shorewall_code/Shorewall-lite/shorecap
2006-06-07 22:22:56 +00:00

94 lines
3.1 KiB
Bash
Executable File

#!/bin/sh
#
# Shorewall Lite Packet Filtering Firewall Capabilities Detector
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2006 - Tom Eastep (teastep@shorewall.net)
#
# This file should be placed in /sbin/shorewall.
#
# Shorewall documentation is available at http://shorewall.sourceforge.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
#
# This program may be used to create a /etc/shorewall/capabilities file for
# use in compiling Shorewall firewalls on another system.
#
# On the target system (the system where the firewall program is to run):
#
# [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
#
# Now move the capabilities file to the compilation system. The file must
# be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
# for the target system.
#
# Default values for the two variables are:
#
# IPTABLES - iptables
# MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
#
# Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
# used during firewall compilation, then the generated firewall program will likewise not
# require Shorewall to be installed.
. /usr/share/shorewall/functions
. /usr/share/shorewall/configpath
. /etc/shorewall/shorewall.conf
VERSION=$(cat /usr/share/shorewall/version)
report_capability() # $1 = Capability
{
eval echo $1=\$$1
}
report_capabilities() {
echo "#"
echo "# Shorewall $VERSION detected the following iptables/netfilter capabilities - $(date)"
echo "#"
report_capability NAT_ENABLED
report_capability MANGLE_ENABLED
report_capability MULTIPORT
report_capability XMULTIPORT
report_capability CONNTRACK_MATCH
report_capability USEPKTTYPE
report_capability POLICY_MATCH
report_capability PHYSDEV_MATCH
report_capability LENGTH_MATCH
report_capability IPRANGE_MATCH
report_capability RECENT_MATCH
report_capability OWNER_MATCH
report_capability IPSET_MATCH
report_capability CONNMARK
report_capability XCONNMARK
report_capability CONNMARK_MATCH
report_capability XCONNMARK_MATCH
report_capability RAW_TABLE
report_capability IPP2P_MATCH
report_capability CLASSIFY_TARGET
report_capability ENHANCED_REJECT
report_capability KLUDGEFREE
report_capability MARK
report_capability XMARK
report_capability MANGLE_FORWARD
}
[ -n "$IPTABLES" ] || iptables=$(mywhich iptables)
VERBOSE=0
load_kernel_modules
determine_capabilities
report_capabilities