From e2253d609237f4444650fb28d775d50637221569 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 6 Aug 2005 16:58:18 +0000 Subject: [PATCH] Install the Makefile -- Patch by Cristian Rodriquez git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2458 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 19 ++++++++++--------- Shorewall/install.sh | 17 +++++++++++++++++ Shorewall/shorewall.spec | 1 + 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index 84373cc30..cd0737953 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -4688,7 +4688,7 @@ add_nat_rule() { done if [ -n "$loglevel" ]; then - log_rule $loglevel $chain $logtarget -t nat + log_rule_limit $loglevel $chain OUTPUT $logtarget "$ratelimit" "$logtag" -A -t nat fi addnatrule $chain $ratelimit $proto -j $target1 # Protocol is necessary for port redirection @@ -4703,8 +4703,6 @@ add_nat_rule() { done fi else - chain=$(dnat_chain $source) - if [ -n "${excludezones}${excludedests}" ]; then chain=$( build_exclusion_chain nat "" $excludedests @@ -4720,11 +4718,12 @@ add_nat_rule() { done if [ -n "$loglevel" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A -t nat + log_rule_limit $loglevel $chain $(dnat_chain $source) $logtarget "$ratelimit" "$logtag" -A -t nat fi addnatrule $chain $ratelimit $proto -j $target1 # Protocol is necessary for port redirection else + chain=$(dnat_chain $source) for adr in $(separate_list $addr); do if [ -n "$loglevel" ]; then ensurenatchain $chain @@ -4768,6 +4767,7 @@ add_nat_rule() { # multioption = String to invoke multiport match if appropriate # servport = Port the server listens on # chain = The canonical chain for this rule +# logchain = The chain that should be mentioned in log messages # ratelimit = Optional rate limiting clause # userandgroup= -m owner clause # userspec = User name @@ -4937,7 +4937,7 @@ add_a_rule() if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then for adr in $(separate_list $addr); do if [ -n "$loglevel" -a -z "$natrule" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A -m conntrack --ctorigdst $adr \ + log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A -m conntrack --ctorigdst $adr \ $userandgroup $(fix_bang $proto $sports $multiport $cli $(dest_ip_range $srv) $dports) fi @@ -4946,7 +4946,7 @@ add_a_rule() done else if [ -n "$loglevel" -a -z "$natrule" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ + log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ $(fix_bang $proto $sports $multiport $cli $(dest_ip_range $srv) $dports) fi @@ -4964,7 +4964,7 @@ add_a_rule() done else if [ -n "$loglevel" -a -z "$natrule" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ + log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ $(fix_bang $proto $sports $multiport $cli $dports) fi @@ -4986,7 +4986,7 @@ add_a_rule() if [ -n "$addr" ]; then for adr in $(separate_list $addr); do if [ -n "$loglevel" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ + log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ $(fix_bang $proto $multiport $cli $dest_interface $sports $dports -m conntrack --ctorigdst $adr) fi @@ -5004,7 +5004,7 @@ add_a_rule() done else if [ -n "$loglevel" ]; then - log_rule_limit $loglevel $chain $chain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ + log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A $userandgroup \ $(fix_bang $proto $multiport $cli $dest_interface $sports $dports) fi @@ -5271,6 +5271,7 @@ process_rule() # $1 = target # Ensure that this rule doesn't apply to a NONE policy pair of zones chain=${source}2${dest} + logchain=$chain eval policy=\$${chain}_policy diff --git a/Shorewall/install.sh b/Shorewall/install.sh index dc2da9e6b..13f80b108 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -148,6 +148,10 @@ elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then elif [ -f /etc/slackware-version ] ; then DEST="/etc/rc.d" INIT="rc.firewall" +elif [ -f /etc/arch-release ] ; then + DEST="/etc/rc.d" + INIT="shorewall" + ARCHLINUX=yes fi # @@ -199,6 +203,11 @@ else echo echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf" fi + +if [ -n "$ARCHLINUX" ] ; then + + sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf +fi # # Install the zones file # @@ -550,6 +559,14 @@ else echo echo "Actions file installed as ${PREFIX}/etc/shorewall/actions" fi + +if [ -f ${PREFIX}/etc/shorewall/Makefile ]; then + backup_file /etc/shorewall/Makefile +else + run_install $OWNERSHIP -m 0600 actions ${PREFIX}/etc/shorewall/Makefile + echo + echo "Makefile installed as ${PREFIX}/etc/shorewall/Makefile" +fi # # Install the Action files # diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index f7dda42f2..e5a78d48b 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -96,6 +96,7 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/continue %attr(0600,root,root) %config(noreplace) /etc/shorewall/started %attr(0600,root,root) %config(noreplace) /etc/shorewall/providers +%attr(0600,root,root) %config(noreplace) /etc/shorewall/Makefile %attr(0544,root,root) /sbin/shorewall