Fix install.sh on Debian/Ubuntu

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3811 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-14 19:54:06 +01:00 · 2006-04-25 22:46:36 +00:00 · 2006-04-25 22:46:36 +00:00 · ead63852f4
commit ead63852f4
parent 17c906092e
5 changed files with 36 additions and 8 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -15,6 +15,8 @@ Changes in 3.2.0 Beta 5

 7)  Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.

+8)  Clear SUBSYSLOCK on Debian/Ubuntu installs.
+
 Changes in 3.2.0 Beta 4

 1)  Fix 'routeback' with bridge ports.
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -2733,7 +2733,7 @@ setup_nat() {
 		    add_ip_aliases=
 		    ;;
 		*)
-		    [ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $external dev $iface
+		    [ -n "$RETAIN_ALIASES" ] || save_command del_ip_addr $external $iface
 		    ;;
 	    esac
 	else
@ -2793,7 +2793,7 @@ delete_nat() {

 if [ -f /var/lib/shorewall/nat ]; then
   while read external interface; do
-       qt ip addr del \$external dev \$interface
+       ip_addr_del \$external \$interface
    done < /var/lib/shorewall/nat

    rm -f {/var/lib/shorewall}/nat
@ -6946,7 +6946,7 @@ __EOF__
 		    if [ -n "$address" ]; then
 			for addr in $(ip_range_explicit ${address%:*}) ; do
 			    if ! list_search $addr $ALIASES_TO_ADD; then
-				[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
+				[ -n "$RETAIN_ALIASES" ] || save_command ip_addr_del $addr $interface
 				ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
 				case $fullinterface in
 				    *:*)
@ -8308,7 +8308,7 @@ stop_firewall() {

 	if [ -f /var/lib/shorewall/nat ]; then
 	    while read external interface; do
-		qt ip addr del \$external dev \$interface
+		ip_addr_del \$external dev \$interface
 	    done < /var/lib/shorewall/nat

 	    rm -f /var/lib/shorewall/nat
@ -8744,8 +8744,8 @@ __EOF__

    local version=\$(cat /usr/share/shorewall/version)

-    if [ \${LIBVERSION:-0} -lt 30105 ]; then
-	fatal_error "This script requires Shorewall version 3.1.5 or later; current version is \$version"
+    if [ \${LIBVERSION:-0} -lt 30200 ]; then
+	fatal_error "This script requires Shorewall version 3.2.0 or later; current version is \$version"
    fi

 __EOF__
--- a/Shorewall/functions
+++ b/Shorewall/functions
@ -2,7 +2,7 @@
 #
 # Shorewall 3.2 -- /usr/share/shorewall/functions

-LIBVERSION=30105
+LIBVERSION=30200

 #
 # Message to stderr
@ -1058,6 +1058,19 @@ find_first_interface_address() # $1 = interface
    echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//'
 }

+find_first_interface_address_if_any() # $1 = interface
+{
+    #
+    # get the line of output containing the first IP address
+    #
+    addr=$(ip -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
+    #
+    # Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
+    # along with everything else on the line
+    #
+    [ -n "$addr" ] && echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
+}
+
 #
 # Find interface addresses--returns the set of addresses assigned to the passed
 # device
@ -1253,6 +1266,15 @@ report_capabilities() {

 }

+
+#
+# Delete IP address
+#
+del_ip_addr() # $1 = address, $2 = interface
+{
+    [ $(find_first_interface_address_if_any $2) = $1 ] || qt ip addr del $1 dev $2
+}
+
 # Add IP Aliases
 #
 add_ip_aliases() # $* = List of addresses
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -609,7 +609,7 @@ if [ -z "$PREFIX" -a -n "$first_install" ]; then
 	echo "shorewall will start automatically at boot"
 	echo "Set startup=1 in /etc/default/shorewall to enable"
 	touch /var/log/shorewall-init.log
-	qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/' /etc/shorewall/shorewall.conf
+	qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' /etc/shorewall/shorewall.conf
    else
 	if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
 	    if insserv /etc/init.d/shorewall ; then
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -55,6 +55,10 @@ Problems Corrected in 3.2.0 Beta 5
    try to mark packets in either of them using entries in
    /etc/shorewall/tcrules, [re]start will fail.

+6)  When install.sh is used to install on a Debian or Ubuntu system, the
+    SUBSYSLOCK option in shorewall.conf was not being cleared.
+    It will now be cleared, provided that Perl is installed on the system.
+
 Other changes in 3.2.0 Beta 5

 1)  The "shorewall refresh" command no longer refreshes traffic shaping.