holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Rename lib.commands to lib.cli and update makeshorewall to copy it to Shorewall Lite

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4746 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-28 14:46:43 +00:00
parent d6348d7f3e
commit 2ed3d8611d
8 changed files with 27 additions and 789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

774
Shorewall-lite/shorewall-lite
View File

@ -82,80 +82,6 @@
# #
# Displays the decimal equivalent of an IP # Displays the decimal equivalent of an IP
# address and vice versa. # address and vice versa.
#
# Fatal Error
#
fatal_error() # $@ = Message
{
echo " $@" >&2
exit 2
}
# Display a chain if it exists
#
showfirstchain() # $1 = name of chain
{
awk \
'BEGIN {prnt=0; rslt=1; }; \
/^$/ { next; };\
/^Chain/ {if ( prnt == 1 ) { rslt=0; exit 0; }; };\
/Chain '$1'/ { prnt=1; }; \
{ if (prnt == 1) print; };\
END { exit rslt; }' $TMPFILE
}
showchain() # $1 = name of chain
{
if [ "$firstchain" = "Yes" ]; then
if showfirstchain $1; then
firstchain=
fi
else
awk \
'BEGIN {prnt=0;};\
/^$|^ pkts/ { next; };\
/^Chain/ {if ( prnt == 1 ) exit; };\
/Chain '$1'/ { prnt=1; };\
{ if (prnt == 1) print; }' $TMPFILE
fi
}
#
# The 'awk' hack that compensates for bugs in iptables-save (or rather in the extension modules).
#
iptablesbug()
{
if qt mywhich awk ; then
awk 'BEGIN { sline=""; };\
/^-j/ { print sline $0; next };\
/-m policy.*-j/ { print $0; next };\
/-m policy/ { sline=$0; next };\
/--mask ff/ { sub( /--mask ff/, "--mask 0xff" ) };\
{ print ; sline="" }'
else
echo " WARNING: You don't have 'awk' on this system so the output of the save command may be unusable" >&2
cat
fi
}
#
# Validate the value of RESTOREFILE
#
validate_restorefile() # $* = label
{
case $RESTOREFILE in
*/*)
error_message "ERROR: $@ must specify a simple file name: $RESTOREFILE"
exit 2
;;
.*)
error_message "ERROR: Reserved File Name: $RESTOREFILE"
exit 2
;;
esac
}
# #
# Set the configuration variables from shorewall.conf # Set the configuration variables from shorewall.conf
@ -224,160 +150,6 @@ get_config() {
} }
#
# Clear descriptor 1 if it is a terminal
#
clear_term() {
[ -t 1 ] && clear
}
#
# Delay $timeout seconds -- if we're running on a recent bash2 then allow
# <enter> to terminate the delay
#
timed_read ()
{
read -t $timeout foo 2> /dev/null
test $? -eq 2 && sleep $timeout
}
#
# Display the last $1 packets logged
#
packet_log() # $1 = number of messages
{
local options
[ -n "$realtail" ] && options="-n$1"
if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
tail $options
else
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
sed 's/MAC=.* SRC=/SRC=/' | \
tail $options
fi
}
#
# Show traffic control information
#
show_tc() {
show_one_tc() {
local device=${1%@*}
qdisc=$(tc qdisc list dev $device)
if [ -n "$qdisc" ]; then
echo Device $device:
tc -s -d qdisc show dev $device
tc -s -d class show dev $device
echo
fi
}
ip link list | \
while read inx interface details; do
case $inx in
[0-9]*)
show_one_tc ${interface%:}
;;
*)
;;
esac
done
}
#
# Show classifier information
#
show_classifiers() {
show_one_classifier() {
local device=${1%@*}
qdisc=$(tc qdisc list dev $device)
if [ -n "$qdisc" ]; then
echo Device $device:
tc -s filter ls dev $device
echo
fi
}
ip link list | \
while read inx interface details; do
case $inx in
[0-9]*)
show_one_classifier ${interface%:}
;;
*)
;;
esac
done
}
#
# Watch the Firewall Log
#
logwatch() # $1 = timeout -- if negative, prompt each time that
# an 'interesting' packet count changes
{
host=$(echo $HOSTNAME | sed 's/\..*$//')
oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
if [ $1 -lt 0 ]; then
timeout=$((- $1))
pause="Yes"
else
pause="No"
timeout=$1
fi
qt mywhich awk && haveawk=Yes || haveawk=
while true; do
clear_term
echo "$banner $(date)"
echo
echo "Dropped/Rejected Packet Log ($LOGFILE)"
echo
show_reset
rejects=$($IPTABLES -L -v -n | grep 'LOG')
if [ "$rejects" != "$oldrejects" ]; then
oldrejects="$rejects"
$RING_BELL
packet_log 40
if [ "$pause" = "Yes" ]; then
echo
echo $ECHO_N 'Enter any character to continue: '
read foo
else
timed_read
fi
else
echo
packet_log 40
timed_read
fi
done
}
# #
# Verify that we have a compiled firewall script # Verify that we have a compiled firewall script
# #
@ -395,85 +167,6 @@ verify_firewall_script() {
fi fi
} }
#
# Save currently running configuration
#
save_config() {
verify_firewall_script
if shorewall_is_started ; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
else
case $RESTOREFILE in
save|restore-base)
echo " ERROR: Reserved file name: $RESTOREFILE"
;;
*)
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
if [ -f ${VARDIR}/.restore ]; then
if iptables-save | iptablesbug > ${VARDIR}/restore-$$; then
cp -f ${VARDIR}/.restore $RESTOREPATH
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
rm -f ${RESTOREPATH}-ipsets
case ${SAVE_IPSETS:-No} in
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
f=${VARDIR}/restore-$$
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". ${SHAREDIR}/lib.base" >> $f
echo >> $f
grep '^MODULE' ${VARDIR}/restore-base >> $f
echo "reload_kernel_modules << __EOF__" >> $f
grep 'loadmodule ip_set' ${VARDIR}/restore-base >> $f
echo "__EOF__" >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
echo "ipset -F" >> $f
echo "ipset -X" >> $f
echo "ipset -R << __EOF__" >> $f
ipset -S >> $f
echo "__EOF__" >> $f
mv -f $f $RESTOREPATH
chmod +x $RESTOREPATH
echo " Current Ipset Contents Saved to $RESTOREPATH"
;;
[Nn][Oo])
;;
*)
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
;;
esac
else
rm -f ${VARDIR}/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: ${VARDIR}/.restored oes not exist"
fi
else
echo "Error Saving the Dynamic Rules"
fi
;;
esac
fi
else
echo "Shorewall isn't started"
fi
}
# #
# Start Command Executor # Start Command Executor
# #
@ -670,360 +363,6 @@ restart_command() {
return $rc return $rc
} }
#
# Show routing configuration
#
show_routing() {
if [ -n "$(ip rule ls)" ]; then
heading "Routing Rules"
ip rule ls
ip rule ls | while read rule; do
echo ${rule##* }
done | sort -u | while read table; do
heading "Table $table:"
ip route ls table $table
done
else
heading "Routing Table"
ip route ls
fi
}
#
# Show Command Executor
#
show_command() {
local finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
x*)
IPT_OPTIONS="-xnv"
option=${option#x}
;;
m*)
SHOWMACS=Yes
option=${option#m}
;;
f*)
FILEMODE=Yes
option=${option#f}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ -n "$debugging" ] && set -x
case "$1" in
connections)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Connections at $HOSTNAME - $(date)"
echo
cat /proc/net/ip_conntrack
;;
nat)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version NAT Table at $HOSTNAME - $(date)"
echo
show_reset
$IPTABLES -t nat -L $IPT_OPTIONS
;;
tos|mangle)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Mangle Table at $HOSTNAME - $(date)"
echo
show_reset
$IPTABLES -t mangle -L $IPT_OPTIONS
;;
log)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Log ($LOGFILE) at $HOSTNAME - $(date)"
echo
show_reset
host=$(echo $HOSTNAME | sed 's/\..*$//')
packet_log 20
;;
tc)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Traffic Control at $HOSTNAME - $(date)"
echo
show_tc
;;
classifiers)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Clasifiers at $HOSTNAME - $(date)"
echo
show_classifiers
;;
zones)
[ $# -gt 1 ] && usage 1
if [ -f ${VARDIR}/zones ]; then
echo "Shorewall Lite $version Zones at $HOSTNAME - $(date)"
echo
while read zone type hosts; do
echo "$zone ($type)"
for host in $hosts; do
case $host in
exclude)
echo " exclude:"
;;
*)
echo " $host"
;;
esac
done
done < ${VARDIR}/zones
echo
else
echo " ERROR: ${VARDIR}/zones does not exist" >&2
exit 1
fi
;;
capabilities)
[ $# -gt 1 ] && usage 1
determine_capabilities
VERBOSE=2
if [ -n "$FILEMODE" ]; then
report_capabilities1
else
report_capabilities
fi
;;
config)
. ${SHAREDIR}/configpath
echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "LITEDIR is $LITEDIR"
;;
ip)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version IP at $HOSTNAME - $(date)"
echo
ip addr ls
;;
routing)
[ $# -gt 1 ] && usage 1
echo "Shorewall Lite $version Routing at $HOSTNAME - $(date)"
echo
show_routing
;;
*)
echo "Shorewall Lite $version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
echo
show_reset
if [ $# -gt 0 ]; then
for chain in $*; do
$IPTABLES -L $chain $IPT_OPTIONS
done
else
$IPTABLES -L $IPT_OPTIONS
fi
;;
esac
}
#
# Dump Command Executor
#
dump_command() {
local finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
x*)
IPT_OPTIONS="-xnv"
option=${option#x}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
[ $VERBOSE -lt 2 ] && VERBOSE=2
[ -n "$debugging" ] && set -x
[ $# -eq 0 ] || usage 1
clear_term
echo "Shorewall Lite $version Dump at $HOSTNAME - $(date)"
echo
show_reset
host=$(echo $HOSTNAME | sed 's/\..*$//')
$IPTABLES -L $IPT_OPTIONS
heading "Log ($LOGFILE)"
packet_log 20
heading "NAT Table"
$IPTABLES -t nat -L $IPT_OPTIONS
heading "Mangle Table"
$IPTABLES -t mangle -L $IPT_OPTIONS
heading "Conntrack Table"
cat /proc/net/ip_conntrack
heading "IP Configuration"
ip addr ls
heading "IP Stats"
ip -stat link ls
if qt mywhich brctl; then
heading "Bridges"
brctl show
fi
heading "/proc"
show_proc /proc/version
show_proc /proc/sys/net/ipv4/ip_forward
show_proc /proc/sys/net/ipv4/icmp_echo_ignore_all
for directory in /proc/sys/net/ipv4/conf/*; do
for file in proxy_arp arp_filter arp_ignore rp_filter log_martians; do
show_proc $directory/$file
done
done
show_routing
heading "ARP"
arp -na
if qt mywhich lsmod; then
heading "Modules"
lsmod | grep -E '^ip_|^ipt_|^iptable_'
fi
determine_capabilities
echo
report_capabilities
if [ -n "$TC_ENABLED" ]; then
heading "Traffic Control"
show_tc
heading "TC Filters"
show_classifiers
fi
}
#
# Restore Comand Executor
#
restore_command() {
local finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
case $# in
0)
;;
1)
RESTOREFILE="$1"
validate_restorefile '<restore file>'
;;
*)
usage 1
;;
esac
RESTOREPATH=${VARDIR}/$RESTOREFILE
export NOROUTES
[ -n "$nolock" ] || mutex_on
if [ -x $RESTOREPATH ]; then
if [ -x ${RESTOREPATH}-ipsets ] ; then
echo Restoring Ipsets...
iptables -F
iptables -X
$SHOREWALL_SHELL ${RESTOREPATH}-ipsets
fi
progress_message3 "Restoring Shorewall Lite..."
$SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall Lite restored from ${VARDIR}/$RESTOREFILE"
[ -n "$nolock" ] || mutex_off
else
echo "File ${VARDIR}/$RESTOREFILE: file not found"
[ -n "$nolock" ] || mutex_off
exit 2
fi
}
#
# Help information
#
help()
{
[ -x $HELP ] && { export version; exec $HELP $*; }
echo "Help subsystem is not installed at $HELP"
}
# #
# Give Usage Information # Give Usage Information
# #
@ -1058,109 +397,6 @@ usage() # $1 = exit status
exit $1 exit $1
} }
#
# Display the time that the counters were last reset
#
show_reset() {
[ -f ${VARDIR}/restarted ] && \
echo "Counters reset $(cat ${VARDIR}/restarted)" && \
echo
}
#
# Display's the passed file name followed by "=" and the file's contents.
#
show_proc() # $1 = name of a file
{
[ -f $1 ] && echo " $1 = $(cat $1)"
}
read_yesno_with_timeout() {
read -t 60 yn 2> /dev/null
if [ $? -eq 2 ]
then
# read doesn't support timeout
test -x /bin/bash || return 2 # bash is not installed so the feature is not available
/bin/bash -c 'read -t 60 yn ; if [ "$yn" == "y" ] ; then exit 0 ; else exit 1 ; fi' # invoke bash and use its version of read
return $?
else
# read supports timeout
case "$yn" in
y|Y)
return 0
;;
*)
return 1
;;
esac
fi
}
#
# Print a heading with leading and trailing black lines
#
heading() {
echo
echo "$@"
echo
}
#
# Create the appropriate -q option to pass onward
#
make_verbose() {
local v=$VERBOSE_OFFSET option=-
if [ $VERBOSE_OFFSET -gt 0 ]; then
while [ $v -gt 0 ]; do
option="${option}v"
v=$(($v - 1))
done
echo $option
elif [ $VERBOSE_OFFSET -lt 0 ]; then
while [ $v -lt 0 ]; do
option="${option}q"
v=$(($v + 1))
done
echo $option
fi
}
#
# Executor for drop,reject,... commands
#
block() # $1 = command, $2 = Finished, $3 = Original Command $4 - $n addresses
{
local chain=$1 finished=$2
shift 3
while [ $# -gt 0 ]; do
case $1 in
*-*)
qt $IPTABLES -D dynamic -m iprange --src-range $1 -j reject
qt $IPTABLES -D dynamic -m iprange --src-range $1 -j DROP
qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logreject
qt $IPTABLES -D dynamic -m iprange --src-range $1 -j logdrop
$IPTABLES -A dynamic -m iprange --src-range $1 -j $chain || break 1
;;
*)
qt $IPTABLES -D dynamic -s $1 -j reject
qt $IPTABLES -D dynamic -s $1 -j DROP
qt $IPTABLES -D dynamic -s $1 -j logreject
qt $IPTABLES -D dynamic -s $1 -j logdrop
$IPTABLES -A dynamic -s $1 -j $chain || break 1
;;
esac
echo "$1 $finished"
shift
done
}
# #
# Execution begins here # Execution begins here
# #
@ -1276,16 +512,18 @@ VARDIR=/var/lib/shorewall-lite
CONFDIR=/etc/shorewall-lite CONFDIR=/etc/shorewall-lite
export PRODUCT="Shorewall Lite" export PRODUCT="Shorewall Lite"
FUNCTIONS=$SHAREDIR/lib.base LIBRARIES="$SHAREDIR/lib.base $SHAREDIR/lib.cli"
VERSION_FILE=$SHAREDIR/version VERSION_FILE=$SHAREDIR/version
HELP=$SHAREDIR/help HELP=$SHAREDIR/help
if [ -f $FUNCTIONS ]; then for library in $LIBRARIES; do
. $FUNCTIONS if [ -f $library ]; then
. $library
else else
echo "$FUNCTIONS does not exist!" >&2 echo "$library does not exist!" >&2
exit 2 exit 2
fi fi
done
ensure_config_path ensure_config_path

1
Shorewall-lite/shorewall-lite.spec
View File

@ -77,6 +77,7 @@ fi
%attr(0644,root,root) /usr/share/shorewall-lite/configpath %attr(0644,root,root) /usr/share/shorewall-lite/configpath
%attr(0777,root,root) /usr/share/shorewall-lite/functions %attr(0777,root,root) /usr/share/shorewall-lite/functions
%attr(0444,root,root) /usr/share/shorewall-lite/lib.base %attr(0444,root,root) /usr/share/shorewall-lite/lib.base
%attr(0444,root,root) /usr/share/shorewall-lite/lib.cli
%attr(0444,root,root) /usr/share/shorewall-lite/modules %attr(0444,root,root) /usr/share/shorewall-lite/modules
%attr(0544,root,root) /usr/share/shorewall-lite/shorecap %attr(0544,root,root) /usr/share/shorewall-lite/shorecap
%attr(0544,root,root) /usr/share/shorewall-lite/help %attr(0544,root,root) /usr/share/shorewall-lite/help

2
Shorewall/changelog.txt
View File

@ -14,7 +14,7 @@ Changes in 3.3.4
7) Support ip ranges in the drop, logdrop, reject, and allow commands. 7) Support ip ranges in the drop, logdrop, reject, and allow commands.
8) Add lib.commands. 8) Add lib.cli.
Changes in 3.3.3 Changes in 3.3.3

2
Shorewall/lib.commands → Shorewall/lib.cli
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Shorewall 3.3 -- /usr/share/shorewall/lib.command # Shorewall 3.3 -- /usr/share/shorewall/lib.cli.
# #
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
# #

2
Shorewall/releasenotes.txt
View File

@ -145,7 +145,7 @@ Other Changes in 3.3.4.
4) IP Address ranges are now allowed in the drop, reject, allow and 4) IP Address ranges are now allowed in the drop, reject, allow and
logdrop shorewall[-lite] commands. logdrop shorewall[-lite] commands.
5) The lib.commands library has been added. It is distributed with 5) The lib.cli library has been added. It is distributed with
both Shorewall and Shorewall Lite and contains the both Shorewall and Shorewall Lite and contains the
command-processing code that is common to both /sbin/shorewall and command-processing code that is common to both /sbin/shorewall and
/sbin/shorewall-lite. /sbin/shorewall-lite.

19
Shorewall/shorewall
View File

@ -114,6 +114,7 @@
# #
# shorewall compile [ -e ] [ <directory> ] <filename> # shorewall compile [ -e ] [ <directory> ] <filename>
# Compile a firewall program file. # Compile a firewall program file.
# #
# Set the configuration variables from shorewall.conf # Set the configuration variables from shorewall.conf
# #
@ -1025,24 +1026,18 @@ CONFDIR=/etc/shorewall
export PRODUCT="Shorewall" export PRODUCT="Shorewall"
FIREWALL=$SHAREDIR/firewall FIREWALL=$SHAREDIR/firewall
FUNCTIONS=$SHAREDIR/lib.base LIBRARIES="$SHAREDIR/lib.base $SHAREDIR/lib.cli"
FUNCTIONS1=$SHAREDIR/lib.commands
VERSION_FILE=$SHAREDIR/version VERSION_FILE=$SHAREDIR/version
HELP=$SHAREDIR/help HELP=$SHAREDIR/help
if [ -f $FUNCTIONS ]; then for library in $LIBRARIES; do
. $FUNCTIONS if [ -f $library ]; then
. $library
else else
echo "$FUNCTIONS does not exist!" >&2 echo "$library does not exist!" >&2
exit 2
fi
if [ -f $FUNCTIONS1 ]; then
. $FUNCTIONS1
else
echo "$FUNCTIONS1 does not exist!" >&2
exit 2 exit 2
fi fi
done
ensure_config_path ensure_config_path

1
Shorewall/shorewall.spec
View File

@ -116,6 +116,7 @@ fi
%attr(0444,root,root) /usr/share/shorewall/lib.accounting %attr(0444,root,root) /usr/share/shorewall/lib.accounting
%attr(0444,root,root) /usr/share/shorewall/lib.actions %attr(0444,root,root) /usr/share/shorewall/lib.actions
%attr(0444,root,root) /usr/share/shorewall/lib.base %attr(0444,root,root) /usr/share/shorewall/lib.base
%attr(0444,root,root) /usr/share/shorewall/lib.cli
%attr(0444,root,root) /usr/share/shorewall/lib.config %attr(0444,root,root) /usr/share/shorewall/lib.config
%attr(0444,root,root) /usr/share/shorewall/lib.dynamiczones %attr(0444,root,root) /usr/share/shorewall/lib.dynamiczones
%attr(0444,root,root) /usr/share/shorewall/lib.maclist %attr(0444,root,root) /usr/share/shorewall/lib.maclist

3
tools/build/makeshorewall
View File

@ -302,6 +302,9 @@ if [ -n "${BUILDTARBALL}${BUILDRPM}" ]; then
do_or_die "cp $SHOREWALLDIR/modules $SHOREWALLLITEDIR >> $LOGFILE 2>&1" do_or_die "cp $SHOREWALLDIR/modules $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
if [ -f $SHOREWALLDIR/lib.base ]; then if [ -f $SHOREWALLDIR/lib.base ]; then
do_or_die "cp $SHOREWALLDIR/lib.base $SHOREWALLLITEDIR >> $LOGFILE 2>&1" do_or_die "cp $SHOREWALLDIR/lib.base $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
if [ -f $SHOREWALLDIR/lib.cli ]; then
do_or_die "cp $SHOREWALLDIR/lib.cli $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
fi
else else
do_or_die "cp $SHOREWALLDIR/functions $SHOREWALLLITEDIR >> $LOGFILE 2>&1" do_or_die "cp $SHOREWALLDIR/functions $SHOREWALLLITEDIR >> $LOGFILE 2>&1"
fi fi