holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update for 2.3.1

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2114 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-05-15 14:20:46 +00:00
parent de4d293b20
commit 030f01c690
6 changed files with 93 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.3.0 VERSION=2.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall2/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=2.3.0 VERSION=2.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

12
Shorewall2/releasenotes.txt
View File

@ -1,13 +1,13 @@
Shorewall 2.3.0 Shorewall 2.3.1
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.3.0 Problems corrected in version 2.3.1
1) A typo in the 'tunnel' script has been corrected (thanks to Patrik 1) A typo in the 'tunnel' script has been corrected (thanks to Patrik
Varmecký). Varmecký).
2) Previously, if "shorewall save" was done with SAVE_IPSETS=Yes then 2) Previously, if "shorewall save" was done with SAVE_IPSETS=Yes then
Shorewall would fail to start on reboot because the ipset modules Shorewall would fail fast start on reboot because the ipset modules
were not loaded. were not loaded.
----------------------------------------------------------------------- -----------------------------------------------------------------------
@ -85,7 +85,7 @@ New Features in version 2.3.0
#ACTION SOURCE DEST PROTO DEST PORT(S) #ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT +sshok fw tcp 22 ACCEPT +sshok fw tcp 22
Shorewall can automatically manage the contents of your ipsets for Shorewall can automatically capture the contents of your ipsets for
you. If you specify SAVE_IPSETS=Yes in /etc/shorewall/shorewall.conf you. If you specify SAVE_IPSETS=Yes in /etc/shorewall/shorewall.conf
then "shorewall save" will save the contents of your ipsets. The file then "shorewall save" will save the contents of your ipsets. The file
where the sets are saved is formed by taking the name where the where the sets are saved is formed by taking the name where the
@ -93,6 +93,10 @@ New Features in version 2.3.0
enter the command "shorewall save standard" then your Shorewall enter the command "shorewall save standard" then your Shorewall
configuration will be saved in /var/lib/shorewall/standard and your configuration will be saved in /var/lib/shorewall/standard and your
ipset contents will be saved in /var/lib/shorewall/standard-ipsets. ipset contents will be saved in /var/lib/shorewall/standard-ipsets.
Assuming the default RESTOREFILE setting, if you just enter
"shorewall save" then your Shorewall configuration will be saved in
/var/lib/shorewall/restore and your ipset contents will be saved in
/var/lib/shorewall/restore-ipsets.
Regardless of the setting of SAVE_IPSETS, the "shorewall -f start" Regardless of the setting of SAVE_IPSETS, the "shorewall -f start"
and "shorewall restore" commands will restore the ipset contents and "shorewall restore" commands will restore the ipset contents

151
Shorewall2/shorewall
View File

@ -589,6 +589,84 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
done done
} }
#
# Save currently running configuration
#
save_config() {
mutex_on
if qt $IPTABLES -L shorewall -n; then
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
else
case $RESTOREFILE in
save|restore-base)
echo " ERROR: Reserved file name: $RESTOREFILE"
;;
*)
if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
echo " Dynamic Rules Saved"
if [ -f /var/lib/shorewall/restore-base ]; then
cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then
echo __EOF__ >> /var/lib/shorewall/restore-$$
[ -f /var/lib/shorewall/restore-tail ] && \
cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$
mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
rm -f ${RESTOREPATH}-ipsets
case ${SAVE_IPSETS:-No} in
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
f=/var/lib/shorewall/restore-$$
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". /usr/share/shorewall/functions" >> $f
echo >> $f
grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
echo "ipset -F" >> $f
echo "ipset -X" >> $f
echo "ipset -R << __EOF__" >> $f
ipset -S >> $f
echo "__EOF__" >> $f
mv -f $f $RESTOREPATH
chmod +x $RESTOREPATH
echo " Current Ipset Contents Saved to $RESTOREPATH"
;;
[Nn][Oo])
;;
*)
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
;;
esac
else
rm -f /var/lib/shorewall/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: /var/lib/shorewall/restore-base does not exist"
fi
else
echo "Error Saving the Dynamic Rules"
fi
;;
esac
fi
else
echo "Shorewall isn't started"
fi
mutex_off
}
# #
# Help information # Help information
# #
@ -1198,79 +1276,8 @@ case "$1" in
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
mutex_on save_config
if qt $IPTABLES -L shorewall -n; then
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
else
case $RESTOREFILE in
save|restore-base)
echo " ERROR: Reserved file name: $RESTOREFILE"
;;
*)
if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
echo " Dynamic Rules Saved"
if [ -f /var/lib/shorewall/restore-base ]; then
cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then
echo __EOF__ >> /var/lib/shorewall/restore-$$
[ -f /var/lib/shorewall/restore-tail ] && \
cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$
mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
rm -f ${RESTOREPATH}-ipsets
case ${SAVE_IPSETS:-No} in
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
f=/var/lib/shorewall/restore-$$
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". /usr/share/shorewall/functions" >> $f
echo >> $f
grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
echo "ipset -F" >> $f
echo "ipset -X" >> $f
echo "ipset -R << __EOF__" >> $f
ipset -S >> $f
echo "__EOF__" >> $f
mv -f $f $RESTOREPATH
chmod +x $RESTOREPATH
echo " Current Ipset Contents Saved to $RESTOREPATH"
;;
[Nn][Oo])
;;
*)
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
;;
esac
else
rm -f /var/lib/shorewall/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: /var/lib/shorewall/restore-base does not exist"
fi
else
echo "Error Saving the Dynamic Rules"
fi
;;
esac
fi
else
echo "Shorewall isn't started"
fi
mutex_off
;; ;;
forget) forget)
case $# in case $# in

4
Shorewall2/shorewall.spec
View File

@ -1,5 +1,5 @@
%define name shorewall %define name shorewall
%define version 2.3.0 %define version 2.3.1
%define release 1 %define release 1
%define prefix /usr %define prefix /usr
@ -139,6 +139,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
%changelog %changelog
* Sun May 15 2005 Tom Eastep tom@shorewall.net
- Updated to 2.3.1-1
* Mon Apr 11 2005 Tom Eastep tom@shorewall.net * Mon Apr 11 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.4-1 - Updated to 2.2.4-1
* Fri Apr 08 2005 Tom Eastep tom@shorewall.net * Fri Apr 08 2005 Tom Eastep tom@shorewall.net

2
Shorewall2/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=2.3.0 VERSION=2.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {