#!/bin/sh # # Shorewall Lite Packet Filtering Firewall Capabilities Detector # # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # # (c) 2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net) # # This file should be placed in /sbin/shorewall. # # Shorewall documentation is available at http://shorewall.sourceforge.net # # This program is free software; you can redistribute it and/or modify # it under the terms of Version 2 of the GNU General Public License # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # # This program may be used to create a /etc/shorewall/capabilities file for # use in compiling Shorewall firewalls on another system. # # On the target system (the system where the firewall program is to run): # # [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities # # Now move the capabilities file to the compilation system. The file must # be placed in a directory on the CONFIG_PATH to be used when compiling firewalls # for the target system. # # Default values for the two variables are: # # IPTABLES - iptables # MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter # MODULE_SUFFIX - "o gz ko o.gz ko.gz" # # Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is # used during firewall compilation, then the generated firewall program will likewise not # require Shorewall to be installed. g_program=shorewall6-lite # # This is modified by the installer when ${SHAREDIR} != /usr/share # . /usr/share/shorewall/shorewallrc g_libexec="$LIBEXECDIR" g_sharedir="$SHAREDIR"/shorewall6-lite g_sbindir="$SBINDIR" g_vardir="$VARDIR" g_confdir="$CONFDIR"/shorewall6-lite g_readrc=1 . ${SHAREDIR}/shorewall/lib.cli . ${SHAREDIR}/shorewall-lite/configpath [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_VERSION=$(cat /usr/share/shorewall6-lite/version) [ -n "$IP6TABLES" ] || IP6TABLES=$(mywhich ip6tables) g_tool=$IP6TABLES VERBOSITY=0 load_kernel_modules No determine_capabilities report_capabilities1