From 1356944d23d673b22269c11b3cf68384e93e85ca Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 12 Nov 2006 18:19:17 +0000 Subject: [PATCH] Add Makefile just for /usr/share/shorewall/configfiles git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4859 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/Makefile-lite | 78 ++++++++++++++++++++++++++++++++++++++ Shorewall/changelog.txt | 2 + Shorewall/install.sh | 4 +- Shorewall/releasenotes.txt | 15 ++++++++ 4 files changed, 97 insertions(+), 2 deletions(-) create mode 100644 Shorewall/Makefile-lite diff --git a/Shorewall/Makefile-lite b/Shorewall/Makefile-lite new file mode 100644 index 000000000..62de92dba --- /dev/null +++ b/Shorewall/Makefile-lite @@ -0,0 +1,78 @@ +# Shorewall Packet Filtering Firewall Export Directory Makefile - V3.3 +# +# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] +# +# (c) 2006 - Tom Eastep (teastep@shorewall.net) +# +# Shorewall documentation is available at http://www.shorewall.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA +################################################################################ +# Place this file in each export directory. Modify each copy to set HOST +# to the name of the remote firewall corresponding to the directory. +# +# To make the 'firewall' script, type "make". +# +# Once the script is compiling correctly, you can install it by +# typing "make install". +# +################################################################################ +# V A R I A B L E S +# +# Files in the export directory on which the firewall script does not depend +# +IGNOREFILES = firewall% Makefile% trace% %~ +# +# Remote Firewall system +# +HOST = gateway +# +# Save some typing +# +LITEDIR = /var/lib/shorewall-lite +# +# Default target is the firewall script +# +################################################################################ +# T A R G E T S +# +all: firewall +# +# Only generate the capabilities file if it doesn't already exist +# +capabilities: + ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities" + scp root@$(HOST):$(LITEDIR)/capabilities . +# +# Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that +# 'filter-out' will be presented with the list of files in this directory rather than "*" +# +firewall: $(filter-out $(IGNOREFILES) capabilities , $(wildcard *) ) capabilities + shorewall compile -e . firewall +# +# Only reload on demand. +# +install: firewall + scp firewall firewall.conf root@$(HOST):$(LITEDIR) + ssh root@$(HOST) "/sbin/shorewall-lite restart" +# +# Save running configuration +# +save: + ssh root@$(HOST) "/sbin/shorewall-lite save" +# +# Remove generated files +# +clean: + rm -f capabilities firewall firewall.conf reload diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 053f802c4..f84d68d78 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -23,6 +23,8 @@ Changes in 3.3.5 11) Return success if start of running config. +12) Add Makefile especially for /usr/share/shorewall/configfiles/ + Changes in 3.3.4 1) Make exclusion work with "show zones" diff --git a/Shorewall/install.sh b/Shorewall/install.sh index cd784861c..68fb13fa1 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -624,9 +624,9 @@ if [ ! -f ${PREFIX}/etc/shorewall/actions ]; then fi # -# Install the Makefile +# Install the Makefiles # -run_install $OWNERSHIP -m 0644 Makefile ${PREFIX}/usr/share/shorewall/configfiles/Makefile +run_install $OWNERSHIP -m 0644 Makefile-lite ${PREFIX}/usr/share/shorewall/configfiles/Makefile run_install $OWNERSHIP -m 0600 Makefile ${PREFIX}/etc/shorewall/Makefile echo "Makefile installed as ${PREFIX}/etc/shorewall/Makefile" diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 1c1737c1e..e6269b38e 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -79,6 +79,21 @@ Other Changes in 3.3.5. /etc/shorewall/tcdevices then no ingress qdisc will be created for the device. +5) The Makefile installed in /usr/share/shorewall/configfiles/ is now + the same one mentioned at + http://www.shorewall.net/CompiledPrograms.html. + + Once the file is copied into an export directory, you modify the + setting of the HOST variable to match the name of the remote + firewall. + + The default target is the "firewall" script so "make" compiles the + firewall script if any of the configuration files have + changed. "make install" builds "firewall" if necessary then + installs it on the remote firewall. "make capabilities" will + generate the "capabilities" file if that file doesn't exist. "make + save" will save the running configuration on the remote firewall. + Migration Considerations: 1) Shorewall supports the notion of "default actions". A default