extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 12:20:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into 4.5.2

Browse Source
This commit is contained in:
Tom Eastep 2012-03-31 20:03:57 -07:00
commit c616e203df
50 changed files with 2738 additions and 1442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
Shorewall-core/configure vendored Executable file
View File

@ -0,0 +1,127 @@
#!/bin/bash
#
# Shorewall Packet Filtering Firewall RPM configuration program - V4.5
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at http://www.shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Usage: ./configure <vendor> [ <option>=<setting> ] ...
#
#
################################################################################################
declare -A params
declare -A options
getfileparams() {
while read option; do
case $option in
\#*)
;;
*)
on=${option%=*}
ov=${option#*=}
ov=${ov%#*}
[ -n "$on" ] && options[${on}]="${ov}"
;;
esac
done
return 0
}
if [ $# -eq 0 ]; then
echo "Usage: $0 <var>=<val> ..." >&2
exit 1
fi
for p in $@; do
p=${p#--}
if [ -n "${p}" ]; then
declare -u pn
pn=${p%=*}
pv=${p#*=}
if [ -n "${pn}" ]; then
case ${pn} in
VENDOR)
pn=HOST
;;
SHAREDSTATEDIR)
pn=VARDIR
;;
DATADIR)
pn=SHAREDIR
;;
SYSCONFDIR)
pn=CONFDIR
;;
esac
params[${pn}]="${pv}"
fi
fi
done
vendor=${params[HOST]}
if [ -z "$vendor" ]; then
rcfile=shorewallrc.default
vendor=linux
else
rcfile=shorewallrc.$vendor
fi
getfileparams < $rcfile || exit 1
for p in ${!params[@]}; do
options[${p}]="${params[${p}]}"
options[${p}]="${params[${p}]}"
done
echo "HOST=$vendor" > shorewallrc
for on in \
PREFIX \
SHAREDIR \
LIBEXECDIR \
PERLLIBDIR \
CONFDIR \
SBINDIR \
MANDIR \
INITDIR \
INITSOURCE \
INITFILE \
AUXINITSOURCE \
AUXINITFILE \
SYSTEMD \
SYSCONFILE \
SYSCONFDIR \
ANNOTATED \
VARDIR
do
echo "$on=${options[${on}]}" >> shorewallrc
done
cat shorewallrc

213
Shorewall-core/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ] "
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -85,43 +91,87 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2}
}
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
# ARGS is "yes" if we've already parsed an argument
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc
file=~/.shorewallrc
elif [ -f ./.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
file=/usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
require $var
done
[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
T="-T"
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
case "$PERLLIB" in
/*)
;;
*)
echo "The PERLLIB setting must be an absolute path name" >&2
exit 1
;;
esac
INSTALLD='-D'
if [ -z "$BUILD" ]; then
@ -180,41 +230,6 @@ esac
OWNERSHIP="-o $OWNER -g $GROUP"
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
[ -n "$option" ] && usage 1
finished=1
;;
esac
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
#
# Determine where to install the firewall script
#
@ -236,6 +251,23 @@ case "$HOST" in
;;
esac
if [ -z "$file" ]; then
if $HOST = linux; then
file=shorewallrc.default
else
file=shorewallrc.${HOST}
fi
echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
echo "" >&2
echo "Example:" >&2
echo "" >&2
echo " ./install.sh $file" &>2
fi
if [ -n "$DESTDIR" ]; then
if [ $BUILD != cygwin ]; then
if [ `id -u` != 0 ] ; then
@ -245,56 +277,55 @@ if [ -n "$DESTDIR" ]; then
fi
fi
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
echo "Installing Shorewall Core Version $VERSION"
#
# Create /usr/share/shorewall
#
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
chmod 755 ${DESTDIR}${LIBEXEC}/shorewall
mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
if [ $LIBEXEC != /usr/shorewall/ ]; then
mkdir -p ${DESTDIR}/usr/share/shorewall
chmod 755 ${DESTDIR}/usr/share/shorewall
fi
mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
#
# Install wait4ifup
#
install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755
install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
echo
echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup"
echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
#
# Install the libraries
#
for f in lib.* ; do
install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f"
install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
done
if [ $BUILD != apple ]; then
eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
else
eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
fi
#
# Symbolically link 'functions' to lib.base
#
ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions
ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
#
# Create the version file
#
echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion
chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion
echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
if [ ${SHAREDIR} != /usr/share ]; then
for f in lib.*; do
if [ $BUILD != apple ]; then
eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/$f
else
eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/$f
fi
done
fi
#
# Report Success
#

47
Shorewall-core/lib.base
View File

@ -32,45 +32,60 @@ SHOREWALL_CAPVERSION=40502
[ -n "${g_program:=shorewall}" ]
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_vardir="$VARDIR"
g_readrc=1
fi
case $g_program in
shorewall)
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
SHAREDIR=${SHAREDIR}/shorewall
CONFDIR=${CONFDIR}/shorewall
g_product="Shorewall"
g_family=4
g_tool=
g_basedir=/usr/share/shorewall
g_basedir=${SHAREDIR}/shorewall
g_lite=
;;
shorewall6)
SHAREDIR=/usr/share/shorewall6
CONFDIR=/etc/shorewall6
SHAREDIR=${SHAREDIR}/shorewall6
CONFDIR=${CONFDIR}/shorewall6
g_product="Shorewall6"
g_family=6
g_tool=
g_basedir=/usr/share/shorewall
g_basedir=${SHAREDIR}/shorewall
g_lite=
;;
shorewall-lite)
SHAREDIR=/usr/share/shorewall-lite
CONFDIR=/etc/shorewall-lite
SHAREDIR=${SHAREDIR}/shorewall-lite
CONFDIR=${CONFDIR}/shorewall-lite
g_product="Shorewall Lite"
g_family=4
g_tool=iptables
g_basedir=/usr/share/shorewall-lite
g_basedir=${SHAREDIR}/shorewall-lite
g_lite=Yes
;;
shorewall6-lite)
SHAREDIR=/usr/share/shorewall6-lite
CONFDIR=/etc/shorewall6-lite
SHAREDIR=${SHAREDIR}/shorewall6-lite
CONFDIR=${CONFDIR}/shorewall6-lite
g_product="Shorewall6 Lite"
g_family=6
g_tool=ip6tables
g_basedir=/usr/share/shorewall6-lite
g_basedir=${SHAREDIR}/shorewall6-lite
g_lite=Yes
;;
esac
VARDIR=${VARDIR}/${g_program}
#
# Conditionally produce message
#
@ -186,7 +201,7 @@ mutex_off()
rm -f ${LOCKFILE:=${VARDIR}/lock}
}
[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common
[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
#
# Validate an IP address
@ -455,14 +470,14 @@ mktempfile() {
else
case "$MKTEMP" in
BSD)
mktemp /tmp/shorewall.XXXXXX
mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
;;
STD)
mktemp -t shorewall.XXXXXX
;;
None)
rm -f /tmp/shorewall-$$
> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
rm -f ${TMPDIR:-/tmp}/shorewall-$$
> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
;;
*)
error_message "ERROR:Internal error in mktempfile"

22
Shorewall-core/lib.cli
View File

@ -23,7 +23,21 @@
# This library contains the command processing code common to /sbin/shorewall[6] and
# /sbin/shorewall[6]-lite.
#
. /usr/share/shorewall/lib.base
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
fi
. ${g_sharedir}/shorewall/lib.base
#
# Fatal Error
#
@ -842,11 +856,13 @@ show_command() {
echo "CONFIG_PATH=$CONFIG_PATH"
echo "VARDIR=$VARDIR"
echo "LIBEXEC=$g_libexec"
echo "SBINDIR=$g_sbindir"
[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
else
echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "Default VARDIR is /var/lib/$g_program"
echo "LIBEXEC is $g_libexec"
echo "SBINDIR is $g_sbindir"
[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
fi
;;
@ -2958,14 +2974,12 @@ shorewall_cli() {
g_annotate=
g_recovering=
g_timestamp=
g_libexec=/usr/share
g_perllib=/usr/share/shorewall
g_shorewalldir=
VERBOSE=
VERBOSITY=
[ -n "$g_lite" ] || . /usr/share/shorewall/lib.cli-std
[ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
finished=0

20
Shorewall-core/shorewallrc.apple Normal file
View File

@ -0,0 +1,20 @@
#
# Apple OS X Shorewall 4.5 rc file
#
BUILD=apple
HOST=apple
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

19
Shorewall-core/shorewallrc.archlinux Normal file
View File

@ -0,0 +1,19 @@
#
# Archlinux Shorewall 4.5 rc file
#
BUILD=archlinux
HOST=archlinux
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSCONFDIR=
SYSTEMD=
VARDIR=/var/lib

20
Shorewall-core/shorewallrc.cygwin Normal file
View File

@ -0,0 +1,20 @@
#
# Cygwin Shorewall 4.5 rc file
#
BUILD=cygwin
HOST=cygwin
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/bin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/init.d
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.debian Normal file
View File

@ -0,0 +1,21 @@
#
# Debian Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=debian
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.debian.sh
ANNOTATED=
SYSCONFFILE=default.debian
SYSCONFDIR=/etc/default
SYSTEMD=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.default Normal file
View File

@ -0,0 +1,21 @@
#
# Default Shorewall 4.5 rc file
#
HOST= #Default is to detect the host system
BUILD= #Default is to detect the build system
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
SPARSE=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.redhat Normal file
View File

@ -0,0 +1,21 @@
#
# RedHat/FedoraShorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=redhat
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=/usr/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d/init.d
INITFILE=$PRODUCT
INITSOURCE=init.fedora.sh
ANNOTATED=
SYSTEMD=/lib/systemd/system
SYSCONFFILE=sysconfig
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

22
Shorewall-core/shorewallrc.slackware Normal file
View File

@ -0,0 +1,22 @@
#
# Slackware Shorewall 4.5 rc file
#
BUILD=slackware
HOST=slackware
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/rc.d
INITSOURCE=init.slackware.firewall
INITFILE=rc.firewall
AUXINITSOURCE=init.slackware.$PRODUCT
AUXINITFILE=rc.$PRODUCT
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
ANNOTATED=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.suse Normal file
View File

@ -0,0 +1,21 @@
#
# SuSE Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=suse
PREFIX=/usr
CONFDIR=/etc
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/lib
PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man/
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

28
Shorewall-core/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -60,8 +60,25 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,12 +89,9 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling Shorewall Core $VERSION"
rm -rf /usr/share/shorewall
rm -rf ${SHAREDIR}/shorewall
echo "Shorewall Core Uninstalled"

9
Shorewall-init/ifupdown.sh
View File

@ -71,6 +71,11 @@ Debian_SuSE_ppp() {
IFUPDOWN=0
PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then
@ -182,10 +187,8 @@ else
fi
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x $VARDIR/firewall ]; then
( . /usr/share/$PRODUCT/lib.base
( . ${SHAREDIR}/shorewall/lib.base
mutex_on
${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
mutex_off

9
Shorewall-init/init.debian.sh
View File

@ -62,10 +62,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not
if [ -f "/etc/default/shorewall-init" ]
if [ -f "$SYSCONFDIR/shorewall-init" ]
then
. /etc/default/shorewall-init
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]
then
not_configured

21
Shorewall-init/init.fedora.sh
View File

@ -13,6 +13,15 @@
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
#determine where the files were installed
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SBINDIR=/sbin
SYSCONFDIR=/etc/default
VARDIR=/var/lib
fi
prog="shorewall-init"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/shorewall-init"
@ -44,10 +53,8 @@ start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall stop 2>&1 | $logger
if [ -x ${VARDIR}/$product/firewall ]; then
${VARDIR}/$product/firewall stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi
@ -70,10 +77,8 @@ stop () {
echo -n "Clearing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall clear 2>&1 | $logger
if [ -x ${VARDIR}/$product/firewall ]; then
${VARDIR}/$product/firewall clear 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi

11
Shorewall-init/init.sh
View File

@ -53,6 +53,11 @@ else
exit 0
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# Initialize the firewall
shorewall_start () {
local PRODUCT
@ -60,10 +65,8 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || echo_notdone
fi
fi
@ -83,8 +86,6 @@ shorewall_stop () {
echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall clear || exit 1
fi

202
Shorewall-init/install.sh
View File

@ -28,12 +28,18 @@ VERSION=xxx #The Build script inserts the actual version.
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -76,9 +82,9 @@ cant_autostart()
echo "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
}
delete_file() # $1 = file to delete
require()
{
rm -f $1
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
install_file() # $1 = source $2 = target $3 = mode
@ -88,44 +94,78 @@ install_file() # $1 = source $2 = target $3 = mode
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
PRODUCT=shorewall-init
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
finished=0
while [ $# -gt 0 ] ; do
while [ $finished -eq 0 ] ; do
case "$1" in
-h|help|?)
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
-v)
echo "Shorewall Init Installer Version $VERSION"
v)
echo "Shorewall-init Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
#
# Load packager's settings if any
#
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=./.shorewallrc
else
fatal_error "No configuration file specified and ~/.shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
require $var
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=/usr/share}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
INITFILE="shorewall-init"
if [ -z "$BUILD" ]; then
case $(uname) in
cygwin*)
@ -174,11 +214,9 @@ OWNERSHIP="-o $OWNER -g $GROUP"
case "$HOST" in
debian)
echo "Installing Debian-specific configuration..."
SPARSE=yes
;;
redhat|redhat)
echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;;
slackware)
echo "Shorewall-init is currently not supported on Slackware" >&2
@ -202,10 +240,6 @@ esac
[ -z "$TARGET" ] && TARGET=$HOST
if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
INITDIR="/etc/init.d"
fi
if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root."
@ -215,57 +249,44 @@ if [ -n "$DESTDIR" ]; then
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
fi
if [ -z "$DESTDIR" ]; then
if [ -d /lib/systemd/system ]; then
SYSTEMD=Yes
INITFILE=
fi
elif [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system
INITFILE=
fi
echo "Installing Shorewall Init Version $VERSION"
#
# Check for /usr/share/shorewall-init/version
#
if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
first_install=""
else
first_install="Yes"
fi
#
# Install the Firewall Script
#
if [ -n "$INITFILE" ]; then
#
# Install the Init Script
#
case $TARGET in
debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
*)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
esac
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
if [ -n "${AUXINITSOURCE}" ]; then
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
fi
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
fi
#
# Install the .service file
#
if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
mkdir -p ${DESTDIR}${SYSTEMD}
run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/sbin/
chmod 755 ${DESTDIR}/sbin
mkdir -p ${DESTDIR}${SBINDIR}
chmod 755 ${DESTDIR}${SBINDIR}
fi
run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}/sbin/shorewall-init
echo "CLI installed as ${DESTDIR}/sbin/shorewall-init"
run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
fi
#
@ -285,7 +306,7 @@ chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
#
if [ -z "$DESTDIR" ]; then
rm -f /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
fi
if [ $HOST = debian ]; then
@ -303,20 +324,20 @@ if [ $HOST = debian ]; then
fi
else
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/sysconfig
mkdir -p ${DESTDIR}${SYSCONFDIR}
if [ -z "$RPM" ]; then
if [ $HOST = suse ]; then
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
else
mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
fi
fi
fi
if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
fi
fi
@ -324,31 +345,35 @@ fi
# Install the ifupdown script
#
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init
cp ifupdown.sh ifupdown
install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544
d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ifupdown
mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
if [ -d ${DESTDIR}/etc/NetworkManager ]; then
install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
fi
case $HOST in
debian)
install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
;;
suse)
if [ -z "$RPM" ]; then
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
fi
;;
redhat)
if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
elif [ -z "$DESTDIR" ]; then
install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
fi
;;
esac
@ -365,20 +390,20 @@ if [ -z "$DESTDIR" ]; then
if systemctl enable shorewall-init; then
echo "Shorewall Init will start automatically at boot"
fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
if insserv /etc/init.d/shorewall-init ; then
elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
if insserv ${INITDIR}/shorewall-init ; then
echo "Shorewall Init will start automatically at boot"
else
cant_autostart
fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
if chkconfig --add shorewall-init ; then
echo "Shorewall Init will start automatically in run levels as follows:"
chkconfig --list shorewall-init
else
cant_autostart
fi
elif [ -x /sbin/rc-update ]; then
elif [ -x ${SBINDIR}/rc-update ]; then
if rc-update add shorewall-init default; then
echo "Shorewall Init will start automatically at boot"
else
@ -387,7 +412,6 @@ if [ -z "$DESTDIR" ]; then
else
cant_autostart
fi
fi
fi
else
@ -397,18 +421,20 @@ else
mkdir -p ${DESTDIR}/etc/rcS.d
fi
ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
echo "Shorewall Init will start automatically at boot"
fi
fi
fi
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
if [ -f ${DESTDIR}/etc/ppp ]; then
case $HOST in
debian|suse)
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
done
;;
redhat)
@ -419,13 +445,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
FILE=${DESTDIR}/etc/ppp/$file
if [ -f $FILE ]; then
if fgrep -q Shorewall-based $FILE ; then
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
else
echo "$FILE already exists -- ppp devices will not be handled"
break
fi
else
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
fi
done
;;

11
Shorewall-init/shorewall-init
View File

@ -23,9 +23,14 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#########################################################################################
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init
if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2
exit 1
@ -42,8 +47,6 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || exit 1

91
Shorewall-init/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
{
if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,25 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall-init/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall-init/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -60,56 +98,55 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${LIBEXEC:=${SHAREDIR}}" ]
echo "Uninstalling Shorewall Init $VERSION"
INITSCRIPT=/etc/init.d/shorewall-init
INITSCRIPT=${CONFDIR}/init.d/shorewall-init
if [ -n "$INITSCRIPT" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$INITSCRIPT" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall-init remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $INITSCRIPT
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $INITSCRIPT)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall-init
else
rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
fi
remove_file $INITSCRIPT
fi
[ "$(readlink -m -q /sbin/ifup-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local
[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local
[ "$(readlink -m -q ${SBINDIR}/ifup-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
[ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
remove_file /etc/default/shorewall-init
remove_file /etc/sysconfig/shorewall-init
remove_file ${CONFDIR}/default/shorewall-init
remove_file ${CONFDIR}/sysconfig/shorewall-init
remove_file /etc/NetworkManager/dispatcher.d/01-shorewall
remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
remove_file /etc/network/if-up.d/shorewall
remove_file /etc/network/if-down.d/shorewall
remove_file ${CONFDIR}/network/if-up.d/shorewall
remove_file ${CONFDIR}/network/if-down.d/shorewall
remove_file /etc/sysconfig/network/if-up.d/shorewall
remove_file /etc/sysconfig/network/if-down.d/shorewall
remove_file /lib/systemd/system/shorewall.service
remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
if [ -d /etc/ppp ]; then
[ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
if [ -d ${CONFDIR}/ppp ]; then
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
remove_file /etc/ppp/$directory/shorewall
remove_file ${CONFDIR}/ppp/$directory/shorewall
done
for file in if-up.local if-down.local; do
if fgrep -q Shorewall-based /etc/ppp/$FILE; then
remove_file /etc/ppp/$FILE
if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
remove_file ${CONFDIR}/ppp/$FILE
fi
done
fi
rm -rf /usr/share/shorewall-init
rm -rf ${SHAREDIR}/shorewall-init
rm -rf ${LIBEXEC}/shorewall-init
echo "Shorewall Init Uninstalled"

14
Shorewall-lite/init.debian.sh
View File

@ -57,17 +57,23 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# parse the shorewall params file in order to use params in
# /etc/default/shorewall
if [ -f "/etc/shorewall-lite/params" ]
if [ -f "$CONFDIR/shorewall-lite/params" ]
then
. /etc/shorewall-lite/params
. $CONFDIR/shorewall-lite/params
fi
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall-lite" ]
if [ -f "$SYSCONFDIR/shorewall-lite" ]
then
. /etc/default/shorewall-lite
. $SYSCONFDIR/shorewall-lite
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall-lite"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

18
Shorewall-lite/init.sh
View File

@ -61,10 +61,14 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS=
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall
elif [ -f /etc/default/shorewall ] ; then
. /etc/default/shorewall
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
. ${SYSCONFDIR}/shorewall-lite
fi
SHOREWALL_INIT_SCRIPT=1
@ -76,13 +80,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall-lite $OPTIONS $command $@
exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
;;
*)
usage

282
Shorewall-lite/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -85,16 +91,16 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2}
}
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
if [ -f shorewall-lite ]; then
PRODUCT=shorewall-lite
Product="Shorewall Lite"
@ -103,17 +109,22 @@ else
Product="Shorewall6 Lite"
fi
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
while [ $# -gt 0 ] ; do
finished=0
while [ $finished -eq 0 ] ; do
case "$1" in
-h|help|?)
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
-v)
v)
echo "$Product Firewall Installer Version $VERSION"
exit 0
;;
@ -121,21 +132,50 @@ while [ $# -gt 0 ] ; do
usage 1
;;
esac
done
shift
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=/usr/share}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
finished=1
;;
esac
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=./shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
require $var
done
PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
#
# Determine where to install the firewall script
@ -154,15 +194,15 @@ if [ -z "$BUILD" ]; then
BUILD=apple
;;
*)
if [ -f /etc/debian_version ]; then
if [ -f ${CONFDIR}/debian_version ]; then
BUILD=debian
elif [ -f /etc/redhat-release ]; then
elif [ -f ${CONFDIR}/redhat-release ]; then
BUILD=redhat
elif [ -f /etc/SuSE-release ]; then
elif [ -f ${CONFDIR}/SuSE-release ]; then
BUILD=suse
elif [ -f /etc/slackware-version ] ; then
elif [ -f ${CONFDIR}/slackware-version ] ; then
BUILD=slackware
elif [ -f /etc/arch-release ] ; then
elif [ -f ${CONFDIR}/arch-release ] ; then
BUILD=archlinux
else
BUILD=linux
@ -203,21 +243,15 @@ case "$HOST" in
;;
debian)
echo "Installing Debian-specific configuration..."
SPARSE=yes
;;
redhat)
echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;;
slackware)
echo "Installing Slackware-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
[ -n "$INITFILE" ] || INITFILE="rc.firewall"
[ -n "$MANDIR=" ] || MANDIR=/usr/man
;;
archlinux)
echo "Installing ArchLinux-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
;;
linux|suse)
;;
@ -227,7 +261,7 @@ case "$HOST" in
;;
esac
[ -z "$INITDIR" ] && INITDIR="/etc/init.d"
[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then
@ -235,8 +269,8 @@ if [ -n "$DESTDIR" ]; then
OWNERSHIP=""
fi
install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
install -d $OWNERSHIP -m 755 ${DESTDIR}${DESTFILE}
install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
if [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system
@ -257,27 +291,27 @@ fi
echo "Installing $Product Version $VERSION"
#
# Check for /etc/$PRODUCT
# Check for ${CONFDIR}/$PRODUCT
#
if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then
if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
if [ ! -f /usr/share/shorewall/coreversion ]; then
echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
exit 1
fi
[ -f /etc/$PRODUCT/shorewall.conf ] && \
mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf
[ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
else
rm -rf ${DESTDIR}/etc/$PRODUCT
rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
rm -rf ${DESTDIR}/usr/share/$PRODUCT
rm -rf ${DESTDIR}/var/lib/$PRODUCT
[ "$LIBEXEC" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
[ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
fi
#
# Check for /sbin/$PRODUCT
# Check for ${SBINDIR}/$PRODUCT
#
if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
first_install=""
else
first_install="Yes"
@ -285,118 +319,123 @@ fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544
install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"
echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
#
# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
#
mkdir -p ${DESTDIR}/etc/$PRODUCT
mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
mkdir -p ${DESTDIR}/usr/share/$PRODUCT
mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
mkdir -p ${DESTDIR}/var/lib/$PRODUCT
chmod 755 ${DESTDIR}/etc/$PRODUCT
chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
chmod 755 ${DESTDIR}/usr/share/$PRODUCT
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/logrotate.d
chmod 755 ${DESTDIR}/etc/logrotate.d
mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
mkdir -p ${DESTDIR}${INITDIR}
chmod 755 ${DESTDIR}${INITDIR}
fi
if [ -n "$INITFILE" ]; then
initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
case $TARGET in
debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.debian.sh "$initfile" 0544
;;
redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.fedora.sh "$initfile" 0544
;;
archlinux)
install_file init.archlinux.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.archlinux.sh "$initfile" 0544
;;
*)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.sh "$initfile" 0544
;;
esac
echo "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
echo "$Product init script installed in $initfile"
fi
#
# Install the .service file
#
if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
fi
#
# Install the config file
#
if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744
echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
fi
if [ $HOST = archlinux ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
fi
#
# Install the Makefile
#
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
#
# Install the default config path file
#
install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"
install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
#
# Install the libraries
#
for f in lib.* ; do
if [ -f $f ]; then
install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
fi
done
ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions
ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions"
echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
#
# Install Shorecap
#
install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755
install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
echo
echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap"
echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
#
# Install the Modules files
#
if [ -f modules ]; then
run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT
echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
fi
if [ -f helpers ]; then
run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT
echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
fi
for f in modules.*; do
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
done
#
@ -406,18 +445,18 @@ done
if [ -d manpages ]; then
cd manpages
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
for f in *.5; do
gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz"
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
done
for f in *.8; do
gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz"
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
done
cd ..
@ -425,74 +464,79 @@ if [ -d manpages ]; then
echo "Man Pages Installed"
fi
if [ -d ${DESTDIR}/etc/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
fi
#
# Create the version file
#
echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
#
# Remove and create the symbolic link to the init script
#
if [ -z "$DESTDIR" ]; then
rm -f /usr/share/$PRODUCT/init
ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init
rm -f ${SHAREDIR}/$PRODUCT/init
ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli
delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
if [ -z "$DESTDIR" ]; then
touch /var/log/$PRODUCT-init.log
if [ -n "$first_install" ]; then
if [ $HOST = debian ]; then
run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
update-rc.d $PRODUCT defaults
if [ -x /sbin/insserv ]; then
insserv /etc/init.d/$PRODUCT
else
ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
if [ ${DESTDIR} ]; then
mkdir -p ${DESTDIR}${SYSCONFDIR}
chmod 755 ${DESTDIR}${SYSCONFDIR}
fi
echo "$Product will start automatically at boot"
else
if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
fi
if [ ${SHAREDIR} != /usr/share ]; then
[ $PRODUCT = shorewall ] && eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/lib.base
sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
fi
if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
if mywhich update-rc.d ; then
echo "$PRODUCT will start automatically at boot"
echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
touch /var/log/$PRODUCT-init.log
perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
elif [ -n "$SYSTEMD" ]; then
if systemctl enable $PRODUCT; then
echo "$Product will start automatically at boot"
fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
if insserv /etc/init.d/$PRODUCT ; then
echo "$Product will start automatically at boot"
elif mywhich insserv; then
if insserv ${INITDIR}/${INITFILE} ; then
echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
else
cant_autostart
fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig; then
if chkconfig --add $PRODUCT ; then
echo "$Product will start automatically in run levels as follows:"
echo "$PRODUCT will start automatically in run levels as follows:"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
chkconfig --list $PRODUCT
else
cant_autostart
fi
elif [ -x /sbin/rc-update ]; then
elif mywhich rc-update ; then
if rc-update add $PRODUCT default; then
echo "$Product will start automatically at boot"
echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
else
cant_autostart
fi
elif [ "$INITFILE" != rc.firewall ]; then #Slackware starts this automatically
elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
cant_autostart
fi
fi
fi
fi
#

12
Shorewall-lite/shorewall-lite
View File

@ -27,6 +27,16 @@
################################################################################################
g_program=shorewall-lite
. /usr/share/shorewall/lib.cli
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

91
Shorewall-lite/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall-lite.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,8 +69,23 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall-lite/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,49 +96,40 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
/sbin/shorewall-lite clear
if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
shorewall-lite clear
fi
if [ -L /usr/share/shorewall-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init)
else
FIREWALL=/etc/init.d/shorewall-lite
if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
elIF [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif if mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif [ mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall-lite
rm -f /sbin/shorewall-lite-*.bkout
rm -f ${SBINDIR}/shorewall-lite
rm -rf /etc/shorewall-lite
rm -rf /etc/shorewall-lite-*.bkout
rm -rf /var/lib/shorewall-lite
rm -rf /var/lib/shorewall-lite-*.bkout
rm -rf /usr/share/shorewall-lite
rm -rf ${SBINDIR}/shorewall-lite
rm -rf ${VARDIR}/shorewall-lite
rm -rf ${SHAREDIR}/shorewall-lite
rm -rf ${LIBEXEC}/shorewall-lite
rm -rf /usr/share/shorewall-lite-*.bkout
rm -f /etc/logrotate.d/shorewall-lite
rm -f /lib/systemd/system/shorewall-lite.service
rm -f ${CONFDIR}/logrotate.d/shorewall-lite
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall-lite.service
echo "Shorewall Lite Uninstalled"

16
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -160,15 +160,17 @@ sub generate_script_2() {
emit( 'g_family=4' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall-lite',
'CONFDIR=/etc/shorewall-lite',
emit ( 'SHAREDIR=$SHAREDIR/shorewall-lite',
'CONFDIR=$CONFDIR/shorewall-lite',
'VARDIR=$VARDIR/shorewall-lite',
'g_product="Shorewall Lite"',
'g_program=shorewall-lite',
'g_basedir=/usr/share/shorewall-lite',
);
} else {
emit ( 'SHAREDIR=/usr/share/shorewall',
'CONFDIR=/etc/shorewall',
emit ( 'SHAREDIR=$SHAREDIR/shorewall',
'CONFDIR=$CONFDIR/shorewall',
'VARDIR=$VARDIR/shorewall',
'g_product=Shorewall',
'g_program=shorewall',
'g_basedir=/usr/share/shorewall',
@ -178,8 +180,9 @@ sub generate_script_2() {
emit( 'g_family=6' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall6-lite',
'CONFDIR=/etc/shorewall6-lite',
emit ( 'SHAREDIR=/$SHAREDIR/shorewall6-lite',
'CONFDIR=$CONFDIR/shorewall6-lite',
'VARDIR=$VARDIR/shorewall6-lite',
'g_product="Shorewall6 Lite"',
'g_program=shorewall6-lite',
'g_basedir=/usr/share/shorewall6',
@ -187,6 +190,7 @@ sub generate_script_2() {
} else {
emit ( 'SHAREDIR=/usr/share/shorewall6',
'CONFDIR=/etc/shorewall6',
'VARDIR=$VARDIR/shorewall6',
'g_product=Shorewall6',
'g_program=shorewall6',
'g_basedir=/usr/share/shorewall'

52
Shorewall/Perl/Shorewall/Config.pm
View File

@ -141,6 +141,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
%config
%globals
%config_files
%shorewallrc
@auditoptions
@ -433,7 +434,12 @@ my %converted = ( WIDE_TC_MARKS => 1,
my $omitting;
my @ifstack;
my $ifstack;
#
# From .shorewallrc
#
our %shorewallrc;
sub process_shorewallrc();
#
# Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons:
@ -474,8 +480,8 @@ sub initialize( $ ) {
#
# Misc Globals
#
%globals = ( SHAREDIRPL => '/usr/share/shorewall/' ,
CONFDIR => '/etc/shorewall', # Run-time configuration directory
%globals = ( SHAREDIRPL => '' ,
CONFDIR => '', # Run-time configuration directory
CONFIGDIR => '', # Compile-time configuration directory (location of $product.conf)
LOGPARMS => '',
TC_SCRIPT => '',
@ -748,15 +754,24 @@ sub initialize( $ ) {
@actparms = ();
%shorewallrc = (
SHAREDIR => '/usr/share/',
CONFDIR => '/etc/',
);
process_shorewallrc;
$globals{SHAREDIRPL} = "$shorewallrc{SHAREDIR}/shorewall/";
if ( $family == F_IPV4 ) {
$globals{SHAREDIR} = '/usr/share/shorewall';
$globals{CONFDIR} = '/etc/shorewall';
$globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall";
$globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall";
$globals{PRODUCT} = 'shorewall';
$config{IPTABLES} = undef;
$validlevels{ULOG} = 'ULOG';
} else {
$globals{SHAREDIR} = '/usr/share/shorewall6';
$globals{CONFDIR} = '/etc/shorewall6';
$globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall6";
$globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall6";
$globals{PRODUCT} = 'shorewall6';
$config{IP6TABLES} = undef;
}
@ -2084,7 +2099,7 @@ sub set_action_param( $$ ) {
#
# Expand Shell Variables in the passed buffer using %params and @actparms
#
sub expand_variables( \$ ) {
sub expand_variables( \$;$ ) {
my ( $lineref, $count ) = ( $_[0], 0 );
# $1 $2 $3 - $4
while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
@ -2098,6 +2113,8 @@ sub expand_variables( \$ ) {
$val = $actparms[$var];
} elsif ( exists $params{$var} ) {
$val = $params{$var};
} elsif ( $_[1] && exists $shorewallrc{$var} ) {
$val = $shorewallrc{$var}
} else {
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
$val = $config{$var};
@ -2259,6 +2276,25 @@ sub read_a_line1() {
}
}
sub process_shorewallrc() {
my $home = $ENV{HOME} || `echo ~`;
$shorewallrc{PRODUCT} = $family == F_IPV4 ? 'shorewall' : 'shorewall6';
if ( $home && open_file "$home/.shorewallrc" ) {
while ( read_a_line1 ) {
if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2);
$val = $1 if $val =~ /^\"([^\"]*)\"$/;
expand_variables($val, 1 ) if supplied $val;
$shorewallrc{$var} = $val;
} else {
fatal_error "Unrecognized shorewallrc entry";
}
}
}
}
#
# Provide the passed default value for the passed configuration variable
#
@ -3195,7 +3231,7 @@ sub ensure_config_path() {
my $f = "$globals{SHAREDIR}/configpath";
$globals{CONFDIR} = "/usr/share/$product/configfiles/" if $> != 0;
$globals{CONFDIR} = "$shorewallrc{SHAREDIR}/$product/configfiles/" if $> != 0;
unless ( $config{CONFIG_PATH} ) {
fatal_error "$f does not exist" unless -f $f;

2
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1039,7 +1039,7 @@ sub validate_tc_class( ) {
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow};
fatal_error "The default class ($parentnum) may not have sub-classes" if $devref->{default} == $parentclass;
fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
$parentref->{leaf} = 0;
$ratemax = $parentref->{rate};
$ratename = q(the parent class's RATE);

17
Shorewall/Perl/getparams
View File

@ -33,7 +33,22 @@ else
g_program=shorewall
fi
. /usr/share/shorewall/lib.cli
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=${CONFDIR}
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
CONFIG_PATH="$2"

11
Shorewall/Perl/macro.BLACKLIST Normal file
View File

@ -0,0 +1,11 @@
#
# Shorewall version 4 - blacklist Macro
#
# /usr/share/shorewall/macro.blacklist
#
# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
$BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL

21
Shorewall/Perl/prog.footer
View File

@ -85,6 +85,27 @@ g_noroutes=$NOROUTES
g_timestamp=$TIMESTAMP
g_recovering=$RECOVERING
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
else
CONFDIR=/etc
SHAREDIR=/usr/share
VARDIR=/var/lib
fi
if [ -n "$TEMPDIR" ]; then
TMPDIR="$TEMPDIR"
export TMPDIR
fi
initialize
if [ -n "$STARTUP_LOG" ]; then

10
Shorewall/init.debian.sh
View File

@ -11,7 +11,6 @@
### END INIT INFO
SRWL=/sbin/shorewall
SRWL_OPTS="-tvv"
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
@ -54,10 +53,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall" ]
if [ -f "${SYSCONFDIR}/shorewall" ]
then
. /etc/default/shorewall
. ${SYSCONFDIR}/shorewall
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

20
Shorewall/init.sh
View File

@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
# Give Usage Information #
################################################################################
usage() {
echo "Usage: $0 start|stop|reload|restart|status"
echo "Usage: $0 start|stop|reload|restart|status" >&2
exit 1
}
@ -62,10 +62,14 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall
elif [ -f /etc/default/shorewall ] ; then
. /etc/default/shorewall
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall ]; then
. ${SYSCONFDIR}/shorewall
fi
export SHOREWALL_INIT_SCRIPT=1
@ -78,13 +82,13 @@ shift
case "$command" in
start)
exec /sbin/shorewall $OPTIONS start $STARTOPTIONS
exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS
exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall $OPTIONS $command
exec $SBINDIR/shorewall $OPTIONS $command
;;
*)
usage

846
Shorewall/install.sh
View File

File diff suppressed because it is too large Load Diff

20
Shorewall/lib.cli-std
View File

@ -1353,11 +1353,13 @@ reload_command() # $* = original arguments less the command.
;;
esac
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
[ -n "$temp" ] && litedir="$temp"
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
if [ -n "$temp" ]; then
case $temp in
@ -1370,6 +1372,14 @@ reload_command() # $* = original arguments less the command.
esac
fi
temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
if [ -n "$temp" ]; then
sbindir="$temp"
else
sbindir=/sbin
fi
if [ -z "$getcaps" ]; then
g_shorewalldir=$(resolve_file $directory)
ensure_config_path
@ -1414,15 +1424,15 @@ reload_command() # $* = original arguments less the command.
progress_message3 "Copy complete"
if [ $COMMAND = reload ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
progress_message3 "System $system reloaded" || saveit=
else
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp start" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
progress_message3 "System $system loaded" || saveit=
fi
if [ -n "$saveit" ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp save" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
progress_message3 "Configuration on system $system saved"
fi
fi

13
Shorewall/shorewall
View File

@ -27,6 +27,17 @@
################################################################################################
g_program=shorewall
. /usr/share/shorewall/lib.cli
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

132
Shorewall/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,8 +69,39 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/version)"
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,62 +112,54 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling shorewall $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall-lite ]; then
/sbin/shorewall clear
if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall-lite ]; then
shorewall clear
fi
if [ -L /usr/share/shorewall/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall/init)
else
FIREWALL=/etc/init.d/shorewall
if [ -L ${SHAREDIR}/shorewall/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=/${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d; then
updaterc.d shorewall remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv; then
insserv -r $FIREWALL
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl; then
systemctl disable shorewall
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig; then
chkconfig --del $(basename $FIREWALL)
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
[ -f "$AUXINITFILE" ] && remove_file ${INITDIR}/{$AUXINITFILE}
fi
rm -f /sbin/shorewall
rm -f /sbin/shorewall-*.bkout
rm -f ${SBINDIR}/shorewall
rm -rf /usr/share/shorewall/version
rm -rf /etc/shorewall
rm -rf /etc/shorewall-*.bkout
rm -rf /var/lib/shorewall
rm -rf /var/lib/shorewall-*.bkout
rm -rf ${SHAREDIR}/shorewall/version
rm -rf ${CONFDIR}/shorewall
rm -rf ${VARDIR}/shorewall
rm -rf ${PERLLIB}/Shorewall/*
rm -rf ${LIBEXEC}/shorewall
rm -rf /usr/share/shorewall/configfiles/
rm -rf /usr/share/shorewall/Samples/
rm -rf /usr/share/shorewall/Shorewall/
rm -f /usr/share/shorewall/lib.cli-std
rm -f /usr/share/shorewall/lib.core
rm -f /usr/share/shorewall/compiler.pl
rm -f /usr/share/shorewall/prog.*
rm -f /usr/share/shorewall/module*
rm -f /usr/share/shorewall/helpers
rm -f /usr/share/shorewall/action*
rm -f /usr/share/shorewall/init
rm -rf /usr/share/shorewall-*.bkout
rm -rf ${SHAREDIR}/shorewall/configfiles/
rm -rf ${SHAREDIR}/shorewall/Samples/
rm -rf ${SHAREDIR}/shorewall/Shorewall/
rm -f ${SHAREDIR}/shorewall/lib.cli-std
rm -f ${SHAREDIR}/shorewall/lib.core
rm -f ${SHAREDIR}/shorewall/compiler.pl
rm -f ${SHAREDIR}/shorewall/prog.*
rm -f ${SHAREDIR}/shorewall/module*
rm -f ${SHAREDIR}/shorewall/helpers
rm -f ${SHAREDIR}/shorewall/action*
rm -f ${SHAREDIR}/shorewall/init
for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
for f in ${MANDIR}/man5/shorewall* ${MANDIR}/man8/shorewall*; do
case $f in
shorewall6*|shorewall-lite*)
;;
@ -137,8 +169,10 @@ for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
esac
done
rm -f /etc/logrotate.d/shorewall
rm -f /lib/systemd/system/shorewall.service
rm -f ${CONFDIR}/logrotate.d/shorewall
if [ -n "$SYSTEMD" ]; THEN
rm -f ${SYSTEMD}/shorewall.service
echo "Shorewall Uninstalled"

5
Shorewall6-lite/init.debian.sh
View File

@ -78,6 +78,11 @@ else
not_configured
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# start the firewall
shorewall6_start () {
echo -n "Starting \"Shorewall6 Lite firewall\": "

11
Shorewall6-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6-lite"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

16
Shorewall6-lite/init.sh
View File

@ -61,11 +61,11 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS=
if [ -f /etc/sysconfig/shorewall6-lite ]; then
. /etc/sysconfig/shorewall6-lite
elif [ -f /etc/default/shorewall6-lite ] ; then
. /etc/default/shorewall6-lite
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1
@ -76,13 +76,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall6-lite $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall6-lite $OPTIONS $command $@
exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
;;
*)
usage

28
Shorewall6-lite/shorewall6-lite
View File

@ -27,6 +27,32 @@
################################################################################################
g_program=shorewall6-lite
. /usr/share/shorewall/lib.cli
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

100
Shorewall6-lite/uninstall.sh
View File

@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
{
if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,39 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall6-lite/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6-lite/version)"
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall6-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -60,49 +112,39 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION"
if qt ip6tables -L shorewall -n && [ ! -f /sbin/shorewall6 ]; then
/sbin/shorewall6-lite clear
if qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR)/shorewall6 ]; then
${SBINDIR}/shorewall6-lite clear
fi
if [ -L /usr/share/shorewall6-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6-lite/init)
else
FIREWALL=/etc/init.d/shorewall6-lite
if [ -l ${SHAREDIR}/shorewall6-lite/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall6-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall6-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall6-lite
rm -f /sbin/shorewall6-lite-*.bkout
rm -rf /etc/shorewall6-lite
rm -rf /etc/shorewall6-lite-*.bkout
rm -rf /var/lib/shorewall6-lite
rm -rf /var/lib/shorewall6-lite-*.bkout
rm -rf /usr/share/shorewall6-lite
rm -f ${SBINDIR}/shorewall6-lite
rm -rf ${CONFDIR}/shorewall6-lite
rm -rf ${VARDIR}/shorewall6-lite
rm -rf ${SHAREDIR}/shorewall6-lite
rm -rf ${LIBEXEC}/shorewall6-lite
rm -rf /usr/share/shorewall6-lite-*.bkout
rm -f /etc/logrotate.d/shorewall6-lite
rm -f /lib/systemd/system/shorewall6-lite.service
rm -f ${CONFDIR}/logrotate.d/shorewall6-lite
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6-lite.service
echo "Shorewall6 Lite Uninstalled"

9
Shorewall6/init.debian.sh
View File

@ -54,10 +54,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall6" ]
if [ -f "${SYSCONFDIR}/shorewall6" ]
then
. /etc/default/shorewall6
. ${SYSCONFDIR}/shorewall6
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall6/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

16
Shorewall6/init.sh
View File

@ -62,11 +62,11 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall6 ]; then
. /etc/sysconfig/shorewall6
elif [ -f /etc/default/shorewall6 ] ; then
. /etc/default/shorewall6
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1
@ -77,13 +77,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall6 $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall6 $OPTIONS $command $@
exec ${SBINDIR}/shorewall6 $OPTIONS $command $@
;;
*)
usage

20
Shorewall6/shorewall6
View File

@ -27,6 +27,24 @@
################################################################################################
g_program=shorewall6
. /usr/share/shorewall/lib.cli
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

106
Shorewall6/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,7 +69,38 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall6/version ]; then
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHARDIR}/shorewall6/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed"
@ -72,49 +112,39 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling shorewall6 $VERSION"
if qt ip6tables -L shorewall6 -n && [ ! -f /sbin/shorewall6-lite ]; then
/sbin/shorewall6 clear
if qt ip6tables -L shorewall6 -n && [ ! -f ${SBINDIR}/shorewall6-lite ]; then
${SBINDIR}/shorewall6 clear
fi
if [ -L /usr/share/shorewall6/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6/init)
else
FIREWALL=/etc/init.d/shorewall6
if [ -L ${SHAREDIR}/shorewall6/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall6 remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall6
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall6
rm -f /sbin/shorewall6-*.bkout
rm -rf /etc/shorewall6
rm -rf /etc/shorewall6-*.bkout
rm -rf /var/lib/shorewall6
rm -rf /var/lib/shorewall6-*.bkout
rm -f ${SBINDIR}/shorewall6
rm -rf ${CONFDIR}/shorewall6
rm -rf ${VARDIR}/shorewall6
rm -rf ${LIBEXEC}/shorewall6
rm -rf /usr/share/shorewall6
rm -rf /usr/share/shorewall6-*.bkout
rm -rf ${SHAREDIR}/shorewall6
for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
for f in ${MANDIR}/man5/shorewall6* ${SHAREDIR}/man/man8/shorewall6*; do
case $f in
shorewall6-lite*)
;;
@ -123,8 +153,8 @@ for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
esac
done
rm -f /etc/logrotate.d/shorewall6
rm -f /lib/systemd/system/shorewall6.service
rm -f ${CONFDIR}/logrotate.d/shorewall6
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6.service
echo "Shorewall6 Uninstalled"

567
docs/Install.xml
View File

@ -137,6 +137,499 @@
<section id="Install_Tarball">
<title>Install using tarball</title>
<section>
<title>Versions 4.5.2 and Later</title>
<para>Shorewall 4.5.2 introduced a change in the philosopy used by the
Shorewall installers. 4.5.2 introduced the concept of
<firstterm>shorewallrc files</firstterm>. These files define the
parameters to the install process. During the first installation using
<emphasis role="bold">Shorewall-core</emphasis> 4.5.2 or later, a
shorewallrc file named ${HOME}/.shorewallrc will be installed. That file
will provide the default parameters for installing other Shorewall
components of the same or later verion.</para>
<para>Note that <emphasis role="bold">you must install Shorewall-core
before installing any other Shorewall package</emphasis>.</para>
<para>Each of the Shorewall packages contains a set of
distribution-specific shorewallrc files:</para>
<itemizedlist>
<listitem>
<para>shorewallrc.apple (OS X)</para>
</listitem>
<listitem>
<para>shorewallrc.archlinux</para>
</listitem>
<listitem>
<para>shorewallrc.cygwin (Cygwin running on Windows)</para>
</listitem>
<listitem>
<para>shorewallrc.debian (Debian and derivatives)</para>
</listitem>
<listitem>
<para>shoreallrc.default (Generic Linux)</para>
</listitem>
<listitem>
<para>shorewallrc.redhat (Fedora, RHEL and derivatives)</para>
</listitem>
<listitem>
<para>shorewallrc.slackware</para>
</listitem>
<listitem>
<para>shorewallrc.suse (SLES and OpenSuSE)</para>
</listitem>
</itemizedlist>
<para>When installing 4.5.2 or later for the first time, a special
procedure must be followed:</para>
<orderedlist>
<listitem>
<para>Select the shorewallrc file that is closest to your
needs.</para>
</listitem>
<listitem>
<para>Review the settings in the file.</para>
</listitem>
<listitem>
<para>If you want to change something then you have two
choices:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Copy the file to shorewallrc and edit the copy to meet
your needs; or</para>
</listitem>
<listitem>
<para>If the system has bash (/bin/bash) installed, you can run
./configure (see below)</para>
</listitem>
<listitem>
<para>./install.sh</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>If you don't need to change the file, then simply:</para>
<simplelist>
<member>./install.sh
<replaceable>shorewallrcfile-that-meets-your-needs</replaceable></member>
<member></member>
<member>Example: <command>./install
shorewallrc.debian</command></member>
</simplelist>
</listitem>
</orderedlist>
<para>The shorewall-core install.sh script will store the shorewallrc
file in ~/.shorewallrc where it will provide the defaults for future
installations of all Shorewall products. Other packages/versions can be
installed by simply typing</para>
<simplelist>
<member><command>./install.sh</command></member>
</simplelist>
<section>
<title>Settings in a shorewallrc file</title>
<para>A shorewallrc file contains a number of lines of the form
<replaceable>option</replaceable>=<replaceable>value.</replaceable>
Because some of the installers are shared between Shorewall products,
the files assume the definition of the symbol PRODUCT. $PRODUCT will
contain the name of a Shorewall product (shorewall-core, shorewall,
shorewall6, shorewall-lite, shorewall6-lite or shorewall-init).</para>
<para>Valid values for <replaceable>option</replaceable> are:</para>
<variablelist>
<varlistentry>
<term>HOST</term>
<listitem>
<para>Selects the shorewallrc file to use for default settings.
Valid values are:</para>
<variablelist>
<varlistentry>
<term>apple</term>
<listitem>
<para>OS X</para>
</listitem>
</varlistentry>
<varlistentry>
<term>archlinux</term>
<listitem>
<para>Archlinux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>cygwin</term>
<listitem>
<para>Cygwin running under Windows</para>
</listitem>
</varlistentry>
<varlistentry>
<term>debian</term>
<listitem>
<para>Debian and derivatives (Ubuntu, Kbuntu, etc)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>default</term>
<listitem>
<para>Generic Linux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>redhat</term>
<listitem>
<para>Fedora, RHEL and derivatives (CentOS, Foobar,
etc)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>slackware</term>
<listitem>
<para>Slackware Linux</para>
</listitem>
</varlistentry>
<varlistentry>
<term>suse</term>
<listitem>
<para>SLES and OpenSuSe</para>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term>PREFIX</term>
<listitem>
<para>Top-level directory under which most Shorewall components
are installed. All standard shorewallrc files define this as
<emphasis role="bold">\usr</emphasis>. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>SHAREDIR</term>
<listitem>
<para>The directory where most Shorewall components are
installed. In all of the standard shorewallrc file, this option
has the value <emphasis
role="bold">${PREFIX}/share</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>LIBEXECDIR</term>
<listitem>
<para>Directory where internal executables are stored. In the
standard shorewallrc files, the default is either <emphasis
role="bold">${PREFIX}/share</emphasis> or <emphasis
role="bold">${PREFIX}/libexec</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
<term>PERLLIBDIR</term>
<listitem>
<para>Directory where the Shorewall Perl modules are installed.
Then will be installed in this directory under the sub-directory
Shorewall. Default is distribution-specific.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>CONFDIR</term>
<listitem>
<para>Directory where subsystem configuration data is stored.
Default is <emphasis role="bold">/etc</emphasis> in all
shorewallrc file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SBINDIR</term>
<listitem>
<para>Directory where CLI programs will be installed. Default in
all shorewallrc files is /<emphasis
role="bold">sbin</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>MANDIR</term>
<listitem>
<para>Directory under which manpages are to be installed.
Default is distribution dependent.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITDIR</term>
<listitem>
<para>Directory under which SysV init scripts are installed.
Default is distribution dependent.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITSOURCE</term>
<listitem>
<para>File in the package that is to be installed as the SysV
init script for the product.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>INITFILE</term>
<listitem>
<para>The name of the SysV init script when installed under
$INITDIR. May be empty, in which case no SysV init script will
be installed. This is usually the case on systems that run
systemd and on systems like Cygwin or OS X where Shorewall can't
act as a firewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>AUXINITSOURCE and AUXINITFILE</term>
<listitem>
<para>Analogs of INITSOURCE and INITFILE for distributions, like
Slackware, that have a master SysV init script and multiple
subordinate scripts.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSTEMD</term>
<listitem>
<para>The directory under which the product's .service file is
to be installed. Should only be specified on systems running
systemd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSCONFDIR</term>
<listitem>
<para>The directory where package SysV init configuration files
are to be installed. <emphasis
role="bold">/etc/default</emphasis> on Debian and derivatives
and <emphasis role="bold">/etc/sysconfig</emphasis>
otherwise</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SYSCONFFILE</term>
<listitem>
<para>The file in the Shorewall package that should be installed
as ${SYSCONFDIR}/$PRODUCT</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ANNOTATED</term>
<listitem>
<para>Value is either empty or non-empty. Non-empty indicates
that files in ${CONFDIR}/${PRODUCT} should be annotated with
manpage documentation.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SPARSE</term>
<listitem>
<para>Value is either empty or non-empty. When non-empty, only
${PRODUCT}.conf will be installed in
${CONFDIR}/${PRODUCT}</para>
</listitem>
</varlistentry>
<varlistentry>
<term>VARDIR</term>
<listitem>
<para>Directory where subsystem state data is to be stored.
Default is <emphasis role="bold">/var/lib</emphasis>.</para>
</listitem>
</varlistentry>
</variablelist>
</section>
<section>
<title>configure Script</title>
<para>The configure script creates a file named
<filename>shorewallrc</filename> in the current working directory.
This file is the default input file to the
i<command>nstall.sh</command> scripts. It is run as follows:</para>
<simplelist>
<member><command>./configure</command> [
<replaceable>option</replaceable>=<replaceable>value</replaceable> ]
...</member>
</simplelist>
<para>The possible values for option are the same as those shone above
in the shorewallrc file. They may be specified in either upper or
lower case and may optionally be prefixed by '--'. To facilitate use
with the rpm %configure script, the following options are
supported:</para>
<variablelist>
<varlistentry>
<term>vendor</term>
<listitem>
<para>Alias for <emphasis role="bold">host</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sharedstatedir</term>
<listitem>
<para>Alias for <emphasis role="bold">vardir</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>datadir</term>
<listitem>
<para>Alias for <emphasis
role="bold">sharedir</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sysconfdir</term>
<listitem>
<para>Alias for <emphasis role="bold">confdir</emphasis>.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Note that %configure may dsgenerate option/value pairs that are
incompatible with the <command>configure</command> script. The current
%configure macro is:</para>
<programlisting>%configure \
CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS ; \
CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS ; \
FFLAGS="${FFLAGS:-%optflags}" ; export FFLAGS ; \
./configure --host=%{_host} --build=%{_build} \\\
--target=%{_target_platform} \\\
--program-prefix=%{?_program_prefix} \\\
--prefix=%{_prefix} \\\
--exec-prefix=%{_exec_prefix} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--sysconfdir=%{_sysconfdir} \\\
--datadir=%{_datadir} \\\
--includedir=%{_includedir} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir}
</programlisting>
<para>On Fedora 16, this expands to:</para>
<programlisting> CFLAGS="${CFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CFLAGS ;
CXXFLAGS="${CXXFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export CXXFLAGS ;
FFLAGS="${FFLAGS:--O2 -g -march=i386 -mtune=i686}" ; export FFLAGS ;
./configure <emphasis role="bold">--host=i686-pc-linux-gnu</emphasis> --build=i686-pc-linux-gnu \
--program-prefix= \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--includedir=/usr/include \
--libdir=/usr/lib \
--libexecdir=/usr/libexec \
--localstatedir=/var \
--sharedstatedir=/var/lib \
--mandir=/usr/share/man \
--infodir=/usr/share/info
</programlisting>
<para>The value of <emphasis role="bold">--host </emphasis>does not
map to any of the valid HOST values in shorewallrc. So to use
%configure on a Fedora system, you want to invoke it as
follows:</para>
<programlisting><command>%configure --vendor=redhat</command></programlisting>
<para>To reset the value of a setting in shorewallrc.$host, give it a
null value. For example, if you are installing on a RHEL derivative
that doesn't run systemd, use this command:</para>
<programlisting><command>./configure --vendor=redhat --systemd=</command></programlisting>
</section>
</section>
<section>
<title>Versions 4.5.1 and Earlier</title>
<para>Beginning with Shorewall-4.5.0, the Shorewall packages depend on
Shorewall-core. So the first step is to install that package:</para>
@ -182,9 +675,9 @@
<para>The <emphasis role="bold">-s</emphasis> option supresses
installation of all files in <filename
class="directory">/etc/shorewall</filename> except
<filename>shorewall.conf</filename>. You can copy any other files you
need from one of the <ulink url="GettingStarted.html">Samples</ulink>
or from <filename
<filename>shorewall.conf</filename>. You can copy any other files
you need from one of the <ulink
url="GettingStarted.html">Samples</ulink> or from <filename
class="directory">/usr/share/shorewall/configfiles/</filename>.</para>
</listitem>
@ -198,10 +691,10 @@
<para>Beginning with shorewall 4.4.20.1, the installer also supports a
<option>-a</option> (annotated) option. Beginning with that release, the
standard configuration files (including samples) may be annotated with the
contents of the associated manpage. The <option>-a</option> option enables
that behavior. The default remains that the configuration files do not
include documentation.</para>
standard configuration files (including samples) may be annotated with
the contents of the associated manpage. The <option>-a</option> option
enables that behavior. The default remains that the configuration files
do not include documentation.</para>
<section>
<title>Executables in /usr and Perl Modules</title>
@ -243,29 +736,29 @@
</listitem>
</itemizedlist>
<para>To allow distributions to designate alternate locations for these
files, the installers (install.sh) from 4.4.19 onward support the
following environmental variables:</para>
<para>To allow distributions to designate alternate locations for
these files, the installers (install.sh) from 4.4.19 onward support
the following environmental variables:</para>
<variablelist>
<varlistentry>
<term>LIBEXEC</term>
<listitem>
<para>Determines where in /usr getparams, compiler.pl, wait4ifup,
shorecap and ifupdown are installed. Shorewall and Shorewall6 must
be installed with the same value of LIBEXEC. The listed
executables are installed in
<filename>/usr/${LIBEXEC}/shorewall*</filename>. The default value
of LIBEXEC is 'share'. LIBEXEC is recognized by all installers and
uninstallers.</para>
<para>Determines where in /usr getparams, compiler.pl,
wait4ifup, shorecap and ifupdown are installed. Shorewall and
Shorewall6 must be installed with the same value of LIBEXEC. The
listed executables are installed in
<filename>/usr/${LIBEXEC}/shorewall*</filename>. The default
value of LIBEXEC is 'share'. LIBEXEC is recognized by all
installers and uninstallers.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an absolute
path name for LIBEXEC, in which case the listed executables will
be installed in ${LIBEXEC}/shorewall*.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an
absolute path name for LIBEXEC, in which case the listed
executables will be installed in ${LIBEXEC}/shorewall*.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an absolute
pathname for LIBEXEC.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an
absolute pathname for LIBEXEC.</para>
</listitem>
</varlistentry>
@ -273,19 +766,20 @@
<term>PERLLIB</term>
<listitem>
<para>Determines where in <filename>/usr </filename>the Shorewall
Perl modules are installed. Shorewall and Shorewall6 must be
installed with the same value of PERLLIB. The modules are
installed in <filename>/usr/${PERLLIB}/Shorewall</filename>. The
default value of PERLLIB is 'share/shorewall'. PERLLIB is only
recognized by the Shorewall and Shorewall6 installers.</para>
<para>Determines where in <filename>/usr </filename>the
Shorewall Perl modules are installed. Shorewall and Shorewall6
must be installed with the same value of PERLLIB. The modules
are installed in <filename>/usr/${PERLLIB}/Shorewall</filename>.
The default value of PERLLIB is 'share/shorewall'. PERLLIB is
only recognized by the Shorewall and Shorewall6
installers.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an absolute
path name for PERLLIB, in which case the Shorewall Perl modules
will be installed in ${PERLLIB}/Shorewall/.</para>
<para>Beginning with Shorewall 4.4.20, you can specify an
absolute path name for PERLLIB, in which case the Shorewall Perl
modules will be installed in ${PERLLIB}/Shorewall/.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an absolute
pathname for PERLLIB.</para>
<para>Beginning with Shorewall 4.5.1, you must specify an
absolute pathname for PERLLIB.</para>
</listitem>
</varlistentry>
@ -303,9 +797,9 @@
<section id="Locations">
<title>Default Install Locations</title>
<para>The default install locations are distribution dependent as shown
in the following sections. These are the locations that are chosen by
the install.sh scripts.</para>
<para>The default install locations are distribution dependent as
shown in the following sections. These are the locations that are
chosen by the install.sh scripts.</para>
<section>
<title>All Distributions</title>
@ -589,6 +1083,7 @@
</section>
</section>
</section>
</section>
<section id="Debian">
<title>Install the .deb</title>