diff --git a/Shorewall2/fallback.sh b/Shorewall2/fallback.sh index 213311a27..fa01e0e0d 100755 --- a/Shorewall2/fallback.sh +++ b/Shorewall2/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=2.3.0 +VERSION=2.3.1 usage() # $1 = exit status { diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index 3ab1de341..3c96259d9 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=2.3.0 +VERSION=2.3.1 usage() # $1 = exit status { diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 236a000cf..3a19cbd43 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,13 +1,13 @@ -Shorewall 2.3.0 +Shorewall 2.3.1 ----------------------------------------------------------------------- -Problems corrected in version 2.3.0 +Problems corrected in version 2.3.1 1) A typo in the 'tunnel' script has been corrected (thanks to Patrik Varmecký). 2) Previously, if "shorewall save" was done with SAVE_IPSETS=Yes then - Shorewall would fail to start on reboot because the ipset modules + Shorewall would fail fast start on reboot because the ipset modules were not loaded. ----------------------------------------------------------------------- @@ -85,7 +85,7 @@ New Features in version 2.3.0 #ACTION SOURCE DEST PROTO DEST PORT(S) ACCEPT +sshok fw tcp 22 - Shorewall can automatically manage the contents of your ipsets for + Shorewall can automatically capture the contents of your ipsets for you. If you specify SAVE_IPSETS=Yes in /etc/shorewall/shorewall.conf then "shorewall save" will save the contents of your ipsets. The file where the sets are saved is formed by taking the name where the @@ -93,6 +93,10 @@ New Features in version 2.3.0 enter the command "shorewall save standard" then your Shorewall configuration will be saved in /var/lib/shorewall/standard and your ipset contents will be saved in /var/lib/shorewall/standard-ipsets. + Assuming the default RESTOREFILE setting, if you just enter + "shorewall save" then your Shorewall configuration will be saved in + /var/lib/shorewall/restore and your ipset contents will be saved in + /var/lib/shorewall/restore-ipsets. Regardless of the setting of SAVE_IPSETS, the "shorewall -f start" and "shorewall restore" commands will restore the ipset contents diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall index 823bb0535..275948f21 100755 --- a/Shorewall2/shorewall +++ b/Shorewall2/shorewall @@ -589,6 +589,84 @@ logwatch() # $1 = timeout -- if negative, prompt each time that done } +# +# Save currently running configuration +# +save_config() { + mutex_on + + if qt $IPTABLES -L shorewall -n; then + [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall + + if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then + echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration" + else + case $RESTOREFILE in + save|restore-base) + echo " ERROR: Reserved file name: $RESTOREFILE" + ;; + *) + if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then + echo " Dynamic Rules Saved" + if [ -f /var/lib/shorewall/restore-base ]; then + cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$ + if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then + echo __EOF__ >> /var/lib/shorewall/restore-$$ + [ -f /var/lib/shorewall/restore-tail ] && \ + cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$ + mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH + chmod +x $RESTOREPATH + echo " Currently-running Configuration Saved to $RESTOREPATH" + + rm -f ${RESTOREPATH}-ipsets + + case ${SAVE_IPSETS:-No} in + [Yy][Ee][Ss]) + RESTOREPATH=${RESTOREPATH}-ipsets + + f=/var/lib/shorewall/restore-$$ + + echo "#!/bin/sh" > $f + echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f + echo >> $f + echo ". /usr/share/shorewall/functions" >> $f + echo >> $f + grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >> $f + echo >> $f + echo "ipset -U :all: :all:" >> $f + echo "ipset -F" >> $f + echo "ipset -X" >> $f + echo "ipset -R << __EOF__" >> $f + ipset -S >> $f + echo "__EOF__" >> $f + mv -f $f $RESTOREPATH + chmod +x $RESTOREPATH + echo " Current Ipset Contents Saved to $RESTOREPATH" + ;; + [Nn][Oo]) + ;; + *) + echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved" + ;; + esac + else + rm -f /var/lib/shorewall/restore-$$ + echo " ERROR: Currently-running Configuration Not Saved" + fi + else + echo " ERROR: /var/lib/shorewall/restore-base does not exist" + fi + else + echo "Error Saving the Dynamic Rules" + fi + ;; + esac + fi + else + echo "Shorewall isn't started" + fi + mutex_off +} # # Help information # @@ -1198,79 +1276,8 @@ case "$1" in RESTOREPATH=/var/lib/shorewall/$RESTOREFILE - mutex_on + save_config - if qt $IPTABLES -L shorewall -n; then - [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall - - if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then - echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration" - else - case $RESTOREFILE in - save|restore-base) - echo " ERROR: Reserved file name: $RESTOREFILE" - ;; - *) - if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then - echo " Dynamic Rules Saved" - if [ -f /var/lib/shorewall/restore-base ]; then - cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$ - if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then - echo __EOF__ >> /var/lib/shorewall/restore-$$ - [ -f /var/lib/shorewall/restore-tail ] && \ - cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$ - mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH - chmod +x $RESTOREPATH - echo " Currently-running Configuration Saved to $RESTOREPATH" - - rm -f ${RESTOREPATH}-ipsets - - case ${SAVE_IPSETS:-No} in - [Yy][Ee][Ss]) - RESTOREPATH=${RESTOREPATH}-ipsets - - f=/var/lib/shorewall/restore-$$ - - echo "#!/bin/sh" > $f - echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f - echo >> $f - echo ". /usr/share/shorewall/functions" >> $f - echo >> $f - grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >> $f - echo >> $f - echo "ipset -U :all: :all:" >> $f - echo "ipset -F" >> $f - echo "ipset -X" >> $f - echo "ipset -R << __EOF__" >> $f - ipset -S >> $f - echo "__EOF__" >> $f - mv -f $f $RESTOREPATH - chmod +x $RESTOREPATH - echo " Current Ipset Contents Saved to $RESTOREPATH" - ;; - [Nn][Oo]) - ;; - *) - echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved" - ;; - esac - else - rm -f /var/lib/shorewall/restore-$$ - echo " ERROR: Currently-running Configuration Not Saved" - fi - else - echo " ERROR: /var/lib/shorewall/restore-base does not exist" - fi - else - echo "Error Saving the Dynamic Rules" - fi - ;; - esac - fi - else - echo "Shorewall isn't started" - fi - mutex_off ;; forget) case $# in diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index 3e1c65434..bd6030d15 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 2.3.0 +%define version 2.3.1 %define release 1 %define prefix /usr @@ -139,6 +139,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %changelog +* Sun May 15 2005 Tom Eastep tom@shorewall.net +- Updated to 2.3.1-1 * Mon Apr 11 2005 Tom Eastep tom@shorewall.net - Updated to 2.2.4-1 * Fri Apr 08 2005 Tom Eastep tom@shorewall.net diff --git a/Shorewall2/uninstall.sh b/Shorewall2/uninstall.sh index 4a438b936..6d9a150d6 100755 --- a/Shorewall2/uninstall.sh +++ b/Shorewall2/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=2.3.0 +VERSION=2.3.1 usage() # $1 = exit status {