extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-25 15:09:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge shorewall.conf handling changes into development path

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-07-26 22:15:28 +00:00
parent 220f3c41b0
commit f5fef4526a
7 changed files with 86 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall-lite/changelog.txt
View File

@ -7,3 +7,6 @@ Changes in 3.3.0
3) Fixed modules/xmodules snafu. 3) Fixed modules/xmodules snafu.
4) Fix comments in shorewall-lite. 4) Fix comments in shorewall-lite.
5) Merge shorewall.conf handling changes.

2
Shorewall-lite/shorewall-lite
View File

@ -1203,6 +1203,8 @@ else
exit 2 exit 2
fi fi
[ -n "${LITEDIR}" -a -f ${LITEDIR}/firewall.conf ] && . ${LITEDIR}/firewall.conf
ensure_config_path ensure_config_path
export CONFIG_PATH export CONFIG_PATH

40
Shorewall-lite/shorewall.conf
View File

@ -9,6 +9,12 @@
# (c) 2006 - Tom Eastep (teastep@shorewall.net) # (c) 2006 - Tom Eastep (teastep@shorewall.net)
# #
############################################################################### ###############################################################################
# N 0 T E
###############################################################################
# Entries in this file override entries in the shorewall.conf file in the
# configuration directory when the firewall script was compiled. Any variable
# not set here assumes the value defined at firewall compilation time.
###############################################################################
# V E R B O S I T Y # V E R B O S I T Y
############################################################################### ###############################################################################
# #
@ -21,9 +27,7 @@
# 1 -- Major progress messages displayed # 1 -- Major progress messages displayed
# 2 -- All progress messages displayed (old default behavior) # 2 -- All progress messages displayed (old default behavior)
# #
# If not specified, then 2 is assumed VERBOSITY=
VERBOSITY=1
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
@ -32,8 +36,7 @@ VERBOSITY=1
# LOG FILE LOCATION # LOG FILE LOCATION
# #
# This variable tells the /sbin/shorewall-lite program where to look for Shorewall # This variable tells the /sbin/shorewall-lite program where to look for Shorewall
# Lite log messages. If not set or set to an empty string (e.g., LOGFILE="") then # Lite log messages.
# /var/log/messages is assumed.
# #
# WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where # WARNING: The LOGFILE variable simply tells the 'shorewall-lite' program where
# to look for Shorewall messages.It does NOT control the destination for # to look for Shorewall messages.It does NOT control the destination for
@ -42,7 +45,7 @@ VERBOSITY=1
# http://www.shorewall.net/shorewall_logging.html # http://www.shorewall.net/shorewall_logging.html
# #
LOGFILE=/var/log/messages LOGFILE=
# #
# LOG FORMAT # LOG FORMAT
@ -64,9 +67,6 @@ LOGFILE=/var/log/messages
# #
# LOGFORMAT="fp=%s:%d a=%s " # LOGFORMAT="fp=%s:%d a=%s "
# #
# If not specified or specified as empty (LOGFORMAT="") then the value
# "Shorewall:%s:%s:" is assumed.
#
# CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string # CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string
# (up to but not including the first '%') to find log messages in the 'show log', # (up to but not including the first '%') to find log messages in the 'show log',
# 'status' and 'hits' commands. This part should not be omitted (the # 'status' and 'hits' commands. This part should not be omitted (the
@ -75,7 +75,7 @@ LOGFILE=/var/log/messages
# messages. # messages.
# #
LOGFORMAT="Shorewall:%s:%s:" LOGFORMAT=
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
@ -83,9 +83,7 @@ LOGFORMAT="Shorewall:%s:%s:"
# #
# IPTABLES # IPTABLES
# #
# Full path to iptables executable Shorewall uses to build the firewall. If # Full path to iptables executable Shorewall uses to build the firewall.
# not specified or if specified with an empty value (e.g., IPTABLES="") then
# the iptables executable located via the PATH setting below is used.
# #
IPTABLES= IPTABLES=
@ -95,7 +93,7 @@ IPTABLES=
# searches directories for executable files. # searches directories for executable files.
# #
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=
# #
# SHELL # SHELL
@ -104,7 +102,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
# the shell used to interpret that script, specify the shell here. # the shell used to interpret that script, specify the shell here.
# #
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=
# SUBSYSTEM LOCK FILE # SUBSYSTEM LOCK FILE
# #
@ -113,7 +111,7 @@ SHOREWALL_SHELL=/bin/sh
# don't use lock files, set this to "". # don't use lock files, set this to "".
# #
SUBSYSLOCK=/var/lock/subsys/shorewall-lite SUBSYSLOCK=
# RESTORE SCRIPT # RESTORE SCRIPT
# #
@ -126,11 +124,13 @@ SUBSYSLOCK=/var/lock/subsys/shorewall-lite
# Failure of shorewall-lite start or shorewall-lite restart # Failure of shorewall-lite start or shorewall-lite restart
# #
# The value of the option must be the name of an executable file in the # The value of the option must be the name of an executable file in the
# directory /var/lib/shorewall-lite. If this option is not set or if it # directory /var/lib/shorewall-lite.
# is set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is
# assumed.
# #
RESTOREFILE=restore RESTOREFILE=
#
# Include the settings derived from the configuration on the administrative system
#
#LAST LINE -- DO NOT REMOVE #LAST LINE -- DO NOT REMOVE

3
Shorewall/changelog.txt
View File

@ -12,6 +12,9 @@ Changes in 3.3.0
6) Correct handling of CONFIG_PATH when EXPORT=Yes. 6) Correct handling of CONFIG_PATH when EXPORT=Yes.
7) Merge shorewall.conf handling changes.

24
Shorewall/compiler
View File

@ -7769,8 +7769,6 @@ stop_firewall() {
*) *)
set +x set +x
[ -n "\${RESTOREFILE:=restore}" ]
RESTOREPATH=\${VARDIR}/\$RESTOREFILE RESTOREPATH=\${VARDIR}/\$RESTOREFILE
if [ -x \$RESTOREPATH ]; then if [ -x \$RESTOREPATH ]; then
@ -8249,6 +8247,7 @@ __EOF__
cat >&3 << __EOF__ cat >&3 << __EOF__
[ -n "\${COMMAND:=restart}" ] [ -n "\${COMMAND:=restart}" ]
[ -n "\${VERBOSE:=0}" ] [ -n "\${VERBOSE:=0}" ]
[ -n "\${RESTOREFILE:=$RESTOREFILE}" ]
MODULESDIR="$MODULESDIR" MODULESDIR="$MODULESDIR"
MODULE_SUFFIX="$MODULE_SUFFIX" MODULE_SUFFIX="$MODULE_SUFFIX"
LOGLIMIT="$LOGLIMIT" LOGLIMIT="$LOGLIMIT"
@ -8267,7 +8266,6 @@ __EOF__
fi fi
cat >&3 << __EOF__ cat >&3 << __EOF__
RESTOREFILE="$RESTOREFILE"
VERSION="$VERSION" VERSION="$VERSION"
SUBSYSLOCK="$SUBSYSLOCK" SUBSYSLOCK="$SUBSYSLOCK"
PATH="$PATH" PATH="$PATH"
@ -8482,6 +8480,25 @@ __EOF__
INDENT= INDENT=
cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
chmod 700 $outfile chmod 700 $outfile
if [ -n "$EXPORT" ]; then
exec 3>${outfile}.conf
cat >&3 << __EOF__
#
# Shorewall auxillary configuration file created by Shorewall version $VERSION - $(date)
#
[ -n "\${VERBOSITY:=$VERBOSITY}" ]
[ -n "\${LOGFILE:=$LOGFILE}" ]
[ -n "\${LOGFORMAT:=$LOGFORMAT}" ]
[ -n "\${IPTABLES:=$IPTABLES}" ]
[ -n "\${PATH:=$PATH}" ]
[ -n "\${SHOREWALL_SHELL:=$SHOREWALL_SHELL}" ]
[ -n "\${LOGFILE:=$LOGFILE}" ]
[ -n "\${SUBSYSLOCK:=$SUBSYSLOCK}" ]
[ -n "\${RESTOREFILE:=$RESTOREFILE}" ]
__EOF__
exec 3>&-
fi
progress_message3 "Shorewall configuration compiled to $(resolve_file $outfile)" progress_message3 "Shorewall configuration compiled to $(resolve_file $outfile)"
rm -f $OUTPUT rm -f $OUTPUT
fi fi
@ -8861,6 +8878,7 @@ do_initialize() {
fi fi
[ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD" [ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD"
[ -n "${RESTOREFILE:=restore}" ]
# #
# Strip the files that we use often # Strip the files that we use often

4
Shorewall/shorewall
View File

@ -1299,9 +1299,9 @@ restore_command() {
# #
# [Re]load command executor # [Re]load command executor
# #
reload_command() reload_command()) # $1 = directory, $2 = system
{ {
local verbose=$(make_verbose) local verbose=$(make_verbose) file=$(resolve_file $1/firewall)
[ -n "$LITEDIR" ] || { echo " ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; } [ -n "$LITEDIR" ] || { echo " ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; }

73
docs/CompiledPrograms.xml
View File

@ -204,10 +204,9 @@
</listitem> </listitem>
<listitem> <listitem>
<para>On the administrative system you create a separete <para>On the administrative system you create a separate 'export
'configuration directory' for each firewall system. You copy the directory' for each firewall system. You copy the contents of
contents of /usr/share/shorewall/configfiles into each configuration /usr/share/shorewall/configfiles into each export directory.</para>
directory.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -273,9 +272,9 @@
<listitem> <listitem>
<para>The value of CONFIG_PATH in the <para>The value of CONFIG_PATH in the
<filename>shorewall.conf</filename> file in the configuration <filename>shorewall.conf</filename> file in the export directory
directory is used to search for configuration files during is used to search for configuration files during compilation of
compilation of that configuration.</para> that configuration.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -295,23 +294,23 @@
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>modify the files in the corresponding configuration <para>modify the files in the corresponding export directory
directory appropriately. It's a good idea to include the IP appropriately. It's a good idea to include the IP address of the
address of the administrative system in the administrative system in the <filename>routestopped</filename>
<filename>routestopped</filename> file.</para> file.</para>
<para>It is important to understand that with Shorewall Lite, the <para>It is important to understand that with Shorewall Lite, the
firewall's configuration directory on the administrative system firewall's export directory on the administrative system acts as
acts as <filename class="directory">/etc/shorewall</filename> for <filename class="directory">/etc/shorewall</filename> for that
that firewall. So when the Shorewall documentation gives firewall. So when the Shorewall documentation gives instructions
instructions for placing entries in files in the firewall's for placing entries in files in the firewall's <filename
<filename class="directory">/etc/shorewall</filename>, when using class="directory">/etc/shorewall</filename>, when using Shorewall
Shorewall Lite you make those changes in the firewall's Lite you make those changes in the firewall's export directory on
configuration directory on the administrative system.</para> the administrative system.</para>
</listitem> </listitem>
<listitem> <listitem>
<programlisting><command>cd &lt;configuration directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall load firewall</command></programlisting> <command>/sbin/shorewall load firewall</command></programlisting>
<para>The <ulink <para>The <ulink
@ -330,10 +329,9 @@
<listitem> <listitem>
<para>If you later need to change the firewall's configuration, change <para>If you later need to change the firewall's configuration, change
the appropriate files in the firewall's configuration directory the appropriate files in the firewall's export directory then:</para>
then:</para>
<programlisting><command>cd &lt;configuration directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall reload firewall</command></programlisting> <command>/sbin/shorewall reload firewall</command></programlisting>
<para>The <ulink <para>The <ulink
@ -391,15 +389,14 @@
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
<para>On the administrative system, create a configuration directory <para>On the administrative system, create an export directory for
for the firewall system.</para> the firewall system.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Copy the contents of <filename <para>Copy the contents of <filename
class="directory">/etc/shorewall/</filename> from the firewall class="directory">/etc/shorewall/</filename> from the firewall
system to the configuration directory on the administrative system to the export directory on the administrative system.</para>
system.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -439,10 +436,10 @@
administrative system in the firewall system's administrative system in the firewall system's
<filename>routestopped</filename> file.</para> <filename>routestopped</filename> file.</para>
<para>Also, edit the shorewall.conf file in the firewall's <para>Also, edit the shorewall.conf file in the firewall's export
configuration directory and change the CONFIG_PATH setting to remove directory and change the CONFIG_PATH setting to remove <filename
<filename class="directory">/etc/shorewall</filename>. You can class="directory">/etc/shorewall</filename>. You can replace it with
replace it with <filename <filename
class="directory">/usr/share/shorewall/configfiles</filename> if you class="directory">/usr/share/shorewall/configfiles</filename> if you
like.</para> like.</para>
@ -459,13 +456,13 @@
</blockquote> </blockquote>
<para>Changing CONFIG_PATH will ensure that subsequent compilations <para>Changing CONFIG_PATH will ensure that subsequent compilations
using the configuration directory will not include any files from using the export directory will not include any files from <filename
<filename class="directory">/etc/shorewall</filename>.</para> class="directory">/etc/shorewall</filename>.</para>
<para>After having made the above changes to the firewall's <para>After having made the above changes to the firewall's export
configuration directory, execute the following commands:</para> directory, execute the following commands:</para>
<programlisting><command>cd &lt;configuration directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall load &lt;firewall system&gt;</command> <command>/sbin/shorewall load &lt;firewall system&gt;</command>
</programlisting> </programlisting>
@ -483,10 +480,10 @@
<listitem> <listitem>
<para>If you later need to change the firewall's configuration, <para>If you later need to change the firewall's configuration,
change the appropriate files in the firewall's configuration change the appropriate files in the firewall's export directory
directory then:</para> then:</para>
<programlisting><command>cd &lt;configuration directory&gt;</command> <programlisting><command>cd &lt;export directory&gt;</command>
<command>/sbin/shorewall reload firewall</command></programlisting> <command>/sbin/shorewall reload firewall</command></programlisting>
<para>The <ulink <para>The <ulink