extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 12:20:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into 4.5.2

Browse Source
This commit is contained in:
Tom Eastep 2012-03-31 20:03:57 -07:00
commit c616e203df
50 changed files with 2738 additions and 1442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
Shorewall-core/configure vendored Executable file
View File

@ -0,0 +1,127 @@
#!/bin/bash
#
# Shorewall Packet Filtering Firewall RPM configuration program - V4.5
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at http://www.shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Usage: ./configure <vendor> [ <option>=<setting> ] ...
#
#
################################################################################################
declare -A params
declare -A options
getfileparams() {
while read option; do
case $option in
\#*)
;;
*)
on=${option%=*}
ov=${option#*=}
ov=${ov%#*}
[ -n "$on" ] && options[${on}]="${ov}"
;;
esac
done
return 0
}
if [ $# -eq 0 ]; then
echo "Usage: $0 <var>=<val> ..." >&2
exit 1
fi
for p in $@; do
p=${p#--}
if [ -n "${p}" ]; then
declare -u pn
pn=${p%=*}
pv=${p#*=}
if [ -n "${pn}" ]; then
case ${pn} in
VENDOR)
pn=HOST
;;
SHAREDSTATEDIR)
pn=VARDIR
;;
DATADIR)
pn=SHAREDIR
;;
SYSCONFDIR)
pn=CONFDIR
;;
esac
params[${pn}]="${pv}"
fi
fi
done
vendor=${params[HOST]}
if [ -z "$vendor" ]; then
rcfile=shorewallrc.default
vendor=linux
else
rcfile=shorewallrc.$vendor
fi
getfileparams < $rcfile || exit 1
for p in ${!params[@]}; do
options[${p}]="${params[${p}]}"
options[${p}]="${params[${p}]}"
done
echo "HOST=$vendor" > shorewallrc
for on in \
PREFIX \
SHAREDIR \
LIBEXECDIR \
PERLLIBDIR \
CONFDIR \
SBINDIR \
MANDIR \
INITDIR \
INITSOURCE \
INITFILE \
AUXINITSOURCE \
AUXINITFILE \
SYSTEMD \
SYSCONFILE \
SYSCONFDIR \
ANNOTATED \
VARDIR
do
echo "$on=${options[${on}]}" >> shorewallrc
done
cat shorewallrc

213
Shorewall-core/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <configuration-file> ] "
echo " $ME -v" echo " $ME -v"
echo " $ME -h" echo " $ME -h"
exit $1 exit $1
} }
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() { split() {
local ifs local ifs
ifs=$IFS ifs=$IFS
@ -85,43 +91,87 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2} run_install $T $OWNERSHIP -m $3 $1 ${2}
} }
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
cd "$(dirname $0)" cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
# #
# Parse the run line # Parse the run line
# #
# ARGS is "yes" if we've already parsed an argument finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
# #
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc
file=~/.shorewallrc
elif [ -f ./.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
file=/usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
require $var
done
[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
T="-T" T="-T"
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
case "$PERLLIB" in
/*)
;;
*)
echo "The PERLLIB setting must be an absolute path name" >&2
exit 1
;;
esac
INSTALLD='-D' INSTALLD='-D'
if [ -z "$BUILD" ]; then if [ -z "$BUILD" ]; then
@ -180,41 +230,6 @@ esac
OWNERSHIP="-o $OWNER -g $GROUP" OWNERSHIP="-o $OWNER -g $GROUP"
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
[ -n "$option" ] && usage 1
finished=1
;;
esac
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
# #
# Determine where to install the firewall script # Determine where to install the firewall script
# #
@ -236,6 +251,23 @@ case "$HOST" in
;; ;;
esac esac
if [ -z "$file" ]; then
if $HOST = linux; then
file=shorewallrc.default
else
file=shorewallrc.${HOST}
fi
echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
echo "" >&2
echo "Example:" >&2
echo "" >&2
echo " ./install.sh $file" &>2
fi
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
if [ $BUILD != cygwin ]; then if [ $BUILD != cygwin ]; then
if [ `id -u` != 0 ] ; then if [ `id -u` != 0 ] ; then
@ -245,56 +277,55 @@ if [ -n "$DESTDIR" ]; then
fi fi
fi fi
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
echo "Installing Shorewall Core Version $VERSION" echo "Installing Shorewall Core Version $VERSION"
# #
# Create /usr/share/shorewall # Create /usr/share/shorewall
# #
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
chmod 755 ${DESTDIR}${LIBEXEC}/shorewall chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
if [ $LIBEXEC != /usr/shorewall/ ]; then mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
mkdir -p ${DESTDIR}/usr/share/shorewall chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
chmod 755 ${DESTDIR}/usr/share/shorewall
fi
# #
# Install wait4ifup # Install wait4ifup
# #
install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755 install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
echo echo
echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup" echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
# #
# Install the libraries # Install the libraries
# #
for f in lib.* ; do for f in lib.* ; do
install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644 install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f" echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
done done
if [ $BUILD != apple ]; then
eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
else
eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
fi
# #
# Symbolically link 'functions' to lib.base # Symbolically link 'functions' to lib.base
# #
ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
# #
# Create the version file # Create the version file
# #
echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
if [ ${SHAREDIR} != /usr/share ]; then
for f in lib.*; do
if [ $BUILD != apple ]; then
eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/$f
else
eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/$f
fi
done
fi
# #
# Report Success # Report Success
# #

47
Shorewall-core/lib.base
View File

@ -32,45 +32,60 @@ SHOREWALL_CAPVERSION=40502
[ -n "${g_program:=shorewall}" ] [ -n "${g_program:=shorewall}" ]
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_vardir="$VARDIR"
g_readrc=1
fi
case $g_program in case $g_program in
shorewall) shorewall)
SHAREDIR=/usr/share/shorewall SHAREDIR=${SHAREDIR}/shorewall
CONFDIR=/etc/shorewall CONFDIR=${CONFDIR}/shorewall
g_product="Shorewall" g_product="Shorewall"
g_family=4 g_family=4
g_tool= g_tool=
g_basedir=/usr/share/shorewall g_basedir=${SHAREDIR}/shorewall
g_lite= g_lite=
;; ;;
shorewall6) shorewall6)
SHAREDIR=/usr/share/shorewall6 SHAREDIR=${SHAREDIR}/shorewall6
CONFDIR=/etc/shorewall6 CONFDIR=${CONFDIR}/shorewall6
g_product="Shorewall6" g_product="Shorewall6"
g_family=6 g_family=6
g_tool= g_tool=
g_basedir=/usr/share/shorewall g_basedir=${SHAREDIR}/shorewall
g_lite= g_lite=
;; ;;
shorewall-lite) shorewall-lite)
SHAREDIR=/usr/share/shorewall-lite SHAREDIR=${SHAREDIR}/shorewall-lite
CONFDIR=/etc/shorewall-lite CONFDIR=${CONFDIR}/shorewall-lite
g_product="Shorewall Lite" g_product="Shorewall Lite"
g_family=4 g_family=4
g_tool=iptables g_tool=iptables
g_basedir=/usr/share/shorewall-lite g_basedir=${SHAREDIR}/shorewall-lite
g_lite=Yes g_lite=Yes
;; ;;
shorewall6-lite) shorewall6-lite)
SHAREDIR=/usr/share/shorewall6-lite SHAREDIR=${SHAREDIR}/shorewall6-lite
CONFDIR=/etc/shorewall6-lite CONFDIR=${CONFDIR}/shorewall6-lite
g_product="Shorewall6 Lite" g_product="Shorewall6 Lite"
g_family=6 g_family=6
g_tool=ip6tables g_tool=ip6tables
g_basedir=/usr/share/shorewall6-lite g_basedir=${SHAREDIR}/shorewall6-lite
g_lite=Yes g_lite=Yes
;; ;;
esac esac
VARDIR=${VARDIR}/${g_program}
# #
# Conditionally produce message # Conditionally produce message
# #
@ -186,7 +201,7 @@ mutex_off()
rm -f ${LOCKFILE:=${VARDIR}/lock} rm -f ${LOCKFILE:=${VARDIR}/lock}
} }
[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common [ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
# #
# Validate an IP address # Validate an IP address
@ -455,14 +470,14 @@ mktempfile() {
else else
case "$MKTEMP" in case "$MKTEMP" in
BSD) BSD)
mktemp /tmp/shorewall.XXXXXX mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
;; ;;
STD) STD)
mktemp -t shorewall.XXXXXX mktemp -t shorewall.XXXXXX
;; ;;
None) None)
rm -f /tmp/shorewall-$$ rm -f ${TMPDIR:-/tmp}/shorewall-$$
> /tmp/shorewall-$$ && echo /tmp/shorewall-$$ > ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
;; ;;
*) *)
error_message "ERROR:Internal error in mktempfile" error_message "ERROR:Internal error in mktempfile"

22
Shorewall-core/lib.cli
View File

@ -23,7 +23,21 @@
# This library contains the command processing code common to /sbin/shorewall[6] and # This library contains the command processing code common to /sbin/shorewall[6] and
# /sbin/shorewall[6]-lite. # /sbin/shorewall[6]-lite.
# #
. /usr/share/shorewall/lib.base
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
fi
. ${g_sharedir}/shorewall/lib.base
# #
# Fatal Error # Fatal Error
# #
@ -842,11 +856,13 @@ show_command() {
echo "CONFIG_PATH=$CONFIG_PATH" echo "CONFIG_PATH=$CONFIG_PATH"
echo "VARDIR=$VARDIR" echo "VARDIR=$VARDIR"
echo "LIBEXEC=$g_libexec" echo "LIBEXEC=$g_libexec"
echo "SBINDIR=$g_sbindir"
[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}" [ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
else else
echo "Default CONFIG_PATH is $CONFIG_PATH" echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "Default VARDIR is /var/lib/$g_program" echo "Default VARDIR is /var/lib/$g_program"
echo "LIBEXEC is $g_libexec" echo "LIBEXEC is $g_libexec"
echo "SBINDIR is $g_sbindir"
[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}" [ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
fi fi
;; ;;
@ -2958,14 +2974,12 @@ shorewall_cli() {
g_annotate= g_annotate=
g_recovering= g_recovering=
g_timestamp= g_timestamp=
g_libexec=/usr/share
g_perllib=/usr/share/shorewall
g_shorewalldir= g_shorewalldir=
VERBOSE= VERBOSE=
VERBOSITY= VERBOSITY=
[ -n "$g_lite" ] || . /usr/share/shorewall/lib.cli-std [ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
finished=0 finished=0

20
Shorewall-core/shorewallrc.apple Normal file
View File

@ -0,0 +1,20 @@
#
# Apple OS X Shorewall 4.5 rc file
#
BUILD=apple
HOST=apple
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

19
Shorewall-core/shorewallrc.archlinux Normal file
View File

@ -0,0 +1,19 @@
#
# Archlinux Shorewall 4.5 rc file
#
BUILD=archlinux
HOST=archlinux
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSCONFDIR=
SYSTEMD=
VARDIR=/var/lib

20
Shorewall-core/shorewallrc.cygwin Normal file
View File

@ -0,0 +1,20 @@
#
# Cygwin Shorewall 4.5 rc file
#
BUILD=cygwin
HOST=cygwin
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/bin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/init.d
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.debian Normal file
View File

@ -0,0 +1,21 @@
#
# Debian Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=debian
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.debian.sh
ANNOTATED=
SYSCONFFILE=default.debian
SYSCONFDIR=/etc/default
SYSTEMD=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.default Normal file
View File

@ -0,0 +1,21 @@
#
# Default Shorewall 4.5 rc file
#
HOST= #Default is to detect the host system
BUILD= #Default is to detect the build system
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
SPARSE=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.redhat Normal file
View File

@ -0,0 +1,21 @@
#
# RedHat/FedoraShorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=redhat
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=/usr/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d/init.d
INITFILE=$PRODUCT
INITSOURCE=init.fedora.sh
ANNOTATED=
SYSTEMD=/lib/systemd/system
SYSCONFFILE=sysconfig
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

22
Shorewall-core/shorewallrc.slackware Normal file
View File

@ -0,0 +1,22 @@
#
# Slackware Shorewall 4.5 rc file
#
BUILD=slackware
HOST=slackware
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/rc.d
INITSOURCE=init.slackware.firewall
INITFILE=rc.firewall
AUXINITSOURCE=init.slackware.$PRODUCT
AUXINITFILE=rc.$PRODUCT
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
ANNOTATED=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.suse Normal file
View File

@ -0,0 +1,21 @@
#
# SuSE Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=suse
PREFIX=/usr
CONFDIR=/etc
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/lib
PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man/
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

28
Shorewall-core/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <shorewallrc file> ]"
exit $1 exit $1
} }
@ -60,8 +60,25 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall/coreversion ]; then if [ $# -eq 0 ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)" file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller." echo " and this is the $VERSION uninstaller."
@ -72,12 +89,9 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling Shorewall Core $VERSION" echo "Uninstalling Shorewall Core $VERSION"
rm -rf /usr/share/shorewall rm -rf ${SHAREDIR}/shorewall
echo "Shorewall Core Uninstalled" echo "Shorewall Core Uninstalled"

9
Shorewall-init/ifupdown.sh
View File

@ -71,6 +71,11 @@ Debian_SuSE_ppp() {
IFUPDOWN=0 IFUPDOWN=0
PRODUCTS= PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init . /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then elif [ -f /etc/sysconfig/shorewall-init ]; then
@ -182,10 +187,8 @@ else
fi fi
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x $VARDIR/firewall ]; then if [ -x $VARDIR/firewall ]; then
( . /usr/share/$PRODUCT/lib.base ( . ${SHAREDIR}/shorewall/lib.base
mutex_on mutex_on
${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
mutex_off mutex_off

9
Shorewall-init/init.debian.sh
View File

@ -62,10 +62,15 @@ not_configured () {
exit 0 exit 0
} }
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not # check if shorewall-init is configured or not
if [ -f "/etc/default/shorewall-init" ] if [ -f "$SYSCONFDIR/shorewall-init" ]
then then
. /etc/default/shorewall-init . $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ] if [ -z "$PRODUCTS" ]
then then
not_configured not_configured

21
Shorewall-init/init.fedora.sh
View File

@ -13,6 +13,15 @@
# Description: Place the firewall in a safe state at boot time # Description: Place the firewall in a safe state at boot time
# prior to bringing up the network. # prior to bringing up the network.
### END INIT INFO ### END INIT INFO
#determine where the files were installed
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SBINDIR=/sbin
SYSCONFDIR=/etc/default
VARDIR=/var/lib
fi
prog="shorewall-init" prog="shorewall-init"
logger="logger -i -t $prog" logger="logger -i -t $prog"
lockfile="/var/lock/subsys/shorewall-init" lockfile="/var/lock/subsys/shorewall-init"
@ -44,10 +53,8 @@ start () {
echo -n "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do for product in $PRODUCTS; do
vardir=/var/lib/$product if [ -x ${VARDIR}/$product/firewall ]; then
[ -f /etc/$product/vardir ] && . /etc/$product/vardir ${VARDIR}/$product/firewall stop 2>&1 | $logger
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall stop 2>&1 | $logger
retval=${PIPESTATUS[0]} retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break [ retval -ne 0 ] && break
fi fi
@ -70,10 +77,8 @@ stop () {
echo -n "Clearing \"Shorewall-based firewalls\": " echo -n "Clearing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do for product in $PRODUCTS; do
vardir=/var/lib/$product if [ -x ${VARDIR}/$product/firewall ]; then
[ -f /etc/$product/vardir ] && . /etc/$product/vardir ${VARDIR}/$product/firewall clear 2>&1 | $logger
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall clear 2>&1 | $logger
retval=${PIPESTATUS[0]} retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break [ retval -ne 0 ] && break
fi fi

11
Shorewall-init/init.sh
View File

@ -53,6 +53,11 @@ else
exit 0 exit 0
fi fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# Initialize the firewall # Initialize the firewall
shorewall_start () { shorewall_start () {
local PRODUCT local PRODUCT
@ -60,10 +65,8 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || echo_notdone ${VARDIR}/firewall stop || echo_notdone
fi fi
fi fi
@ -83,8 +86,6 @@ shorewall_stop () {
echo -n "Clearing \"Shorewall-based firewalls\": " echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall clear || exit 1 ${VARDIR}/firewall clear || exit 1
fi fi

202
Shorewall-init/install.sh
View File

@ -28,12 +28,18 @@ VERSION=xxx #The Build script inserts the actual version.
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v" echo " $ME -v"
echo " $ME -h" echo " $ME -h"
exit $1 exit $1
} }
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() { split() {
local ifs local ifs
ifs=$IFS ifs=$IFS
@ -76,9 +82,9 @@ cant_autostart()
echo "WARNING: Unable to configure shorewall init to start automatically at boot" >&2 echo "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
} }
delete_file() # $1 = file to delete require()
{ {
rm -f $1 eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
} }
install_file() # $1 = source $2 = target $3 = mode install_file() # $1 = source $2 = target $3 = mode
@ -88,44 +94,78 @@ install_file() # $1 = source $2 = target $3 = mode
cd "$(dirname $0)" cd "$(dirname $0)"
# PRODUCT=shorewall-init
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX" #
# Parse the run line
#
finished=0
while [ $# -gt 0 ] ; do while [ $finished -eq 0 ] ; do
case "$1" in case "$1" in
-h|help|?) -*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0 usage 0
;; ;;
-v) v)
echo "Shorewall Init Installer Version $VERSION" echo "Shorewall-init Firewall Installer Version $VERSION"
exit 0 exit 0
;; ;;
*) *)
usage 1 usage 1
;; ;;
esac esac
done
shift shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
#
# Load packager's settings if any
#
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=./.shorewallrc
else
fatal_error "No configuration file specified and ~/.shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
require $var
done done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=/usr/share}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
INITFILE="shorewall-init"
if [ -z "$BUILD" ]; then if [ -z "$BUILD" ]; then
case $(uname) in case $(uname) in
cygwin*) cygwin*)
@ -174,11 +214,9 @@ OWNERSHIP="-o $OWNER -g $GROUP"
case "$HOST" in case "$HOST" in
debian) debian)
echo "Installing Debian-specific configuration..." echo "Installing Debian-specific configuration..."
SPARSE=yes
;; ;;
redhat|redhat) redhat|redhat)
echo "Installing Redhat/Fedora-specific configuration..." echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;; ;;
slackware) slackware)
echo "Shorewall-init is currently not supported on Slackware" >&2 echo "Shorewall-init is currently not supported on Slackware" >&2
@ -202,10 +240,6 @@ esac
[ -z "$TARGET" ] && TARGET=$HOST [ -z "$TARGET" ] && TARGET=$HOST
if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
INITDIR="/etc/init.d"
fi
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then if [ `id -u` != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root." echo "Not setting file owner/group permissions, not running as root."
@ -215,57 +249,44 @@ if [ -n "$DESTDIR" ]; then
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
fi fi
if [ -z "$DESTDIR" ]; then
if [ -d /lib/systemd/system ]; then
SYSTEMD=Yes
INITFILE=
fi
elif [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system
INITFILE=
fi
echo "Installing Shorewall Init Version $VERSION" echo "Installing Shorewall Init Version $VERSION"
# #
# Check for /usr/share/shorewall-init/version # Check for /usr/share/shorewall-init/version
# #
if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
first_install="" first_install=""
else else
first_install="Yes" first_install="Yes"
fi fi
#
# Install the Firewall Script
#
if [ -n "$INITFILE" ]; then if [ -n "$INITFILE" ]; then
# install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
# Install the Init Script [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
#
case $TARGET in
debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
*)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
esac
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/${INITFILE}" if [ -n "${AUXINITSOURCE}" ]; then
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
fi
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
fi fi
# #
# Install the .service file # Install the .service file
# #
if [ -n "$SYSTEMD" ]; then if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service mkdir -p ${DESTDIR}${SYSTEMD}
echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service" run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/sbin/ mkdir -p ${DESTDIR}${SBINDIR}
chmod 755 ${DESTDIR}/sbin chmod 755 ${DESTDIR}${SBINDIR}
fi fi
run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}/sbin/shorewall-init run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
echo "CLI installed as ${DESTDIR}/sbin/shorewall-init" echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
fi fi
# #
@ -285,7 +306,7 @@ chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
# #
if [ -z "$DESTDIR" ]; then if [ -z "$DESTDIR" ]; then
rm -f /usr/share/shorewall-init/init rm -f /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} /usr/share/shorewall-init/init ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
fi fi
if [ $HOST = debian ]; then if [ $HOST = debian ]; then
@ -303,20 +324,20 @@ if [ $HOST = debian ]; then
fi fi
else else
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/sysconfig mkdir -p ${DESTDIR}${SYSCONFDIR}
if [ -z "$RPM" ]; then if [ -z "$RPM" ]; then
if [ $HOST = suse ]; then if [ $HOST = suse ]; then
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
else else
mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
fi fi
fi fi
fi fi
if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644 install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
fi fi
fi fi
@ -324,31 +345,35 @@ fi
# Install the ifupdown script # Install the ifupdown script
# #
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init cp ifupdown.sh ifupdown
install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544 d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ifupdown
mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
if [ -d ${DESTDIR}/etc/NetworkManager ]; then if [ -d ${DESTDIR}/etc/NetworkManager ]; then
install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544 install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
fi fi
case $HOST in case $HOST in
debian) debian)
install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544 install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544 install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
;; ;;
suse) suse)
if [ -z "$RPM" ]; then if [ -z "$RPM" ]; then
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544 install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544 install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
fi fi
;; ;;
redhat) redhat)
if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled" echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
elif [ -z "$DESTDIR" ]; then elif [ -z "$DESTDIR" ]; then
install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544 install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544 install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
fi fi
;; ;;
esac esac
@ -365,20 +390,20 @@ if [ -z "$DESTDIR" ]; then
if systemctl enable shorewall-init; then if systemctl enable shorewall-init; then
echo "Shorewall Init will start automatically at boot" echo "Shorewall Init will start automatically at boot"
fi fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
if insserv /etc/init.d/shorewall-init ; then if insserv ${INITDIR}/shorewall-init ; then
echo "Shorewall Init will start automatically at boot" echo "Shorewall Init will start automatically at boot"
else else
cant_autostart cant_autostart
fi fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
if chkconfig --add shorewall-init ; then if chkconfig --add shorewall-init ; then
echo "Shorewall Init will start automatically in run levels as follows:" echo "Shorewall Init will start automatically in run levels as follows:"
chkconfig --list shorewall-init chkconfig --list shorewall-init
else else
cant_autostart cant_autostart
fi fi
elif [ -x /sbin/rc-update ]; then elif [ -x ${SBINDIR}/rc-update ]; then
if rc-update add shorewall-init default; then if rc-update add shorewall-init default; then
echo "Shorewall Init will start automatically at boot" echo "Shorewall Init will start automatically at boot"
else else
@ -387,7 +412,6 @@ if [ -z "$DESTDIR" ]; then
else else
cant_autostart cant_autostart
fi fi
fi fi
fi fi
else else
@ -397,18 +421,20 @@ else
mkdir -p ${DESTDIR}/etc/rcS.d mkdir -p ${DESTDIR}/etc/rcS.d
fi fi
ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
echo "Shorewall Init will start automatically at boot" echo "Shorewall Init will start automatically at boot"
fi fi
fi fi
fi fi
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
if [ -f ${DESTDIR}/etc/ppp ]; then if [ -f ${DESTDIR}/etc/ppp ]; then
case $HOST in case $HOST in
debian|suse) debian|suse)
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
done done
;; ;;
redhat) redhat)
@ -419,13 +445,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
FILE=${DESTDIR}/etc/ppp/$file FILE=${DESTDIR}/etc/ppp/$file
if [ -f $FILE ]; then if [ -f $FILE ]; then
if fgrep -q Shorewall-based $FILE ; then if fgrep -q Shorewall-based $FILE ; then
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
else else
echo "$FILE already exists -- ppp devices will not be handled" echo "$FILE already exists -- ppp devices will not be handled"
break break
fi fi
else else
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
fi fi
done done
;; ;;

11
Shorewall-init/shorewall-init
View File

@ -23,9 +23,14 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
######################################################################################### #########################################################################################
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not # check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init . $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2 echo "ERROR: No products configured" >&2
exit 1 exit 1
@ -42,8 +47,6 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || exit 1 ${VARDIR}/firewall stop || exit 1

91
Shorewall-init/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <shorewallrc file> ]"
exit $1 exit $1
} }
@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1 "$@" >/dev/null 2>&1
} }
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore remove_file() # $1 = file to restore
{ {
if [ -f $1 -o -L $1 ] ; then if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,25 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall-init/version ]; then if [ $# -eq 0 ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)" file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall-init/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller." echo " and this is the $VERSION uninstaller."
@ -60,56 +98,55 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ] [ -n "${LIBEXEC:=${SHAREDIR}}" ]
echo "Uninstalling Shorewall Init $VERSION" echo "Uninstalling Shorewall Init $VERSION"
INITSCRIPT=/etc/init.d/shorewall-init INITSCRIPT=${CONFDIR}/init.d/shorewall-init
if [ -n "$INITSCRIPT" ]; then if [ -f "$INITSCRIPT" ]; then
if [ -x /usr/sbin/updaterc.d ]; then if mywhich updaterc.d ; then
updaterc.d shorewall-init remove updaterc.d shorewall-init remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif mywhich insserv ; then
insserv -r $INITSCRIPT insserv -r $INITSCRIPT
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif mywhich chkconfig ; then
chkconfig --del $(basename $INITSCRIPT) chkconfig --del $(basename $INITSCRIPT)
elif [ -x /sbin/systemctl ]; then elif mywhich systemctl ; then
systemctl disable shorewall-init systemctl disable shorewall-init
else
rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
fi fi
remove_file $INITSCRIPT remove_file $INITSCRIPT
fi fi
[ "$(readlink -m -q /sbin/ifup-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local [ "$(readlink -m -q ${SBINDIR}/ifup-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local [ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
remove_file /etc/default/shorewall-init remove_file ${CONFDIR}/default/shorewall-init
remove_file /etc/sysconfig/shorewall-init remove_file ${CONFDIR}/sysconfig/shorewall-init
remove_file /etc/NetworkManager/dispatcher.d/01-shorewall remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
remove_file /etc/network/if-up.d/shorewall remove_file ${CONFDIR}/network/if-up.d/shorewall
remove_file /etc/network/if-down.d/shorewall remove_file ${CONFDIR}/network/if-down.d/shorewall
remove_file /etc/sysconfig/network/if-up.d/shorewall remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
remove_file /etc/sysconfig/network/if-down.d/shorewall remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
remove_file /lib/systemd/system/shorewall.service
if [ -d /etc/ppp ]; then [ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
if [ -d ${CONFDIR}/ppp ]; then
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
remove_file /etc/ppp/$directory/shorewall remove_file ${CONFDIR}/ppp/$directory/shorewall
done done
for file in if-up.local if-down.local; do for file in if-up.local if-down.local; do
if fgrep -q Shorewall-based /etc/ppp/$FILE; then if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
remove_file /etc/ppp/$FILE remove_file ${CONFDIR}/ppp/$FILE
fi fi
done done
fi fi
rm -rf /usr/share/shorewall-init rm -rf ${SHAREDIR}/shorewall-init
rm -rf ${LIBEXEC}/shorewall-init rm -rf ${LIBEXEC}/shorewall-init
echo "Shorewall Init Uninstalled" echo "Shorewall Init Uninstalled"

14
Shorewall-lite/init.debian.sh
View File

@ -57,17 +57,23 @@ not_configured () {
exit 0 exit 0
} }
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# parse the shorewall params file in order to use params in # parse the shorewall params file in order to use params in
# /etc/default/shorewall # /etc/default/shorewall
if [ -f "/etc/shorewall-lite/params" ]
if [ -f "$CONFDIR/shorewall-lite/params" ]
then then
. /etc/shorewall-lite/params . $CONFDIR/shorewall-lite/params
fi fi
# check if shorewall is configured or not # check if shorewall is configured or not
if [ -f "/etc/default/shorewall-lite" ] if [ -f "$SYSCONFDIR/shorewall-lite" ]
then then
. /etc/default/shorewall-lite . $SYSCONFDIR/shorewall-lite
SRWL_OPTS="$SRWL_OPTS $OPTIONS" SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ] if [ "$startup" != "1" ]
then then

11
Shorewall-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library. # Source function library.
. /etc/rc.d/init.d/functions . /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall-lite" prog="shorewall-lite"
shorewall="/sbin/$prog" shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog" logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog" lockfile="/var/lock/subsys/$prog"
# Get startup options (override default) # Get startup options (override default)
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then if [ -f ${SYSCONFDIR}/$prog ]; then
. /etc/sysconfig/$prog . ${SYSCONFDIR}/$prog
fi fi
start() { start() {

18
Shorewall-lite/init.sh
View File

@ -61,10 +61,14 @@ usage() {
# Get startup options (override default) # Get startup options (override default)
################################################################################ ################################################################################
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall #
elif [ -f /etc/default/shorewall ] ; then # The installer may alter this
. /etc/default/shorewall #
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
. ${SYSCONFDIR}/shorewall-lite
fi fi
SHOREWALL_INIT_SCRIPT=1 SHOREWALL_INIT_SCRIPT=1
@ -76,13 +80,13 @@ command="$1"
case "$command" in case "$command" in
start) start)
exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
;; ;;
restart|reload) restart|reload)
exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
;; ;;
status|stop) status|stop)
exec /sbin/shorewall-lite $OPTIONS $command $@ exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
;; ;;
*) *)
usage usage

282
Shorewall-lite/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v" echo " $ME -v"
echo " $ME -h" echo " $ME -h"
exit $1 exit $1
} }
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() { split() {
local ifs local ifs
ifs=$IFS ifs=$IFS
@ -85,16 +91,16 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2} run_install $T $OWNERSHIP -m $3 $1 ${2}
} }
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
# #
# Change to the directory containing this script # Change to the directory containing this script
# #
cd "$(dirname $0)" cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
if [ -f shorewall-lite ]; then if [ -f shorewall-lite ]; then
PRODUCT=shorewall-lite PRODUCT=shorewall-lite
Product="Shorewall Lite" Product="Shorewall Lite"
@ -103,17 +109,22 @@ else
Product="Shorewall6 Lite" Product="Shorewall6 Lite"
fi fi
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
# #
# Parse the run line # Parse the run line
# #
while [ $# -gt 0 ] ; do finished=0
while [ $finished -eq 0 ] ; do
case "$1" in case "$1" in
-h|help|?) -*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0 usage 0
;; ;;
-v) v)
echo "$Product Firewall Installer Version $VERSION" echo "$Product Firewall Installer Version $VERSION"
exit 0 exit 0
;; ;;
@ -121,21 +132,50 @@ while [ $# -gt 0 ] ; do
usage 1 usage 1
;; ;;
esac esac
done
shift shift
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=/usr/share}" ]
case "$LIBEXEC" in
/*)
;; ;;
*) *)
echo "The LIBEXEC setting must be an absolute path name" >&2 finished=1
exit 1
;; ;;
esac esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=./shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
require $var
done
PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
# #
# Determine where to install the firewall script # Determine where to install the firewall script
@ -154,15 +194,15 @@ if [ -z "$BUILD" ]; then
BUILD=apple BUILD=apple
;; ;;
*) *)
if [ -f /etc/debian_version ]; then if [ -f ${CONFDIR}/debian_version ]; then
BUILD=debian BUILD=debian
elif [ -f /etc/redhat-release ]; then elif [ -f ${CONFDIR}/redhat-release ]; then
BUILD=redhat BUILD=redhat
elif [ -f /etc/SuSE-release ]; then elif [ -f ${CONFDIR}/SuSE-release ]; then
BUILD=suse BUILD=suse
elif [ -f /etc/slackware-version ] ; then elif [ -f ${CONFDIR}/slackware-version ] ; then
BUILD=slackware BUILD=slackware
elif [ -f /etc/arch-release ] ; then elif [ -f ${CONFDIR}/arch-release ] ; then
BUILD=archlinux BUILD=archlinux
else else
BUILD=linux BUILD=linux
@ -203,21 +243,15 @@ case "$HOST" in
;; ;;
debian) debian)
echo "Installing Debian-specific configuration..." echo "Installing Debian-specific configuration..."
SPARSE=yes
;; ;;
redhat) redhat)
echo "Installing Redhat/Fedora-specific configuration..." echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;; ;;
slackware) slackware)
echo "Installing Slackware-specific configuration..." echo "Installing Slackware-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
[ -n "$INITFILE" ] || INITFILE="rc.firewall"
[ -n "$MANDIR=" ] || MANDIR=/usr/man
;; ;;
archlinux) archlinux)
echo "Installing ArchLinux-specific configuration..." echo "Installing ArchLinux-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
;; ;;
linux|suse) linux|suse)
;; ;;
@ -227,7 +261,7 @@ case "$HOST" in
;; ;;
esac esac
[ -z "$INITDIR" ] && INITDIR="/etc/init.d" [ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then if [ `id -u` != 0 ] ; then
@ -235,8 +269,8 @@ if [ -n "$DESTDIR" ]; then
OWNERSHIP="" OWNERSHIP=""
fi fi
install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
install -d $OWNERSHIP -m 755 ${DESTDIR}${DESTFILE} install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
if [ -n "$SYSTEMD" ]; then if [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system mkdir -p ${DESTDIR}/lib/systemd/system
@ -257,27 +291,27 @@ fi
echo "Installing $Product Version $VERSION" echo "Installing $Product Version $VERSION"
# #
# Check for /etc/$PRODUCT # Check for ${CONFDIR}/$PRODUCT
# #
if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
if [ ! -f /usr/share/shorewall/coreversion ]; then if [ ! -f /usr/share/shorewall/coreversion ]; then
echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2 echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
exit 1 exit 1
fi fi
[ -f /etc/$PRODUCT/shorewall.conf ] && \ [ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
else else
rm -rf ${DESTDIR}/etc/$PRODUCT rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
rm -rf ${DESTDIR}/usr/share/$PRODUCT rm -rf ${DESTDIR}/usr/share/$PRODUCT
rm -rf ${DESTDIR}/var/lib/$PRODUCT rm -rf ${DESTDIR}/var/lib/$PRODUCT
[ "$LIBEXEC" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap [ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
fi fi
# #
# Check for /sbin/$PRODUCT # Check for ${SBINDIR}/$PRODUCT
# #
if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
first_install="" first_install=""
else else
first_install="Yes" first_install="Yes"
@ -285,118 +319,123 @@ fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544 install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT" echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
# #
# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed # Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
# #
mkdir -p ${DESTDIR}/etc/$PRODUCT mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
mkdir -p ${DESTDIR}/usr/share/$PRODUCT mkdir -p ${DESTDIR}/usr/share/$PRODUCT
mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
mkdir -p ${DESTDIR}/var/lib/$PRODUCT mkdir -p ${DESTDIR}/var/lib/$PRODUCT
chmod 755 ${DESTDIR}/etc/$PRODUCT chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
chmod 755 ${DESTDIR}/usr/share/$PRODUCT chmod 755 ${DESTDIR}/usr/share/$PRODUCT
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/logrotate.d mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
chmod 755 ${DESTDIR}/etc/logrotate.d chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
mkdir -p ${DESTDIR}${INITDIR} mkdir -p ${DESTDIR}${INITDIR}
chmod 755 ${DESTDIR}${INITDIR} chmod 755 ${DESTDIR}${INITDIR}
fi fi
if [ -n "$INITFILE" ]; then if [ -n "$INITFILE" ]; then
initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
case $TARGET in case $TARGET in
debian) debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544 install_file init.debian.sh "$initfile" 0544
;; ;;
redhat) redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544 install_file init.fedora.sh "$initfile" 0544
;; ;;
archlinux) archlinux)
install_file init.archlinux.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544 install_file init.archlinux.sh "$initfile" 0544
;; ;;
*) *)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544 install_file init.sh "$initfile" 0544
;; ;;
esac esac
echo "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}" [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
echo "$Product init script installed in $initfile"
fi fi
# #
# Install the .service file # Install the .service file
# #
if [ -n "$SYSTEMD" ]; then if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service" echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
fi fi
# #
# Install the config file # Install the config file
# #
if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744 install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf" echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
fi fi
if [ $HOST = archlinux ] ; then if [ $HOST = archlinux ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
fi fi
# #
# Install the Makefile # Install the Makefile
# #
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile" echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
# #
# Install the default config path file # Install the default config path file
# #
install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644 install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath" echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
# #
# Install the libraries # Install the libraries
# #
for f in lib.* ; do for f in lib.* ; do
if [ -f $f ]; then if [ -f $f ]; then
install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644 install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f" echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
fi fi
done done
ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions" echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
# #
# Install Shorecap # Install Shorecap
# #
install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755 install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
echo echo
echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap" echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
# #
# Install the Modules files # Install the Modules files
# #
if [ -f modules ]; then if [ -f modules ]; then
run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules" echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
fi fi
if [ -f helpers ]; then if [ -f helpers ]; then
run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers" echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
fi fi
for f in modules.*; do for f in modules.*; do
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f" echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
done done
# #
@ -406,18 +445,18 @@ done
if [ -d manpages ]; then if [ -d manpages ]; then
cd manpages cd manpages
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/ [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
for f in *.5; do for f in *.5; do
gzip -c $f > $f.gz gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz" echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
done done
for f in *.8; do for f in *.8; do
gzip -c $f > $f.gz gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz" echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
done done
cd .. cd ..
@ -425,74 +464,79 @@ if [ -d manpages ]; then
echo "Man Pages Installed" echo "Man Pages Installed"
fi fi
if [ -d ${DESTDIR}/etc/logrotate.d ]; then if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT" echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
fi fi
# #
# Create the version file # Create the version file
# #
echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
# #
# Remove and create the symbolic link to the init script # Remove and create the symbolic link to the init script
# #
if [ -z "$DESTDIR" ]; then if [ -z "$DESTDIR" ]; then
rm -f /usr/share/$PRODUCT/init rm -f ${SHAREDIR}/$PRODUCT/init
ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
fi fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
if [ -z "$DESTDIR" ]; then if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
touch /var/log/$PRODUCT-init.log if [ ${DESTDIR} ]; then
mkdir -p ${DESTDIR}${SYSCONFDIR}
if [ -n "$first_install" ]; then chmod 755 ${DESTDIR}${SYSCONFDIR}
if [ $HOST = debian ]; then
run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
update-rc.d $PRODUCT defaults
if [ -x /sbin/insserv ]; then
insserv /etc/init.d/$PRODUCT
else
ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
fi fi
echo "$Product will start automatically at boot" run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
else echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
if [ -n "$SYSTEMD" ]; then fi
if [ ${SHAREDIR} != /usr/share ]; then
[ $PRODUCT = shorewall ] && eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/lib.base
sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
fi
if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
if mywhich update-rc.d ; then
echo "$PRODUCT will start automatically at boot"
echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
touch /var/log/$PRODUCT-init.log
perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
elif [ -n "$SYSTEMD" ]; then
if systemctl enable $PRODUCT; then if systemctl enable $PRODUCT; then
echo "$Product will start automatically at boot" echo "$Product will start automatically at boot"
fi fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif mywhich insserv; then
if insserv /etc/init.d/$PRODUCT ; then if insserv ${INITDIR}/${INITFILE} ; then
echo "$Product will start automatically at boot" echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
else else
cant_autostart cant_autostart
fi fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif mywhich chkconfig; then
if chkconfig --add $PRODUCT ; then if chkconfig --add $PRODUCT ; then
echo "$Product will start automatically in run levels as follows:" echo "$PRODUCT will start automatically in run levels as follows:"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
chkconfig --list $PRODUCT chkconfig --list $PRODUCT
else else
cant_autostart cant_autostart
fi fi
elif [ -x /sbin/rc-update ]; then elif mywhich rc-update ; then
if rc-update add $PRODUCT default; then if rc-update add $PRODUCT default; then
echo "$Product will start automatically at boot" echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
else else
cant_autostart cant_autostart
fi fi
elif [ "$INITFILE" != rc.firewall ]; then #Slackware starts this automatically elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
cant_autostart cant_autostart
fi fi
fi
fi
fi fi
# #

12
Shorewall-lite/shorewall-lite
View File

@ -27,6 +27,16 @@
################################################################################################ ################################################################################################
g_program=shorewall-lite g_program=shorewall-lite
. /usr/share/shorewall/lib.cli #
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@ shorewall_cli $@

91
Shorewall-lite/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME" echo "usage: $ME [ <shorewallrc file> ]"
exit $1 exit $1
} }
@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1 "$@" >/dev/null 2>&1
} }
restore_file() # $1 = file to restore split() {
{ local ifs
if [ -f ${1}-shorewall.bkout ]; then ifs=$IFS
if (mv -f ${1}-shorewall-lite.bkout $1); then IFS=:
echo set -- $1
echo "$1 restored" echo $*
else IFS=$ifs
exit 1 }
fi
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi fi
done
return 2
} }
remove_file() # $1 = file to restore remove_file() # $1 = file to restore
@ -60,8 +69,23 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall-lite/version ]; then if [ $# -eq 0 ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)" file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller." echo " and this is the $VERSION uninstaller."
@ -72,49 +96,40 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION" echo "Uninstalling Shorewall Lite $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
/sbin/shorewall-lite clear shorewall-lite clear
fi fi
if [ -L /usr/share/shorewall-lite/init ]; then if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init) FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
else elIF [ -n "$INITFILE" ]; then
FIREWALL=/etc/init.d/shorewall-lite FIREWALL=${INITDIR}/${INITFILE}
fi fi
if [ -n "$FIREWALL" ]; then if [ -f "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then if mywhich updaterc.d ; then
updaterc.d shorewall-lite remove updaterc.d shorewall-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif if mywhich insserv ; then
insserv -r $FIREWALL insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif [ mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL) chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then elif mywhich systemctl ; then
systemctl disable shorewall-lite systemctl disable shorewall-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi fi
remove_file $FIREWALL remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi fi
rm -f /sbin/shorewall-lite rm -f ${SBINDIR}/shorewall-lite
rm -f /sbin/shorewall-lite-*.bkout
rm -rf /etc/shorewall-lite rm -rf ${SBINDIR}/shorewall-lite
rm -rf /etc/shorewall-lite-*.bkout rm -rf ${VARDIR}/shorewall-lite
rm -rf /var/lib/shorewall-lite rm -rf ${SHAREDIR}/shorewall-lite
rm -rf /var/lib/shorewall-lite-*.bkout
rm -rf /usr/share/shorewall-lite
rm -rf ${LIBEXEC}/shorewall-lite rm -rf ${LIBEXEC}/shorewall-lite
rm -rf /usr/share/shorewall-lite-*.bkout rm -f ${CONFDIR}/logrotate.d/shorewall-lite
rm -f /etc/logrotate.d/shorewall-lite [ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall-lite.service
rm -f /lib/systemd/system/shorewall-lite.service
echo "Shorewall Lite Uninstalled" echo "Shorewall Lite Uninstalled"

16
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -160,15 +160,17 @@ sub generate_script_2() {
emit( 'g_family=4' ); emit( 'g_family=4' );
if ( $export ) { if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall-lite', emit ( 'SHAREDIR=$SHAREDIR/shorewall-lite',
'CONFDIR=/etc/shorewall-lite', 'CONFDIR=$CONFDIR/shorewall-lite',
'VARDIR=$VARDIR/shorewall-lite',
'g_product="Shorewall Lite"', 'g_product="Shorewall Lite"',
'g_program=shorewall-lite', 'g_program=shorewall-lite',
'g_basedir=/usr/share/shorewall-lite', 'g_basedir=/usr/share/shorewall-lite',
); );
} else { } else {
emit ( 'SHAREDIR=/usr/share/shorewall', emit ( 'SHAREDIR=$SHAREDIR/shorewall',
'CONFDIR=/etc/shorewall', 'CONFDIR=$CONFDIR/shorewall',
'VARDIR=$VARDIR/shorewall',
'g_product=Shorewall', 'g_product=Shorewall',
'g_program=shorewall', 'g_program=shorewall',
'g_basedir=/usr/share/shorewall', 'g_basedir=/usr/share/shorewall',
@ -178,8 +180,9 @@ sub generate_script_2() {
emit( 'g_family=6' ); emit( 'g_family=6' );
if ( $export ) { if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall6-lite', emit ( 'SHAREDIR=/$SHAREDIR/shorewall6-lite',
'CONFDIR=/etc/shorewall6-lite', 'CONFDIR=$CONFDIR/shorewall6-lite',
'VARDIR=$VARDIR/shorewall6-lite',
'g_product="Shorewall6 Lite"', 'g_product="Shorewall6 Lite"',
'g_program=shorewall6-lite', 'g_program=shorewall6-lite',
'g_basedir=/usr/share/shorewall6', 'g_basedir=/usr/share/shorewall6',
@ -187,6 +190,7 @@ sub generate_script_2() {
} else { } else {
emit ( 'SHAREDIR=/usr/share/shorewall6', emit ( 'SHAREDIR=/usr/share/shorewall6',
'CONFDIR=/etc/shorewall6', 'CONFDIR=/etc/shorewall6',
'VARDIR=$VARDIR/shorewall6',
'g_product=Shorewall6', 'g_product=Shorewall6',
'g_program=shorewall6', 'g_program=shorewall6',
'g_basedir=/usr/share/shorewall' 'g_basedir=/usr/share/shorewall'

52
Shorewall/Perl/Shorewall/Config.pm
View File

@ -141,6 +141,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
%config %config
%globals %globals
%config_files %config_files
%shorewallrc
@auditoptions @auditoptions
@ -433,7 +434,12 @@ my %converted = ( WIDE_TC_MARKS => 1,
my $omitting; my $omitting;
my @ifstack; my @ifstack;
my $ifstack; my $ifstack;
#
# From .shorewallrc
#
our %shorewallrc;
sub process_shorewallrc();
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:
@ -474,8 +480,8 @@ sub initialize( $ ) {
# #
# Misc Globals # Misc Globals
# #
%globals = ( SHAREDIRPL => '/usr/share/shorewall/' , %globals = ( SHAREDIRPL => '' ,
CONFDIR => '/etc/shorewall', # Run-time configuration directory CONFDIR => '', # Run-time configuration directory
CONFIGDIR => '', # Compile-time configuration directory (location of $product.conf) CONFIGDIR => '', # Compile-time configuration directory (location of $product.conf)
LOGPARMS => '', LOGPARMS => '',
TC_SCRIPT => '', TC_SCRIPT => '',
@ -748,15 +754,24 @@ sub initialize( $ ) {
@actparms = (); @actparms = ();
%shorewallrc = (
SHAREDIR => '/usr/share/',
CONFDIR => '/etc/',
);
process_shorewallrc;
$globals{SHAREDIRPL} = "$shorewallrc{SHAREDIR}/shorewall/";
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
$globals{SHAREDIR} = '/usr/share/shorewall'; $globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall";
$globals{CONFDIR} = '/etc/shorewall'; $globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall";
$globals{PRODUCT} = 'shorewall'; $globals{PRODUCT} = 'shorewall';
$config{IPTABLES} = undef; $config{IPTABLES} = undef;
$validlevels{ULOG} = 'ULOG'; $validlevels{ULOG} = 'ULOG';
} else { } else {
$globals{SHAREDIR} = '/usr/share/shorewall6'; $globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall6";
$globals{CONFDIR} = '/etc/shorewall6'; $globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall6";
$globals{PRODUCT} = 'shorewall6'; $globals{PRODUCT} = 'shorewall6';
$config{IP6TABLES} = undef; $config{IP6TABLES} = undef;
} }
@ -2084,7 +2099,7 @@ sub set_action_param( $$ ) {
# #
# Expand Shell Variables in the passed buffer using %params and @actparms # Expand Shell Variables in the passed buffer using %params and @actparms
# #
sub expand_variables( \$ ) { sub expand_variables( \$;$ ) {
my ( $lineref, $count ) = ( $_[0], 0 ); my ( $lineref, $count ) = ( $_[0], 0 );
# $1 $2 $3 - $4 # $1 $2 $3 - $4
while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) { while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
@ -2098,6 +2113,8 @@ sub expand_variables( \$ ) {
$val = $actparms[$var]; $val = $actparms[$var];
} elsif ( exists $params{$var} ) { } elsif ( exists $params{$var} ) {
$val = $params{$var}; $val = $params{$var};
} elsif ( $_[1] && exists $shorewallrc{$var} ) {
$val = $shorewallrc{$var}
} else { } else {
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var}; fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
$val = $config{$var}; $val = $config{$var};
@ -2259,6 +2276,25 @@ sub read_a_line1() {
} }
} }
sub process_shorewallrc() {
my $home = $ENV{HOME} || `echo ~`;
$shorewallrc{PRODUCT} = $family == F_IPV4 ? 'shorewall' : 'shorewall6';
if ( $home && open_file "$home/.shorewallrc" ) {
while ( read_a_line1 ) {
if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2);
$val = $1 if $val =~ /^\"([^\"]*)\"$/;
expand_variables($val, 1 ) if supplied $val;
$shorewallrc{$var} = $val;
} else {
fatal_error "Unrecognized shorewallrc entry";
}
}
}
}
# #
# Provide the passed default value for the passed configuration variable # Provide the passed default value for the passed configuration variable
# #
@ -3195,7 +3231,7 @@ sub ensure_config_path() {
my $f = "$globals{SHAREDIR}/configpath"; my $f = "$globals{SHAREDIR}/configpath";
$globals{CONFDIR} = "/usr/share/$product/configfiles/" if $> != 0; $globals{CONFDIR} = "$shorewallrc{SHAREDIR}/$product/configfiles/" if $> != 0;
unless ( $config{CONFIG_PATH} ) { unless ( $config{CONFIG_PATH} ) {
fatal_error "$f does not exist" unless -f $f; fatal_error "$f does not exist" unless -f $f;

2
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1039,7 +1039,7 @@ sub validate_tc_class( ) {
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1; fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax}; fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow}; fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow};
fatal_error "The default class ($parentnum) may not have sub-classes" if $devref->{default} == $parentclass; fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
$parentref->{leaf} = 0; $parentref->{leaf} = 0;
$ratemax = $parentref->{rate}; $ratemax = $parentref->{rate};
$ratename = q(the parent class's RATE); $ratename = q(the parent class's RATE);

17
Shorewall/Perl/getparams
View File

@ -33,7 +33,22 @@ else
g_program=shorewall g_program=shorewall
fi fi
. /usr/share/shorewall/lib.cli if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=${CONFDIR}
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
CONFIG_PATH="$2" CONFIG_PATH="$2"

11
Shorewall/Perl/macro.BLACKLIST Normal file
View File

@ -0,0 +1,11 @@
#
# Shorewall version 4 - blacklist Macro
#
# /usr/share/shorewall/macro.blacklist
#
# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
$BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL

21
Shorewall/Perl/prog.footer
View File

@ -85,6 +85,27 @@ g_noroutes=$NOROUTES
g_timestamp=$TIMESTAMP g_timestamp=$TIMESTAMP
g_recovering=$RECOVERING g_recovering=$RECOVERING
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
else
CONFDIR=/etc
SHAREDIR=/usr/share
VARDIR=/var/lib
fi
if [ -n "$TEMPDIR" ]; then
TMPDIR="$TEMPDIR"
export TMPDIR
fi
initialize initialize
if [ -n "$STARTUP_LOG" ]; then if [ -n "$STARTUP_LOG" ]; then

10
Shorewall/init.debian.sh
View File

@ -11,7 +11,6 @@
### END INIT INFO ### END INIT INFO
SRWL=/sbin/shorewall SRWL=/sbin/shorewall
SRWL_OPTS="-tvv" SRWL_OPTS="-tvv"
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
@ -54,10 +53,15 @@ not_configured () {
exit 0 exit 0
} }
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not # check if shorewall is configured or not
if [ -f "/etc/default/shorewall" ] if [ -f "${SYSCONFDIR}/shorewall" ]
then then
. /etc/default/shorewall . ${SYSCONFDIR}/shorewall
SRWL_OPTS="$SRWL_OPTS $OPTIONS" SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ] if [ "$startup" != "1" ]
then then

11
Shorewall/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library. # Source function library.
. /etc/rc.d/init.d/functions . /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall" prog="shorewall"
shorewall="/sbin/$prog" shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog" logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog" lockfile="/var/lock/subsys/$prog"
# Get startup options (override default) # Get startup options (override default)
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then if [ -f ${SYSCONFDIR}/$prog ]; then
. /etc/sysconfig/$prog . ${SYSCONFDIR}/$prog
fi fi
start() { start() {

20
Shorewall/init.sh
View File

@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
# Give Usage Information # # Give Usage Information #
################################################################################ ################################################################################
usage() { usage() {
echo "Usage: $0 start|stop|reload|restart|status" echo "Usage: $0 start|stop|reload|restart|status" >&2
exit 1 exit 1
} }
@ -62,10 +62,14 @@ usage() {
# Get startup options (override default) # Get startup options (override default)
################################################################################ ################################################################################
OPTIONS="-v0" OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall #
elif [ -f /etc/default/shorewall ] ; then # The installer may alter this
. /etc/default/shorewall #
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall ]; then
. ${SYSCONFDIR}/shorewall
fi fi
export SHOREWALL_INIT_SCRIPT=1 export SHOREWALL_INIT_SCRIPT=1
@ -78,13 +82,13 @@ shift
case "$command" in case "$command" in
start) start)
exec /sbin/shorewall $OPTIONS start $STARTOPTIONS exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
;; ;;
restart|reload) restart|reload)
exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
;; ;;
status|stop) status|stop)
exec /sbin/shorewall $OPTIONS $command exec $SBINDIR/shorewall $OPTIONS $command
;; ;;
*) *)
usage usage

846
Shorewall/install.sh
View File

File diff suppressed because it is too large Load Diff

20
Shorewall/lib.cli-std
View File

@ -1353,11 +1353,13 @@ reload_command() # $* = original arguments less the command.
;; ;;
esac esac
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //') config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
[ -n "$temp" ] && litedir="$temp" [ -n "$temp" ] && litedir="$temp"
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //') temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
if [ -n "$temp" ]; then if [ -n "$temp" ]; then
case $temp in case $temp in
@ -1370,6 +1372,14 @@ reload_command() # $* = original arguments less the command.
esac esac
fi fi
temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
if [ -n "$temp" ]; then
sbindir="$temp"
else
sbindir=/sbin
fi
if [ -z "$getcaps" ]; then if [ -z "$getcaps" ]; then
g_shorewalldir=$(resolve_file $directory) g_shorewalldir=$(resolve_file $directory)
ensure_config_path ensure_config_path
@ -1414,15 +1424,15 @@ reload_command() # $* = original arguments less the command.
progress_message3 "Copy complete" progress_message3 "Copy complete"
if [ $COMMAND = reload ]; then if [ $COMMAND = reload ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp restart" && \ rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
progress_message3 "System $system reloaded" || saveit= progress_message3 "System $system reloaded" || saveit=
else else
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp start" && \ rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
progress_message3 "System $system loaded" || saveit= progress_message3 "System $system loaded" || saveit=
fi fi
if [ -n "$saveit" ]; then if [ -n "$saveit" ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp save" && \ rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
progress_message3 "Configuration on system $system saved" progress_message3 "Configuration on system $system saved"
fi fi
fi fi

13
Shorewall/shorewall
View File

@ -27,6 +27,17 @@
################################################################################################ ################################################################################################
g_program=shorewall g_program=shorewall
. /usr/share/shorewall/lib.cli #
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@ shorewall_cli $@

132
Shorewall/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1 "$@" >/dev/null 2>&1
} }
restore_file() # $1 = file to restore split() {
{ local ifs
if [ -f ${1}-shorewall.bkout ]; then ifs=$IFS
if (mv -f ${1}-shorewall.bkout $1); then IFS=:
echo set -- $1
echo "$1 restored" echo $*
else IFS=$ifs
exit 1 }
fi
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi fi
done
return 2
} }
remove_file() # $1 = file to restore remove_file() # $1 = file to restore
@ -60,8 +69,39 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall/version ]; then if [ -f ./.shorewallrc ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/version)" . ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller." echo " and this is the $VERSION uninstaller."
@ -72,62 +112,54 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling shorewall $VERSION" echo "Uninstalling shorewall $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall-lite ]; then if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall-lite ]; then
/sbin/shorewall clear shorewall clear
fi fi
if [ -L /usr/share/shorewall/init ]; then if [ -L ${SHAREDIR}/shorewall/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall/init) FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init)
else elif [ -n "$INITFILE" ]; then
FIREWALL=/etc/init.d/shorewall FIREWALL=/${INITDIR}/${INITFILE}
fi fi
if [ -n "$FIREWALL" ]; then if [ -f "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then if mywhich updaterc.d; then
updaterc.d shorewall remove updaterc.d shorewall remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif mywhich insserv; then
insserv -r $FIREWALL insserv -r $FIREWALL
elif [ -x /sbin/systemctl ]; then elif mywhich systemctl; then
systemctl disable shorewall systemctl disable shorewall
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif mywhich chkconfig; then
chkconfig --del $(basename $FIREWALL) chkconfig --del $(basename $FIREWALL)
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi fi
remove_file $FIREWALL remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout [ -f "$AUXINITFILE" ] && remove_file ${INITDIR}/{$AUXINITFILE}
fi fi
rm -f /sbin/shorewall rm -f ${SBINDIR}/shorewall
rm -f /sbin/shorewall-*.bkout
rm -rf /usr/share/shorewall/version rm -rf ${SHAREDIR}/shorewall/version
rm -rf /etc/shorewall rm -rf ${CONFDIR}/shorewall
rm -rf /etc/shorewall-*.bkout rm -rf ${VARDIR}/shorewall
rm -rf /var/lib/shorewall
rm -rf /var/lib/shorewall-*.bkout
rm -rf ${PERLLIB}/Shorewall/* rm -rf ${PERLLIB}/Shorewall/*
rm -rf ${LIBEXEC}/shorewall rm -rf ${LIBEXEC}/shorewall
rm -rf /usr/share/shorewall/configfiles/ rm -rf ${SHAREDIR}/shorewall/configfiles/
rm -rf /usr/share/shorewall/Samples/ rm -rf ${SHAREDIR}/shorewall/Samples/
rm -rf /usr/share/shorewall/Shorewall/ rm -rf ${SHAREDIR}/shorewall/Shorewall/
rm -f /usr/share/shorewall/lib.cli-std rm -f ${SHAREDIR}/shorewall/lib.cli-std
rm -f /usr/share/shorewall/lib.core rm -f ${SHAREDIR}/shorewall/lib.core
rm -f /usr/share/shorewall/compiler.pl rm -f ${SHAREDIR}/shorewall/compiler.pl
rm -f /usr/share/shorewall/prog.* rm -f ${SHAREDIR}/shorewall/prog.*
rm -f /usr/share/shorewall/module* rm -f ${SHAREDIR}/shorewall/module*
rm -f /usr/share/shorewall/helpers rm -f ${SHAREDIR}/shorewall/helpers
rm -f /usr/share/shorewall/action* rm -f ${SHAREDIR}/shorewall/action*
rm -f /usr/share/shorewall/init rm -f ${SHAREDIR}/shorewall/init
rm -rf /usr/share/shorewall-*.bkout
for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do for f in ${MANDIR}/man5/shorewall* ${MANDIR}/man8/shorewall*; do
case $f in case $f in
shorewall6*|shorewall-lite*) shorewall6*|shorewall-lite*)
;; ;;
@ -137,8 +169,10 @@ for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
esac esac
done done
rm -f /etc/logrotate.d/shorewall rm -f ${CONFDIR}/logrotate.d/shorewall
rm -f /lib/systemd/system/shorewall.service
if [ -n "$SYSTEMD" ]; THEN
rm -f ${SYSTEMD}/shorewall.service
echo "Shorewall Uninstalled" echo "Shorewall Uninstalled"

5
Shorewall6-lite/init.debian.sh
View File

@ -78,6 +78,11 @@ else
not_configured not_configured
fi fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# start the firewall # start the firewall
shorewall6_start () { shorewall6_start () {
echo -n "Starting \"Shorewall6 Lite firewall\": " echo -n "Starting \"Shorewall6 Lite firewall\": "

11
Shorewall6-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library. # Source function library.
. /etc/rc.d/init.d/functions . /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6-lite" prog="shorewall6-lite"
shorewall="/sbin/$prog" shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog" logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog" lockfile="/var/lock/subsys/$prog"
# Get startup options (override default) # Get startup options (override default)
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then if [ -f ${SYSCONFDIR}/$prog ]; then
. /etc/sysconfig/$prog . ${SYSCONFDIR}/$prog
fi fi
start() { start() {

16
Shorewall6-lite/init.sh
View File

@ -61,11 +61,11 @@ usage() {
# Get startup options (override default) # Get startup options (override default)
################################################################################ ################################################################################
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/shorewall6-lite ]; then
. /etc/sysconfig/shorewall6-lite #
elif [ -f /etc/default/shorewall6-lite ] ; then # The installer may alter this
. /etc/default/shorewall6-lite #
fi . /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1 export SHOREWALL_INIT_SCRIPT=1
@ -76,13 +76,13 @@ command="$1"
case "$command" in case "$command" in
start) start)
exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS exec ${SBINDIR}/shorewall6-lite $OPTIONS start $STARTOPTIONS
;; ;;
restart|reload) restart|reload)
exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS exec ${SBINDIR}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
;; ;;
status|stop) status|stop)
exec /sbin/shorewall6-lite $OPTIONS $command $@ exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
;; ;;
*) *)
usage usage

28
Shorewall6-lite/shorewall6-lite
View File

@ -27,6 +27,32 @@
################################################################################################ ################################################################################################
g_program=shorewall6-lite g_program=shorewall6-lite
. /usr/share/shorewall/lib.cli if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@ shorewall_cli $@

100
Shorewall6-lite/uninstall.sh
View File

@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1 "$@" >/dev/null 2>&1
} }
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore remove_file() # $1 = file to restore
{ {
if [ -f $1 -o -L $1 ] ; then if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,39 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall6-lite/version ]; then if [ -f ./.shorewallrc ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6-lite/version)" . ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall6-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller." echo " and this is the $VERSION uninstaller."
@ -60,49 +112,39 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION" echo "Uninstalling Shorewall Lite $VERSION"
if qt ip6tables -L shorewall -n && [ ! -f /sbin/shorewall6 ]; then if qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR)/shorewall6 ]; then
/sbin/shorewall6-lite clear ${SBINDIR}/shorewall6-lite clear
fi fi
if [ -L /usr/share/shorewall6-lite/init ]; then if [ -l ${SHAREDIR}/shorewall6-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6-lite/init) FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
else elif [ -n "$INITFILE" ]; then
FIREWALL=/etc/init.d/shorewall6-lite FIREWALL=${INITDIR}/${INITFILE}
fi fi
if [ -n "$FIREWALL" ]; then if [ -f "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then if mywhich updaterc.d ; then
updaterc.d shorewall6-lite remove updaterc.d shorewall6-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif mywhich insserv ; then
insserv -r $FIREWALL insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL) chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then elif mywhich systemctl ; then
systemctl disable shorewall6-lite systemctl disable shorewall6-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi fi
remove_file $FIREWALL remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi fi
rm -f /sbin/shorewall6-lite rm -f ${SBINDIR}/shorewall6-lite
rm -f /sbin/shorewall6-lite-*.bkout rm -rf ${CONFDIR}/shorewall6-lite
rm -rf ${VARDIR}/shorewall6-lite
rm -rf /etc/shorewall6-lite rm -rf ${SHAREDIR}/shorewall6-lite
rm -rf /etc/shorewall6-lite-*.bkout
rm -rf /var/lib/shorewall6-lite
rm -rf /var/lib/shorewall6-lite-*.bkout
rm -rf /usr/share/shorewall6-lite
rm -rf ${LIBEXEC}/shorewall6-lite rm -rf ${LIBEXEC}/shorewall6-lite
rm -rf /usr/share/shorewall6-lite-*.bkout rm -f ${CONFDIR}/logrotate.d/shorewall6-lite
rm -f /etc/logrotate.d/shorewall6-lite [ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6-lite.service
rm -f /lib/systemd/system/shorewall6-lite.service
echo "Shorewall6 Lite Uninstalled" echo "Shorewall6 Lite Uninstalled"

9
Shorewall6/init.debian.sh
View File

@ -54,10 +54,15 @@ not_configured () {
exit 0 exit 0
} }
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not # check if shorewall is configured or not
if [ -f "/etc/default/shorewall6" ] if [ -f "${SYSCONFDIR}/shorewall6" ]
then then
. /etc/default/shorewall6 . ${SYSCONFDIR}/shorewall6
SRWL_OPTS="$SRWL_OPTS $OPTIONS" SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ] if [ "$startup" != "1" ]
then then

11
Shorewall6/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library. # Source function library.
. /etc/rc.d/init.d/functions . /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6" prog="shorewall6"
shorewall="/sbin/$prog" shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog" logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog" lockfile="/var/lock/subsys/$prog"
# Get startup options (override default) # Get startup options (override default)
OPTIONS= OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then if [ -f ${SYSCONFDIR}/$prog ]; then
. /etc/sysconfig/$prog . ${SYSCONFDIR}/$prog
fi fi
start() { start() {

16
Shorewall6/init.sh
View File

@ -62,11 +62,11 @@ usage() {
# Get startup options (override default) # Get startup options (override default)
################################################################################ ################################################################################
OPTIONS="-v0" OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall6 ]; then
. /etc/sysconfig/shorewall6 #
elif [ -f /etc/default/shorewall6 ] ; then # The installer may alter this
. /etc/default/shorewall6 #
fi . /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1 export SHOREWALL_INIT_SCRIPT=1
@ -77,13 +77,13 @@ command="$1"
case "$command" in case "$command" in
start) start)
exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS exec ${SBINDIR}/shorewall6 $OPTIONS start $STARTOPTIONS
;; ;;
restart|reload) restart|reload)
exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS exec ${SBINDIR}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
;; ;;
status|stop) status|stop)
exec /sbin/shorewall6 $OPTIONS $command $@ exec ${SBINDIR}/shorewall6 $OPTIONS $command $@
;; ;;
*) *)
usage usage

20
Shorewall6/shorewall6
View File

@ -27,6 +27,24 @@
################################################################################################ ################################################################################################
g_program=shorewall6 g_program=shorewall6
. /usr/share/shorewall/lib.cli if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@ shorewall_cli $@

106
Shorewall6/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1 "$@" >/dev/null 2>&1
} }
restore_file() # $1 = file to restore split() {
{ local ifs
if [ -f ${1}-shorewall.bkout ]; then ifs=$IFS
if (mv -f ${1}-shorewall.bkout $1); then IFS=:
echo set -- $1
echo "$1 restored" echo $*
else IFS=$ifs
exit 1 }
fi
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi fi
done
return 2
} }
remove_file() # $1 = file to restore remove_file() # $1 = file to restore
@ -60,7 +69,38 @@ remove_file() # $1 = file to restore
fi fi
} }
if [ -f /usr/share/shorewall6/version ]; then if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHARDIR}/shorewall6/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)" INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed" echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed"
@ -72,49 +112,39 @@ else
VERSION="" VERSION=""
fi fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling shorewall6 $VERSION" echo "Uninstalling shorewall6 $VERSION"
if qt ip6tables -L shorewall6 -n && [ ! -f /sbin/shorewall6-lite ]; then if qt ip6tables -L shorewall6 -n && [ ! -f ${SBINDIR}/shorewall6-lite ]; then
/sbin/shorewall6 clear ${SBINDIR}/shorewall6 clear
fi fi
if [ -L /usr/share/shorewall6/init ]; then if [ -L ${SHAREDIR}/shorewall6/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6/init) FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init)
else elif [ -n "$INITFILE" ]; then
FIREWALL=/etc/init.d/shorewall6 FIREWALL=${INITDIR}/${INITFILE}
fi fi
if [ -n "$FIREWALL" ]; then if [ -f "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then if mywhich updaterc.d ; then
updaterc.d shorewall6 remove updaterc.d shorewall6 remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then elif mywhich insserv ; then
insserv -r $FIREWALL insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL) chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then elif mywhich systemctl ; then
systemctl disable shorewall6 systemctl disable shorewall6
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi fi
remove_file $FIREWALL remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi fi
rm -f /sbin/shorewall6 rm -f ${SBINDIR}/shorewall6
rm -f /sbin/shorewall6-*.bkout rm -rf ${CONFDIR}/shorewall6
rm -rf ${VARDIR}/shorewall6
rm -rf /etc/shorewall6
rm -rf /etc/shorewall6-*.bkout
rm -rf /var/lib/shorewall6
rm -rf /var/lib/shorewall6-*.bkout
rm -rf ${LIBEXEC}/shorewall6 rm -rf ${LIBEXEC}/shorewall6
rm -rf /usr/share/shorewall6 rm -rf ${SHAREDIR}/shorewall6
rm -rf /usr/share/shorewall6-*.bkout
for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do for f in ${MANDIR}/man5/shorewall6* ${SHAREDIR}/man/man8/shorewall6*; do
case $f in case $f in
shorewall6-lite*) shorewall6-lite*)
;; ;;
@ -123,8 +153,8 @@ for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
esac esac
done done
rm -f /etc/logrotate.d/shorewall6 rm -f ${CONFDIR}/logrotate.d/shorewall6
rm -f /lib/systemd/system/shorewall6.service [ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6.service
echo "Shorewall6 Uninstalled" echo "Shorewall6 Uninstalled"

567
docs/Install.xml
View File

@ -137,6 +137,499 @@
<section id="Install_Tarball"> <section id="Install_Tarball">
<title>Install using tarball</title> <title>Install using tarball</title>
<section>
<title>Versions 4.5.2 and Later</title>
<para>Shorewall 4.5.2 introduced a change in the philosopy used by the
Shorewall installers. 4.5.2 introduced the concept of
<firstterm>shorewallrc files</firstterm>. These files define the
parameters to the install process. During the first installation using
<emphasis role="bold">Shorewall-core</emphasis> 4.5.2 or later, a
shorewallrc file named ${HOME}/.shorewallrc will be installed. That file
will provide the default parameters for installing other Shorewall
components of the same or later verion.</para>
<para>Note that <emphasis role="bold">you must install Shorewall-core
before installing any other Shorewall package</emphasis>.</para>
<para>Each of the Shorewall packages contains a set of
distribution-specific shorewallrc files:</para>
<itemizedlist>
<listitem>
<para>shorewallrc.apple (OS X)</para>
</listitem>
<listitem>
<para>shorewallrc.archlinux</para>
</listitem>
<listitem>
<para>shorewallrc.cygwin (Cygwin running on Windows)</para>
</listitem>
<listitem>
<para>shorewallrc.debian (Debian and derivatives)</para>
</listitem>
<listitem>
<para>shoreallrc.default (Generic Linux)</para>
</listitem>
<listitem>
<para>shorewallrc.redhat (Fedora, RHEL and derivatives)</para>
</listitem>
<listitem>
<para>shorewallrc.slackware</para>
</listitem>
<listitem>
<para>shorewallrc.suse (SLES and OpenSuSE)</para>
</listitem>
</itemizedlist>
<para>When installing 4.5.2 or later for the first time, a special
procedure must be followed:</para>
<orderedlist>
<listitem>
<para>Select the shorewallrc file that is closest to your
needs.</para>
</listitem>
<listitem>
<para>Review the settings in the file.</para>
</listitem>
<listitem>
<para>If you want to change something then you have two
choices:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Copy the file to shorewallrc and edit the copy to meet
your needs; or</para>
</listitem>
<listitem>
<para>If the system has bash (/bin/bash) installed, you can run
./configure (see below)</para>
</listitem>
<listitem>
<para>./install.sh</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>If you don't need to change the file, then simply:</para>
<simplelist>
<member>./install.sh
<replaceable>shorewallrcfile-that-meets-your-needs</replaceable></member>
<member></member>
<member>Example: <command>./install
shorewallrc.debian</command></member>
</simplelist>
</listitem>
</orderedlist>
<para>The shorewall-core install.sh script will store the shorewallrc
file in ~/.shorewallrc where it will provide the defaults for future
installations of all Shorewall products. Other packages/versions can be
installed by simply typing</para>
<simplelist>
<member><command>./install.sh</command></member>
</simplelist>
<section>
<title>Settings in a shorewallrc file</title>
<para>A shorewallrc file contains a number of lines of the form
<replaceable>option</replaceable>=<replaceable>value.</replaceable>
Because some of the installers are shared between Shorewall products,
the files assume the definition of the symbol PRODUCT. $PRODUCT will
contain the name of a Shorewall product (shorewall-core, shorewall,
shorewall6, shorewall-lite, shorewall6-lite or shorewall-init).</para>
<para>Valid values for <replaceable>option</replaceable> are:</para>
<variablelist>
<varlistentry>
<term>HOST</term>
<listitem>
<para>Selects the shorewallrc file to use for default settings.
Valid values are:</para>
<variablelist>
<varlistentry>
<term>apple</term>
<listitem>
<para>OS X</para>
</listitem>
</varlistentry>
<varlistentry>
<term>archlinux</term>
<listitem>
<para>Archlinux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>cygwin</term>
<listitem>
<para>Cygwin running under Windows</para>
</listitem>
</varlistentry>
<varlistentry>
<term>debian</term>
<listitem>
<para>Debian and derivatives (Ubuntu, Kbuntu, etc)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>default</term>
<listitem>
<para>Generic Linux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>redhat</term>
<listitem>
<para>Fedora, RHEL and derivatives (CentOS, Foobar,
etc)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>slackware</term>
<listitem>
<para>Slackware Linux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>suse</term>
<listitem>
<para>SLES and OpenSuSe</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term>PREFIX</term>
<listitem>
<para>Top-level directory under which most Shorewall components
are installed. All standard shorewallrc files define this as
<emphasis role="bold">\usr</emphasis>. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>SHAREDIR</term>
<listitem>
<para>The directory where most Shorewall components are
installed. In all of the standard shorewallrc file, this option
has the value <emphasis
role="bold">${PREFIX}/share</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>LIBEXECDIR</term>
<listitem>
<para>Directory where internal executables are stored. In the
standard shorewallrc files, the default is either <emphasis
role="bold">${PREFIX}/share</emphasis> or <emphasis
role="bold">${PREFIX}/libexec</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
<term>PERLLIBDIR</term>
<listitem>
<para>Directory where the Shorewall Perl modules are installed.
Then will be installed in this directory under the sub-directory
Shorewall. Default is distribution-specific.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CONFDIR</term>
<listitem>
<para>Directory where subsystem configuration data is stored.
Default is <emphasis role="bold">/etc</emphasis> in all
shorewallrc file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SBINDIR</term>
<listitem>
<para>Directory where CLI programs will be installed. Default in
all shorewallrc files is /<emphasis
role="bold">sbin</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>MANDIR</term>
<listitem>
<para>Directory under which manpages are to be installed.
Default is distribution dependent.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITDIR</term>
<listitem>
<para>Directory under which SysV init scripts are installed.
Default is distribution dependent.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITSOURCE</term>
<listitem>
<para>File in the package that is to be installed as the SysV
init script for the product.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITFILE</term>
<listitem>
<para>The name of the SysV init script when installed under
$INITDIR. May be empty, in which case no SysV init script will
be installed. This is usually the case on systems that run
systemd and on systems like Cygwin or OS X where Shorewall can't
act as a firewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>AUXINITSOURCE and AUXINITFILE</term>
<listitem>
<para>Analogs of INITSOURCE and INITFILE for distributions, like
Slackware, that have a master SysV init script and multiple
subordinate scripts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSTEMD</term>
<listitem>
<para>The directory under which the product's .service file is
to be installed. Should only be specified on systems running
systemd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSCONFDIR</term>
<listitem>
<para>The directory where package SysV init configuration files
are to be installed. <emphasis
role="bold">/etc/default</emphasis> on Debian and derivatives
and <emphasis role="bold">/etc/sysconfig</emphasis>
otherwise</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSCONFFILE</term>
<listitem>
<para>The file in the Shorewall package that should be installed
as ${SYSCONFDIR}/$PRODUCT</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ANNOTATED</term>
<listitem>
<para>Value is either empty or non-empty. Non-empty indicates
that files in ${CONFDIR}/${PRODUCT} should be annotated with
manpage documentation.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SPARSE</term>
<listitem>
<para>Value is either empty or non-empty. When non-empty, only
${PRODUCT}.conf will be installed in
${CONFDIR}/${PRODUCT}</para>
</listitem>
</varlistentry>
<varlistentry>
<term>VARDIR</term>
<listitem>
<para>Directory where subsystem state data is to be stored.
Default is <emphasis role="bold">/var/lib</emphasis>.</para>
</listitem>
</varlistentry>
</variablelist>
</section>
<section>
<title>configure Script</title>
<para>The configure script creates a file named
<filename>shorewallrc</filename> in the current working directory.
This file is the default input file to the
i<command>nstall.sh</command> scripts. It is run as follows:</para>
<simplelist>
<member><command>./configure</command> [
<replaceable>option</replaceable>=<replaceable>value</replaceable> ]
...</member>
</simplelist>
<para>The possible values for option are the same as those shone above
in the shorewallrc file. They may be specified in either upper or
lower case and may optionally be prefixed by '--'. To facilitate use
with the rpm %configure script, the following options are
supported:</para>
<variablelist>
<varlistentry>
<term>vendor</term>
<listitem>
<para>Alias for <emphasis role="bold">host</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sharedstatedir</term>
<listitem>
<para>Alias for <emphasis role="bold">vardir</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datadir</term>
<listitem>
<para>Alias for <emphasis
role="bold">sharedir</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sysconfdir</term>
<listitem>
<para>Alias for <emphasis role="bold">confdir</emphasis>.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Note that %configure may dsgenerate option/value pairs that are
incompatible with the <command>configure</command> script. The current
%configure macro is:</para>
<programlisting>%configure \
CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%optflags}" ; export FFLAGS ; \
./configure --host=%{_host} --build=%{_build} \\\
--target=%{_target_platform} \\\
--program-prefix=%{?_program_prefix} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
</programlisting>
<para>On Fedora 16, this expands to:</para>
<programlisting> CFLAGS="${CFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CFLAGS ;
CXXFLAGS="${CXXFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CXXFLAGS ;
FFLAGS="${FFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export FFLAGS ;
./configure <emphasis role="bold">--host=i686-pc-linux-gnu</emphasis> --build=i686-pc-linux-gnu \
--program-prefix= \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--includedir=/usr/include \
--libdir=/usr/lib \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--sharedstatedir=/var/lib \
--mandir=/usr/share/man \
--infodir=/usr/share/info
</programlisting>
<para>The value of <emphasis role="bold">--host </emphasis>does not
map to any of the valid HOST values in shorewallrc. So to use
%configure on a Fedora system, you want to invoke it as
follows:</para>
<programlisting><command>%configure --vendor=redhat</command></programlisting>
<para>To reset the value of a setting in shorewallrc.$host, give it a
null value. For example, if you are installing on a RHEL derivative
that doesn't run systemd, use this command:</para>
<programlisting><command>./configure --vendor=redhat --systemd=</command></programlisting>
</section>
</section>
<section>
<title>Versions 4.5.1 and Earlier</title>
<para>Beginning with Shorewall-4.5.0, the Shorewall packages depend on <para>Beginning with Shorewall-4.5.0, the Shorewall packages depend on
Shorewall-core. So the first step is to install that package:</para> Shorewall-core. So the first step is to install that package:</para>
@ -182,9 +675,9 @@
<para>The <emphasis role="bold">-s</emphasis> option supresses <para>The <emphasis role="bold">-s</emphasis> option supresses
installation of all files in <filename installation of all files in <filename
class="directory">/etc/shorewall</filename> except class="directory">/etc/shorewall</filename> except
<filename>shorewall.conf</filename>. You can copy any other files you <filename>shorewall.conf</filename>. You can copy any other files
need from one of the <ulink url="GettingStarted.html">Samples</ulink> you need from one of the <ulink
or from <filename url="GettingStarted.html">Samples</ulink> or from <filename
class="directory">/usr/share/shorewall/configfiles/</filename>.</para> class="directory">/usr/share/shorewall/configfiles/</filename>.</para>
</listitem> </listitem>
@ -198,10 +691,10 @@
<para>Beginning with shorewall 4.4.20.1, the installer also supports a <para>Beginning with shorewall 4.4.20.1, the installer also supports a
<option>-a</option> (annotated) option. Beginning with that release, the <option>-a</option> (annotated) option. Beginning with that release, the
standard configuration files (including samples) may be annotated with the standard configuration files (including samples) may be annotated with
contents of the associated manpage. The <option>-a</option> option enables the contents of the associated manpage. The <option>-a</option> option
that behavior. The default remains that the configuration files do not enables that behavior. The default remains that the configuration files
include documentation.</para> do not include documentation.</para>
<section> <section>
<title>Executables in /usr and Perl Modules</title> <title>Executables in /usr and Perl Modules</title>
@ -243,29 +736,29 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>To allow distributions to designate alternate locations for these <para>To allow distributions to designate alternate locations for
files, the installers (install.sh) from 4.4.19 onward support the these files, the installers (install.sh) from 4.4.19 onward support
following environmental variables:</para> the following environmental variables:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>LIBEXEC</term> <term>LIBEXEC</term>
<listitem> <listitem>
<para>Determines where in /usr getparams, compiler.pl, wait4ifup, <para>Determines where in /usr getparams, compiler.pl,
shorecap and ifupdown are installed. Shorewall and Shorewall6 must wait4ifup, shorecap and ifupdown are installed. Shorewall and
be installed with the same value of LIBEXEC. The listed Shorewall6 must be installed with the same value of LIBEXEC. The
executables are installed in listed executables are installed in
<filename>/usr/${LIBEXEC}/shorewall*</filename>. The default value <filename>/usr/${LIBEXEC}/shorewall*</filename>. The default
of LIBEXEC is 'share'. LIBEXEC is recognized by all installers and value of LIBEXEC is 'share'. LIBEXEC is recognized by all
uninstallers.</para> installers and uninstallers.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an absolute <para>Beginning with Shorewall 4.4.20, you can specify an
path name for LIBEXEC, in which case the listed executables will absolute path name for LIBEXEC, in which case the listed
be installed in ${LIBEXEC}/shorewall*.</para> executables will be installed in ${LIBEXEC}/shorewall*.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an absolute <para>Beginning with Shorewall 4.5.1, you must specify an
pathname for LIBEXEC.</para> absolute pathname for LIBEXEC.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -273,19 +766,20 @@
<term>PERLLIB</term> <term>PERLLIB</term>
<listitem> <listitem>
<para>Determines where in <filename>/usr </filename>the Shorewall <para>Determines where in <filename>/usr </filename>the
Perl modules are installed. Shorewall and Shorewall6 must be Shorewall Perl modules are installed. Shorewall and Shorewall6
installed with the same value of PERLLIB. The modules are must be installed with the same value of PERLLIB. The modules
installed in <filename>/usr/${PERLLIB}/Shorewall</filename>. The are installed in <filename>/usr/${PERLLIB}/Shorewall</filename>.
default value of PERLLIB is 'share/shorewall'. PERLLIB is only The default value of PERLLIB is 'share/shorewall'. PERLLIB is
recognized by the Shorewall and Shorewall6 installers.</para> only recognized by the Shorewall and Shorewall6
installers.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an absolute <para>Beginning with Shorewall 4.4.20, you can specify an
path name for PERLLIB, in which case the Shorewall Perl modules absolute path name for PERLLIB, in which case the Shorewall Perl
will be installed in ${PERLLIB}/Shorewall/.</para> modules will be installed in ${PERLLIB}/Shorewall/.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an absolute <para>Beginning with Shorewall 4.5.1, you must specify an
pathname for PERLLIB.</para> absolute pathname for PERLLIB.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -303,9 +797,9 @@
<section id="Locations"> <section id="Locations">
<title>Default Install Locations</title> <title>Default Install Locations</title>
<para>The default install locations are distribution dependent as shown <para>The default install locations are distribution dependent as
in the following sections. These are the locations that are chosen by shown in the following sections. These are the locations that are
the install.sh scripts.</para> chosen by the install.sh scripts.</para>
<section> <section>
<title>All Distributions</title> <title>All Distributions</title>
@ -589,6 +1083,7 @@
</section> </section>
</section> </section>
</section> </section>
</section>
<section id="Debian"> <section id="Debian">
<title>Install the .deb</title> <title>Install the .deb</title>