diff --git a/Shorewall2/fallback.sh b/Shorewall2/fallback.sh index fe228a434..b1f4ebd9f 100755 --- a/Shorewall2/fallback.sh +++ b/Shorewall2/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=2.0.0-Beta2 +VERSION=2.0.0-Beta3 usage() # $1 = exit status { @@ -114,6 +114,7 @@ restore_file /etc/shorewall/blacklist restore_file /etc/shorewall/whitelist restore_file /etc/shorewall/rfc1918 +restore_file /usr/share/shorewall/rfc1918 restore_file /etc/shorewall/init diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 48e042c9e..c3c0740e9 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -533,6 +533,7 @@ validate_zone() # $1 = zone validate_interfaces_file() { local wildcard local found_obsolete_option= + local z interface subnet options r iface option while read z interface subnet options; do expandv z interface subnet options @@ -606,6 +607,8 @@ validate_interfaces_file() { # Validate the zone names and options in the hosts file # validate_hosts_file() { + local z hosts options r interface host option + while read z hosts options; do expandv z hosts options r="$z $hosts $options" @@ -1698,7 +1701,7 @@ process_tc_rule() esac fi - if [ "x$user" != "x-" ]; then + if [ "x${user:--}" != "x-" ]; then [ "$chain" != tcout ] && \ fatal_error "Invalid use of a user/group: rule \"$rule\"" @@ -2423,6 +2426,8 @@ process_actions1() { esac esac + [ "$xaction" = "$(chain_base $xaction)" ] || fatal_error "Invalid Action Name: $xaction" + if ! list_search $xaction $ACTIONS; then f=action.$xaction fn=$(find_file $f) @@ -4854,7 +4859,7 @@ activate_rules() # # There is a fw->fw chain. Send loopback output through that chain # - run_ip link ls | fgrep LOOPBACK | while read ordinal interface rest ; do + run_ip link ls | grep LOOPBACK | while read ordinal interface rest ; do run_iptables -A OUTPUT -o ${interface%:*} -j $chain done # @@ -5026,7 +5031,9 @@ refresh_firewall() # add_to_zone() # $1 = [:] $2 = zone { - local base + local base interface host newhost zone z h z1 z2 chain terminator + local dhcp_interfaces blacklist_interfaces maclist_interfaces tcpflags_interfaces + local rulenum source_chain dest_hosts iface hosts nat_chain_exists() # $1 = chain name { @@ -5057,6 +5064,10 @@ add_to_zone() # $1 = [:] $2 = zone # determine_zones # + # Validate Interfaces File + # + validate_interfaces_file + # # Validate Zone # zone=$2 diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index 612bb885f..48f429858 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=2.0.0-Beta2 +VERSION=2.0.0-Beta3 usage() # $1 = exit status { @@ -432,13 +432,9 @@ fi # # Install the rfc1918 file # -if [ -f ${PREFIX}/etc/shorewall/rfc1918 ]; then - backup_file /etc/shorewall/rfc1918 -else - run_install -o $OWNER -g $GROUP -m 0600 rfc1918 ${PREFIX}/etc/shorewall/rfc1918 - echo - echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918" -fi +install_file_with_backup rfc1918 ${PREFIX}/usr/share/shorewall/rfc1918 0600 +echo +echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918" # # Install the init file # diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index ff018e3ec..a9b9cdfcf 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 2.0.0 -%define release 0Beta2 +%define release 0Beta3 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -89,7 +89,6 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/tunnels %attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts %attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist -%attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918 %attr(0600,root,root) %config(noreplace) /etc/shorewall/init %attr(0600,root,root) %config(noreplace) /etc/shorewall/start %attr(0600,root,root) %config(noreplace) /etc/shorewall/stop @@ -133,10 +132,14 @@ fi %attr(0444,root,root) /usr/share/shorewall/functions %attr(0544,root,root) /usr/share/shorewall/firewall %attr(0544,root,root) /usr/share/shorewall/help +%attr(0600,root,root) /usr/share/shorewall/rfc1918 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Mon Feb 16 2004 Tom Eastep +- Moved rfc1918 to /usr/share/shorewall +- Update for Beta 3 * Sat Feb 14 2004 Tom Eastep - Removed common.def - Unconditionally replace actions.std