diff --git a/Shorewall/Contrib/swping b/Shorewall/Contrib/swping index 7385555ab..b246dd968 100644 --- a/Shorewall/Contrib/swping +++ b/Shorewall/Contrib/swping @@ -224,7 +224,7 @@ while : ; do # One of the interfaces changed state -- restart Shorewall # echo $if1_state > $VARDIR/${IF1}.status - echo $if2_state > $VARDIR/${IF2}.status + echo $if2_state > $VARDIR/${IF2}.status eval $COMMAND state_changed= fi diff --git a/Shorewall/Contrib/swping.init b/Shorewall/Contrib/swping.init index 7136e4910..afb90bfef 100755 --- a/Shorewall/Contrib/swping.init +++ b/Shorewall/Contrib/swping.init @@ -32,7 +32,7 @@ ### BEGIN INIT INFO # Provides: swping # Required-Start: shorewall -# Should-Start: +# Should-Start: # Required-Stop: # Default-Start: 2 3 5 # Default-Stop: 0 1 6 @@ -87,7 +87,7 @@ case "$command" in echo "swping is running" exit 0 else - echo "swping is stopped" + echo "swping is stopped" exit 3 fi ;; diff --git a/Shorewall/Macros/macro.BitTorrent b/Shorewall/Macros/macro.BitTorrent index 50a356adb..bf8b68aca 100644 --- a/Shorewall/Macros/macro.BitTorrent +++ b/Shorewall/Macros/macro.BitTorrent @@ -5,7 +5,7 @@ # # This macro handles BitTorrent traffic for BitTorrent 3.1 and earlier. # -# If you are running BitTorrent 3.2 or later, you should use the +# If you are running BitTorrent 3.2 or later, you should use the # BitTorrent32 macro. ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ diff --git a/Shorewall/Macros/macro.IPPserver b/Shorewall/Macros/macro.IPPserver index 6f83c789c..d870d87c4 100644 --- a/Shorewall/Macros/macro.IPPserver +++ b/Shorewall/Macros/macro.IPPserver @@ -15,7 +15,7 @@ # Example for a two-interface firewall which acts as a print # server for loc: # IPPserver/ACCEPT loc $FW -# +# # NOTE: If you want both to serve requests for local printers and # listen to requests for remote printers (i.e. your CUPS server is # also a client), you need to apply the rule twice, e.g. diff --git a/Shorewall/Macros/macro.template b/Shorewall/Macros/macro.template index 215405306..616afa18f 100644 --- a/Shorewall/Macros/macro.template +++ b/Shorewall/Macros/macro.template @@ -304,9 +304,9 @@ # #removed from Netfilter in kernel # #version 2.6.14). # -# MARK Specifies a MARK value to match. Must be empty or +# MARK Specifies a MARK value to match. Must be empty or # '-' if the macro is to be used within an action. -# +# # [!]value[/mask][:C] # # Defines a test on the existing packet or connection @@ -341,7 +341,7 @@ # [!]limit[:mask] # # May be used to limit the number of simultaneous -# connections from each individual host to limit +# connections from each individual host to limit # connections. Requires connlimit match in your kernel # and iptables. While the limit is only checked on rules # specifying CONNLIMIT, the number of current connections diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index c2b7b7b4a..05cc57b95 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -98,7 +98,7 @@ sub process_accounting_rule( ) { my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark, $globals{TC_MASK} ); my $rule2 = 0; my $jump = 0; - + unless ( $action eq 'COUNT' ) { if ( $action eq 'DONE' ) { $target = 'RETURN'; @@ -166,7 +166,7 @@ sub process_accounting_rule( ) { fatal_error "Adding an IPSEC rule to an unreferenced accounting chain is not allowed"; } } else { - warning_message "Adding rule to unreferenced accounting chain $chain" unless reserved_chain_name( $chain ); + warning_message "Adding rule to unreferenced accounting chain $chain" unless reserved_chain_name( $chain ); $chainref->{ipsec} = $dir; } } elsif ( $ipsec ne '-' ) { diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm index 6958f5e83..9d0b73ecb 100644 --- a/Shorewall/Perl/Shorewall/Actions.pm +++ b/Shorewall/Perl/Shorewall/Actions.pm @@ -195,7 +195,7 @@ sub split_action ( $ ) { $action = $2 ? $3 : ''; $max = 2; } - + my @a = split( /:/ , $action, 4 ); fatal_error "Invalid ACTION ($action)" if ( $action =~ /::/ ) || ( @a > $max ); $target = shift @a unless $target; diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 2a95ac90d..5cc66f5f4 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -628,7 +628,7 @@ sub delete_reference( $$ ) { # # In the first function, the rule number is zero-relative. In the second function, # the rule number is one-relative. In the first function, if the rule number is < 0, then -# the rule is a jump to a blacklist chain (blacklst or blackout). The rule will be +# the rule is a jump to a blacklist chain (blacklst or blackout). The rule will be # inserted at the front of the chain and the chain's 'blacklist' member incremented. # sub insert_rule1($$$) @@ -733,7 +733,7 @@ sub move_rules( $$ ) { for ( @{$chain1->{rules}} ) { adjust_reference_counts( $tableref->{$1}, $name1, $name2 ) if / -[jg] ([^\s]+)/; } - + if ( $debug ) { my $rule = $blacklist; trace( $chain2, 'A', ++$rule, $_ ) for @{$chain1->{rules}}; @@ -754,7 +754,7 @@ sub move_rules( $$ ) { } else { shift @{$rules} while @{$rules} > 1 && $rules->[0] eq $rules->[1]; } - + delete_chain $chain1; $count; @@ -789,7 +789,7 @@ sub copy_rules( $$ ) { # Chains2 already has a blacklist jump -- delete the one at the head of chain1's rule list # my $rule = shift @rules1; - + $rule =~ / -j ([^\s])/; my $chainb = $1; @@ -814,7 +814,7 @@ sub copy_rules( $$ ) { trace( $chain2, 'A', 1 , $rules1[0]) if $debug; unshift @$rules2, shift @rules1; - + $chain1->{blacklist} = 0; $chain2->{blacklist} = 1; } @@ -823,7 +823,7 @@ sub copy_rules( $$ ) { my $rule = @$rules2; trace( $chain2, 'A', ++$rule, $_ ) for @rules1; } - + push @$rules2, @rules1; progress_message " $count rules from $chain1->{name} appended to $chain2->{name}"; @@ -1078,10 +1078,10 @@ sub find_chain($$) { my ($table, $chain) = @_; assert( $table && $chain && $chain_table{$table} ); - + $chain_table{$table}{$chain}; } - + # # Create a chain if it doesn't exist already # @@ -2787,11 +2787,11 @@ sub do_ipsec($$) { fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless have_capability( 'POLICY_MATCH' ); my @options = split_list $ipsec, 'IPSEC options'; - + if ( @options == 1 ) { if ( lc( $options[0] ) =~ /^(yes|ipsec)$/ ) { return do_ipsec_options $dir, 'ipsec', ''; - } + } if ( lc( $options[0] ) =~ /^(no|none)$/ ) { return do_ipsec_options $dir, 'none', ''; @@ -2912,7 +2912,7 @@ sub mysplit( $ ) { fatal_error "Missing ']' ($element)" unless @input; $element .= ( ',' . shift @input ); } - + fatal_error "Mismatched [...] ($element)" unless $element =~ tr/[/[/ == $element =~ tr/]/]/; } @@ -3644,14 +3644,14 @@ sub expand_rule( $$$$$$$$$$;$ ) # # Log rule # - log_rule_limit( $loglevel , - $echainref , - $chain, + log_rule_limit( $loglevel , + $echainref , + $chain, $disposition eq 'reject' ? 'REJECT' : $disposition , - '' , - $logtag , + '' , + $logtag , 'add' , - '' ) + '' ) if $loglevel; # # Generate Final Rule @@ -3764,14 +3764,14 @@ sub promote_blacklist_rules() { # Copy 'blacklst''s references since they will change in the following loop # my @references = map $filter_table->{$_}, keys %{$chainbref->{references}}; - + for my $chain1ref ( @references ) { assert( $chain1ref->{blacklist} == 1 ); my $copied = 0; my $rule = $chain1ref->{rules}[0]; my $chain1 = $chain1ref->{name}; - + for my $chain2ref ( map $filter_table->{$_}, keys %{$chain1ref->{references}} ) { unless ( $chain2ref->{builtin} ) { # @@ -3984,7 +3984,7 @@ sub load_ipsets() { ' fi' , ' fi' , ); - + if ( @ipsets ) { emit ''; diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index d7282b1ae..635ad31ec 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -445,7 +445,7 @@ EOF my $config_dir = $globals{CONFIGDIR}; emit<<"EOF"; - set_state Started $config_dir + set_state Started $config_dir run_restored_exit else if [ \$COMMAND = refresh ]; then diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 6cca30f33..252d97b94 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -1841,7 +1841,7 @@ sub read_a_line(;$) { embedded_perl( $1 ); next; } - } + } my $count = 0; # @@ -2928,12 +2928,12 @@ sub get_configuration( $ ) { if ( $units && $units ne 'sec' ) { my $expire = 60000; # 1 minute in milliseconds - + if ( $units ne 'min' ) { $expire *= 60; #At least an hour $expire *= 24 if $units eq 'day'; } - + $limit .= "--hashlimit-htable-expire $expire "; } } elsif ( $rate =~ /^((\d+)(\/(sec|min|hour|day))):(\d+)$/ ) { diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 26f734211..7c2756bd8 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -189,7 +189,7 @@ sub validate_4net( $$ ) { if ( $1 ) { fatal_error "An ipset list ($net) is not allowed in this context"; } elsif ( $net =~ /^\+[a-zA-Z][-\w]*$/ ) { - fatal_error "An ipset name ($net) is not allowed in this context"; + fatal_error "An ipset name ($net) is not allowed in this context"; } else { fatal_error "Invalid ipset name ($net)"; } @@ -306,7 +306,7 @@ sub resolve_proto( $ ) { # Allow 'icmp' as a synonym for 'ipv6-icmp' in IPv6 compilations # $proto= 'ipv6-icmp' if $proto eq 'icmp' && $family == F_IPV6; - + defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto; } } @@ -553,7 +553,7 @@ sub validate_6net( $$ ) { if ( $1 ) { fatal_error "An ipset list ($net) is not allowed in this context"; } elsif ( $net =~ /^\+[a-zA-Z][-\w]*$/ ) { - fatal_error "An ipset name ($net) is not allowed in this context"; + fatal_error "An ipset name ($net) is not allowed in this context"; } else { fatal_error "Invalid ipset name ($net)"; } diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm index c884a4cde..e0fcbe148 100644 --- a/Shorewall/Perl/Shorewall/Policy.pm +++ b/Shorewall/Perl/Shorewall/Policy.pm @@ -341,7 +341,7 @@ sub validate_policy() add_or_modify_policy_chain( $zone, $zone1 ); add_or_modify_policy_chain( $zone1, $zone ); } - } + } } } @@ -496,13 +496,13 @@ sub setup_syn_flood_chains() { my $level = $chainref->{loglevel}; my $synchainref = new_chain 'filter' , syn_flood_chain $chainref; add_rule $synchainref , "${limit}-j RETURN"; - log_rule_limit( $level , - $synchainref , - $chainref->{name} , - 'DROP', - $globals{LOGLIMIT} || '-m limit --limit 5/min --limit-burst 5 ' , - '' , - 'add' , + log_rule_limit( $level , + $synchainref , + $chainref->{name} , + 'DROP', + $globals{LOGLIMIT} || '-m limit --limit 5/min --limit-burst 5 ' , + '' , + 'add' , '' ) if $level ne ''; add_rule $synchainref, '-j DROP'; diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 7b5f83914..5fe6de0e3 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -849,7 +849,7 @@ sub handle_optional_interfaces( $ ) { if ( @$interfaces ) { my $require = $config{REQUIRE_INTERFACE}; - + verify_required_interfaces( shift ); emit( 'HAVE_INTERFACE=', '' ) if $require; @@ -860,9 +860,9 @@ sub handle_optional_interfaces( $ ) { if ( $wildcards ) { # - # We must consider all interfaces with an address in $family -- generate a list of such addresses. + # We must consider all interfaces with an address in $family -- generate a list of such addresses. # - emit( '', + emit( '', 'for interface in $(find_all_interfaces1); do', ); @@ -904,10 +904,10 @@ sub handle_optional_interfaces( $ ) { if ( $wildcards ) { emit( "$case)" ); push_indent; - + if ( $wild ) { emit( qq(if [ -z "\$SW_${base}_IS_USABLE" ]; then) ); - push_indent; + push_indent; emit ( 'if interface_is_usable $interface; then' ); } else { emit ( "if interface_is_usable $physical; then" ); diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index b782a34e5..1552ff39e 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1064,7 +1064,7 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) { $action = "NFQUEUE --queue-num $paramval"; } elsif ( $actiontype & SET ) { require_capability( 'IPSET_MATCH', 'SET and UNSET rules', '' ); - fatal_error "$action rules require a set name parameter" unless $param; + fatal_error "$action rules require a set name parameter" unless $param; } else { fatal_error "The $basictarget TARGET does not accept a parameter" unless $param eq ''; } @@ -1531,7 +1531,7 @@ sub process_section ($) { @sections{'ESTABLISHED','RELATED'} = ( 1, 1 ); finish_section ( ( $section eq 'RELATED' ) ? 'RELATED' : 'ESTABLISHED,RELATED' ); } - + $section = $sect; } @@ -1698,13 +1698,13 @@ sub generate_dest_rules( $$$$ ) { if ( $type2 == VSERVER ) { for my $hostref ( @{$z2ref->{hosts}{ip}{'%vserver%'}} ) { - my $exclusion = dest_exclusion( $hostref->{exclusions}, $chain); + my $exclusion = dest_exclusion( $hostref->{exclusions}, $chain); for my $net ( @{$hostref->{hosts}} ) { - add_jump( $chainref, + add_jump( $chainref, $exclusion , 0, - join('', $match, match_dest_net( $net ) ) ) + join('', $match, match_dest_net( $net ) ) ) } } } else { @@ -1718,7 +1718,7 @@ sub generate_dest_rules( $$$$ ) { sub generate_source_rules( $$$$ ) { my ( $outchainref, $z1, $z2, $match ) = @_; my $chain = rules_target ( $z1, $z2 ); - + if ( $chain ) { # # Not a CONTINUE policy with no rules @@ -1726,16 +1726,16 @@ sub generate_source_rules( $$$$ ) { for my $hostref ( @{defined_zone( $z1 )->{hosts}{ip}{'%vserver%'}} ) { my $ipsec_match = match_ipsec_in $z1 , $hostref; my $exclusion = source_exclusion( $hostref->{exclusions}, $chain); - + for my $net ( @{$hostref->{hosts}} ) { generate_dest_rules( $outchainref, $exclusion, - $z2, + $z2, join('', match_source_net( $net ), $match , $ipsec_match ) ); - } + } } - } + } } # @@ -1780,11 +1780,11 @@ sub handle_loopback_traffic() { for my $typeref ( values %{$source_hosts_ref} ) { for my $hostref ( @{$typeref->{'%vserver%'}} ) { my $exclusion = source_exclusion( $hostref->{exclusions}, $natref); - + for my $net ( @{$hostref->{hosts}} ) { add_jump( $natout, $exclusion, 0, match_source_net( $net ), 0, $rulenum++ ); } - } + } } } } @@ -1873,7 +1873,7 @@ sub generate_matrix() { if ( $zoneref->{options}{in}{blacklist} ) { my $blackref = $filter_table->{blacklst}; add_jump ensure_filter_chain( rules_chain( $zone, $_ ), 1 ) , $blackref , 0, $state, 0, -1 for firewall_zone, @vservers; - + if ( $simple ) { # # We won't create a zone forwarding chain for this zone so we must add blacklisting jumps to the rules chains @@ -1881,7 +1881,7 @@ sub generate_matrix() { for my $zone1 ( @zones ) { my $ruleschain = rules_chain( $zone, $zone1 ); my $ruleschainref = $filter_table->{$ruleschain}; - + if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) { add_jump( ensure_filter_chain( $ruleschain, 1 ), $blackref, 0, $state, 0, -1 ); } @@ -1899,12 +1899,12 @@ sub generate_matrix() { if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) { add_jump( ensure_filter_chain( $ruleschain, 1 ), $blackref, 0, $state, 0, -1 ); - } + } } } next if $simple; - + # # Complex zone or we have more than one non-firewall zone -- create a zone forwarding chain # @@ -2028,7 +2028,7 @@ sub generate_matrix() { my $ipsec_in_match = match_ipsec_in $zone , $hostref; my $ipsec_out_match = match_ipsec_out $zone , $hostref; my $exclusions = $hostref->{exclusions}; - + for my $net ( @{$hostref->{hosts}} ) { my $dest = match_dest_net $net; diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 0357cde39..b5da2c82b 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -297,7 +297,7 @@ sub process_tc_rule( ) { } $restriction = DESTIFACE_DISALLOW; - + ensure_mangle_chain($target); $sticky++; @@ -1462,7 +1462,7 @@ sub process_secmark_rule() { O => 'tcout' , ); my %state = ( N => 'NEW' , - E => 'ESTABLISHED' , + E => 'ESTABLISHED' , ER => 'ESTABLISHED,RELATED' ); my ( $chain , $state, $rest) = split ':', $chainin , 3; @@ -1470,7 +1470,7 @@ sub process_secmark_rule() { fatal_error "Invalid CHAIN:STATE ($chainin)" if $rest || ! $chain; my $chain1= $chns{$chain}; - + fatal_error "Invalid or missing CHAIN ( $chain )" unless $chain1; fatal_error "USER/GROUP may only be used in the OUTPUT chain" if $user ne '-' && $chain1 ne 'tcout'; @@ -1488,22 +1488,22 @@ sub process_secmark_rule() { $disposition =~ s/ .*//; - expand_rule( ensure_mangle_chain( $chain1 ) , + expand_rule( ensure_mangle_chain( $chain1 ) , $restrictions{$chain1} , $state . do_proto( $proto, $dport, $sport ) . do_user( $user ) . do_test( $mark, $globals{TC_MASK} ) , - $source , - $dest , - '' , - $target , - '' , + $source , + $dest , + '' , + $target , + '' , $disposition, '' ); progress_message "Secmarks rule \"$currentline\" $done"; - + } # @@ -1622,7 +1622,7 @@ sub setup_tc() { first_entry "$doing $fn..."; process_secmark_rule while read_a_line; - + clear_comment; } diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index b8712dfeb..3c8030e48 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -160,7 +160,7 @@ our %reservedName = ( all => 1, # } # # The purpose of the 'base' member is to ensure that the base names associated with the physical interfaces are assigned in -# the same order as the interfaces are encountered in the configuration files. +# the same order as the interfaces are encountered in the configuration files. # our @interfaces; our %interfaces; @@ -804,7 +804,7 @@ sub chain_base($) { # return $name if $name; # - # Remember initial value + # Remember initial value # my $key = $chain; # @@ -882,7 +882,7 @@ sub process_interface( $$ ) { } else { $zoneref->{bridge} = $interface; } - + fatal_error "Vserver zones may not be associated with bridge ports" if $zoneref->{type} == VSERVER; } @@ -950,7 +950,7 @@ sub process_interface( $$ ) { if ( $zone ) { fatal_error qq(The "$option" option may not be specified for a Vserver zone") if $zoneref->{type} == VSERVER && ! ( $type & IF_OPTION_VSERVER ); - } else { + } else { fatal_error "The \"$option\" option may not be specified on a multi-zone interface" if $type & IF_OPTION_ZONEONLY; } @@ -1178,7 +1178,7 @@ sub map_physical( $$ ) { # # Returns true if passed interface matches an entry in /etc/shorewall/interfaces # -# If the passed name matches a wildcard and 'cache' is true, an entry for the name is added in +# If the passed name matches a wildcard and 'cache' is true, an entry for the name is added in # %interfaces. # sub known_interface($;$) @@ -1195,7 +1195,7 @@ sub known_interface($;$) my $root = $interfaceref->{root}; if ( $i ne $root && substr( $interface, 0, length $root ) eq $root ) { my $physical = map_physical( $interface, $interfaceref ); - + my $copyref = { options => $interfaceref->{options}, bridge => $interfaceref->{bridge} , name => $i , @@ -1392,7 +1392,7 @@ sub verify_required_interfaces( $ ) { my $wait = $interfaces{$interface}{options}{wait}; emit q() unless $first-- > 0; - + if ( $wait ) { my $physical = get_physical $interface; @@ -1431,7 +1431,7 @@ sub verify_required_interfaces( $ ) { } emit( ";;\n" ); - + pop_indent; pop_indent; @@ -1697,7 +1697,7 @@ sub process_host( ) { } elsif ( $zoneref->{bridge} ne $interfaces{$interface}{bridge} ) { fatal_error "Interface $interface is not a port on bridge $zoneref->{bridge}"; } - } + } my $optionsref = { dynamic => 0 }; @@ -1723,7 +1723,7 @@ sub process_host( ) { } } - fatal_error q(A host entry for a Vserver zone may not specify the 'ipsec' option) if $ipsec && $zoneref->{type} == VSERVER; + fatal_error q(A host entry for a Vserver zone may not specify the 'ipsec' option) if $ipsec && $zoneref->{type} == VSERVER; $optionsref = \%options; } diff --git a/Shorewall/Perl/prog.footer6 b/Shorewall/Perl/prog.footer6 index bbfd8f1d0..a1a0a7b2c 100644 --- a/Shorewall/Perl/prog.footer6 +++ b/Shorewall/Perl/prog.footer6 @@ -22,11 +22,11 @@ checkkernelversion() { local kernel kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g')) - + if [ $kernel -lt 20624 ]; then error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later" return 1 - else + else return 0 fi } @@ -296,7 +296,7 @@ case "$COMMAND" in echo "$g_product is stopped" status=4 fi - + if [ -f ${VARDIR}/state ]; then state="$(cat ${VARDIR}/state)" case $state in diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 3d85d6b32..f7908fdda 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -509,7 +509,7 @@ undo_routing() { # restore_default_route() { local result - + if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then local default_route default_route= diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index 979a6ad65..774023dc6 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -497,7 +497,7 @@ undo_routing() { # restore_default_route() { local result - + if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then local default_route default_route= diff --git a/Shorewall/configfiles/findgw b/Shorewall/configfiles/findgw index 781556876..e38bcd6e7 100644 --- a/Shorewall/configfiles/findgw +++ b/Shorewall/configfiles/findgw @@ -3,11 +3,11 @@ # # /etc/shorewall/findgw # -# The code in this file is executed when Shorewall is trying to detect the +# The code in this file is executed when Shorewall is trying to detect the # gateway through an interface in /etc/shorewall/providers that has GATEWAY # specified as 'detect'. # -# The function should echo the IP address of the gateway if it knows what +# The function should echo the IP address of the gateway if it knows what # it is; the name of the interface is in $1. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional diff --git a/Shorewall/configfiles/restored b/Shorewall/configfiles/restored index 4f258a413..2cd6891fc 100644 --- a/Shorewall/configfiles/restored +++ b/Shorewall/configfiles/restored @@ -4,7 +4,7 @@ # /etc/shorewall/restored # # Add commands below that you want to be executed after shorewall has -# completed a 'restore' command. +# completed a 'restore' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff --git a/Shorewall/configfiles/secmarks b/Shorewall/configfiles/secmarks index 262ed3735..dc23f6c3b 100644 --- a/Shorewall/configfiles/secmarks +++ b/Shorewall/configfiles/secmarks @@ -10,4 +10,4 @@ - + diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index 16003b0cf..7ab084066 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -562,7 +562,7 @@ show_command() { if [ -z "$LOGFILE" ]; then LOGFILE=/var/log/messages - + if [ -n "$(syslog_circular_buffer)" ]; then g_logread="logread | tac" elif [ -r $LOGFILE ]; then diff --git a/Shorewall/lib.common b/Shorewall/lib.common index 0fa629282..df3ab723b 100644 --- a/Shorewall/lib.common +++ b/Shorewall/lib.common @@ -514,7 +514,7 @@ find_file() # # Set the Shorewall state # -set_state () # $1 = state $2 +set_state () # $1 = state $2 { if [ $# -gt 1 ]; then echo "$1 ($(date)) from $2" > ${VARDIR}/state diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 0d2784bf5..388922101 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -31,7 +31,7 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES ... Shorewall configuration compiled to /var/lib/shorewall6/.start ERROR: Shorewall6 requires Linux kernel 2.6.24 or later - /usr/share/shorewall6/lib.common: line 73: + /usr/share/shorewall6/lib.common: line 73: [: -lt: unary operator expected ERROR: Shorewall6 requires Linux kernel 2.6.24 or later [root@localhost shorewall6]# @@ -345,18 +345,18 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S defined as optional in the interfaces file. o If there were no references matching the wildcard, then the - 'optional' option was effectively ignored. + 'optional' option was effectively ignored. The new implementation: - Insures valid shell variable names. - + - Insures that shell variable names are unique. - Handles interface names appearing in the INTERFACE column of the providers file as a special case for 'optional'. If the name matches a wildcard entry in the interfaces file then the - usability of the specific interface is tracked individually. + usability of the specific interface is tracked individually. - Handles the availabilty of other interfaces matching a wildcard as a group; if there is one useable interface in the group then @@ -392,7 +392,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S state match rather than conntrack match for UNTRACKED state matching. -12) If the routestopped files contains NOTRACK rules, 'shorewall* clear' +12) If the routestopped files contains NOTRACK rules, 'shorewall* clear' did not clear the raw table. 13) An error message was incorrectly generated if a port range of the @@ -429,7 +429,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S The 'all' and 'any' keywords now support exclusion in the form of a comma-separated list of excluded zones. - Examples: + Examples: all!fw (same as all-). any+!dmz,loc (All zones except 'dmz' and 'loc' and @@ -554,7 +554,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S fatal compilation error in REDIRECT rules. 4) A number of problems associated with Shorewall-init and Upstart - have been corrected. + have been corrected. If you use Shorewall-init, then when upgrading to this version, be sure to recompile all firewall scripts before you take interfaces @@ -564,7 +564,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S /usr/share/shorewall/configfiles/Makefile and rather issued the following message: - install-file: command not found + install-file: command not found This caused the Makefile to be omitted from RPMs as well. @@ -592,7 +592,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S 2) Per-ip log rate limiting has been added in the form of the LOGLIMIT option in shorewall.conf. When LOGLIMIT is specified, LOGRATE and - LOGBURST are ignored. + LOGBURST are ignored. LOGRATE and LOGBURST are now deprecated. @@ -675,7 +675,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S Shorewall is running State:Started (Thu Aug 12 19:41:48 PDT 2010) from /etc/shorewall/ - gateway:/etc/shorewall# + gateway:/etc/shorewall# ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 1 1 @@ -708,7 +708,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S shorewall.conf and shorewall6.conf. It has been added. 6) Under some versions of Perl, a Perl run-time diagnostic was produced - when options were omitted from shorewall.conf or shorewall6.conf. + when options were omitted from shorewall.conf or shorewall6.conf. 7) If the following options were specified in /etc/shorewall/interfaces for an interface with '-' in the ZONE column, then these options @@ -729,7 +729,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S 9) Previously, if nets= was specified under Shorewall6, this error would result: - ERROR: Invalid IPv6 address (224.0.0.0) : + ERROR: Invalid IPv6 address (224.0.0.0) : /etc/shorewall6/interfaces (line 16) ---------------------------------------------------------------------------- @@ -744,7 +744,7 @@ V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S See http://www.shorewall.net/Vserver.html for details. 2) A new FORWARD_CLEAR_MARK option has been added to shorewall.conf - and shorewall6.conf. + and shorewall6.conf. Traditionally, Shorewall has cleared the packet mark in the first rule in the mangle FORWARD chain. This behavior is maintained with