From b99d5483382467d452f8049d1e4efe7cdf87de3c Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 16 Jun 2007 15:43:14 +0000 Subject: [PATCH] More 3.4->4.0 stuff git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6570 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/diff-3.4-lib.base | 26 +++++++++++++ Shorewall-common/diff-3.4-lib.config | 56 ++++++++++++++++++++++++++++ Shorewall-common/diff-3.4-shorewall | 22 +++++++++++ Shorewall-common/lib.base | 2 +- Shorewall-common/lib.cli | 4 +- Shorewall-common/shorewall | 32 ++++++++-------- Shorewall-shell/diff-3.4-compiler | 55 +++++++++++++++++++++++++++ 7 files changed, 178 insertions(+), 19 deletions(-) create mode 100644 Shorewall-common/diff-3.4-lib.base create mode 100644 Shorewall-common/diff-3.4-lib.config create mode 100644 Shorewall-common/diff-3.4-shorewall create mode 100644 Shorewall-shell/diff-3.4-compiler diff --git a/Shorewall-common/diff-3.4-lib.base b/Shorewall-common/diff-3.4-lib.base new file mode 100644 index 000000000..55992d9dc --- /dev/null +++ b/Shorewall-common/diff-3.4-lib.base @@ -0,0 +1,26 @@ +--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.base 2007-06-14 17:30:33.000000000 -0700 ++++ Shorewall-common/lib.base 2007-06-16 08:40:13.000000000 -0700 +@@ -28,12 +28,12 @@ + # and /usr/share/shorewall-lite/shorecap. + # + +-SHOREWALL_LIBVERSION=30404 ++SHOREWALL_LIBVERSION=40000 + + [ -n "${VARDIR:=/var/lib/shorewall}" ] + [ -n "${SHAREDIR:=/usr/share/shorewall}" ] + [ -n "${CONFDIR:=/etc/shorewall}" ] +-SHELLSHAREDIR=/usr/share/shorewall ++SHELLSHAREDIR=/usr/share/shorewall-shell + PERLSHAREDIR=/usr/share/shorewall-perl + + # +@@ -359,6 +359,8 @@ + eval loaded=\$LIB_${1}_LOADED + + if [ -z "$loaded" ]; then ++ [ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1 ++ + if [ -f $lib ]; then + progress_message "Loading library $lib..." + . $lib diff --git a/Shorewall-common/diff-3.4-lib.config b/Shorewall-common/diff-3.4-lib.config new file mode 100644 index 000000000..8fd22f2f3 --- /dev/null +++ b/Shorewall-common/diff-3.4-lib.config @@ -0,0 +1,56 @@ +--- /home/teastep/shorewall/branches/3.4/Shorewall/lib.config 2007-06-16 07:38:21.000000000 -0700 ++++ Shorewall-common/lib.config 2007-06-16 07:38:05.000000000 -0700 +@@ -1851,6 +1851,44 @@ + IP_FORWARDING=On + fi + ++ if [ -n "$ROUTE_FILTER" ]; then ++ case "$ROUTE_FILTER" in ++ Yes|yes|YES) ++ ROUTE_FILTER=yes ++ ;; ++ No|no|NO) ++ ROUTE_FILTER=no ++ ;; ++ Keep|keep|KEEP) ++ ROUTE_FILTER= ++ ;; ++ *) ++ startup_error "Invalid value ($ROUTE_FILTER) for ROUTE_FILTER" ++ ;; ++ esac ++ else ++ ROUTE_FILTER= ++ fi ++ ++ if [ -n "$LOG_MARTIANS" ]; then ++ case "$LOG_MARTIANS" in ++ Yes|yes|YES) ++ LOG_MARTIANS=yes ++ ;; ++ No|no|NO) ++ LOG_MARTIANS=no ++ ;; ++ Keep|keep|KEEP) ++ LOG_MARTIANS= ++ ;; ++ *) ++ startup_error "Invalid value ($LOG_MARTIANS) for LOG_MARTIANS" ++ ;; ++ esac ++ else ++ LOG_MARTIANS= ++ fi ++ + [ -n "${BLACKLIST_DISPOSITION:=DROP}" ] + + case "$CLAMPMSS" in +@@ -1862,8 +1900,6 @@ + esac + + ADD_SNAT_ALIASES=$(added_param_value_no ADD_SNAT_ALIASES $ADD_SNAT_ALIASES) +- ROUTE_FILTER=$(added_param_value_no ROUTE_FILTER $ROUTE_FILTER) +- LOG_MARTIANS=$(added_param_value_no LOG_MARTIANS $LOG_MARTIANS) + DETECT_DNAT_IPADDRS=$(added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS) + + MACLIST_TARGET=reject diff --git a/Shorewall-common/diff-3.4-shorewall b/Shorewall-common/diff-3.4-shorewall new file mode 100644 index 000000000..32934dd09 --- /dev/null +++ b/Shorewall-common/diff-3.4-shorewall @@ -0,0 +1,22 @@ +--- /home/teastep/shorewall/branches/3.4/Shorewall/shorewall 2007-06-16 08:15:22.000000000 -0700 ++++ Shorewall-common/shorewall 2007-06-16 08:37:06.000000000 -0700 +@@ -1293,7 +1293,7 @@ + echo " stop" + echo " status" + echo " try [ -C {shell|perl} ] [ ]" +- echo " version" ++ echo " version [ -a ]" + echo " safe-start [ -C {shell|perl} ] [ ]" + echo " safe-restart [ -C {shell|perl} ] [ ]" + echo +@@ -1437,6 +1437,10 @@ + echo $version + + if [ -n "$all" ]; then ++ if [ -f /usr/share/shorewall-shell/version ]; then ++ echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)" ++ fi ++ + if [ -f /usr/share/shorewall-perl/version ]; then + echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)" + fi diff --git a/Shorewall-common/lib.base b/Shorewall-common/lib.base index 63abfdda6..29d903016 100644 --- a/Shorewall-common/lib.base +++ b/Shorewall-common/lib.base @@ -28,7 +28,7 @@ # and /usr/share/shorewall-lite/shorecap. # -SHOREWALL_LIBVERSION=30403 +SHOREWALL_LIBVERSION=40000 [ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ] diff --git a/Shorewall-common/lib.cli b/Shorewall-common/lib.cli index bf10159e9..bba84ff71 100644 --- a/Shorewall-common/lib.cli +++ b/Shorewall-common/lib.cli @@ -957,7 +957,7 @@ allow_command() { [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - mutex_on + [ -n "$nolock" ] || mutex_on while [ $# -gt 1 ]; do shift case $1 in @@ -985,7 +985,7 @@ allow_command() { ;; esac done - mutex_off + [ -n "$nolock" ] || mutex_off else error_message "ERROR: $PRODUCT is not started" exit 2 diff --git a/Shorewall-common/shorewall b/Shorewall-common/shorewall index edc23fb4d..77f94f44c 100755 --- a/Shorewall-common/shorewall +++ b/Shorewall-common/shorewall @@ -859,7 +859,7 @@ safe_commands() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on if shorewall_is_started; then running=Yes @@ -870,7 +870,7 @@ safe_commands() { if [ "$COMMAND" = "safe-start" -a -n "$running" ]; then # the command is safe-start but the firewall is already running error_message "Shorewall is already started" - mutex_off + [ -n "$nolock" ] || mutex_off exit 0 fi @@ -886,7 +886,7 @@ safe_commands() { if ! compiler run $debugging nolock compile ${VARDIR}/.$command; then status=$? - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off exit $status fi @@ -916,7 +916,7 @@ safe_commands() { ${VARDIR}/.$command clear fi - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off echo "New configuration has been rejected and the old one restored" exit 2 @@ -924,7 +924,7 @@ safe_commands() { fi - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off } # @@ -1007,7 +1007,7 @@ try_command() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on if shorewall_is_started; then running=Yes @@ -1027,7 +1027,7 @@ try_command() { if ! compiler run $debugging $nolock compile ${VARDIR}/.$command; then status=$? - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off exit $status fi @@ -1054,7 +1054,7 @@ try_command() { fi fi - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off return 0 } @@ -1625,9 +1625,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on block DROP Dropped $* - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off else fatal_error "Shorewall is not started" fi @@ -1637,9 +1637,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on block logdrop Dropped $* - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off else fatal_error "Shorewall is not started" fi @@ -1649,9 +1649,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on block $COMMAND Rejected $* - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off else fatal_error "Shorewall is not started" fi @@ -1678,11 +1678,11 @@ case "$COMMAND" in RESTOREPATH=${VARDIR}/$RESTOREFILE - [ "$nolock" ] || mutex_on + [ -n "$nolock" ] || mutex_on save_config - [ "$nolock" ] || mutex_off + [ -n "$nolock" ] || mutex_off ;; forget) get_config diff --git a/Shorewall-shell/diff-3.4-compiler b/Shorewall-shell/diff-3.4-compiler new file mode 100644 index 000000000..b7a1f35f4 --- /dev/null +++ b/Shorewall-shell/diff-3.4-compiler @@ -0,0 +1,55 @@ +--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler 2007-06-16 07:39:45.000000000 -0700 ++++ Shorewall-shell/compiler 2007-06-16 07:39:31.000000000 -0700 +@@ -3767,7 +3767,7 @@ + + save_progress_message "Setting up Route Filtering..." + +- if [ -z "$ROUTE_FILTER" ]; then ++ if [ "$ROUTE_FILTER" = no ]; then + indent >&3 << __EOF__ + + for f in /proc/sys/net/ipv4/conf/*; do +@@ -3791,8 +3791,10 @@ + + save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" + +- if [ -n "$ROUTE_FILTER" ]; then ++ if [ "$ROUTE_FILTER" = yes ]; then + save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter" ++ elif [ "$ROUTE_FILTER" = no ]; then ++ save_command "echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter" + fi + + save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache" +@@ -3808,7 +3810,7 @@ + + save_progress_message "Setting up Martian Logging..." + +- if [ -z "$LOG_MARTIANS" ]; then ++ if [ "$LOG_MARTIANS" = no ]; then + indent >&3 << __EOF__ + + for f in /proc/sys/net/ipv4/conf/*; do +@@ -3831,9 +3833,12 @@ + __EOF__ + done + +- if [ -n "$LOG_MARTIANS" ]; then ++ if [ "$LOG_MARTIANS" = yes ]; then + save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians" + save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians" ++ elif [ "$LOG_MARTIANS" = no ]; then ++ save_command "echo 0 > /proc/sys/net/ipv4/conf/all/log_martians" ++ save_command "echo 0 > /proc/sys/net/ipv4/conf/default/log_martians" + fi + + fi +@@ -4874,7 +4879,7 @@ + ;; + esac + +- run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS $option ++ run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option + } + + progress_message2 "Initializing..."