forked from extern/shorewall_code
SHOREWALL_SHELL parameter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
52bc8bca5e
commit
06e38b587d
@ -23,4 +23,5 @@ Changes since 1.4.5
|
||||
parameters and replaced them with code that detects these
|
||||
capabilities.
|
||||
|
||||
10) Added the SHOREWALL_SHELL configuraiton parameter.
|
||||
|
||||
|
@ -2025,9 +2025,12 @@ add_a_rule()
|
||||
servport=$serverport
|
||||
multiport=
|
||||
|
||||
[ x$port = x- ] && port=
|
||||
[ x$cport = x- ] && cport=
|
||||
|
||||
case $proto in
|
||||
tcp|udp|TCP|UDP|6|17)
|
||||
if [ -n "$port" -a "x${port}" != "x-" ]; then
|
||||
if [ -n "$port" ]; then
|
||||
dports="--dport"
|
||||
if [ -n "$multioption" -a "$port" != "${port%,*}" ]; then
|
||||
multiport="$multioption"
|
||||
@ -2036,7 +2039,7 @@ add_a_rule()
|
||||
dports="$dports $port"
|
||||
fi
|
||||
|
||||
if [ -n "$cport" -a "x${cport}" != "x-" ]; then
|
||||
if [ -n "$cport" ]; then
|
||||
sports="--sport"
|
||||
if [ -n "$multioption" -a "$cport" != "${cport%,*}" ]; then
|
||||
multiport="$multioption"
|
||||
@ -2046,18 +2049,17 @@ add_a_rule()
|
||||
fi
|
||||
;;
|
||||
icmp|ICMP|1)
|
||||
[ -n "$port" ] && [ "x${port}" != "x-" ] && \
|
||||
dports="--icmp-type $port"
|
||||
[ -n "$port" ] && dports="--icmp-type $port"
|
||||
state=
|
||||
;;
|
||||
all|ALL)
|
||||
[ -n "$port" ] && [ "x${port}" != "x-" ] && \
|
||||
[ -n "$port" ] && \
|
||||
fatal_error "Port number not allowed with \"all\"; rule: \"$rule\""
|
||||
proto=
|
||||
;;
|
||||
*)
|
||||
state=
|
||||
[ -n "$port" ] && [ "x${port}" != "x-" ] && \
|
||||
[ -n "$port" ] && \
|
||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||
;;
|
||||
esac
|
||||
|
@ -83,3 +83,7 @@ New Features:
|
||||
Tracking Match Extension is available, the rule in the filter table
|
||||
is extended to check that the original destination address was the
|
||||
same as specified (or defaulted to) in the DNAT rule.
|
||||
|
||||
7) The shell used to interpret the firewall script
|
||||
(/usr/share/shorewall/firewall) may now be specified using the
|
||||
SHOREWALL_SHELL parameter in shorewall.conf.
|
@ -138,6 +138,13 @@ get_config() {
|
||||
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
|
||||
|
||||
[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
|
||||
|
||||
if [ -n "$SHOREWALL_SHELL" ]; then
|
||||
if [ ! -e "$SHOREWALL_SHELL" ]; then
|
||||
echo "The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
@ -653,11 +660,13 @@ esac
|
||||
case "$1" in
|
||||
start|stop|restart|reset|clear|refresh|check)
|
||||
[ $# -ne 1 ] && usage 1
|
||||
exec $FIREWALL $debugging $nolock $1
|
||||
get_config
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
|
||||
;;
|
||||
add|delete)
|
||||
[ $# -ne 3 ] && usage 1
|
||||
exec $FIREWALL $debugging $nolock $1 $2 $3
|
||||
get_config
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 $2 $3
|
||||
;;
|
||||
show|list)
|
||||
[ $# -gt 2 ] && usage 1
|
||||
|
@ -191,6 +191,14 @@ RFC1918_LOG_LEVEL=info
|
||||
#
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
#
|
||||
# SHELL
|
||||
#
|
||||
# The firewall script is normally interpreted by /bin/sh. If you wish to change
|
||||
# the shell used to interpret that script, specify the shell here.
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
||||
# SUBSYSTEM LOCK FILE
|
||||
#
|
||||
# Set this to the name of the lock file expected by your init scripts. For
|
||||
|
Loading…
Reference in New Issue
Block a user