Shorewall-core's version file resides in ${SHAREDIR}/shorewall.
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Copy only libraries that are required by Shorewall to operate properly.
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
------- Forwarded message follows -------
From: istvan@istvan.org
To: shorewall-users@lists.sourceforge.net
Date sent: Thu, 19 May 2016 09:10:21 +0200
Subject: [Shorewall-users] Shorewall-lite on OpenWRT
Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
Hi there,
I use Shorewall on an OpenWRT distribution and I experience 2
problems.
I have solved them myself and report them here to help others with
it.
Shorewall version: shorewall[6]-lite 5.0.4
OpenWRT version: Chaos Calmer 15.05, r46767
Problem 1:
Shorewall uses the lock utility from openwrt. I believe it is used in
the wrong way. File lib.common line 775
First it passes arguments which the utility doesn't use/know. The
util
accepts them dumbly and continues to create a lockfile. It has no
time-out functionality. I do not know the meaning of the r1 argument.
Second the mutex_off simply deletes the lockfile by using the utility
rm. This way a stale lock process keeps running. After a while the
router is running a high number of stale processes which has impact
on
the load of the router. The correct way is to use "lock -u
/lib/shorewall-lite/lock". This way the lockfile will be removed and
the
process will be terminated accordingly. To make it work for me, I no
more let shorewall use the lock utility by using an ugly hack.
Problem 2:
An fgrep on the output of the type utility is wrongly coded. The
output
of the type command probably has been changed. File lib.cli line 4343
It is coded: "if type $1 2> /dev/null | fgrep -q 'is a function';
then"
To make it work for me, it should be coded: "if type $1 2> /dev/null
|
fgrep -q 'is a shell function'; then"
With regards,
Stefan
------- End of forwarded message -------
Tom, attached as code.patch, are the patches that I believe will
correct those issues
In addition to those patches I've also added 3 patches:
- Patch 1 will emulate the -p flag of the ps utility which is not
available on openwrt.
- The last two patches will add "file" to the progress message of
SYSCONFFILE to make it more consistent among the installers.
In shorewall-init/install.sh the else clause between the line 586
and 597 will only work for a sysvinit script.
Should I make it also work for a systemd service script or can't we
simply remove that else clause?
In the compiled firewall script the comments before and after the
functions imported from lib.common have two slashes in the path:
$ grep -H lib.common firewall
firewall:# Functions imported from /usr/share/shorewall//lib.common
firewall:# End of imports from /usr/share/shorewall//lib.common
-Matt
-------------- Enclosure number 1 ----------------
>From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Tue, 24 May 2016 13:10:28 +0200
Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Tom,
Some patches for the trunk repo(fixes.patch):
Patch1: Fix a typo in the path being printed for the standard actions
file.
Patch2: Will only install the shorewall's manpages if the variable
MANDIR is none-empty(I did it only for the sake of completeness)!
Patch3: Will only install the shorewall-lite's manpages if the
variable MANDIR is none-empty.
Patch4: Correct multiple product name's typos in
shorewall-init/install.sh.
Patch5: Remove ~/.shorewallrc when shorewall-core is uninstalled.
And two other patches for the release repo(changelog-1.patch):
Patch1: Changed restart to reload for the line: 'Update DHCP
article(refresh -> restart).
Patch2: Rephrased the line for the newly added ?WARNING and ?INFO
directives.
Request:
Could the date of the compiled firewall script also be displayed when
'shorewall status' is executed?
-Matt
-------------- Enclosure number 2 ----------------
>From a5ae24bbe9b25aefdbcc4d7c8e5d013a36b03078 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Sat, 23 Apr 2016 14:44:19 +0200
Subject: [PATCH 1/5] Fix typo in printed path for standard actions file
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
On 17 Apr 2016 at 7:45, Tom Eastep wrote:
> On 04/17/2016 06:23 AM, Matt Darfeuille wrote:
>
> >> Tom, I neglected the git part of that request!(sorry):
> >>
> >> Could changes be also made in the git code repo that take for account
> >> case insensitive system?:
> >>
> >> What I suggest doing is using the deprecated extension when the case
> >> of a file is changed in the code so git wouldn't show 'Modified: ...'
> >> and simply modifying shorewall/install.sh to strip the file from the
> >> deprecated extension and then copying it to the deprecated directory.
> >>
> >> In other words: when changing the case of a file tracked by git could
> >> case-insensitivity platform be taken in to account?
> >>
> >> -Matt
> >>
> >> P.S. I'll test SW_LOGGERTAG tomorrow!!!:)
> >
> > Or do you have a better solution, if no, I could do the changes to
> > shorewall/install.sh!?
>
> Sure -- go ahead. We'll do it in the master branch, though, since I've
> now created a 5.0.8 branch for the upcoming release.
>
> >
> > You might want to apply the attached patch to changelog.txt in the
> > release repo!
> >
>
> Applied -- thanks!
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
Attached as case.patch are 3 patches:
1 and 2 simply rename the deprecated files(adding .deprecated)
Patch 3 will modify Shorewall/install.sh to reflect the new naming
scheme!
I didn't have the time to test SW_LOGGERTAG but will do so in the
coming days!!!:)
-Matt
-------------- Enclosure number 1 ----------------
From 2ecd761b414af61c5854d6427fb9ec8ab1365c7b Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Sun, 17 Apr 2016 18:34:40 +0200
Subject: [PATCH 1/3] Rename macro.SNMPTrap to macro.SNMPTrap.deprecated
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Hi,
before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
-Thomas
From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
"$DESTDIR/$INITDIR"
Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
