diff --git a/Shorewall-core/configure b/Shorewall-core/configure index 37f71d39d..47c63d564 100755 --- a/Shorewall-core/configure +++ b/Shorewall-core/configure @@ -102,7 +102,7 @@ if [ -z "$vendor" ]; then vendor=redhat ;; debian|ubuntu) - vendor=debian + ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit ;; opensuse) vendor=suse @@ -130,7 +130,7 @@ if [ -z "$vendor" ]; then *) if [ -f /etc/debian_version ]; then params[HOST]=debian - rcfile=shorewallrc.debian + rcfile=shorewallrc.debian.sysvinit elif [ -f /etc/redhat-release ]; then params[HOST]=redhat rcfile=shorewallrc.redhat diff --git a/Shorewall-core/configure.pl b/Shorewall-core/configure.pl index f83afa03c..fd2856704 100755 --- a/Shorewall-core/configure.pl +++ b/Shorewall-core/configure.pl @@ -68,14 +68,16 @@ unless ( defined $vendor ) { $vendor = 'redhat'; } elsif ( $id eq 'opensuse' ) { $vendor = 'suse'; - } elsif ( $id eq 'ubuntu' ) { - $vendor = 'debian'; + } elsif ( $id eq 'ubuntu' || $id eq 'debian' ) { + my $init = `ls -l /sbin/init`; + $vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit'; } else { $vendor = $id; } } $params{HOST} = $vendor; + $params{HOST} =~ s/\..*//; } if ( defined $vendor ) { @@ -84,7 +86,7 @@ if ( defined $vendor ) { } else { if ( -f '/etc/debian_version' ) { $vendor = 'debian'; - $rcfilename = 'shorewallrc.debian'; + $rcfilename = 'shorewallrc.debian.sysvinit'; } elsif ( -f '/etc/redhat-release' ){ $vendor = 'redhat'; $rcfilename = 'shorewallrc.redhat'; @@ -117,7 +119,7 @@ my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ); if ( $vendor eq 'linux' ) { printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];; } else { - printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $vendor, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];; + printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];; } open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!"; diff --git a/Shorewall-core/shorewallrc.debian.systemd b/Shorewall-core/shorewallrc.debian.systemd new file mode 100644 index 000000000..0a5c84c2e --- /dev/null +++ b/Shorewall-core/shorewallrc.debian.systemd @@ -0,0 +1,24 @@ +# +# Debian Shorewall 4.5 rc file +# +BUILD= #Default is to detect the build system +HOST=debian +PREFIX=/usr #Top-level directory for shared files, libraries, etc. +SHAREDIR=${PREFIX}/share #Directory for arch-neutral files. +LIBEXECDIR=${PREFIX}/share #Directory for executable scripts. +PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory +CONFDIR=/etc #Directory where subsystem configurations are installed +SBINDIR=/sbin #Directory where system administration programs are installed +MANDIR=${PREFIX}/share/man #Directory where manpages are installed. +INITDIR= #Directory where SysV init scripts are installed. +INITFILE= #Name of the product's installed SysV init script +INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script +ANNOTATED= #If non-zero, annotated configuration files are installed +SYSCONFFILE=default.debian #Name of the distributed file to be installed in $SYSCONFDIR +SERVICEFILE=shorewall-init.service.debian + #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service +SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed +SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only) +SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR +VARLIB=/var/lib #Directory where product variable data is stored. +VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored. diff --git a/Shorewall-core/shorewallrc.debian b/Shorewall-core/shorewallrc.debian.sysvinit similarity index 87% rename from Shorewall-core/shorewallrc.debian rename to Shorewall-core/shorewallrc.debian.sysvinit index 209096891..0bd9e5a48 100644 --- a/Shorewall-core/shorewallrc.debian +++ b/Shorewall-core/shorewallrc.debian.sysvinit @@ -15,9 +15,9 @@ INITFILE=$PRODUCT #Name of the product's installed SysV in INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script ANNOTATED= #If non-zero, annotated configuration files are installed SYSCONFFILE=default.debian #Name of the distributed file to be installed in $SYSCONFDIR -SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service +SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed -SERVICEDIR= #Directory where .service files are installed (systems running systemd only) +SERVICEDIR= #Directory where .service files are installed (systems running systemd only) SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR VARLIB=/var/lib #Directory where product variable data is stored. VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored. diff --git a/Shorewall-init/shorewall-init.service.214.debian b/Shorewall-init/shorewall-init.service.214.debian new file mode 100644 index 000000000..bcf363cae --- /dev/null +++ b/Shorewall-init/shorewall-init.service.214.debian @@ -0,0 +1,18 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall +# +# Copyright 2011 Jonathan Underwood +# +[Unit] +Description=Shorewall firewall (bootup security) +Before=network-pre.target +Wants=network-pre.target +Conflicts=iptables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=-/etc/default/shorewall-init +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop diff --git a/Shorewall-init/shorewall-init.service.debian b/Shorewall-init/shorewall-init.service.debian new file mode 100644 index 000000000..eaaa92556 --- /dev/null +++ b/Shorewall-init/shorewall-init.service.debian @@ -0,0 +1,17 @@ +# +# The Shoreline Firewall (Shorewall) Packet Filtering Firewall +# +# Copyright 2011 Jonathan Underwood +# +[Unit] +Description=Shorewall firewall (bootup security) +Before=network.target +Conflicts=iptables.service ip6tables.service firewalld.service + +[Service] +Type=oneshot +RemainAfterExit=yes +EnvironmentFile=-/etc/default/shorewall-init +StandardOutput=syslog +ExecStart=/sbin/shorewall-init start +ExecStop=/sbin/shorewall-init stop diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index a411fd08e..aaa894c3a 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -1024,14 +1024,6 @@ except that it assumes that the firewall is already started. Existing connections are maintained. - - If your ip6tables ruleset depends on variables that are - detected at run-time, either in your params file or by - Shorewall-generated code, restore will use the - values that were current when the ruleset was saved, which may be - different from the current values. - - The option causes shorewall6-lite to avoid updating the routing table(s). @@ -1064,6 +1056,14 @@ in shorewall6.conf(5). + + If your ip6tables ruleset depends on variables that are + detected at run-time, either in your params file or by + Shorewall-generated code, restore will use the + values that were current when the ruleset was saved, which may be + different from the current values. + + The option was added in Shorewall 4.6.5. If the option was specified during shorewall7-lite save, then the counters saved by