mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Add extra-quiet mode using -qq
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d1bf397545
commit
ee3a9a9456
@ -3,3 +3,5 @@ Changes in 3.1.0
|
||||
1) Removal of dynamic zones.
|
||||
|
||||
2) Implement 'generate' command.
|
||||
|
||||
3) Implement 'super-quiet' mode using multiple -q options (e.g., -qq).
|
||||
|
@ -1122,7 +1122,7 @@ determine_hosts() {
|
||||
eval ${zone}_hosts="\$hosts"
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
display_list "$zone Zone:" $hosts
|
||||
[ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts
|
||||
else
|
||||
error_message "WARNING: Zone $zone is empty"
|
||||
fi
|
||||
@ -1393,11 +1393,11 @@ setup_providers()
|
||||
|
||||
if [ -s $TMP_DIR/providers ]; then
|
||||
if [ $COMMAND != check ]; then
|
||||
echo "Processing $1..."
|
||||
progress_message2 "Processing $1..."
|
||||
|
||||
save_progress_message "Restoring Providers..."
|
||||
else
|
||||
echo "Validating $1..."
|
||||
progress_message2 "Validating $1..."
|
||||
fi
|
||||
|
||||
while read table number mark duplicate interface gateway options copy; do
|
||||
@ -1547,7 +1547,7 @@ validate_hosts_file() {
|
||||
|
||||
done < $TMP_DIR/hosts
|
||||
|
||||
[ -n "$ALL_PORTS" ] && echo " Bridge ports are: $ALL_PORTS"
|
||||
[ -n "$ALL_PORTS" ] && progress_message2 " Bridge ports are: $ALL_PORTS"
|
||||
}
|
||||
|
||||
#
|
||||
@ -1889,11 +1889,11 @@ setup_forwarding() {
|
||||
case "$IP_FORWARDING" in
|
||||
[Oo][Nn])
|
||||
run_and_save_command "echo 1 > /proc/sys/net/ipv4/ip_forward"
|
||||
echo "IP Forwarding Enabled"
|
||||
progress_message2 "IP Forwarding Enabled"
|
||||
;;
|
||||
[Oo][Ff][Ff])
|
||||
run_and_save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
|
||||
echo "IP Forwarding Disabled!"
|
||||
progress_message2 "IP Forwarding Disabled!"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
@ -2108,7 +2108,7 @@ stop_firewall() {
|
||||
if [ -x $RESTOREPATH ]; then
|
||||
|
||||
if [ -x ${RESTOREPATH}-ipsets ]; then
|
||||
echo Restoring Ipsets...
|
||||
progress_message2 Restoring Ipsets...
|
||||
#
|
||||
# We must purge iptables to be sure that there are no
|
||||
# references to ipsets
|
||||
@ -2245,11 +2245,11 @@ stop_firewall() {
|
||||
case "$IP_FORWARDING" in
|
||||
[Oo][Nn])
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
echo "IP Forwarding Enabled"
|
||||
progress_message2 "IP Forwarding Enabled"
|
||||
;;
|
||||
[Oo][Ff][Ff])
|
||||
echo 0 > /proc/sys/net/ipv4/ip_forward
|
||||
echo "IP Forwarding Disabled!"
|
||||
progress_message2 "IP Forwarding Disabled!"
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -3147,7 +3147,7 @@ setup_ecn() # $1 = file name
|
||||
|
||||
strip_file ecn $1
|
||||
|
||||
echo "Processing $1..."
|
||||
progress_message2 "Processing $1..."
|
||||
|
||||
while read interface host; do
|
||||
expandv interface host
|
||||
@ -3311,7 +3311,7 @@ setup_traffic_shaping()
|
||||
}
|
||||
|
||||
validate_tcdevices_file() {
|
||||
echo "Validating $devfile..."
|
||||
progress_message2 "Validating $devfile..."
|
||||
local device local device inband outband
|
||||
while read device inband outband; do
|
||||
expandv device inband outband
|
||||
@ -3328,7 +3328,7 @@ setup_traffic_shaping()
|
||||
}
|
||||
|
||||
validate_tcclasses_file() {
|
||||
echo "Validating $classfile..."
|
||||
progress_message2 "Validating $classfile..."
|
||||
local classlist device mark rate ceil prio bandw wrongopt allopts opt
|
||||
allopts=""
|
||||
while read device mark rate ceil prio options; do
|
||||
@ -3417,7 +3417,7 @@ setup_traffic_shaping()
|
||||
if [ $COMMAND != check ]; then
|
||||
if [ -s $TMP_DIR/tcdevices ]; then
|
||||
save_progress_message "Restoring Traffic Control..."
|
||||
echo "Processing $devfile..."
|
||||
progress_message2 "Processing $devfile..."
|
||||
|
||||
while read device inband outband defmark ackmark; do
|
||||
expandv device inband outband defmark ackmark
|
||||
@ -3435,7 +3435,7 @@ setup_traffic_shaping()
|
||||
fi
|
||||
|
||||
if [ -s $TMP_DIR/tcclasses ]; then
|
||||
echo "Processing $classfile..."
|
||||
progress_message2 "Processing $classfile..."
|
||||
|
||||
while read device mark rate ceil prio options; do
|
||||
expandv device mark rate ceil prio options
|
||||
@ -3787,7 +3787,7 @@ setup_tc1() {
|
||||
|
||||
setup_tc() {
|
||||
|
||||
echo "Setting up Traffic Control Rules..."
|
||||
progress_message2 "Setting up Traffic Control Rules..."
|
||||
|
||||
setup_tc1
|
||||
}
|
||||
@ -4058,7 +4058,7 @@ process_accounting_rule() {
|
||||
setup_accounting() # $1 = Name of accounting file
|
||||
{
|
||||
|
||||
echo "Setting up Accounting..."
|
||||
progress_message2 "Setting up Accounting..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring Accounting..."
|
||||
|
||||
@ -4108,31 +4108,33 @@ check_config() {
|
||||
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
|
||||
fi
|
||||
|
||||
echo "Determining Zones..."
|
||||
progress_message2 "Determining Zones..."
|
||||
|
||||
determine_zones
|
||||
|
||||
display_list "IPv4_Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
display_list "Firewall Zone:" $FW
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
display_list "IPv4_Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
display_list "Firewall Zone:" $FW
|
||||
fi
|
||||
|
||||
setup_ipsec
|
||||
|
||||
echo "Validating interfaces file..."
|
||||
progress_message2 "Validating interfaces file..."
|
||||
|
||||
validate_interfaces_file
|
||||
|
||||
echo "Validating hosts file..."
|
||||
progress_message2 "Validating hosts file..."
|
||||
|
||||
validate_hosts_file
|
||||
|
||||
echo "Determining Hosts in Zones..."
|
||||
progress_message2 "Determining Hosts in Zones..."
|
||||
|
||||
determine_interfaces
|
||||
determine_hosts
|
||||
|
||||
echo "Validating policy file..."
|
||||
progress_message2 "Validating policy file..."
|
||||
|
||||
validate_policy
|
||||
|
||||
@ -4140,25 +4142,25 @@ check_config() {
|
||||
|
||||
validate_blacklist
|
||||
|
||||
echo "Validating Proxy ARP"
|
||||
progress_message2 "Validating Proxy ARP"
|
||||
strip_file proxyarp
|
||||
setup_proxy_arp
|
||||
|
||||
echo "Validating NAT..."
|
||||
progress_message2 "Validating NAT..."
|
||||
strip_file nat
|
||||
setup_nat
|
||||
|
||||
echo "Pre-validating Actions..."
|
||||
progress_message2 "Pre-validating Actions..."
|
||||
|
||||
process_actions1
|
||||
|
||||
echo "Validating rules file..."
|
||||
progress_message2 "Validating rules file..."
|
||||
|
||||
rules=$(find_file rules)
|
||||
strip_file rules $rules
|
||||
process_rules
|
||||
|
||||
echo "Validating Actions..."
|
||||
progress_message2 "Validating Actions..."
|
||||
|
||||
process_actions2
|
||||
process_actions3
|
||||
@ -4182,7 +4184,7 @@ check_config() {
|
||||
#
|
||||
refresh_tc() {
|
||||
|
||||
echo "Refreshing Traffic Control Rules..."
|
||||
progress_message2 "Refreshing Traffic Control Rules..."
|
||||
|
||||
[ -n "$CLEAR_TC" ] && delete_tc1
|
||||
|
||||
@ -5021,7 +5023,7 @@ process_actions1() {
|
||||
eval requiredby_${action}=
|
||||
|
||||
if [ -f $fn ]; then
|
||||
echo " Pre-processing $fn..."
|
||||
progress_message2 " Pre-processing $fn..."
|
||||
strip_file $f $fn
|
||||
while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do
|
||||
expandv xtarget
|
||||
@ -5278,7 +5280,7 @@ process_actions3() {
|
||||
#
|
||||
f=action.$xaction1
|
||||
|
||||
echo "Processing $(find_file $f) for Chain $xchain..."
|
||||
progress_message2 "Processing $(find_file $f) for Chain $xchain..."
|
||||
|
||||
while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec; do
|
||||
expandv xtarget
|
||||
@ -6782,7 +6784,7 @@ process_tos_rule() {
|
||||
#
|
||||
process_tos() # $1 = name of tos file
|
||||
{
|
||||
echo "Processing $1..."
|
||||
progress_message2 "Processing $1..."
|
||||
|
||||
strip_file tos $1
|
||||
|
||||
@ -7367,14 +7369,17 @@ setup_masq()
|
||||
strip_file masq $1
|
||||
|
||||
if [ -n "$NAT_ENABLED" ]; then
|
||||
echo "Masqueraded Networks and Hosts:"
|
||||
progress_message2 "Masqueraded Networks and Hosts:"
|
||||
[ $COMMAND = check ] || save_progress_message "Restoring Masquerading/SNAT..."
|
||||
fi
|
||||
|
||||
while read fullinterface networks addresses proto ports ipsec; do
|
||||
expandv fullinterface networks addresses proto ports ipsec
|
||||
[ -n "$NAT_ENABLED" ] && setup_one || \
|
||||
if [ -n "$NAT_ENABLED" ]; then
|
||||
setup_one
|
||||
else
|
||||
error_message "WARNING: NAT disabled; masq rule ignored"
|
||||
fi
|
||||
done < $TMP_DIR/masq
|
||||
}
|
||||
|
||||
@ -7489,7 +7494,7 @@ setup_blacklist() {
|
||||
local ipsec policy
|
||||
|
||||
if [ -n "$hosts" -a -f $f ]; then
|
||||
echo "Setting up Blacklisting..."
|
||||
progress_message2 "Setting up Blacklisting..."
|
||||
|
||||
[ $COMMAND = restore ] && save_progress_message "Restoring Blacklisting..."
|
||||
|
||||
@ -7534,7 +7539,7 @@ refresh_blacklist() {
|
||||
local disposition=$BLACKLIST_DISPOSITION
|
||||
|
||||
if qt $IPTABLES -L blacklst -n ; then
|
||||
echo "Loading Black List..."
|
||||
progress_message2 "Loading Black List..."
|
||||
|
||||
strip_file blacklist $f
|
||||
|
||||
@ -7556,7 +7561,7 @@ validate_blacklist() {
|
||||
local f=$(find_file blacklist)
|
||||
local disposition=$BLACKLIST_DISPOSITION
|
||||
|
||||
echo "Checking Black List..."
|
||||
progress_message2 "Checking Black List..."
|
||||
|
||||
strip_file blacklist $f
|
||||
|
||||
@ -7746,28 +7751,30 @@ initialize_netfilter () {
|
||||
[ -n "$RFC1918_STRICT" -a -z "$CONNTRACK_MATCH" ] && \
|
||||
startup_error "RFC1918_STRICT=Yes requires Connection Tracking match"
|
||||
|
||||
echo "Determining Zones..."
|
||||
progress_message2 "Determining Zones..."
|
||||
|
||||
determine_zones
|
||||
|
||||
display_list "IPv4 Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
display_list "Firewall Zone:" $FW
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
display_list "IPv4 Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
display_list "Firewall Zone:" $FW
|
||||
fi
|
||||
|
||||
echo "Validating interfaces file..."
|
||||
progress_message2 "Validating interfaces file..."
|
||||
|
||||
validate_interfaces_file
|
||||
|
||||
echo "Validating hosts file..."
|
||||
progress_message2 "Validating hosts file..."
|
||||
|
||||
validate_hosts_file
|
||||
|
||||
echo "Validating Policy file..."
|
||||
progress_message2 "Validating Policy file..."
|
||||
|
||||
validate_policy
|
||||
|
||||
echo "Determining Hosts in Zones..."
|
||||
progress_message2 "Determining Hosts in Zones..."
|
||||
|
||||
determine_interfaces
|
||||
determine_hosts
|
||||
@ -7786,7 +7793,7 @@ initialize_netfilter () {
|
||||
strip_file nat
|
||||
strip_file netmap
|
||||
|
||||
echo "Pre-processing Actions..."
|
||||
progress_message2 "Pre-processing Actions..."
|
||||
process_actions1
|
||||
|
||||
TERMINATOR=fatal_error
|
||||
@ -7820,7 +7827,7 @@ initialize_netfilter () {
|
||||
|
||||
[ -n "$CLEAR_TC" ] && delete_tc
|
||||
|
||||
echo "Deleting user chains..."
|
||||
progress_message2 "Deleting user chains..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Deleting user chains..."
|
||||
|
||||
@ -7866,7 +7873,7 @@ initialize_netfilter () {
|
||||
f=$(find_file ipsets)
|
||||
|
||||
if [ -f $f ]; then
|
||||
echo "Processing $f ..."
|
||||
progress_message2 "Processing $f ..."
|
||||
save_progress_message "Restoring IPSETS..."
|
||||
run_and_save_command "ipset -U :all: :all:"
|
||||
run_and_save_command "run_ipset -F"
|
||||
@ -7878,7 +7885,7 @@ initialize_netfilter () {
|
||||
|
||||
f=$(find_file routestopped)
|
||||
|
||||
echo "Processing $f ..."
|
||||
progress_message2 "Processing $f ..."
|
||||
|
||||
strip_file routestopped $f
|
||||
|
||||
@ -7911,7 +7918,7 @@ initialize_netfilter () {
|
||||
createchain smurfs no
|
||||
|
||||
if [ -f /var/lib/shorewall/save ]; then
|
||||
echo "Restoring dynamic rules..."
|
||||
progress_message2 "Restoring dynamic rules..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring dynamic rules..."
|
||||
|
||||
@ -7930,7 +7937,7 @@ initialize_netfilter () {
|
||||
|
||||
[ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state=
|
||||
|
||||
echo "Creating Interface Chains..."
|
||||
progress_message2 "Creating Interface Chains..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Creating Interface Chains..."
|
||||
|
||||
@ -8015,7 +8022,7 @@ add_common_rules() {
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
|
||||
echo "Adding Anti-smurf Rules"
|
||||
progress_message2 "Adding Anti-smurf Rules"
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Adding Anti-smurf Jumps..."
|
||||
|
||||
@ -8038,7 +8045,7 @@ add_common_rules() {
|
||||
|
||||
if [ -n "$interfaces" ]; then
|
||||
|
||||
echo "Adding rules for DHCP"
|
||||
progress_message2 "Adding rules for DHCP"
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring rules for DHCP..."
|
||||
|
||||
@ -8058,7 +8065,7 @@ add_common_rules() {
|
||||
hosts="$(find_hosts_by_option norfc1918)"
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
echo "Enabling RFC1918 Filtering"
|
||||
progress_message2 "Enabling RFC1918 Filtering"
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring RFC1918 Filtering..."
|
||||
|
||||
@ -8151,7 +8158,7 @@ add_common_rules() {
|
||||
hosts=$(find_hosts_by_option tcpflags)
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
echo "Setting up TCP Flags checking..."
|
||||
progress_message2 "Setting up TCP Flags checking..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring TCP Flags checking..."
|
||||
|
||||
@ -8219,7 +8226,7 @@ add_common_rules() {
|
||||
interfaces1=$(find_interfaces_by_option1 arp_ignore)
|
||||
|
||||
if [ -n "${interfaces}${interfaces1}" ]; then
|
||||
echo "Setting up ARP Filtering..."
|
||||
progress_message2 "Setting up ARP Filtering..."
|
||||
|
||||
for interface in $interfaces; do
|
||||
file=/proc/sys/net/ipv4/conf/$interface/arp_filter
|
||||
@ -8248,7 +8255,7 @@ add_common_rules() {
|
||||
interfaces="$(find_interfaces_by_option routefilter)"
|
||||
|
||||
if [ -n "$interfaces" -o -n "$ROUTE_FILTER" ]; then
|
||||
echo "Setting up Kernel Route Filtering..."
|
||||
progress_message2 "Setting up Kernel Route Filtering..."
|
||||
|
||||
save_progress_message "Restoring Route Filtering..."
|
||||
|
||||
@ -8282,7 +8289,7 @@ add_common_rules() {
|
||||
interfaces="$(find_interfaces_by_option logmartians)"
|
||||
|
||||
if [ -n "$interfaces" -o -n "$LOG_MARTIANS" ]; then
|
||||
echo "Setting up Martian Logging..."
|
||||
progress_message2 "Setting up Martian Logging..."
|
||||
|
||||
save_progress_message "Restoring Martian Logging..."
|
||||
|
||||
@ -8319,7 +8326,7 @@ add_common_rules() {
|
||||
interfaces=$(find_interfaces_by_option sourceroute)
|
||||
|
||||
if [ -n "$interfaces" ]; then
|
||||
echo "Setting up Accept Source Routing..."
|
||||
progress_message2 "Setting up Accept Source Routing..."
|
||||
|
||||
save_progress_message "Restoring Source Routing..."
|
||||
|
||||
@ -8340,7 +8347,7 @@ add_common_rules() {
|
||||
interfaces=$(find_interfaces_by_option upnp)
|
||||
|
||||
if [ -n "$interfaces" ]; then
|
||||
echo "Setting up UPnP..."
|
||||
progress_message2 "Setting up UPnP..."
|
||||
|
||||
[ $COMMAND = generate ] && save_progress_message "Restoring UPnP..."
|
||||
|
||||
@ -8739,52 +8746,52 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
|
||||
save_load_kernel_modules
|
||||
|
||||
echo "Initializing..."; initialize_netfilter
|
||||
progress_message2 "Initializing..."; initialize_netfilter
|
||||
|
||||
echo "Configuring Proxy ARP"; setup_proxy_arp
|
||||
progress_message2 "Configuring Proxy ARP"; setup_proxy_arp
|
||||
#
|
||||
# [re]-Establish routing
|
||||
#
|
||||
setup_providers $(find_file providers)
|
||||
[ -n "$ROUTEMARK_INTERFACES" ] && setup_routes
|
||||
[ -n "$ROUTEMARK_INTERFACES" ] && setup_routes
|
||||
|
||||
|
||||
echo "Setting up NAT..."; setup_nat
|
||||
echo "Setting up NETMAP..."; setup_netmap
|
||||
echo "Adding Common Rules"; add_common_rules
|
||||
progress_message2 "Setting up NAT..."; setup_nat
|
||||
progress_message2 "Setting up NETMAP..."; setup_netmap
|
||||
progress_message2 "Adding Common Rules"; add_common_rules
|
||||
|
||||
setup_syn_flood_chains
|
||||
|
||||
setup_ipsec
|
||||
|
||||
maclist_hosts=$(find_hosts_by_option maclist)
|
||||
[ -n "$maclist_hosts" ] && setup_mac_lists
|
||||
[ -n "$maclist_hosts" ] && setup_mac_lists
|
||||
|
||||
echo "Processing $(find_file rules)..."; process_rules
|
||||
progress_message2 "Processing $(find_file rules)..."; process_rules
|
||||
|
||||
tunnels=$(find_file tunnels)
|
||||
[ -f $tunnels ] && \
|
||||
echo "Processing $tunnels..." && setup_tunnels $tunnels
|
||||
progress_message2 "Processing $tunnels..." && setup_tunnels $tunnels
|
||||
|
||||
echo "Processing Actions..."; process_actions2
|
||||
process_actions3
|
||||
echo "Processing $(find_file policy)..."; apply_policy_rules
|
||||
progress_message2 "Processing Actions..."; process_actions2
|
||||
process_actions3
|
||||
progress_message2 "Processing $(find_file policy)..."; apply_policy_rules
|
||||
|
||||
masq=$(find_file masq)
|
||||
[ -f $masq ] && setup_masq $masq
|
||||
[ -f $masq ] && setup_masq $masq
|
||||
|
||||
tos=$(find_file tos)
|
||||
[ -f $tos ] && [ -n "$MANGLE_ENABLED" ] && process_tos $tos
|
||||
[ -f $tos ] && [ -n "$MANGLE_ENABLED" ] && process_tos $tos
|
||||
|
||||
ecn=$(find_file ecn)
|
||||
[ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn
|
||||
[ -f $ecn ] && [ -n "$MANGLE_ENABLED" ] && setup_ecn $ecn
|
||||
|
||||
[ -n "$MANGLE_ENABLED" ] && setup_tc
|
||||
[ -n "$MANGLE_ENABLED" ] && setup_tc
|
||||
|
||||
echo "Activating Rules..."; activate_rules
|
||||
progress_message2 "Activating Rules..."; activate_rules
|
||||
|
||||
if [ -n "$ALIASES_TO_ADD" ]; then
|
||||
echo "Adding IP Addresses..."
|
||||
progress_message2 "Adding IP Addresses..."
|
||||
add_ip_aliases
|
||||
fi
|
||||
|
||||
@ -8959,20 +8966,20 @@ compile_firewall() # $1 = File Name
|
||||
|
||||
save_load_kernel_modules
|
||||
|
||||
echo "Initializing..."
|
||||
progress_message2 "Initializing..."
|
||||
save_progress_message "Initializing..."
|
||||
initialize_netfilter
|
||||
|
||||
echo "Compiling Proxy ARP"; setup_proxy_arp
|
||||
progress_message2 "Compiling Proxy ARP"; setup_proxy_arp
|
||||
#
|
||||
# [re]-Establish routing
|
||||
#
|
||||
setup_providers $(find_file providers)
|
||||
[ -n "$ROUTEMARK_INTERFACES" ] && setup_routes
|
||||
[ -n "$ROUTEMARK_INTERFACES" ] && setup_routes
|
||||
|
||||
echo "Compiling NAT..."; setup_nat
|
||||
echo "Compiling NETMAP..."; setup_netmap
|
||||
echo "Compiling Common Rules"; add_common_rules
|
||||
progress_message2 "Compiling NAT..."; setup_nat
|
||||
progress_message2 "Compiling NETMAP..."; setup_netmap
|
||||
progress_message2 "Compiling Common Rules"; add_common_rules
|
||||
|
||||
save_progress_message "Restoring SYN Flood Protection..."
|
||||
|
||||
@ -8989,25 +8996,25 @@ compile_firewall() # $1 = File Name
|
||||
setup_mac_lists
|
||||
fi
|
||||
|
||||
echo "Compiling $(find_file rules)..."
|
||||
progress_message2 "Compiling $(find_file rules)..."
|
||||
save_progress_message "Restoring Rules..."
|
||||
process_rules
|
||||
|
||||
tunnels=$(find_file tunnels)
|
||||
if [ -f $tunnels ]; then
|
||||
echo "Compiling $tunnels..."
|
||||
progress_message2 "Compiling $tunnels..."
|
||||
save_progress_message "Restoring Tunnels..."
|
||||
setup_tunnels $tunnels
|
||||
fi
|
||||
|
||||
save_progress_message "Restoring Actions..."
|
||||
|
||||
echo "Compiling Actions..."; process_actions2
|
||||
process_actions3
|
||||
progress_message2 "Compiling Actions..."; process_actions2
|
||||
process_actions3
|
||||
|
||||
save_progress_message "Applying Policies..."
|
||||
|
||||
echo "Compiling $(find_file policy)..."; apply_policy_rules
|
||||
progress_message2 "Compiling $(find_file policy)..."; apply_policy_rules
|
||||
|
||||
masq=$(find_file masq)
|
||||
if [ -f $masq ]; then
|
||||
@ -9031,12 +9038,12 @@ compile_firewall() # $1 = File Name
|
||||
setup_tc
|
||||
fi
|
||||
|
||||
echo "Compiling Rule Activation..."
|
||||
progress_message2 "Compiling Rule Activation..."
|
||||
save_progress_message "Activating Rules..."
|
||||
activate_rules
|
||||
|
||||
[ -n "$ALIASES_TO_ADD" ] && \
|
||||
echo "Adding IP Addresses..." && add_ip_aliases
|
||||
progress_message2 "Adding IP Addresses..." && add_ip_aliases
|
||||
|
||||
for file in chains nat proxyarp zones; do
|
||||
append_file $file
|
||||
@ -9046,7 +9053,7 @@ compile_firewall() # $1 = File Name
|
||||
|
||||
run_user_exit start
|
||||
|
||||
[ -n "$DELAYBLACKLISTLOAD" ] && refresh_blacklist
|
||||
[ -n "$DELAYBLACKLISTLOAD" ] && refresh_blacklist
|
||||
|
||||
createchain shorewall no
|
||||
|
||||
@ -9090,7 +9097,7 @@ refresh_firewall()
|
||||
|
||||
echo "Refreshing Shorewall..."
|
||||
|
||||
echo "Determining Zones and Interfaces..."
|
||||
progress_message2 "Determining Zones and Interfaces..."
|
||||
|
||||
determine_zones
|
||||
|
||||
@ -9256,7 +9263,7 @@ do_initialize() {
|
||||
FUNCTIONS=$SHARED_DIR/functions
|
||||
|
||||
if [ -f $FUNCTIONS ]; then
|
||||
[ -n "$QUIET" ] || echo "Loading $FUNCTIONS..."
|
||||
[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..."
|
||||
. $FUNCTIONS
|
||||
else
|
||||
startup_error "$FUNCTIONS does not exist!"
|
||||
@ -9281,7 +9288,7 @@ do_initialize() {
|
||||
|
||||
if [ -f $config ]; then
|
||||
if [ -r $config ]; then
|
||||
[ -n "$QUIET" ] || echo "Processing $config..."
|
||||
progress_message "Processing $config..."
|
||||
. $config
|
||||
else
|
||||
startup_error "Cannot read $config (Hint: Are you root?)"
|
||||
|
@ -59,7 +59,12 @@ list_count() {
|
||||
#
|
||||
progress_message() # $* = Message
|
||||
{
|
||||
[ -n "$QUIET" ] || echo "$@"
|
||||
[ $QUIET -lt 1 ] && echo "$@"
|
||||
}
|
||||
|
||||
progress_message2() # $* = Message
|
||||
{
|
||||
[ $QUIET -lt 2 ] && echo "$@"
|
||||
}
|
||||
|
||||
#
|
||||
@ -949,25 +954,28 @@ report_capability() # $1 = Capability Description , $2 Capability Setting (if an
|
||||
}
|
||||
|
||||
report_capabilities() {
|
||||
echo "Shorewall has detected the following iptables/netfilter capabilities:"
|
||||
report_capability "NAT" $NAT_ENABLED
|
||||
report_capability "Packet Mangling" $MANGLE_ENABLED
|
||||
report_capability "Multi-port Match" $MULTIPORT
|
||||
[ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
|
||||
report_capability "Connection Tracking Match" $CONNTRACK_MATCH
|
||||
report_capability "Packet Type Match" $USEPKTTYPE
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
echo "Shorewall has detected the following iptables/netfilter capabilities:"
|
||||
report_capability "NAT" $NAT_ENABLED
|
||||
report_capability "Packet Mangling" $MANGLE_ENABLED
|
||||
report_capability "Multi-port Match" $MULTIPORT
|
||||
[ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
|
||||
report_capability "Connection Tracking Match" $CONNTRACK_MATCH
|
||||
report_capability "Packet Type Match" $USEPKTTYPE
|
||||
report_capability "Policy Match" $POLICY_MATCH
|
||||
report_capability "Physdev Match" $PHYSDEV_MATCH
|
||||
report_capability "IP range Match" $IPRANGE_MATCH
|
||||
report_capability "Recent Match" $RECENT_MATCH
|
||||
report_capability "Owner Match" $OWNER_MATCH
|
||||
report_capability "Ipset Match" $IPSET_MATCH
|
||||
report_capability "CONNMARK Target" $CONNMARK
|
||||
report_capability "Connmark Match" $CONNMARK_MATCH
|
||||
report_capability "Raw Table" $RAW_TABLE
|
||||
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
||||
report_capability "Extended REJECT" $ENHANCED_REJECT
|
||||
fi
|
||||
|
||||
[ -n "$PKTTYPE" ] || USEPKTTYPE=
|
||||
report_capability "Policy Match" $POLICY_MATCH
|
||||
report_capability "Physdev Match" $PHYSDEV_MATCH
|
||||
report_capability "IP range Match" $IPRANGE_MATCH
|
||||
report_capability "Recent Match" $RECENT_MATCH
|
||||
report_capability "Owner Match" $OWNER_MATCH
|
||||
report_capability "Ipset Match" $IPSET_MATCH
|
||||
report_capability "CONNMARK Target" $CONNMARK
|
||||
report_capability "Connmark Match" $CONNMARK_MATCH
|
||||
report_capability "Raw Table" $RAW_TABLE
|
||||
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
||||
report_capability "Extended REJECT" $ENHANCED_REJECT
|
||||
|
||||
}
|
||||
|
||||
|
@ -120,3 +120,13 @@ New Features:
|
||||
The time difference from B to C reflects the difference between
|
||||
"iptables-restore" and multiple executions of "iptables". The system is a
|
||||
1.4Ghz Celeron with 512MB RAM.
|
||||
|
||||
2) You may now repeat the -q option to cause Shorewall to be extra quiet.
|
||||
|
||||
Example:
|
||||
|
||||
gateway:~ # shorewall -qq reload
|
||||
Shorewall configuration compiled to /var/lib/shorewall/.reload
|
||||
Restoring Shorewall...
|
||||
Shorewall restored from /var/lib/shorewall/.reload
|
||||
gateway:~ #
|
||||
|
@ -582,6 +582,23 @@ heading() {
|
||||
echo
|
||||
}
|
||||
|
||||
#
|
||||
# Create the appropriate -q option to pass oneward
|
||||
#
|
||||
make_quiet() {
|
||||
local q=$QUIET
|
||||
|
||||
if [ $QUIET -gt 0 ]; then
|
||||
local option=-
|
||||
|
||||
while [ $q -gt 0 ]; do
|
||||
option="${option}q"
|
||||
q=$(($q - 1))
|
||||
done
|
||||
|
||||
echo $option
|
||||
fi
|
||||
}
|
||||
#
|
||||
# Execution begins here
|
||||
#
|
||||
@ -600,7 +617,7 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=
|
||||
QUIET=
|
||||
export QUIET=0
|
||||
IPT_OPTIONS="-nv"
|
||||
FAST=
|
||||
VERBOSE=
|
||||
@ -640,7 +657,7 @@ while [ $done -eq 0 ]; do
|
||||
option=${option#x}
|
||||
;;
|
||||
q*)
|
||||
QUIET=Yes
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
f*)
|
||||
@ -673,8 +690,6 @@ if [ $# -eq 0 ]; then
|
||||
fi
|
||||
|
||||
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
|
||||
[ -n "$QUIET" ] && export QUIET
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
MUTEX_TIMEOUT=
|
||||
|
||||
@ -903,8 +918,7 @@ case "$1" in
|
||||
export NOROUTES
|
||||
|
||||
if $SHOREWALL_SHELL $FIREWALL $debugging $nolock compile .reload; then
|
||||
[ -n "$QUIET" ] && QUIET=-q
|
||||
$0 $QUIET restore .reload
|
||||
$0 $(make_quiet) restore .reload
|
||||
fi
|
||||
;;
|
||||
show|list)
|
||||
@ -1162,7 +1176,7 @@ case "$1" in
|
||||
try)
|
||||
[ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\""
|
||||
[ $# -lt 2 -o $# -gt 3 ] && usage 1
|
||||
[ -n "$QUIET" ] && QUIET=-q
|
||||
[ -n "$QUIET" ] && QUIET=$(make_quiet)
|
||||
[ -n "$NOROUTES" ] && NOROUTES=-n
|
||||
if ! $0 $debugging $QUIET -c $2 restart; then
|
||||
if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
|
||||
@ -1379,7 +1393,7 @@ case "$1" in
|
||||
exit 2
|
||||
fi
|
||||
|
||||
[ -n "$QUIET" ] && QUIET=-q
|
||||
[ -n "$QUIET" ] && QUIET=$(make_quiet)
|
||||
|
||||
mutex_on
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user