holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Finish install/fallback cleanup

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2677 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-13 17:13:35 +00:00
parent 050ba1b307
commit 0864c22d26
5 changed files with 113 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 2.5.6
1) Finish install/fallback cleanup.
Changes in 2.5.5
1) Zone file alchemy attempted.

27
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=2.5.5
VERSION=2.5.6
usage() # $1 = exit status
{
@ -49,8 +49,23 @@ restore_directory() # $1 = directory to restore
fi
}
restore_file() # $1 = file to restore
restore_file() # $1 = file to restore, $2 = (Optional) Directory to restore from
{
if [ -n "$2" ]; then
local file=$(basename $1)
if [ -f $2/$file ]; then
if mv -f $2/$file $1 ; then
echo
echo "$1 restored"
return
fi
echo "ERROR: Could not restore $1"
exit 1
fi
fi
if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
if (mv -f ${1}-${VERSION}.bkout $1); then
echo
@ -71,17 +86,17 @@ echo "Backing Out Installation of Shorewall $VERSION"
if [ -L /usr/share/shorewall/init ]; then
FIREWALL=$(ls -l /usr/share/shorewall/init | sed 's/^.*> //')
restore_file $FIREWALL
restore_file $FIREWALL /usr/share/shorewall-${VERSION}.bkout
else
restore_file /etc/init.d/shorewall
restore_file /etc/init.d/shorewall /usr/share/shorewall-${VERSION}.bkout
fi
restore_file /sbin/shorewall
restore_file /sbin/shorewall /var/lib/shorewall-${VERSION}.bkout
restore_directory /etc/shorewall
restore_directory /usr/share/shorewall
restore_directory /var/lib/shorewall
echo "Shorewall Restored to Version $oldversion"
echo "Shorewall Restored to Version $(cat /usr/share/shorewall/version)"

51
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
VERSION=2.5.5
VERSION=2.5.6
usage() # $1 = exit status
{
@ -37,7 +37,7 @@ run_install()
{
if ! install $*; then
echo
echo "ERROR: Failed to install $*"
echo "ERROR: Failed to install $*" >&2
exit 1
fi
}
@ -45,8 +45,7 @@ run_install()
cant_autostart()
{
echo
echo "WARNING: Unable to configure shorewall to start"
echo " automatically at boot"
echo "WARNING: Unable to configure shorewall to start automatically at boot" >&2
}
backup_directory() # $1 = directory to backup
@ -61,15 +60,26 @@ backup_directory() # $1 = directory to backup
fi
}
backup_file() # $1 = file to backup
backup_file() # $1 = file to backup, $2 = (optional) Directory in which to create the backup
{
if [ -z "$PREFIX" -a -f $1 -a ! -f ${1}-${VERSION}.bkout ]; then
if (cp $1 ${1}-${VERSION}.bkout); then
echo
echo "$1 saved to ${1}-${VERSION}.bkout"
else
exit 1
fi
if [ -z "$PREFIX" ]; then
if [ -f $1 -a ! -f ${1}-${VERSION}.bkout ]; then
if [ -n "$2" ]; then
if [ -d $2 ]; then
if cp -f $1 $2 ; then
echo
echo "$1 saved to $2/$(basename $1)"
else
exit 1
fi
fi
elif cp $1 ${1}-${VERSION}.bkout; then
echo
echo "$1 saved to ${1}-${VERSION}.bkout"
else
exit 1
fi
fi
fi
}
@ -90,9 +100,9 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $OWNERSHIP -m $3 $1 ${2}
}
install_file_with_backup() # $1 = source $2 = target $3 = mode
install_file_with_backup() # $1 = source $2 = target $3 = mode $4 = (optional) backup directory
{
backup_file $2
backup_file $2 $4
run_install $OWNERSHIP -m $3 $1 ${2}
}
@ -194,7 +204,7 @@ else
first_install="Yes"
fi
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0544 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
echo
echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
@ -203,9 +213,9 @@ echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
# Install the Firewall Script
#
if [ -n "$DEBIAN" ]; then
install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544
install_file_with_backup init.debian.sh /etc/init.d/shorewall 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
else
install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544
install_file_with_backup init.sh ${PREFIX}${DEST}/$INIT 0544 ${PREFIX}/usr/share/shorewall-${VERSION}.bkout
fi
echo
@ -227,7 +237,6 @@ if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
fi
if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${PREFIX}/etc/shorewall/shorewall.conf
fi
#
@ -381,9 +390,7 @@ fi
#
# Install the TOS file
#
if [ -f ${PREFIX}/etc/shorewall/tos ]; then
backup_file /etc/shorewall/tos
else
if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then
run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos
echo
echo "TOS file installed as ${PREFIX}/etc/shorewall/tos"
@ -447,7 +454,7 @@ echo "RFC 1918 file installed as ${PREFIX}/usr/share/shorewall/rfc1918"
#
install_file configpath ${PREFIX}/usr/share/shorewall/configpath 0600
echo
echo " Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath"
echo "Default config path file installed as ${PREFIX}/usr/share/shorewall/configpath"
#
# Install the init file
#

98
Shorewall/releasenotes.txt
View File

@ -1,4 +1,22 @@
Shorewall 2.5.5.
Shorewall 2.5.6.
Problems Corrected in 2.5.6:
None.
New Features in 2.5.6:
1) The install.sh script now does a much cleaner job of backing up the
current installation. It copies the directories /etc/shorewall,
/usr/share/shorewall and /var/lib/shorewall to a directory of the
same name with "-$VERSION.bkout" appended. The init script and
/sbin/shorewall are backed up to the /usr/share/shorewall and
/var/lib/shorewall directories respectively. This makes it very
simple to remove the backups:
rm -rf /etc/shorewall-*.bkout
rm -rf /usr/share/shorewall-*.bkout
rm -rf /var/lib/shorewall-*.bkout
Problems Corrected in 2.5.5:
@ -9,41 +27,6 @@ Problems Corrected in 2.5.5:
"shorewall start" would continue after what should have been fatal
errors.
New Features in 2.5.5:
1) The IPSEC column in /etc/shorewall/zones has been renamed TYPE and
can have one of the following values:
plain, -, or <empty> A normal zone
ipsec An IPSEC zone
firewall The firewall zone. There must be
exactly one firewall zone.
2) You may now define zone nesting in the /etc/shorewall/zones
file. In the ZONE column, the (sub)zone name can be followed by a
colon (":") and a comma-separated list of parent zones. The parent
zone(s) must be listed before the subzone.
Example: Zone B is a subzone of zone A
#ZONE TYPE OPTIONS
A plain
B:A plain
Currently, Shorewall only uses the zone nesting information to
re-order the zone list such that subzones appear before their
parent zones. In a future release, Shorewall might make additional
use of this information to structure the ruleset in a more
efficient fashion.
3) When /usr/share/shorewall/functions is loaded it now sets
SHOREWALL_LIBRARY=Loaded
Application code such as /etc/shorewall/tcstart may test that
variable to determine if the library has been loaded into the
current shell process.
Problems Corrected in 2.5.4:
1) Several serious problems associated with macros have been corrected.
@ -121,17 +104,38 @@ Migration Considerations:
are now as follows:
ZONE Short name of the zone (5 Characters or less in
length).
length). The names "all" and "none" are
reserved and may not be used as zone names.
The names "all" and "none" are reserved and may
not beused as zone names.
TYPE ipsec - Communication with all zone hosts is encrypted
Where a zone is nested in one or more other
zones, you may follow the (sub)zone name by ":"
and a comma-separated list of the parent
zones. The parent zones must have been defined
in earlier records in this file.
Example:
#ZONE TYPE OPTIONS
a plain
b plain
c:a,b plain
Currently, Shorewall uses this information only
to reorder the zone list so that parent zones
appear after their subzones in the list. In the
future, Shorewall may make more extensive use
of that information.
TYPE plain - This is the standard Shorewall zone type and is
the default if the column is left empty or if
it is entered as "-". Communication with some
zone hosts may be encrypted. Encrypted hosts
are designated using the 'ipsec' option in
/etc/shorewall/hosts.
ipsec - Communication with all zone hosts is encrypted
Your kernel and iptables must include policy
match support.
plain - Communication with some zone hosts may be encrypted.
Encrypted hosts are designated using the 'ipsec'
option in /etc/shorewall/hosts.
firewall
- Designates the firewall itself. You must have
exactly one 'firewall' zone. No options are
@ -535,3 +539,11 @@ New Features in Shorewall 2.5.*
Thanks, Arne!
19) When /usr/share/shorewall/functions is loaded it now sets
SHOREWALL_LIBRARY=Loaded
Application code such as /etc/shorewall/tcstart may test that
variable to determine if the library has been loaded into the
current shell process.

5
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=2.5.5
VERSION=2.5.6
usage() # $1 = exit status
{
@ -101,8 +101,11 @@ rm -f /sbin/shorewall
rm -f /sbin/shorewall-*.bkout
rm -rf /etc/shorewall
rm -rf /etc/shorewall-*.bkout
rm -rf /var/lib/shorewall
rm -rf /var/lib/shorewall-*.bkout
rm -rf /usr/share/shorewall
rm -rf /usr/share/shorewall-*.bkout
echo "Shorewall Uninstalled"