extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-10 23:58:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make progress messages product-specific; provide script for easy firewall update

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4098 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-14 16:32:13 +00:00
parent 8ae9a2c419
commit fb4ef97840
10 changed files with 100 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-lite/changelog.txt
View File

@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4
2) Correct many inaccuracies in shorewall.conf
3) Make progress messages product-specific.
Changes in 3.2.0 RC 3
1) Fix configpath.

6
Shorewall-lite/releasenotes.txt
View File

@ -17,7 +17,11 @@ Problems Corrected in 3.2.0 RC 4
Other changes in 3.2.0 RC 4
None.
1) The progress messages produced by Shorewall Lite now correctly
identify the product as 'Shorewall Lite' rather than
'Shorewall'. In order for this to work, you must have Shorewall RC4
installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s).
New Features:

9
Shorewall-lite/shorewall-lite
View File

@ -553,10 +553,10 @@ start_command() {
$SHOREWALL_SHELL ${RESTOREPATH}-ipsets
fi
echo Restoring Shorewall...
echo Restoring Shorewall Lite...
$SHOREWALL_SHELL $RESTOREPATH restore
date > ${VARDIR}/restarted
progress_message3 Shorewall restored from $RESTOREPATH
progress_message3 Shorewall Lite restored from $RESTOREPATH
else
do_it
fi
@ -933,8 +933,8 @@ restore_command() {
$SHOREWALL_SHELL ${RESTOREPATH}-ipsets
fi
progress_message3 "Restoring Shorewall..."
$SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall restored from ${VARDIR}/$RESTOREFILE"
progress_message3 "Restoring Shorewall Lite..."
$SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall Lite restored from ${VARDIR}/$RESTOREFILE"
[ -n "$nolock" ] || mutex_off
else
echo "File ${VARDIR}/$RESTOREFILE: file not found"
@ -1169,6 +1169,7 @@ MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall-lite
VARDIR=/var/lib/shorewall-lite
CONFDIR=/etc/shorewall-lite
export PRODUCT="Shorewall Lite"
FIREWALL=$SHAREDIR/firewall
FUNCTIONS=$SHAREDIR/functions

2
Shorewall/changelog.txt
View File

@ -2,6 +2,8 @@ Changes in 3.2.0 RC 4
1) Fix permissions on Limit file.
2) Make progress messages product-specific.
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 3

4
Shorewall/compiler
View File

@ -7820,10 +7820,10 @@ stop_firewall() {
\${RESTOREPATH}-ipsets
fi
echo Restoring Shorewall...
echo Restoring \${PRODUCT:=Shorewall}...
if \$RESTOREPATH restore; then
echo "Shorewall restored from \$RESTOREPATH"
echo "\$PRODUCT restored from \$RESTOREPATH"
set_state "Started"
else
set_state "Unknown"

22
Shorewall/prog.footer
View File

@ -58,30 +58,32 @@ else
COMMAND="$1"
fi
[ -n "${PRODUCT:=Shorewall}" ]
case "$COMMAND" in
start)
if shorewall_is_started; then
error_message "Shorewall is already Running"
error_message "$PRODUCT is already Running"
status=1
else
progress_message3 "Starting Shorewall...."
progress_message3 "Starting $PRODUCT...."
define_firewall
status=$?
progress_message3 "done."
fi
;;
stop)
progress_message3 "Stopping Shorewall...."
progress_message3 "Stopping $PRODUCT...."
stop_firewall
status=0
progress_message3 "done."
;;
restart)
if shorewall_is_started; then
progress_message3 "Restarting Shorewall...."
progress_message3 "Restarting $PRODUCT...."
else
echo "Shorewall is not running" >&2
progress_message3 "Starting Shorewall...."
echo "$PRODUCT is not running" >&2
progress_message3 "Starting $PRODUCT...."
fi
define_firewall
@ -93,19 +95,19 @@ case "$COMMAND" in
status=$?
;;
clear)
progress_message3 "Clearing Shorewall...."
progress_message3 "Clearing $PRODUCT...."
clear_firewall
status=0
progress_message3 "done."
;;
status)
echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
echo "$PRODUCT-$VERSION Status at $HOSTNAME - $(date)"
echo
if shorewall_is_started; then
echo "Shorewall is running"
echo "$PRODUCT is running"
status=0
else
echo "Shorewall is stopped"
echo "$PRODUCT is stopped"
status=4
fi

10
Shorewall/releasenotes.txt
View File

@ -33,12 +33,16 @@ Note to users upgrading from Shorewall 2.x or 3.0
Problems Corrected in 3.2.0 RC 4
1) When install.sh was used to install/update Shorewall, the
/usr/share/shorewall/Limit file had incorrect permissions.
1) When install.sh was used to install/update Shorewall, the
/usr/share/shorewall/Limit file had incorrect permissions.
Other changes in 3.2.0 RC 4
None.
1) The progress messages produced by Shorewall Lite now correctly
identify the product as 'Shorewall Lite' rather than
'Shorewall'. In order for this to work, you must have Shorewall RC4
installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s).
Migration Considerations:

3
Shorewall/shorewall
View File

@ -490,7 +490,7 @@ save_config() {
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: ${VARDIR}/.restored oes not exist"
echo " ERROR: ${VARDIR}/.restore does not exist"
fi
else
echo "Error Saving the Dynamic Rules"
@ -1515,6 +1515,7 @@ MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall
VARDIR=/var/lib/shorewall
CONFDIR=/etc/shorewall
export PRODUCT="Shorewall"
FIREWALL=$SHAREDIR/firewall
FUNCTIONS=$SHAREDIR/functions

58
docs/CompiledPrograms.xml
View File

@ -252,9 +252,10 @@
</orderedlist>
<para>Shorewall Lite includes a very limited version of
<filename>/etc/shorewall-lite/shorewall.conf</filename>. It includes the
following options which have the same meaning as in a full Shorewall
installation except as noted below:</para>
<filename>shorewall.conf
</filename>(<filename>/etc/shorewall-lite/shorewall.conf</filename>). It
includes the following options which have the same meaning as in a full
Shorewall installation except as noted below:</para>
<blockquote>
<simplelist>
@ -263,19 +264,19 @@
<member>LOGFILE</member>
<member>LOGFORMAT — used by <filename>/sbin/shorewall</filename> for
finding 'Shorewall' log messages only. The format of the messages
themselves is defined by the LOGFORMAT in the shorewall.conf used when
the firewall script was compiled on the administrative system. If
LOGFORMAT was not specified at compile time then the firewall script
will use the value from
finding 'Shorewall' log messages. If LOGFORMAT was specified in the
shorewall.conf file used at compile time on the administrative system,
then the format of the messages themselves is defined by that value.
If LOGFORMAT was not specified at compile time then the firewall
script will use the value from
<filename>/etc/shorewall-lite/shorewall.conf</filename> on the
firewall system.</member>
<member>IPTABLES — determines the iptables binary to be used by
<filename>/sbin/shorewall</filename>. The compiled firewall script
will use the IPTABLES specified in <filename>shorewall.conf</filename>
at compile time on the administrative system; if IPTABLES was not
specified at compile time then the IPTABLES value from
at compile time on the administrative system, if any; if IPTABLES was
not specified at compile time then the IPTABLES value from
<filename>/etc/shorewall-lite/shorewall.conf</filename> on the
firewall system will be used by the firewall script.</member>
@ -394,6 +395,43 @@
</listitem>
</orderedlist>
</section>
<section>
<title>A simple shell program for remote firewall replacement</title>
<para>I use the following <ulink
url="ftp://ftp1.shorewall.net/pub/shorewall/contrib/compile">simple
shell program</ulink> for compiling firewall scripts and installing them
on firewall systems:</para>
<blockquote>
<programlisting>#/bin/bash
[ $# -eq 1 ] || { echo "Usage: $(basename $0) &lt;system&gt;" &gt;&amp;2; exit 2; }
/sbin/shorewall compile -e . firewall &amp;&amp; scp firewall root@${1}:/usr/share/shorewall-lite/ &amp;&amp; ssh root@${1} 'shorewall-lite restart'</programlisting>
</blockquote>
<para>I install this program in
<filename>/usr/local/bin/compile</filename> and I have my configuration
directories in ~/Config. So, for example, to recompile the firewall
script for the 'gateway' system and install the script on gateway, I do
the following:</para>
<blockquote>
<programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
teastep@wookie:~/Configs/gateway$ <command>compile gateway</command>
Compiling...
Shorewall configuration compiled to firewall
firewall 100% 29KB 29.3KB/s 00:00
Restarting Shorewall Lite....
done.
teastep@wookie:~/Configs/gateway$</programlisting>
</blockquote>
<para>I use RSA keys and ssh-agent so I don't need to enter a password
to run scp or ssh.</para>
</section>
</section>
<section>

15
docs/FAQ.xml
View File

@ -1838,6 +1838,21 @@ eth0 eth1 # eth1 = interface to local netwo
installed on at least one system within your network in order to use
Shorewall Lite.</para>
</section>
<section id="faq55">
<title>(FAQ 55) How do I decide which product to use - Shorewall or
Shorewall Lite?</title>
<para><emphasis role="bold">Answer</emphasis>: If you plan to have only
a single firewall system, then Shorewall is the logical choice. I also
think that Shorewall is the appropriate choice for laptop systems that
may need to have their firewall configuration changed while on the road.
In the remaining cases, Shorewall Lite will work very well. At
shorewall.net, the two laptop systems have the full Shorewall product
installed as does my personal Linux desktop system. All other Linux
systems that run a firewall use Shorewall Lite and have their
configuration directories on my desktop. </para>
</section>
</section>
<section>