From fb4ef9784060ee9339fb47fb1280eff7d297283b Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 14 Jun 2006 16:32:13 +0000 Subject: [PATCH] Make progress messages product-specific; provide script for easy firewall update git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4098 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/changelog.txt | 2 ++ Shorewall-lite/releasenotes.txt | 6 +++- Shorewall-lite/shorewall-lite | 9 ++--- Shorewall/changelog.txt | 2 ++ Shorewall/compiler | 4 +-- Shorewall/prog.footer | 22 +++++++------ Shorewall/releasenotes.txt | 10 ++++-- Shorewall/shorewall | 3 +- docs/CompiledPrograms.xml | 58 +++++++++++++++++++++++++++------ docs/FAQ.xml | 15 +++++++++ 10 files changed, 100 insertions(+), 31 deletions(-) diff --git a/Shorewall-lite/changelog.txt b/Shorewall-lite/changelog.txt index 05c92c7ac..9f2b4501f 100644 --- a/Shorewall-lite/changelog.txt +++ b/Shorewall-lite/changelog.txt @@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4 2) Correct many inaccuracies in shorewall.conf +3) Make progress messages product-specific. + Changes in 3.2.0 RC 3 1) Fix configpath. diff --git a/Shorewall-lite/releasenotes.txt b/Shorewall-lite/releasenotes.txt index 5aa2dfc1b..115b0fd2d 100644 --- a/Shorewall-lite/releasenotes.txt +++ b/Shorewall-lite/releasenotes.txt @@ -17,7 +17,11 @@ Problems Corrected in 3.2.0 RC 4 Other changes in 3.2.0 RC 4 -None. +1) The progress messages produced by Shorewall Lite now correctly + identify the product as 'Shorewall Lite' rather than + 'Shorewall'. In order for this to work, you must have Shorewall RC4 + installed on your administrative system(s) and Shorewall Lite RC4 + on the firewall system(s). New Features: diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index c79c56bce..c782d4931 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -553,10 +553,10 @@ start_command() { $SHOREWALL_SHELL ${RESTOREPATH}-ipsets fi - echo Restoring Shorewall... + echo Restoring Shorewall Lite... $SHOREWALL_SHELL $RESTOREPATH restore date > ${VARDIR}/restarted - progress_message3 Shorewall restored from $RESTOREPATH + progress_message3 Shorewall Lite restored from $RESTOREPATH else do_it fi @@ -933,8 +933,8 @@ restore_command() { $SHOREWALL_SHELL ${RESTOREPATH}-ipsets fi - progress_message3 "Restoring Shorewall..." - $SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall restored from ${VARDIR}/$RESTOREFILE" + progress_message3 "Restoring Shorewall Lite..." + $SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall Lite restored from ${VARDIR}/$RESTOREFILE" [ -n "$nolock" ] || mutex_off else echo "File ${VARDIR}/$RESTOREFILE: file not found" @@ -1169,6 +1169,7 @@ MUTEX_TIMEOUT= SHAREDIR=/usr/share/shorewall-lite VARDIR=/var/lib/shorewall-lite CONFDIR=/etc/shorewall-lite +export PRODUCT="Shorewall Lite" FIREWALL=$SHAREDIR/firewall FUNCTIONS=$SHAREDIR/functions diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 6be313f44..132b09ac8 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in 3.2.0 RC 4 1) Fix permissions on Limit file. +2) Make progress messages product-specific. + ------------------------------------------------------------------------------- Changes in 3.2.0 RC 3 diff --git a/Shorewall/compiler b/Shorewall/compiler index f8eb75409..10eab8534 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -7820,10 +7820,10 @@ stop_firewall() { \${RESTOREPATH}-ipsets fi - echo Restoring Shorewall... + echo Restoring \${PRODUCT:=Shorewall}... if \$RESTOREPATH restore; then - echo "Shorewall restored from \$RESTOREPATH" + echo "\$PRODUCT restored from \$RESTOREPATH" set_state "Started" else set_state "Unknown" diff --git a/Shorewall/prog.footer b/Shorewall/prog.footer index 3132795d8..ddd850079 100644 --- a/Shorewall/prog.footer +++ b/Shorewall/prog.footer @@ -58,30 +58,32 @@ else COMMAND="$1" fi +[ -n "${PRODUCT:=Shorewall}" ] + case "$COMMAND" in start) if shorewall_is_started; then - error_message "Shorewall is already Running" + error_message "$PRODUCT is already Running" status=1 else - progress_message3 "Starting Shorewall...." + progress_message3 "Starting $PRODUCT...." define_firewall status=$? progress_message3 "done." fi ;; stop) - progress_message3 "Stopping Shorewall...." + progress_message3 "Stopping $PRODUCT...." stop_firewall status=0 progress_message3 "done." ;; restart) if shorewall_is_started; then - progress_message3 "Restarting Shorewall...." + progress_message3 "Restarting $PRODUCT...." else - echo "Shorewall is not running" >&2 - progress_message3 "Starting Shorewall...." + echo "$PRODUCT is not running" >&2 + progress_message3 "Starting $PRODUCT...." fi define_firewall @@ -93,19 +95,19 @@ case "$COMMAND" in status=$? ;; clear) - progress_message3 "Clearing Shorewall...." + progress_message3 "Clearing $PRODUCT...." clear_firewall status=0 progress_message3 "done." ;; status) - echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)" + echo "$PRODUCT-$VERSION Status at $HOSTNAME - $(date)" echo if shorewall_is_started; then - echo "Shorewall is running" + echo "$PRODUCT is running" status=0 else - echo "Shorewall is stopped" + echo "$PRODUCT is stopped" status=4 fi diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 01a4a4376..b0f40c215 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -33,12 +33,16 @@ Note to users upgrading from Shorewall 2.x or 3.0 Problems Corrected in 3.2.0 RC 4 -1) When install.sh was used to install/update Shorewall, the - /usr/share/shorewall/Limit file had incorrect permissions. +1) When install.sh was used to install/update Shorewall, the + /usr/share/shorewall/Limit file had incorrect permissions. Other changes in 3.2.0 RC 4 -None. +1) The progress messages produced by Shorewall Lite now correctly + identify the product as 'Shorewall Lite' rather than + 'Shorewall'. In order for this to work, you must have Shorewall RC4 + installed on your administrative system(s) and Shorewall Lite RC4 + on the firewall system(s). Migration Considerations: diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 57cb55f63..8b4ace5f4 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -490,7 +490,7 @@ save_config() { echo " ERROR: Currently-running Configuration Not Saved" fi else - echo " ERROR: ${VARDIR}/.restored oes not exist" + echo " ERROR: ${VARDIR}/.restore does not exist" fi else echo "Error Saving the Dynamic Rules" @@ -1515,6 +1515,7 @@ MUTEX_TIMEOUT= SHAREDIR=/usr/share/shorewall VARDIR=/var/lib/shorewall CONFDIR=/etc/shorewall +export PRODUCT="Shorewall" FIREWALL=$SHAREDIR/firewall FUNCTIONS=$SHAREDIR/functions diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index b8efae39b..a03dd0918 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -252,9 +252,10 @@ Shorewall Lite includes a very limited version of - /etc/shorewall-lite/shorewall.conf. It includes the - following options which have the same meaning as in a full Shorewall - installation except as noted below: + shorewall.conf + (/etc/shorewall-lite/shorewall.conf). It + includes the following options which have the same meaning as in a full + Shorewall installation except as noted below:
@@ -263,19 +264,19 @@ LOGFILE LOGFORMAT — used by /sbin/shorewall for - finding 'Shorewall' log messages only. The format of the messages - themselves is defined by the LOGFORMAT in the shorewall.conf used when - the firewall script was compiled on the administrative system. If - LOGFORMAT was not specified at compile time then the firewall script - will use the value from + finding 'Shorewall' log messages. If LOGFORMAT was specified in the + shorewall.conf file used at compile time on the administrative system, + then the format of the messages themselves is defined by that value. + If LOGFORMAT was not specified at compile time then the firewall + script will use the value from /etc/shorewall-lite/shorewall.conf on the firewall system. IPTABLES — determines the iptables binary to be used by /sbin/shorewall. The compiled firewall script will use the IPTABLES specified in shorewall.conf - at compile time on the administrative system; if IPTABLES was not - specified at compile time then the IPTABLES value from + at compile time on the administrative system, if any; if IPTABLES was + not specified at compile time then the IPTABLES value from /etc/shorewall-lite/shorewall.conf on the firewall system will be used by the firewall script. @@ -394,6 +395,43 @@ + +
+ A simple shell program for remote firewall replacement + + I use the following simple + shell program for compiling firewall scripts and installing them + on firewall systems: + +
+ #/bin/bash + +[ $# -eq 1 ] || { echo "Usage: $(basename $0) <system>" >&2; exit 2; } + +/sbin/shorewall compile -e . firewall && scp firewall root@${1}:/usr/share/shorewall-lite/ && ssh root@${1} 'shorewall-lite restart' +
+ + I install this program in + /usr/local/bin/compile and I have my configuration + directories in ~/Config. So, for example, to recompile the firewall + script for the 'gateway' system and install the script on gateway, I do + the following: + +
+ teastep@wookie:~$ cd Configs/gateway +teastep@wookie:~/Configs/gateway$ compile gateway +Compiling... +Shorewall configuration compiled to firewall +firewall 100% 29KB 29.3KB/s 00:00 +Restarting Shorewall Lite.... +done. +teastep@wookie:~/Configs/gateway$ +
+ + I use RSA keys and ssh-agent so I don't need to enter a password + to run scp or ssh. +
diff --git a/docs/FAQ.xml b/docs/FAQ.xml index a0dac405a..20a04c266 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1838,6 +1838,21 @@ eth0 eth1 # eth1 = interface to local netwo installed on at least one system within your network in order to use Shorewall Lite.
+ +
+ (FAQ 55) How do I decide which product to use - Shorewall or + Shorewall Lite? + + Answer: If you plan to have only + a single firewall system, then Shorewall is the logical choice. I also + think that Shorewall is the appropriate choice for laptop systems that + may need to have their firewall configuration changed while on the road. + In the remaining cases, Shorewall Lite will work very well. At + shorewall.net, the two laptop systems have the full Shorewall product + installed as does my personal Linux desktop system. All other Linux + systems that run a firewall use Shorewall Lite and have their + configuration directories on my desktop. +