From fb428bf564574571cd6e159d4a4779c4f334aaba Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 2 Apr 2012 12:39:49 -0700 Subject: [PATCH 1/7] Don't modify CONFDIR and SHAREDIR in the shell code Signed-off-by: Tom Eastep --- Shorewall-core/lib.base | 20 ++++------------ Shorewall-core/lib.cli | 26 ++++++++++---------- Shorewall-core/lib.common | 2 +- Shorewall-lite/shorewall-lite | 3 ++- Shorewall/Perl/Shorewall/Compiler.pm | 36 +++++++++++----------------- Shorewall/lib.cli-std | 8 ++----- Shorewall/shorewall | 6 ++--- Shorewall6-lite/shorewall6-lite | 4 ++-- Shorewall6/shorewall6 | 6 ++--- 9 files changed, 44 insertions(+), 67 deletions(-) diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base index b82e02eb4..4bf68375e 100644 --- a/Shorewall-core/lib.base +++ b/Shorewall-core/lib.base @@ -39,10 +39,10 @@ if [ -z "$g_readrc" ]; then . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" - g_sharedir="$SHAREDIR" + g_sharedir="$SHAREDIR"/$g_program g_sbindir="$SBINDIR" g_vardir="$VARDIR" - g_confdir="$CONFDIR" + g_confdir="$CONFDIR"/$g_program g_readrc=1 fi @@ -50,39 +50,27 @@ g_basedir=${SHAREDIR}/shorewall case $g_program in shorewall) - SHAREDIR=${SHAREDIR}/shorewall - CONFDIR=${CONFDIR}/shorewall g_product="Shorewall" g_family=4 g_tool= - g_basedir=${SHAREDIR}/shorewall g_lite= ;; shorewall6) - SHAREDIR=${SHAREDIR}/shorewall6 - CONFDIR=${CONFDIR}/shorewall6 g_product="Shorewall6" g_family=6 g_tool= - g_basedir=${SHAREDIR}/shorewall g_lite= ;; shorewall-lite) - SHAREDIR=${SHAREDIR}/shorewall-lite - CONFDIR=${CONFDIR}/shorewall-lite g_product="Shorewall Lite" g_family=4 g_tool=iptables - g_basedir=${SHAREDIR}/shorewall-lite g_lite=Yes ;; shorewall6-lite) - SHAREDIR=${SHAREDIR}/shorewall6-lite - CONFDIR=${CONFDIR}/shorewall6-lite g_product="Shorewall6 Lite" g_family=6 g_tool=ip6tables - g_basedir=${SHAREDIR}/shorewall6-lite g_lite=Yes ;; esac @@ -204,7 +192,7 @@ mutex_off() rm -f ${LOCKFILE:=${VARDIR}/lock} } -[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common +[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common # # Validate an IP address @@ -362,7 +350,7 @@ ip_vlsm() { # ensure_config_path() { local F - F=${SHAREDIR}/configpath + F=${g_sharedir}/configpath if [ -z "$CONFIG_PATH" ]; then [ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; } . $F diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 26db60f38..eb7bb8014 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -31,13 +31,13 @@ if [ -z "$g_readrc" ]; then . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" - g_sharedir="$SHAREDIR" g_sbindir="$SBINDIR" - g_confdir="$CONFDIR" + g_confdir="$CONFDIR"/$g_program + g_sharedir="$SHAREDIR"/$g_program g_readrc=1 fi -. ${g_sharedir}/shorewall/lib.base +. ${SHAREDIR}/shorewall/lib.base # @@ -559,11 +559,11 @@ version_command() { [ $# -gt 0 ] && usage 1 if [ -n "$all" ]; then - echo "shorewall-core: $(cat $g_sharedir/shorewall/coreversion)" + echo "shorewall-core: $(cat $g_sharedir/coreversion)" for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do - if [ -f $g_sharedir/$product/version ]; then - echo "$product: $(cat $g_sharedir/$product/version)" + if [ -f $g_sharedir/version ]; then + echo "$product: $(cat $g_sharedir/version)" fi done else @@ -853,7 +853,7 @@ show_command() { show_routing ;; config) - . ${SHAREDIR}/configpath + . ${g_sharedir}/configpath if [ -n "$g_filemode" ]; then echo "CONFIG_PATH=$CONFIG_PATH" echo "VARDIR=$VARDIR" @@ -925,10 +925,10 @@ show_command() { echo "forwardUPnP # Allow traffic that upnpd has redirected from" echo "rejNotSyn # Silently Reject Non-syn TCP packets" - if [ -f ${CONFDIR}/actions ]; then - cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$' + if [ -f ${g_confdir}/actions ]; then + cat ${g_sharedir}/actions.std ${g_confdir}/actions | grep -Ev '^\#|^$' else - grep -Ev '^\#|^$' ${SHAREDIR}/actions.std + grep -Ev '^\#|^$' ${g_sharedir}/actions.std fi return @@ -2981,7 +2981,7 @@ shorewall_cli() { VERBOSE= VERBOSITY= - [ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std + [ -n "$g_lite" ] || . ${g_basedir}/lib.cli-std finished=0 @@ -3086,7 +3086,7 @@ shorewall_cli() { PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin MUTEX_TIMEOUT= - [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir + [ -f ${g_confdir}/vardir ] && . ${g_confdir}/vardir [ -n "${VARDIR:=/var/lib/$g_program}" ] @@ -3096,7 +3096,7 @@ shorewall_cli() { g_firewall=${VARDIR}/firewall - version_file=$SHAREDIR/version + version_file=${g_sharedir}/version if [ -f $version_file ]; then SHOREWALL_VERSION=$(cat $version_file) else diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common index 0379f70f4..d6212cc1f 100644 --- a/Shorewall-core/lib.common +++ b/Shorewall-core/lib.common @@ -676,7 +676,7 @@ find_file() fi done - echo ${CONFDIR}/$1 + echo ${g_confdir}/$1 ;; esac } diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 779b8fbc1..6a7c6faae 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -33,8 +33,9 @@ g_program=shorewall-lite . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" -g_sharedir="$SHAREDIR" +g_sharedir="$SHAREDIR"/shoerwall-lite g_sbindir="$SBINDIR" +g_confdir="$CONFDIR"/shorewall-lite g_readrc=1 . $g_sharedir/shorewall/lib.cli diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index a9b38aa19..ecd7e2ab4 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -168,61 +168,53 @@ sub generate_script_2() { emit( 'g_family=4' ); if ( $export ) { - emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall-lite), - qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall-lite), - qq(VARDIR=$shorewallrc{VARDIR}/shorewall-lite), + emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall-lite), 'g_product="Shorewall Lite"', 'g_program=shorewall-lite', 'g_basedir=/usr/share/shorewall-lite', + qq(CONFIG_PATH="$shorewallrc{CONFDIR}/shorewall-lite:$shorewallrc{SHAREDIR}/shorewall-lite") , ); } else { - emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall), - qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall), - qq(VARDIR=$shorewallrc{VARDIR}/shorewall), + emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall), 'g_product=Shorewall', 'g_program=shorewall', 'g_basedir=/usr/share/shorewall', + qq(CONFIG_PATH="$config{CONFIG_PATH}") , ); } } else { emit( 'g_family=6' ); if ( $export ) { - emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall6-lite), - qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall6-lite), - qq(VARDIR=$shorewallrc{VARDIR}/shorewall6-lite), + emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall6-lite), 'g_product="Shorewall6 Lite"', 'g_program=shorewall6-lite', 'g_basedir=/usr/share/shorewall6', + qq(CONFIG_PATH="$shorewallrc{CONFDIR}/shorewall6-lite:$shorewallrc{SHAREDIR}/shorewall6-lite") , ); } else { - emit ( qq(SHAREDIR=$shorewallrc{SHAREDIR}/shorewall6), - qq(CONFDIR=$shorewallrc{CONFDIR}/shorewall6), - qq(VARDIR=$shorewallrc{VARDIR}/shorewall6}), + emit ( qq(g_confdir=$shorewallrc{CONFDIR}/shorewall6), 'g_product=Shorewall6', 'g_program=shorewall6', - 'g_basedir=/usr/share/shorewall' + 'g_basedir=/usr/share/shorewall', + qq(CONFIG_PATH="$config{CONFIG_PATH}") , ); } } - emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' ); + emit( '[ -f ${g_confdir}/vardir ] && . ${g_confdir}/vardir' ); if ( $family == F_IPV4 ) { if ( $export ) { - emit ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' , - '[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' ); + emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall-lite}" ]' ); } else { - emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") , - '[ -n "${VARDIR:=/var/lib/shorewall}" ]' ); + emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall}" ]' ); } } else { if ( $export ) { - emit ( 'CONFIG_PATH="/etc/shorewall6-lite:/usr/share/shorewall6-lite"' , - '[ -n "${VARDIR:=/var/lib/shorewall6-lite}" ]' ); + emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall6-lite}" ]' ); } else { - emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") , - '[ -n "${VARDIR:=/var/lib/shorewall6}" ]' ); + emit ( '[ -n "${VARDIR:=' . $shorewallrc{VARDIR} . '/shorewall6}" ]' ); } } diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 1690a49dc..f507e7da3 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -31,7 +31,6 @@ # get_config() { local prog - local confdir ensure_config_path @@ -49,10 +48,7 @@ get_config() { if [ -f $config ]; then if [ -r $config ]; then - confdir=${CONFDIR} - CONFDIR=${g_confdir} . $config - CONFDIR=${confdir} else echo "Cannot read $config! (Hint: Are you root?)" >&2 exit 1 @@ -382,7 +378,7 @@ compiler() { # # Get the config from $g_shorewalldir # - [ -n "$g_shorewalldir" -a "$g_shorewalldir" != /etc/$g_program ] && get_config + [ -n "$g_shorewalldir" -a "$g_shorewalldir" != ${g_confdir} ] && get_config case $COMMAND in *start|try|refresh) @@ -407,7 +403,7 @@ compiler() { shorewallrc=$(find_file shorewallrc) [ -f "$shorewallrc" ] || fatal_error "Compiling for export requires a shorewallrc file" else - shorewallrc="${g_sharedir}/shorewall/shorewallrc" + shorewallrc="${g_basedir}/shorewallrc" fi options="--verbose=$VERBOSITY --family=$g_family --config_path=$CONFIG_PATH --shorewallrc=${shorewallrc}" diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 272c7c363..c2a7dbea9 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -33,12 +33,12 @@ g_program=shorewall . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" -g_sharedir="$SHAREDIR" +g_sharedir="$SHAREDIR"/shorewall g_sbindir="$SBINDIR" g_perllib="$PERLLIBDIR" -g_confdir="$CONFDIR" +g_confdir="$CONFDIR"/shorewall g_readrc=1 -. $g_sharedir/shorewall/lib.cli +. $g_sharedir/lib.cli shorewall_cli $@ diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite index 720caeff7..be27bfd1f 100755 --- a/Shorewall6-lite/shorewall6-lite +++ b/Shorewall6-lite/shorewall6-lite @@ -33,10 +33,10 @@ g_program=shorewall6-lite . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" -g_sharedir="$SHAREDIR" +g_sharedir="$SHAREDIR"/shorewall6-lite g_sbindir="$SBINDIR" g_perllib="$PERLLIBDIR" -g_confdir="$CONFDIR" +g_confdir="$CONFDIR"/shorewall6-lite g_readrc=1 . $g_sharedir/shorewall/lib.cli diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 6d512a0bd..216b7b7d2 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -33,12 +33,12 @@ g_program=shorewall6 . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" -g_sharedir="$SHAREDIR" +g_sharedir="$SHAREDIR"/shorewall6 g_sbindir="$SBINDIR" g_perllib="$PERLLIBDIR" -g_confdir="$CONFDIR" +g_confdir="$CONFDIR"/shorewall6 g_readrc=1 -. $g_sharedir/shorewall/lib.cli +. $g_sharedir/lib.cli shorewall_cli $@ From 7db79a6d40febaa342090ddbde7a8f88f47d384a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 3 Apr 2012 07:52:14 -0700 Subject: [PATCH 2/7] Fix ifupdown Signed-off-by: Tom Eastep --- Shorewall-init/ifupdown.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Shorewall-init/ifupdown.sh b/Shorewall-init/ifupdown.sh index cf99eb67a..c58a5c578 100644 --- a/Shorewall-init/ifupdown.sh +++ b/Shorewall-init/ifupdown.sh @@ -1,4 +1,4 @@ -#!/bin/sh +2#!/bin/sh # # ifupdown script for Shorewall-based products # @@ -187,13 +187,19 @@ else fi for PRODUCT in $PRODUCTS; do - if [ -x $VARDIR/firewall ]; then + # + # For backward compatibility, lib.base appends the product name to VARDIR + # Save it here and restore it below + # + save_vardir=${VARDIR} + if [ -x $VARDIR/$PRODUCT/firewall ]; then ( . ${SHAREDIR}/shorewall/lib.base mutex_on ${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone mutex_off ) fi + VARDIR=${save_vardir} done exit 0 From abd864eecb25d482070716a89301ff9ec21e3ac1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 3 Apr 2012 07:52:39 -0700 Subject: [PATCH 3/7] Update copyrights in init scripts that have them Signed-off-by: Tom Eastep --- Shorewall-init/init.debian.sh | 4 ++-- Shorewall-init/init.sh | 4 ++-- Shorewall-lite/init.sh | 4 ++-- Shorewall6-lite/init.sh | 4 ++-- Shorewall6/init.sh | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh index 032575e8e..96437dfcd 100755 --- a/Shorewall-init/init.debian.sh +++ b/Shorewall-init/init.debian.sh @@ -1,10 +1,10 @@ #!/bin/sh # -# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4 +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2010 - Tom Eastep (teastep@shorewall.net) +# (c) 2010,2012 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # diff --git a/Shorewall-init/init.sh b/Shorewall-init/init.sh index 86932e974..581bbc287 100755 --- a/Shorewall-init/init.sh +++ b/Shorewall-init/init.sh @@ -1,9 +1,9 @@ #! /bin/bash -# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4 +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 2010 - Tom Eastep (teastep@shorewall.net) +# (c) 2010,2012 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # diff --git a/Shorewall-lite/init.sh b/Shorewall-lite/init.sh index b1284e273..3bae9c5d7 100755 --- a/Shorewall-lite/init.sh +++ b/Shorewall-lite/init.sh @@ -1,11 +1,11 @@ #!/bin/sh RCDLINKS="2,S41 3,S41 6,K41" # -# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1 +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net) +# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # diff --git a/Shorewall6-lite/init.sh b/Shorewall6-lite/init.sh index 9e681b4eb..17c39d367 100755 --- a/Shorewall6-lite/init.sh +++ b/Shorewall6-lite/init.sh @@ -1,11 +1,11 @@ #!/bin/sh RCDLINKS="2,S41 3,S41 6,K41" # -# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1 +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net) +# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # diff --git a/Shorewall6/init.sh b/Shorewall6/init.sh index 93d36ede8..47362770d 100755 --- a/Shorewall6/init.sh +++ b/Shorewall6/init.sh @@ -1,11 +1,11 @@ #!/bin/sh RCDLINKS="2,S41 3,S41 6,K41" # -# The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.2 +# The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.5 # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # -# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) +# (c) 1999,2000,2001,2002,2003,2004,2005,2012 - Tom Eastep (teastep@shorewall.net) # # On most distributions, this file should be called /etc/init.d/shorewall. # From 41266627cd7e978c9273b1e9a0e6b4b5a7812c4e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 3 Apr 2012 08:09:18 -0700 Subject: [PATCH 4/7] Fix secondary CLIs - construct the correct pathname for lib.cli --- Shorewall-lite/shorewall-lite | 2 +- Shorewall6-lite/shorewall6-lite | 2 +- Shorewall6/shorewall6 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 6a7c6faae..5395fd85f 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -38,6 +38,6 @@ g_sbindir="$SBINDIR" g_confdir="$CONFDIR"/shorewall-lite g_readrc=1 -. $g_sharedir/shorewall/lib.cli +. ${SHAREDIR}/shorewall/lib.cli shorewall_cli $@ diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite index be27bfd1f..6a975bc32 100755 --- a/Shorewall6-lite/shorewall6-lite +++ b/Shorewall6-lite/shorewall6-lite @@ -39,6 +39,6 @@ g_perllib="$PERLLIBDIR" g_confdir="$CONFDIR"/shorewall6-lite g_readrc=1 -. $g_sharedir/shorewall/lib.cli +. ${SHAREDIR}/shorewall/lib.cli shorewall_cli $@ diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 216b7b7d2..456dffdcf 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -39,6 +39,6 @@ g_perllib="$PERLLIBDIR" g_confdir="$CONFDIR"/shorewall6 g_readrc=1 -. $g_sharedir/lib.cli +. ${SHAREDIR}/shorewall/lib.cli shorewall_cli $@ From 24d30275fa1c9b1d9b1476a295d0a3707e296b9e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 3 Apr 2012 17:08:14 -0700 Subject: [PATCH 5/7] Correct syntax errors in the generated script Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 6d594df3a..d2c1e3593 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -6449,12 +6449,12 @@ sub ensure_ipset( $ ) { if ( have_capability 'IPSET_V5' ) { emit ( qq( if ! qt \$IPSET -L $set -n; then) , qq( error_message "WARNING: ipset $set does not exist; creating it as an hash:ip set") , - qq( \$IPSET -N $set hash:ip family inet") , + qq( \$IPSET -N $set hash:ip family inet) , qq( fi) ); } else { emit ( qq( if ! qt \$IPSET -L $set -n; then) , qq( error_message "WARNING: ipset $set does not exist; creating it as an iphash set") , - qq( \$IPSET -N $set iphash") , + qq( \$IPSET -N $set iphash) , qq( fi) ); } } else { From 38b6dca22388198d8ccb0dc548b24e574d60fb26 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 4 Apr 2012 07:08:02 -0700 Subject: [PATCH 6/7] Correct a number of issues with Shorewall-lite Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 2 +- Shorewall-lite/shorewall-lite | 2 +- Shorewall/lib.cli-std | 14 ++++++-------- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index eb7bb8014..a4d9243df 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -859,7 +859,7 @@ show_command() { echo "VARDIR=$VARDIR" echo "LIBEXEC=$g_libexec" echo "SBINDIR=$g_sbindir" - [ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}" + [ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR=${VARDIR}" else echo "Default CONFIG_PATH is $CONFIG_PATH" echo "Default VARDIR is /var/lib/$g_program" diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 5395fd85f..1f5f07ea4 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -33,7 +33,7 @@ g_program=shorewall-lite . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" -g_sharedir="$SHAREDIR"/shoerwall-lite +g_sharedir="$SHAREDIR"/shorewall-lite g_sbindir="$SBINDIR" g_confdir="$CONFDIR"/shorewall-lite g_readrc=1 diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index f507e7da3..28486f161 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1364,13 +1364,11 @@ reload_command() # $* = original arguments less the command. ;; esac - config=$(rsh_command ${g_program}-lite show config 2> /dev/null) - - temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //') + temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //') [ -n "$temp" ] && litedir="$temp" - temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //') + temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //') if [ -n "$temp" ]; then case $temp in @@ -1383,7 +1381,7 @@ reload_command() # $* = original arguments less the command. esac fi - temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //') + temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^SBINDIR | sed 's/SBINDIR is //') if [ -n "$temp" ]; then sbindir="$temp" @@ -1435,15 +1433,15 @@ reload_command() # $* = original arguments less the command. progress_message3 "Copy complete" if [ $COMMAND = reload ]; then - rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \ + rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \ progress_message3 "System $system reloaded" || saveit= else - rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \ + rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp start" && \ progress_message3 "System $system loaded" || saveit= fi if [ -n "$saveit" ]; then - rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \ + rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp save" && \ progress_message3 "Configuration on system $system saved" fi fi From 319d07b1d315669a02842815c0d2aa130094fff0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 4 Apr 2012 09:24:48 -0700 Subject: [PATCH 7/7] Remove more absolute path names Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 6 ++++-- Shorewall/lib.cli-std | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index a4d9243df..4b462ca8e 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -859,12 +859,14 @@ show_command() { echo "VARDIR=$VARDIR" echo "LIBEXEC=$g_libexec" echo "SBINDIR=$g_sbindir" + echo "CONFDIR=${CONFDIR}" [ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR=${VARDIR}" else echo "Default CONFIG_PATH is $CONFIG_PATH" echo "Default VARDIR is /var/lib/$g_program" echo "LIBEXEC is $g_libexec" echo "SBINDIR is $g_sbindir" + echo "CONFDIR is ${CONFDIR}" [ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}" fi ;; @@ -1126,8 +1128,8 @@ do_dump_command() { echo "$g_product $SHOREWALL_VERSION Dump at $g_hostname - $(date)" echo - if [ $g_family -eq 6 ] && [ -f /usr/share/shorewall/version ]; then - echo " Shorewall $(cat /usr/share/shorewall/version)" + if [ $g_family -eq 6 ] && [ -f ${SHAREDIR}/shorewall/version ]; then + echo " Shorewall $(cat ${SHAREDIR}/shorewall/version)" echo fi show_status diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 28486f161..e44633f9b 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1308,6 +1308,8 @@ reload_command() # $* = original arguments less the command. root=root local libexec libexec=/usr/share + local confdir + confdir=/etc litedir=/var/lib/${g_program}-lite @@ -1389,6 +1391,10 @@ reload_command() # $* = original arguments less the command. sbindir=/sbin fi + temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^CONFDIR | sed 's/CONFDIR is //') + + [ -n "$temp" ] && confdir="$temp" + if [ -z "$getcaps" ]; then g_shorewalldir=$(resolve_file $directory) ensure_config_path @@ -1431,7 +1437,6 @@ reload_command() # $* = original arguments less the command. [ -f $save ] && progress_message3 "Copying $save to ${system}:/etc/${g_program}-lite/" && rcp_command $save /etc/shorewall-lite/ - progress_message3 "Copy complete" if [ $COMMAND = reload ]; then rsh_command "${sbindir}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \ progress_message3 "System $system reloaded" || saveit=