#!/bin/sh # # Shorewall Lite Packet Filtering Firewall Capabilities Detector # # (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net) # # This file should be placed in /sbin/shorewall. # # Shorewall documentation is available at http://shorewall.sourceforge.net # # This program is part of Shorewall. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 2 of the license or, at your # option, any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # This program may be used to create a /etc/shorewall/capabilities file for # use in compiling Shorewall firewalls on another system. # # On the target system (the system where the firewall program is to run): # # [ IPTABLES= ] [ MODULESDIR= ] [ MODULE_SUFFIX="" ] shorecap > capabilities # # Now move the capabilities file to the compilation system. The file must # be placed in a directory on the CONFIG_PATH to be used when compiling firewalls # for the target system. # # Default values for the two variables are: # # IPTABLES - iptables # MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter # MODULE_SUFFIX - "o gz ko o.gz ko.gz" # # Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is # used during firewall compilation, then the generated firewall program will likewise not # require Shorewall to be installed. g_program=shorewall-lite # # This is modified by the installer when ${SHAREDIR} != /usr/share # . /usr/share/shorewall/shorewallrc g_sharedir="$SHAREDIR"/shorewall-lite g_confdir="$CONFDIR"/shorewall-lite g_readrc=1 . ${SHAREDIR}/shorewall/lib.cli . /usr/share/shorewall-lite/configpath [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_VERSION=$(cat /usr/share/shorewall-lite/version) [ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables) g_tool=$IPTABLES VERBOSITY=0 load_kernel_modules No determine_capabilities report_capabilities1