mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 09:47:51 +02:00
Apply recent exit status changes to trunk
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7775 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
ff82e98c78
commit
dd0d55cac8
@ -203,17 +203,17 @@ stop_firewall() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
deleteallchains() {
|
deleteallchains() {
|
||||||
$IPTABLES -F
|
do_iptables -F
|
||||||
$IPTABLES -X
|
do_iptables -X
|
||||||
}
|
}
|
||||||
|
|
||||||
setcontinue() {
|
setcontinue() {
|
||||||
$IPTABLES -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
do_iptables -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_nat() {
|
delete_nat() {
|
||||||
$IPTABLES -t nat -F
|
do_iptables -t nat -F
|
||||||
$IPTABLES -t nat -X
|
do_iptables -t nat -X
|
||||||
|
|
||||||
if [ -f ${VARDIR}/nat ]; then
|
if [ -f ${VARDIR}/nat ]; then
|
||||||
while read external interface; do
|
while read external interface; do
|
||||||
@ -261,8 +261,8 @@ stop_firewall() {
|
|||||||
# references to ipsets
|
# references to ipsets
|
||||||
#
|
#
|
||||||
for table in mangle nat filter; do
|
for table in mangle nat filter; do
|
||||||
$IPTABLES -t $table -F
|
do_iptables -t $table -F
|
||||||
$IPTABLES -t $table -X
|
do_iptables -t $table -X
|
||||||
done
|
done
|
||||||
|
|
||||||
${RESTOREPATH}-ipsets
|
${RESTOREPATH}-ipsets
|
||||||
@ -364,8 +364,8 @@ EOF
|
|||||||
my $source = match_source_net $host;
|
my $source = match_source_net $host;
|
||||||
my $dest = match_dest_net $host;
|
my $dest = match_dest_net $host;
|
||||||
|
|
||||||
emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
emit( "do_iptables -A INPUT -i $interface $source -j ACCEPT",
|
||||||
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
|
"do_iptables -A OUTPUT -o $interface $dest -j ACCEPT"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -390,8 +390,8 @@ EOF
|
|||||||
my $source = match_source_net $host;
|
my $source = match_source_net $host;
|
||||||
my $dest = match_dest_net $host;
|
my $dest = match_dest_net $host;
|
||||||
|
|
||||||
emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
|
emit( "do_iptables -A INPUT -i $interface $source -j ACCEPT",
|
||||||
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
|
"do_iptables -A OUTPUT -o $interface $dest -j ACCEPT"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -426,21 +426,21 @@ EOF
|
|||||||
|
|
||||||
process_routestopped;
|
process_routestopped;
|
||||||
|
|
||||||
emit( '$IPTABLES -A INPUT -i lo -j ACCEPT',
|
emit( 'do_iptables -A INPUT -i lo -j ACCEPT',
|
||||||
'$IPTABLES -A OUTPUT -o lo -j ACCEPT'
|
'do_iptables -A OUTPUT -o lo -j ACCEPT'
|
||||||
);
|
);
|
||||||
|
|
||||||
emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED};
|
emit 'do_iptabes -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED};
|
||||||
|
|
||||||
my $interfaces = find_interfaces_by_option 'dhcp';
|
my $interfaces = find_interfaces_by_option 'dhcp';
|
||||||
|
|
||||||
for my $interface ( @$interfaces ) {
|
for my $interface ( @$interfaces ) {
|
||||||
emit "\$IPTABLES -A INPUT -p udp -i $interface --dport 67:68 -j ACCEPT";
|
emit "do_iptables -A INPUT -p udp -i $interface --dport 67:68 -j ACCEPT";
|
||||||
emit "\$IPTABLES -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT" unless $config{ADMINISABSENTMINDED};
|
emit "do_iptables -A OUTPUT -p udp -o $interface --dport 67:68 -j ACCEPT" unless $config{ADMINISABSENTMINDED};
|
||||||
#
|
#
|
||||||
# This might be a bridge
|
# This might be a bridge
|
||||||
#
|
#
|
||||||
emit "\$IPTABLES -A FORWARD -p udp -i $interface -o $interface --dport 67:68 -j ACCEPT";
|
emit "do_iptables -A FORWARD -p udp -i $interface -o $interface --dport 67:68 -j ACCEPT";
|
||||||
}
|
}
|
||||||
|
|
||||||
emit '';
|
emit '';
|
||||||
@ -550,7 +550,7 @@ sub generate_script_2 () {
|
|||||||
|
|
||||||
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
|
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
|
||||||
'',
|
'',
|
||||||
'qt $IPTABLES -L shorewall -n && qt $IPTABLES -F shorewall && qt $IPTABLES -X shorewall',
|
'qt1 $IPTABLES -L shorewall -n && qt1 $IPTABLES -F shorewall && qt1 $IPTABLES -X shorewall',
|
||||||
'',
|
'',
|
||||||
'delete_proxyarp',
|
'delete_proxyarp',
|
||||||
''
|
''
|
||||||
@ -656,13 +656,13 @@ else
|
|||||||
if [ $COMMAND = refresh ]; then
|
if [ $COMMAND = refresh ]; then
|
||||||
chainlist_reload
|
chainlist_reload
|
||||||
run_refreshed_exit
|
run_refreshed_exit
|
||||||
$IPTABLES -N shorewall
|
do_iptables -N shorewall
|
||||||
set_state "Started"
|
set_state "Started"
|
||||||
else
|
else
|
||||||
setup_netfilter
|
setup_netfilter
|
||||||
restore_dynamic_rules
|
restore_dynamic_rules
|
||||||
run_start_exit
|
run_start_exit
|
||||||
$IPTABLES -N shorewall
|
do_iptables -N shorewall
|
||||||
set_state "Started"
|
set_state "Started"
|
||||||
run_started_exit
|
run_started_exit
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -115,6 +115,17 @@ run_iptables()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Run iptables retrying exit status 4
|
||||||
|
#
|
||||||
|
do_iptables()
|
||||||
|
{
|
||||||
|
while [ 1 ]; do
|
||||||
|
$IPTABLES $@
|
||||||
|
[ $? -ne 4 ] && break
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Run iptables and if an error occurs, stop/restore the firewall
|
# Run iptables and if an error occurs, stop/restore the firewall
|
||||||
#
|
#
|
||||||
|
|||||||
@ -112,6 +112,14 @@ qt()
|
|||||||
"$@" >/dev/null 2>&1
|
"$@" >/dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
qt1()
|
||||||
|
{
|
||||||
|
while [ 1 ]; do
|
||||||
|
"$@" >/dev/null 2>&1
|
||||||
|
[ $? -ne 4 ] && break;
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Determine if Shorewall is "running"
|
# Determine if Shorewall is "running"
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user