read command; do
|
||||||
|
case "$command" in
|
||||||
|
loadmodule*)
|
||||||
|
save_command $command
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done < $modules
|
||||||
|
|
||||||
|
save_command EOF
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5420,6 +5401,13 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
|
|
||||||
verify_os_version
|
verify_os_version
|
||||||
verify_ip
|
verify_ip
|
||||||
|
|
||||||
|
echo '#bin/sh' > /var/lib/shorewall/restore-$$
|
||||||
|
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
|
||||||
|
|
||||||
|
save_command "MODULESDIR=\"$MODULESDIR\""
|
||||||
|
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
||||||
|
|
||||||
load_kernel_modules
|
load_kernel_modules
|
||||||
|
|
||||||
echo "Initializing..."; initialize_netfilter
|
echo "Initializing..."; initialize_netfilter
|
||||||
@ -6078,8 +6066,6 @@ do_initialize() {
|
|||||||
|
|
||||||
rm -f $TMP_DIR/physdev
|
rm -f $TMP_DIR/physdev
|
||||||
|
|
||||||
echo '#bin/sh' > /var/lib/shorewall/restore-$$
|
|
||||||
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -162,6 +162,55 @@ separate_list() {
|
|||||||
echo "$newlist"
|
echo "$newlist"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Load a Kernel Module
|
||||||
|
#
|
||||||
|
loadmodule() # $1 = module name, $2 - * arguments
|
||||||
|
{
|
||||||
|
local modulename=$1
|
||||||
|
local modulefile
|
||||||
|
local suffix
|
||||||
|
moduleloader=modprobe
|
||||||
|
|
||||||
|
if ! qt which modprobe; then
|
||||||
|
moduleloader=insmod
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$(lsmod | grep $modulename)" ]; then
|
||||||
|
shift
|
||||||
|
|
||||||
|
for suffix in $MODULE_SUFFIX ; do
|
||||||
|
modulefile=$MODULESDIR/${modulename}.${suffix}
|
||||||
|
|
||||||
|
if [ -f $modulefile ]; then
|
||||||
|
case $moduleloader in
|
||||||
|
insmod)
|
||||||
|
insmod $modulefile $*
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
modprobe $modulename $*
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Reload the Modules
|
||||||
|
#
|
||||||
|
reload_kernel_modules() {
|
||||||
|
|
||||||
|
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||||
|
|
||||||
|
while read command; do
|
||||||
|
eval $command
|
||||||
|
done
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Find the zones
|
# Find the zones
|
||||||
#
|
#
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=2.0.2
|
VERSION=2.0.2a
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
#
|
#
|
||||||
# Columns are:
|
# Columns are:
|
||||||
#
|
#
|
||||||
# INTERFACE Network interface to a host
|
# INTERFACE Network interface to a host. If the interface
|
||||||
|
# names a bridge, it may be optionally followed by
|
||||||
|
# a colon (":") and a physical port name (e.g.,
|
||||||
|
# br0:eth4).
|
||||||
#
|
#
|
||||||
# MAC MAC address of the host -- you do not need to use
|
# MAC MAC address of the host -- you do not need to use
|
||||||
# the Shorewall format for MAC addresses here
|
# the Shorewall format for MAC addresses here
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Shorewall 2.0.2
|
Shorewall 2.0.2a
|
||||||
|
|
||||||
----------------------------------------------------------------------
|
----------------------------------------------------------------------
|
||||||
Problems Corrected since 2.0.1
|
Problems Corrected since 2.0.1
|
||||||
@ -16,8 +16,17 @@ Problems Corrected since 2.0.1
|
|||||||
rules pertaining to the host(s) being deleted. Thanks to Stefan
|
rules pertaining to the host(s) being deleted. Thanks to Stefan
|
||||||
Engel for this correction.
|
Engel for this correction.
|
||||||
|
|
||||||
|
Problems Corrected since 2.0.2
|
||||||
|
|
||||||
|
1) The 'firewall' script is not purging temporary restore files in
|
||||||
|
/var/lib/shorewall. These files have names of the form
|
||||||
|
"restore-nnnnn".
|
||||||
|
|
||||||
|
2) The /var/lib/shorewall/restore script did not load the kernel
|
||||||
|
modules specified in /etc/shorewall/modules.
|
||||||
|
|
||||||
-----------------------------------------------------------------------
|
-----------------------------------------------------------------------
|
||||||
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
|
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:
|
||||||
|
|
||||||
1) Extension Scripts
|
1) Extension Scripts
|
||||||
|
|
||||||
|
@ -14,12 +14,18 @@
|
|||||||
# HOST(S) - (Optional) Comma-separated list of IP/subnet
|
# HOST(S) - (Optional) Comma-separated list of IP/subnet
|
||||||
# If left empty or supplied as "-",
|
# If left empty or supplied as "-",
|
||||||
# 0.0.0.0/0 is assumed.
|
# 0.0.0.0/0 is assumed.
|
||||||
|
# OPTIONS - (Optional) A comma-separated list of
|
||||||
|
# options. The currently-supported options are:
|
||||||
|
#
|
||||||
|
# routeback - Set up a rule to ACCEPT traffic from
|
||||||
|
# these hosts back to themselves.
|
||||||
#
|
#
|
||||||
# Example:
|
# Example:
|
||||||
#
|
#
|
||||||
# INTERFACE HOST(S)
|
# INTERFACE HOST(S) OPTIONS
|
||||||
# eth2 192.168.1.0/24
|
# eth2 192.168.1.0/24
|
||||||
# eth0 192.0.2.44
|
# eth0 192.0.2.44
|
||||||
|
# br0 - routeback
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#INTERFACE HOST(S)
|
#INTERFACE HOST(S) OPTIONS
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 2.0.2
|
%define version 2.0.2a
|
||||||
%define release 1
|
%define release 1
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
|
|
||||||
@ -141,6 +141,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat May 15 2004 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated for 2.0.2a-1
|
||||||
* Thu May 13 2004 Tom Eastep tom@shorewall.net
|
* Thu May 13 2004 Tom Eastep tom@shorewall.net
|
||||||
- Updated for 2.0.2-1
|
- Updated for 2.0.2-1
|
||||||
* Mon May 10 2004 Tom Eastep tom@shorewall.net
|
* Mon May 10 2004 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Seattle Firewall
|
# shown below. Simply run this script to remove Seattle Firewall
|
||||||
|
|
||||||
VERSION=2.0.2
|
VERSION=2.0.2a
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user