2006-06-03 17:16:21 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
#
|
2006-06-05 21:19:35 +02:00
|
|
|
# Shorewall Lite Packet Filtering Firewall Capabilities Detector
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
2014-01-04 18:48:27 +01:00
|
|
|
# (c) 2006,2007,2008,2009,2010,2014 - Tom Eastep (teastep@shorewall.net)
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# This file should be placed in /sbin/shorewall.
|
|
|
|
|
#
|
|
|
|
|
# Shorewall documentation is available at http://shorewall.sourceforge.net
|
|
|
|
|
#
|
2014-01-04 18:48:27 +01:00
|
|
|
# This program is part of Shorewall.
|
|
|
|
|
#
|
2006-06-03 17:16:21 +02:00
|
|
|
# This program is free software; you can redistribute it and/or modify
|
2014-01-04 18:48:27 +01:00
|
|
|
# it under the terms of the GNU General Public License as published by the
|
|
|
|
|
# Free Software Foundation, either version 2 of the license or, at your
|
|
|
|
|
# option, any later version.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
2014-01-04 18:48:27 +01:00
|
|
|
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# This program may be used to create a /etc/shorewall/capabilities file for
|
|
|
|
|
# use in compiling Shorewall firewalls on another system.
|
|
|
|
|
#
|
|
|
|
|
# On the target system (the system where the firewall program is to run):
|
|
|
|
|
#
|
2007-04-07 18:23:22 +02:00
|
|
|
# [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# Now move the capabilities file to the compilation system. The file must
|
|
|
|
|
# be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
|
|
|
|
|
# for the target system.
|
|
|
|
|
#
|
|
|
|
|
# Default values for the two variables are:
|
|
|
|
|
#
|
|
|
|
|
# IPTABLES - iptables
|
|
|
|
|
# MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
2015-01-27 21:43:42 +01:00
|
|
|
# MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
|
2006-06-03 17:16:21 +02:00
|
|
|
#
|
|
|
|
|
# Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
|
|
|
|
|
# used during firewall compilation, then the generated firewall program will likewise not
|
|
|
|
|
# require Shorewall to be installed.
|
|
|
|
|
|
2012-06-06 00:22:08 +02:00
|
|
|
|
2016-11-20 06:17:35 +01:00
|
|
|
PRODUCT=shorewall-lite
|
2006-08-09 18:18:32 +02:00
|
|
|
|
2012-06-06 00:22:08 +02:00
|
|
|
#
|
|
|
|
|
# This is modified by the installer when ${SHAREDIR} != /usr/share
|
|
|
|
|
#
|
|
|
|
|
. /usr/share/shorewall/shorewallrc
|
|
|
|
|
|
2016-11-20 06:17:35 +01:00
|
|
|
g_basedir=${SHAREDIR}/shorewall
|
2012-06-06 00:22:08 +02:00
|
|
|
|
|
|
|
|
. ${SHAREDIR}/shorewall/lib.cli
|
2016-11-20 06:17:35 +01:00
|
|
|
|
2016-11-20 17:48:18 +01:00
|
|
|
setup_product_environment
|
2016-11-20 06:17:35 +01:00
|
|
|
|
|
|
|
|
. ${SHAREDIR}/shorewall-lite/configpath
|
2006-06-08 00:22:56 +02:00
|
|
|
|
2006-08-09 18:18:32 +02:00
|
|
|
[ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2010-03-02 17:02:10 +01:00
|
|
|
SHOREWALL_VERSION=$(cat /usr/share/shorewall-lite/version)
|
2006-06-03 17:16:21 +02:00
|
|
|
|
2006-06-11 17:05:10 +02:00
|
|
|
[ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables)
|
2006-08-09 18:18:32 +02:00
|
|
|
|
2011-12-04 18:19:48 +01:00
|
|
|
g_tool=$IPTABLES
|
|
|
|
|
|
2010-03-01 02:58:01 +01:00
|
|
|
VERBOSITY=0
|
2007-01-25 19:56:24 +01:00
|
|
|
load_kernel_modules No
|
2006-06-03 17:16:21 +02:00
|
|
|
determine_capabilities
|
2006-08-09 18:18:32 +02:00
|
|
|
report_capabilities1
|
