shorewall_code/Shorewall-perl/diff-4.0-lib.base

490 lines
11 KiB
Plaintext
Raw Normal View History

--- ../Shorewall-common/lib.base 2007-07-02 15:50:32.000000000 -0700
+++ prog.header 2007-07-02 16:27:59.000000000 -0700
@@ -1,48 +1,29 @@
#!/bin/sh
#
-# Shorewall 4.0 -- /usr/share/shorewall/lib.base
+# Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.4
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
-# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
+# (c) 2006 - Tom Eastep (teastep@shorewall.net)
#
-# Complete documentation is available at http://shorewall.net
#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of Version 2 of the GNU General Public License
-# as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
-#
-# This library contains the code common to all Shorewall components.
-#
-# - It is copied into the compiled script with the -e compiler flag is specified to
-# shorewall-shell.
-# - It is loaded by /sbin/shorewall.
-# - It is loaded by /usr/share/shorewall/firewall.
-# - It is loaded by /usr/share/shorewall-shell/compiler.
-# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
-# and /usr/share/shorewall-lite/shorecap.
-# - It is released as part of Shorewall Perl where it is copied into the compiled script
-# by the compiler.
-#
-
-SHOREWALL_LIBVERSION=40000
-SHOREWALL_CAPVERSION=30405
-
-[ -n "${VARDIR:=/var/lib/shorewall}" ]
-[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
-[ -n "${CONFDIR:=/etc/shorewall}" ]
-SHELLSHAREDIR=/usr/share/shorewall-shell
-PERLSHAREDIR=/usr/share/shorewall-perl
-
+# Options are:
+#
+# -n Don't alter Routing
+# -v and -q Standard Shorewall Verbosity control
+#
+# Commands are:
+#
+# start Starts the firewall
+# refresh Refresh the firewall
+# restart Restarts the firewall
+# reload Reload the firewall
+# clear Removes all firewall rules
+# stop Stops the firewall
+# status Displays firewall status
+# version Displays the version of Shorewall that
+# generated this program
+#
#
# Message to stderr
#
@@ -111,20 +92,6 @@
}
#
-# Undo the effect of 'separate_list()'
-#
-combine_list()
-{
- local f o=
-
- for f in $* ; do
- o="${o:+$o,}$f"
- done
-
- echo $o
-}
-
-#
# Suppress all output for a command
#
qt()
@@ -310,83 +277,6 @@
}
#
-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall nolock refresh"
-#
-# This function uses the lockfile utility from procmail if it exists.
-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
-# behavior of lockfile.
-#
-mutex_on()
-{
- local try=0
- local lockf=${LOCKFILE:=${VARDIR}/lock}
-
- MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-
- if [ $MUTEX_TIMEOUT -gt 0 ]; then
-
- [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-
- if qt mywhich lockfile; then
- lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
- else
- while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
- sleep 1
- try=$((${try} + 1))
- done
-
- if [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
- # Create the lockfile
- echo $$ > ${lockf}
- else
- echo "Giving up on lock file ${lockf}" >&2
- fi
- fi
- fi
-}
-
-#
-# Call this function to release mutual exclusion
-#
-mutex_off()
-{
- rm -f ${LOCKFILE:=${VARDIR}/lock}
-}
-
-#
-# Load an optional library
-#
-lib_load() # $1 = Name of the Library, $2 = Error Message heading if the library cannot be found
-{
- local lib=${SHAREDIR}/lib.$1
- local loaded
-
- eval loaded=\$LIB_${1}_LOADED
-
- if [ -z "$loaded" ]; then
- [ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
-
- if [ -f $lib ]; then
- progress_message "Loading library $lib..."
- . $lib
- eval LIB_${1}_LOADED=Yes
- else
- startup_error "$2 requires the Shorewall library $1 ($lib) which is not installed"
- fi
- fi
-}
-
-#
-# Determine if an optional library is available
-#
-lib_avail() # $1 = Name of the Library
-{
- [ -f ${SHAREDIR}/lib.$1 ]
-}
-
-#
# Note: The following set of IP address manipulation functions have anomalous
# behavior when the shell only supports 32-bit signed arithmatic and
# the IP address is 128.0.0.0 or 128.0.0.1.
@@ -607,40 +497,6 @@
fi
}
-
-#
-# Chain name base for an interface -- replace all periods with underscores in the passed name.
-# The result is echoed (less trailing "+").
-#
-chain_base() #$1 = interface
-{
- local c=${1%%+}
-
- while true; do
- case $c in
- @*)
- c=at_${c#@}
- ;;
- *.*)
- c="${c%.*}_${c##*.}"
- ;;
- *-*)
- c="${c%-*}_${c##*-}"
- ;;
- *%*)
- c="${c%\%*}_${c##*%}"
- ;;
- *@*)
- c="${c%@*}_${c##*@}"
- ;;
- *)
- echo ${c:=common}
- return
- ;;
- esac
- done
-}
-
#
# Query NetFilter about the existence of a filter chain
#
@@ -879,21 +735,6 @@
}
#
-# Set default config path
-#
-ensure_config_path() {
- local F=${SHAREDIR}/configpath
- if [ -z "$CONFIG_PATH" ]; then
- [ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
- . $F
- fi
-
- if [ -n "$SHOREWALL_DIR" ]; then
- [ "${CONFIG_PATH%%:*}" = "$SHOREWALL_DIR" ] || CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
- fi
-}
-
-#
# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
#
find_file()
@@ -918,54 +759,6 @@
}
#
-# Get fully-qualified name of file
-#
-resolve_file() # $1 = file name
-{
- local pwd=$PWD
-
- case $1 in
- /*)
- echo $1
- ;;
- .)
- echo $pwd
- ;;
- ./*)
- echo ${pwd}${1#.}
- ;;
- ..)
- cd ..
- echo $PWD
- cd $pwd
- ;;
- ../*)
- cd ..
- resolve_file ${1#../}
- cd $pwd
- ;;
- *)
- echo $pwd/$1
- ;;
- esac
-}
-
-#
-# Perform variable substitution on the passed argument and echo the result
-#
-expand() # $@ = contents of variable which may be the name of another variable
-{
- eval echo \"$@\"
-}
-
-#
-# Function for including one file into another
-#
-INCLUDE() {
- . $(find_file $(expand $@))
-}
-
-#
# Set the Shorewall state
#
set_state () # $1 = state
@@ -1127,46 +920,6 @@
}
-report_capabilities1() {
- report_capability1() # $1 = Capability
- {
- eval echo $1=\$$1
- }
-
- echo "#"
- echo "# Shorewall $VERSION detected the following iptables/netfilter capabilities - $(date)"
- echo "#"
- report_capability1 NAT_ENABLED
- report_capability1 MANGLE_ENABLED
- report_capability1 MULTIPORT
- report_capability1 XMULTIPORT
- report_capability1 CONNTRACK_MATCH
- report_capability1 USEPKTTYPE
- report_capability1 POLICY_MATCH
- report_capability1 PHYSDEV_MATCH
- report_capability1 LENGTH_MATCH
- report_capability1 IPRANGE_MATCH
- report_capability1 RECENT_MATCH
- report_capability1 OWNER_MATCH
- report_capability1 IPSET_MATCH
- report_capability1 CONNMARK
- report_capability1 XCONNMARK
- report_capability1 CONNMARK_MATCH
- report_capability1 XCONNMARK_MATCH
- report_capability1 RAW_TABLE
- report_capability1 IPP2P_MATCH
- report_capability1 CLASSIFY_TARGET
- report_capability1 ENHANCED_REJECT
- report_capability1 KLUDGEFREE
- report_capability1 MARK
- report_capability1 XMARK
- report_capability1 MANGLE_FORWARD
- report_capability1 COMMENTS
- report_capability1 ADDRTYPE
-
- echo CAPVERSION=$SHOREWALL_CAPVERSION
-}
-
#
# Delete IP address
#
@@ -1286,82 +1039,6 @@
cut -b -${1}
}
-#
-# Add a logging rule.
-#
-do_log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule
-{
- local level=$1
- local chain=$2
- local displayChain=$3
- local disposition=$4
- local rulenum=
- local limit=
- local tag=
- local command=
- local prefix
- local base=$(chain_base $displayChain)
- local pf
-
- limit="${5:-$LOGLIMIT}" # Do this here rather than in the declaration above to appease /bin/ash.
- tag=${6:+$6 }
- command=${7:--A}
-
- shift 7
-
- if [ -n "$tag" -a -n "$LOGTAGONLY" ]; then
- displayChain=$tag
- tag=
- fi
-
- if [ -n "$LOGRULENUMBERS" ]; then
- #
- # Hack for broken printf on some lightweight shells
- #
- [ $(printf "%d" 1) = "1" ] && pf=printf || pf=$(mywhich printf)
-
- eval rulenum=\$${base}_logrules
-
- rulenum=${rulenum:-1}
-
- prefix="$($pf "$LOGFORMAT" $displayChain $rulenum $disposition)${tag}"
-
- rulenum=$(($rulenum + 1))
- eval ${base}_logrules=$rulenum
- else
- prefix="$(printf "$LOGFORMAT" $displayChain $disposition)${tag}"
- fi
-
- if [ ${#prefix} -gt 29 ]; then
- prefix=`echo "$prefix" | truncate 29`
- error_message "WARNING: Log Prefix shortened to \"$prefix\""
- fi
-
- case $level in
- ULOG)
- $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix"
- ;;
- *)
- $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"
- ;;
- esac
-
- if [ $? -ne 0 ] ; then
- [ -z "$STOPPING" ] && { stop_firewall; exit 2; }
- fi
-}
-
-do_log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule
-{
- local level=$1
- local chain=$2
- local disposition=$3
-
- shift 3
-
- do_log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@
-}
-
delete_tc1()
{
clear_one_tc() {
@@ -1496,65 +1173,3 @@
echo echo
}
-
-# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
-#
-# None - No mktemp
-# BSD - BSD mktemp (Mandrake)
-# STD - mktemp.org mktemp
-#
-find_mktemp() {
- local mktemp=`mywhich mktemp 2> /dev/null`
-
- if [ -n "$mktemp" ]; then
- if qt mktemp -V ; then
- MKTEMP=STD
- else
- MKTEMP=BSD
- fi
- else
- MKTEMP=None
- fi
-}
-
-#
-# create a temporary file. If a directory name is passed, the file will be created in
-# that directory. Otherwise, it will be created in a temporary directory.
-#
-mktempfile() {
-
- [ -z "$MKTEMP" ] && find_mktemp
-
- if [ $# -gt 0 ]; then
- case "$MKTEMP" in
- BSD)
- mktemp $1/shorewall.XXXXXX
- ;;
- STD)
- mktemp -p $1 shorewall.XXXXXX
- ;;
- None)
- > $1/shorewall-$$ && echo $1/shorewall-$$
- ;;
- *)
- error_message "ERROR:Internal error in mktempfile"
- ;;
- esac
- else
- case "$MKTEMP" in
- BSD)
- mktemp /tmp/shorewall.XXXXXX
- ;;
- STD)
- mktemp -t shorewall.XXXXXX
- ;;
- None)
- rm -f /tmp/shorewall-$$
- > /tmp/shorewall-$$ && echo /tmp/shorewall-$$
- ;;
- *)
- error_message "ERROR:Internal error in mktempfile"
- ;;
- esac
- fi
-}