------- Forwarded message follows -------
From: istvan@istvan.org
To: shorewall-users@lists.sourceforge.net
Date sent: Thu, 19 May 2016 09:10:21 +0200
Subject: [Shorewall-users] Shorewall-lite on OpenWRT
Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
Hi there,
I use Shorewall on an OpenWRT distribution and I experience 2
problems.
I have solved them myself and report them here to help others with
it.
Shorewall version: shorewall[6]-lite 5.0.4
OpenWRT version: Chaos Calmer 15.05, r46767
Problem 1:
Shorewall uses the lock utility from openwrt. I believe it is used in
the wrong way. File lib.common line 775
First it passes arguments which the utility doesn't use/know. The
util
accepts them dumbly and continues to create a lockfile. It has no
time-out functionality. I do not know the meaning of the r1 argument.
Second the mutex_off simply deletes the lockfile by using the utility
rm. This way a stale lock process keeps running. After a while the
router is running a high number of stale processes which has impact
on
the load of the router. The correct way is to use "lock -u
/lib/shorewall-lite/lock". This way the lockfile will be removed and
the
process will be terminated accordingly. To make it work for me, I no
more let shorewall use the lock utility by using an ugly hack.
Problem 2:
An fgrep on the output of the type utility is wrongly coded. The
output
of the type command probably has been changed. File lib.cli line 4343
It is coded: "if type $1 2> /dev/null | fgrep -q 'is a function';
then"
To make it work for me, it should be coded: "if type $1 2> /dev/null
|
fgrep -q 'is a shell function'; then"
With regards,
Stefan
------- End of forwarded message -------
Tom, attached as code.patch, are the patches that I believe will
correct those issues
In addition to those patches I've also added 3 patches:
- Patch 1 will emulate the -p flag of the ps utility which is not
available on openwrt.
- The last two patches will add "file" to the progress message of
SYSCONFFILE to make it more consistent among the installers.
In shorewall-init/install.sh the else clause between the line 586
and 597 will only work for a sysvinit script.
Should I make it also work for a systemd service script or can't we
simply remove that else clause?
In the compiled firewall script the comments before and after the
functions imported from lib.common have two slashes in the path:
$ grep -H lib.common firewall
firewall:# Functions imported from /usr/share/shorewall//lib.common
firewall:# End of imports from /usr/share/shorewall//lib.common
-Matt
-------------- Enclosure number 1 ----------------
>From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Tue, 24 May 2016 13:10:28 +0200
Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Tom,
Some patches for the trunk repo(fixes.patch):
Patch1: Fix a typo in the path being printed for the standard actions
file.
Patch2: Will only install the shorewall's manpages if the variable
MANDIR is none-empty(I did it only for the sake of completeness)!
Patch3: Will only install the shorewall-lite's manpages if the
variable MANDIR is none-empty.
Patch4: Correct multiple product name's typos in
shorewall-init/install.sh.
Patch5: Remove ~/.shorewallrc when shorewall-core is uninstalled.
And two other patches for the release repo(changelog-1.patch):
Patch1: Changed restart to reload for the line: 'Update DHCP
article(refresh -> restart).
Patch2: Rephrased the line for the newly added ?WARNING and ?INFO
directives.
Request:
Could the date of the compiled firewall script also be displayed when
'shorewall status' is executed?
-Matt
-------------- Enclosure number 2 ----------------
>From a5ae24bbe9b25aefdbcc4d7c8e5d013a36b03078 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Sat, 23 Apr 2016 14:44:19 +0200
Subject: [PATCH 1/5] Fix typo in printed path for standard actions file
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
