More 3.4->4.0 stuff

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6570 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-14 19:54:06 +01:00 · 2007-06-16 15:43:14 +00:00 · 2007-06-16 15:43:14 +00:00 · b99d548338
commit b99d548338
parent cd18bece16
7 changed files with 178 additions and 19 deletions
--- a/Shorewall-common/diff-3.4-lib.base
+++ b/Shorewall-common/diff-3.4-lib.base
@ -0,0 +1,26 @@
+--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.base	2007-06-14 17:30:33.000000000 -0700
+++ Shorewall-common/lib.base	2007-06-16 08:40:13.000000000 -0700
+@@ -28,12 +28,12 @@
+ # and /usr/share/shorewall-lite/shorecap.
+ #
+ 
+-SHOREWALL_LIBVERSION=30404
+SHOREWALL_LIBVERSION=40000
+ 
+ [ -n "${VARDIR:=/var/lib/shorewall}" ]
+ [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
+ [ -n "${CONFDIR:=/etc/shorewall}" ]
+-SHELLSHAREDIR=/usr/share/shorewall
+SHELLSHAREDIR=/usr/share/shorewall-shell
+ PERLSHAREDIR=/usr/share/shorewall-perl
+ 
+ #
+@@ -359,6 +359,8 @@
+     eval loaded=\$LIB_${1}_LOADED
+ 
+     if [ -z "$loaded" ]; then
+	[ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
+	
+ 	if [ -f $lib ]; then
+ 	    progress_message "Loading library $lib..."
+ 	    . $lib
--- a/Shorewall-common/diff-3.4-lib.config
+++ b/Shorewall-common/diff-3.4-lib.config
@ -0,0 +1,56 @@
+--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.config	2007-06-16 07:38:21.000000000 -0700
+++ Shorewall-common/lib.config	2007-06-16 07:38:05.000000000 -0700
+@@ -1851,6 +1851,44 @@
+ 	IP_FORWARDING=On
+     fi
+ 
+    if [ -n "$ROUTE_FILTER" ]; then
+	case "$ROUTE_FILTER" in
+	    Yes|yes|YES)
+		ROUTE_FILTER=yes
+		;;
+	    No|no|NO)
+		ROUTE_FILTER=no
+		;;
+	    Keep|keep|KEEP)
+		ROUTE_FILTER=
+		;;
+	    *)
+		startup_error "Invalid value ($ROUTE_FILTER) for ROUTE_FILTER"
+		;;
+	esac
+    else
+	ROUTE_FILTER=
+    fi
+
+    if [ -n "$LOG_MARTIANS" ]; then
+	case "$LOG_MARTIANS" in
+	    Yes|yes|YES)
+		LOG_MARTIANS=yes
+		;;
+	    No|no|NO)
+		LOG_MARTIANS=no
+		;;
+	    Keep|keep|KEEP)
+		LOG_MARTIANS=
+		;;
+	    *)
+		startup_error "Invalid value ($LOG_MARTIANS) for LOG_MARTIANS"
+		;;
+	esac
+    else
+	LOG_MARTIANS=
+    fi
+
+     [ -n "${BLACKLIST_DISPOSITION:=DROP}" ]
+ 
+     case "$CLAMPMSS" in
+@@ -1862,8 +1900,6 @@
+     esac
+ 
+     ADD_SNAT_ALIASES=$(added_param_value_no ADD_SNAT_ALIASES $ADD_SNAT_ALIASES)
+-    ROUTE_FILTER=$(added_param_value_no ROUTE_FILTER $ROUTE_FILTER)
+-    LOG_MARTIANS=$(added_param_value_no LOG_MARTIANS $LOG_MARTIANS)
+     DETECT_DNAT_IPADDRS=$(added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS)
+ 
+     MACLIST_TARGET=reject
--- a/Shorewall-common/diff-3.4-shorewall
+++ b/Shorewall-common/diff-3.4-shorewall
@ -0,0 +1,22 @@
+--- /home/teastep/shorewall/branches/3.4/Shorewall/shorewall	2007-06-16 08:15:22.000000000 -0700
+++ Shorewall-common/shorewall	2007-06-16 08:37:06.000000000 -0700
+@@ -1293,7 +1293,7 @@
+     echo "   stop"
+     echo "   status"
+     echo "   try [ -C {shell|perl} ] <directory> [ <timeout> ]"
+-    echo "   version"
+    echo "   version [ -a ]"
+     echo "   safe-start [ -C {shell|perl} ] [ <directory> ]"
+     echo "   safe-restart [ -C {shell|perl} ] [ <directory> ]"
+     echo
+@@ -1437,6 +1437,10 @@
+     echo $version
+ 
+     if [ -n "$all" ]; then
+	if [ -f /usr/share/shorewall-shell/version ]; then
+	    echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
+	fi
+
+ 	if [ -f /usr/share/shorewall-perl/version ]; then
+ 	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
+ 	fi
--- a/Shorewall-common/lib.base
+++ b/Shorewall-common/lib.base
@ -28,7 +28,7 @@
 # and /usr/share/shorewall-lite/shorecap.
 #

-SHOREWALL_LIBVERSION=30403
+SHOREWALL_LIBVERSION=40000

 [ -n "${VARDIR:=/var/lib/shorewall}" ]
 [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
--- a/Shorewall-common/lib.cli
+++ b/Shorewall-common/lib.cli
@ -957,7 +957,7 @@ allow_command() {
    [ -n "$debugging" ] && set -x
    [ $# -eq 1 ] && usage 1
    if shorewall_is_started ; then
-	mutex_on
+	[ -n "$nolock" ] || mutex_on
 	while [ $# -gt 1 ]; do
 	    shift
 	    case $1 in
@ -985,7 +985,7 @@ allow_command() {
 		    ;;
 	    esac
 	done
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
    else
 	error_message "ERROR: $PRODUCT is not started"
 	exit 2
--- a/Shorewall-common/shorewall
+++ b/Shorewall-common/shorewall
@ -859,7 +859,7 @@ safe_commands() {

    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"

-    [ "$nolock" ] || mutex_on
+    [ -n "$nolock" ] || mutex_on

    if shorewall_is_started; then
 	running=Yes
@ -870,7 +870,7 @@ safe_commands() {
    if [ "$COMMAND" = "safe-start" -a  -n "$running" ]; then
 	# the command is safe-start but the firewall is already running
 	error_message "Shorewall is already started"
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
 	exit 0
    fi

@ -886,7 +886,7 @@ safe_commands() {

    if ! compiler run $debugging nolock compile ${VARDIR}/.$command; then
 	status=$?
-	[ "$nolock" ] || mutex_off
+	[ -n "$nolock" ] || mutex_off
 	exit $status
    fi

@ -916,7 +916,7 @@ safe_commands() {
 		${VARDIR}/.$command clear
 	    fi
 	    
-	    [ "$nolock" ] || mutex_off
+	    [ -n "$nolock" ] || mutex_off

 	    echo "New configuration has been rejected and the old one restored"
 	    exit 2
@ -924,7 +924,7 @@ safe_commands() {

    fi

-    [ "$nolock" ] || mutex_off
+    [ -n "$nolock" ] || mutex_off
 }

 #
@ -1007,7 +1007,7 @@ try_command() {

    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"

-    [ "$nolock" ] || mutex_on
+    [ -n "$nolock" ] || mutex_on

    if shorewall_is_started; then
 	running=Yes
@ -1027,7 +1027,7 @@ try_command() {

    if ! compiler run $debugging $nolock compile ${VARDIR}/.$command; then
 	status=$?
-	[ "$nolock" ] || mutex_off
+	[ -n "$nolock" ] || mutex_off
 	exit $status
    fi

@ -1054,7 +1054,7 @@ try_command() {
 	fi	    
    fi

-    [ "$nolock" ] || mutex_off
+    [ -n "$nolock" ] || mutex_off

    return 0
 }
@ -1625,9 +1625,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    [ "$nolock" ] || mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block DROP Dropped $*
-	    [ "$nolock" ] || mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    fatal_error "Shorewall is not started"
 	fi
@ -1637,9 +1637,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    [ "$nolock" ] || mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block logdrop Dropped $*
-	    [ "$nolock" ] || mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    fatal_error "Shorewall is not started"
 	fi
@ -1649,9 +1649,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    [ "$nolock" ] || mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block $COMMAND Rejected $*
-	    [ "$nolock" ] || mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    fatal_error "Shorewall is not started"
 	fi
@ -1678,11 +1678,11 @@ case "$COMMAND" in

 	RESTOREPATH=${VARDIR}/$RESTOREFILE

-	[ "$nolock" ] || mutex_on
+	[ -n "$nolock" ] || mutex_on

 	save_config

-	[ "$nolock" ] || mutex_off
+	[ -n "$nolock" ] || mutex_off
 	;;
    forget)
 	get_config
--- a/Shorewall-shell/diff-3.4-compiler
+++ b/Shorewall-shell/diff-3.4-compiler
@ -0,0 +1,55 @@
+--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler	2007-06-16 07:39:45.000000000 -0700
+++ Shorewall-shell/compiler	2007-06-16 07:39:31.000000000 -0700
+@@ -3767,7 +3767,7 @@
+ 
+ 	save_progress_message "Setting up Route Filtering..."
+ 
+-	if [ -z "$ROUTE_FILTER" ]; then
+	if [ "$ROUTE_FILTER" = no ]; then
+ 	    indent >&3 << __EOF__
+ 
+ for f in /proc/sys/net/ipv4/conf/*; do
+@@ -3791,8 +3791,10 @@
+ 
+ 	save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
+ 
+-	if [ -n "$ROUTE_FILTER" ]; then
+	if [ "$ROUTE_FILTER" = yes ]; then
+ 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
+	elif [ "$ROUTE_FILTER" = no ]; then
+	    save_command "echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter"
+ 	fi
+ 
+ 	save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
+@@ -3808,7 +3810,7 @@
+ 
+ 	save_progress_message "Setting up Martian Logging..."
+ 
+-	if [ -z "$LOG_MARTIANS" ]; then
+	if [ "$LOG_MARTIANS" = no ]; then
+ 	    indent >&3 << __EOF__
+ 
+ for f in /proc/sys/net/ipv4/conf/*; do
+@@ -3831,9 +3833,12 @@
+ __EOF__
+ 	    done
+ 	
+-	if [ -n "$LOG_MARTIANS" ]; then
+	if [ "$LOG_MARTIANS" = yes ]; then
+ 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
+ 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians"
+	elif [ "$LOG_MARTIANS" = no ]; then
+	    save_command "echo 0 > /proc/sys/net/ipv4/conf/all/log_martians"
+	    save_command "echo 0 > /proc/sys/net/ipv4/conf/default/log_martians"
+ 	fi
+ 
+     fi
+@@ -4874,7 +4879,7 @@
+ 		;;
+ 	esac
+ 
+-	run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS $option
+	run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
+     }
+ 
+     progress_message2 "Initializing..."