Shorewall 2.0.2a

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-16 17:10:55 +00:00
parent ae9ccea280
commit b6f49d77ac
10 changed files with 108 additions and 49 deletions

View File

@ -59,3 +59,7 @@ Changes since 2.0.1
28) Correct typo that broke "shorewall delete" 28) Correct typo that broke "shorewall delete"
29) Apply Stijn Jonker's -q fix. 29) Apply Stijn Jonker's -q fix.
30) Remove restore-$$ files.
31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base.

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.0.2 VERSION=2.0.2a
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -87,6 +87,7 @@ startup_error() # $* = Error Message
echo " Error: $@" >&2 echo " Error: $@" >&2
my_mutex_off my_mutex_off
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
kill $$ kill $$
exit 2 exit 2
} }
@ -1213,6 +1214,9 @@ stop_firewall() {
# #
# Turn off trace unless we were tracing "stop" or "clear" # Turn off trace unless we were tracing "stop" or "clear"
# #
rm -f /var/lib/shorewall/restore-$$
case $COMMAND in case $COMMAND in
stop|clear) stop|clear)
;; ;;
@ -1222,8 +1226,6 @@ stop_firewall() {
;; ;;
*) *)
set +x set +x
rm -f /var/lib/shorewall/restore-$$
if [ -f /var/lib/shorewall/restore ]; then if [ -f /var/lib/shorewall/restore ]; then
echo Restoring Shorewall... echo Restoring Shorewall...
. /var/lib/shorewall/restore . /var/lib/shorewall/restore
@ -2325,6 +2327,7 @@ check_config() {
process_actions2 process_actions2
rm -rf $TMP_DIR rm -rf $TMP_DIR
rm -f /var/lib/shorewall/restore-$$
echo "Configuration Validated" echo "Configuration Validated"
@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file
run_iptables -t mangle -A OUTPUT -j outtos run_iptables -t mangle -A OUTPUT -j outtos
} }
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename
;;
esac
return
fi
done
fi
}
# #
# Display elements of a list with leading white space # Display elements of a list with leading white space
# #
@ -4570,6 +4537,20 @@ load_kernel_modules() {
if [ -f $modules -a -d $MODULESDIR ]; then if [ -f $modules -a -d $MODULESDIR ]; then
echo "Loading Modules..." echo "Loading Modules..."
. $modules . $modules
if [ "$command" != check ]; then
save_command "reload_kernel_modules <<EOF"
while read command; do
case "$command" in
loadmodule*)
save_command $command
;;
esac
done < $modules
save_command EOF
fi
fi fi
} }
@ -5420,6 +5401,13 @@ define_firewall() # $1 = Command (Start or Restart)
verify_os_version verify_os_version
verify_ip verify_ip
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
save_command "MODULESDIR=\"$MODULESDIR\""
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
load_kernel_modules load_kernel_modules
echo "Initializing..."; initialize_netfilter echo "Initializing..."; initialize_netfilter
@ -6078,8 +6066,6 @@ do_initialize() {
rm -f $TMP_DIR/physdev rm -f $TMP_DIR/physdev
echo '#bin/sh' > /var/lib/shorewall/restore-$$
echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$
} }
# #

View File

@ -162,6 +162,55 @@ separate_list() {
echo "$newlist" echo "$newlist"
} }
#
# Load a Kernel Module
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
moduleloader=modprobe
if ! qt which modprobe; then
moduleloader=insmod
fi
if [ -z "$(lsmod | grep $modulename)" ]; then
shift
for suffix in $MODULE_SUFFIX ; do
modulefile=$MODULESDIR/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
return
fi
done
fi
}
#
# Reload the Modules
#
reload_kernel_modules() {
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
while read command; do
eval $command
done
}
# #
# Find the zones # Find the zones
# #

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=2.0.2 VERSION=2.0.2a
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -5,7 +5,10 @@
# #
# Columns are: # Columns are:
# #
# INTERFACE Network interface to a host # INTERFACE Network interface to a host. If the interface
# names a bridge, it may be optionally followed by
# a colon (":") and a physical port name (e.g.,
# br0:eth4).
# #
# MAC MAC address of the host -- you do not need to use # MAC MAC address of the host -- you do not need to use
# the Shorewall format for MAC addresses here # the Shorewall format for MAC addresses here

View File

@ -1,4 +1,4 @@
Shorewall 2.0.2 Shorewall 2.0.2a
---------------------------------------------------------------------- ----------------------------------------------------------------------
Problems Corrected since 2.0.1 Problems Corrected since 2.0.1
@ -16,8 +16,17 @@ Problems Corrected since 2.0.1
rules pertaining to the host(s) being deleted. Thanks to Stefan rules pertaining to the host(s) being deleted. Thanks to Stefan
Engel for this correction. Engel for this correction.
Problems Corrected since 2.0.2
1) The 'firewall' script is not purging temporary restore files in
/var/lib/shorewall. These files have names of the form
"restore-nnnnn".
2) The /var/lib/shorewall/restore script did not load the kernel
modules specified in /etc/shorewall/modules.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1: Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:
1) Extension Scripts 1) Extension Scripts

View File

@ -14,12 +14,18 @@
# HOST(S) - (Optional) Comma-separated list of IP/subnet # HOST(S) - (Optional) Comma-separated list of IP/subnet
# If left empty or supplied as "-", # If left empty or supplied as "-",
# 0.0.0.0/0 is assumed. # 0.0.0.0/0 is assumed.
# OPTIONS - (Optional) A comma-separated list of
# options. The currently-supported options are:
#
# routeback - Set up a rule to ACCEPT traffic from
# these hosts back to themselves.
# #
# Example: # Example:
# #
# INTERFACE HOST(S) # INTERFACE HOST(S) OPTIONS
# eth2 192.168.1.0/24 # eth2 192.168.1.0/24
# eth0 192.0.2.44 # eth0 192.0.2.44
# br0 - routeback
############################################################################## ##############################################################################
#INTERFACE HOST(S) #INTERFACE HOST(S) OPTIONS
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

View File

@ -1,5 +1,5 @@
%define name shorewall %define name shorewall
%define version 2.0.2 %define version 2.0.2a
%define release 1 %define release 1
%define prefix /usr %define prefix /usr
@ -141,6 +141,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Sat May 15 2004 Tom Eastep tom@shorewall.net
- Updated for 2.0.2a-1
* Thu May 13 2004 Tom Eastep tom@shorewall.net * Thu May 13 2004 Tom Eastep tom@shorewall.net
- Updated for 2.0.2-1 - Updated for 2.0.2-1
* Mon May 10 2004 Tom Eastep tom@shorewall.net * Mon May 10 2004 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=2.0.2 VERSION=2.0.2a
usage() # $1 = exit status usage() # $1 = exit status
{ {