holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Rename variables that control RTC. Add RTC control to /sbin/shorewall[6]

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9334 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-01-24 17:42:58 +00:00
parent d737ee0896
commit 0d87cecbad
8 changed files with 130 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Shorewall-common/shorewall
View File

@ -216,6 +216,9 @@ get_config() {
No|NO|no)
TC_ENABLED=
;;
RTC)
NORTC=Yes
;;
esac
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
@ -480,6 +483,16 @@ start_command() {
DEBUG=Yes
option=${option#d}
;;
n*)
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
f*)
FAST=Yes
option=${option#f}
@ -524,7 +537,8 @@ start_command() {
;;
esac
export NOROUTES
export NORTC
export RTCONLY
export PURGE
if [ -n "$FAST" ]; then
@ -766,9 +780,15 @@ restart_command() {
option=${option#f}
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
@ -818,7 +838,8 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export NORTC
export RTCONLY
export PURGE
if [ -z "$FAST" ]; then
@ -896,7 +917,8 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export NORTC
export RTCONLY
progress_message3 "Compiling..."
@ -939,9 +961,15 @@ safe_commands() {
option=
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
@ -1088,9 +1116,15 @@ try_command() {
option=
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
C)
[ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"
SHOREWALL_COMPILER=$2
@ -1485,7 +1519,8 @@ IPT_OPTIONS="-nv"
FAST=
VERBOSE_OFFSET=0
USE_VERBOSITY=
NOROUTES=
NORTC=
RTC=
PURGE=
EXPORT=
export TIMESTAMP=
@ -1562,9 +1597,15 @@ while [ $finished -eq 0 ]; do
esac
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
t*)
TIMESTAMP=Yes
option=${option#t}
@ -1724,14 +1765,16 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1
get_config
export NOROUTES
export NORTC
export RTCONLY
mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
mutex_off
;;
reset)
get_config
export NOROUTE
export NORTC
export RTCONLY
shift
mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock reset $@

12
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -415,7 +415,7 @@ EOF
if [ -f ${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do
qt arp -i $external -d $address pub
[ -z "${haveroute}${NOTCR}" ] && qt ip route del $address dev $interface
[ -z "${haveroute}${NORTC}" ] && qt ip route del $address dev $interface
f=/proc/sys/net/ipv4/conf/$interface/proxy_arp
[ -f $f ] && echo 0 > $f
done < ${VARDIR}/proxyarp
@ -710,7 +710,7 @@ sub generate_script_4($) {
}
emit ( '',
'if [ -n "$TCRONLY" ]; then' ,
'if [ -n "$RTCONLY" ]; then' ,
' delete_tc1' ,
'else' );
@ -758,7 +758,7 @@ sub generate_script_4($) {
}
emit qq([ -n "\$NOTCR" ] && delete_tc1\n) if $config{CLEAR_TC};
emit qq([ -n "\$NORTC" ] && delete_tc1\n) if $config{CLEAR_TC};
pop_indent;
@ -768,11 +768,11 @@ sub generate_script_4($) {
emit '';
emit( '[ -n "$TCRONLY" ] || setup_common_rules',
emit( '[ -n "$RTCONLY" ] || setup_common_rules',
'',
'[ -n "$NOTCR" ] || setup_routing_and_traffic_shaping',
'[ -n "$NORTC" ] || setup_routing_and_traffic_shaping',
'',
'if [ -z "$TCRONLY" ]; then' );
'if [ -z "$RTCONLY" ]; then' );
push_indent;

2
Shorewall-perl/Shorewall/Config.pm
View File

@ -2183,6 +2183,8 @@ sub get_configuration( $ ) {
$globals{TC_SCRIPT} = $file;
} elsif ( $val eq 'internal' ) {
$config{TC_ENABLED} = 'Internal';
} elsif ( $val eq 'rtc' ) {
$config{TC_ENABLED} = 'RTC';
} else {
fatal_error "Invalid value ($config{TC_ENABLED}) for TC_ENABLED" unless $val eq 'no';
$config{TC_ENABLED} = '';

2
Shorewall-perl/Shorewall/Proc.pm
View File

@ -123,7 +123,7 @@ sub setup_route_filtering() {
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
}
emit "[ -n \"\$NOTCR\" ] || ip -4 route flush cache";
emit "[ -n \"\$NORTC\" ] || ip -4 route flush cache";
}
}

4
Shorewall-perl/Shorewall/Providers.pm
View File

@ -568,7 +568,7 @@ sub setup_providers() {
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};
emit "\nif [ -z \"\$NOTCR\" ]; then";
emit "\nif [ -z \"\$NORTC\" ]; then";
push_indent;
@ -708,7 +708,7 @@ sub setup_providers() {
emit "\nundo_routing";
emit 'restore_default_route';
if ( $config{NULL_ROUTE_RFC1918} ) {
emit "\nif [ -z \"\$NOTCR\" ]; then";
emit "\nif [ -z \"\$NORTC\" ]; then";
push_indent;

20
Shorewall-perl/prog.footer
View File

@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
option=${option#q}
;;
r*)
if [ -n "$NOTCR" ]; then
if [ -n "$NORTC" ]; then
error_message "The -n and -r options are mutually exclusive"
exit 1
fi
TCRONLY=Yes
RTCONLY=Yes
option=${option#r}
PRODUCT="$PRODUCT Traffic Control and Routing"
;;
n*)
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
error_message "The -n and -r options are mutually exclusive"
exit 1
fi
NOTCR=Yes
NORTC=Yes
option=${option#n}
;;
*)
@ -82,7 +82,7 @@ COMMAND="$1"
case "$COMMAND" in
start)
[ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
progress_message3 "Starting $PRODUCT...."
define_firewall
status=$?
@ -101,7 +101,7 @@ case "$COMMAND" in
stop)
[ $# -ne 1 ] && usage 2
progress_message3 "Stopping $PRODUCT...."
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
delete_tc1
else
stop_firewall
@ -111,7 +111,7 @@ case "$COMMAND" in
progress_message3 "done."
;;
reset)
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'reset'"
status=1
elif ! shorewall_is_started ; then
@ -160,7 +160,7 @@ case "$COMMAND" in
;;
refresh)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'refresh'"
status=1
elif shorewall_is_started; then
@ -175,7 +175,7 @@ case "$COMMAND" in
;;
restore)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'restart'"
status=1
else
@ -188,7 +188,7 @@ case "$COMMAND" in
;;
clear)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'clear'"
status=1
else

22
Shorewall-perl/prog.footer6
View File

@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
option=${option#q}
;;
r*)
if [ -n "$NOTCR" ]; then
if [ -n "$NORTC" ]; then
error_message "The -n and -r options are mutually exclusive"
exit 1
fi
TCRONLY=Yes
RTCONLY=Yes
option=${option#r}
PRODUCT="$PRODUCT Traffic Control and Routing"
;;
n*)
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
error_message "The -n and -r options are mutually exclusive"
exit 1
fi
NOTCR=Yes
NORTC=Yes
option=${option#n}
;;
*)
@ -87,7 +87,7 @@ else
case "$COMMAND" in
start)
[ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
progress_message3 "Starting $PRODUCT...."
define_firewall
status=$?
@ -106,7 +106,7 @@ else
stop)
[ $# -ne 1 ] && usage 2
progress_message3 "Stopping $PRODUCT...."
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
delete_tc1
else
stop_firewall
@ -116,7 +116,7 @@ else
progress_message3 "done."
;;
reset)
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'reset'"
status=1
elif ! shorewall6_is_started ; then
@ -148,7 +148,7 @@ else
;;
restart)
[ $# -ne 1 ] && usage 2
if [ -n "$TCRONLY" ]; then
if [ -n "$RTCONLY" ]; then
progress_message3 "Restarting $PRODUCT...."
define_firewall
status=$?
@ -171,7 +171,7 @@ else
;;
refresh)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'refresh'"
status=1
elif shorewall6_is_started; then
@ -186,7 +186,7 @@ else
;;
restore)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'restore'"
status=1
else
@ -199,7 +199,7 @@ else
;;
clear)
[ $# -ne 1 ] && usage 2
if [ -n "${NOTCR}$"{TCRONLY} ]; then
if [ -n "${NORTC}$"{RTCONLY} ]; then
error_message "The -n and -r options may not be used with 'clear'"
status=1
else

54
Shorewall6/shorewall6
View File

@ -216,6 +216,10 @@ get_config() {
No|NO|no)
TC_ENABLED=
;;
RTC)
NORTC=Yes
RTCONLY=
;;
esac
[ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
@ -466,7 +470,8 @@ start_command() {
;;
esac
export NOROUTES
export NORTC
export RTCONLY
export PURGE
if [ -n "$FAST" ]; then
@ -685,9 +690,15 @@ restart_command() {
option=${option#f}
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
p*)
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
PURGE=Yes
@ -731,7 +742,8 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export NORTC
export RTCONLY
export PURGE
if [ -z "$FAST" ]; then
@ -803,7 +815,8 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export NORTC
export RTCONLY
progress_message3 "Compiling..."
@ -846,9 +859,15 @@ safe_commands() {
option=
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
*)
usage 1
;;
@ -989,9 +1008,15 @@ try_command() {
option=
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
*)
usage 1
;;
@ -1364,7 +1389,8 @@ IPT_OPTIONS="-nv"
FAST=
VERBOSE_OFFSET=0
USE_VERBOSITY=
NOROUTES=
NORTC=
RTCONLY=
PURGE=
EXPORT=
export TIMESTAMP=
@ -1441,9 +1467,15 @@ while [ $finished -eq 0 ]; do
esac
;;
n*)
NOROUTES=Yes
NORTC=Yes
RTCONLY=
option=${option#n}
;;
r*)
RTCONLY=Yes
NORTC=
option=${option#r}
;;
t*)
TIMESTAMP=Yes
option=${option#t}
@ -1583,14 +1615,16 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1
get_config
[ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started"
export NOROUTES
export NORTC
export RTCONLY
mutex_on
$SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
mutex_off
;;
reset)
get_config
export NOROUTE
export NORTC
export RTCONLY
shift
mutex_on
[ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started"