forked from extern/shorewall_code
Fix bug in compiled script and make progress messages more generic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3268 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
be7a4271dd
commit
521ec7bd73
@ -1405,7 +1405,7 @@ __EOF__
|
|||||||
cat >> $RESTOREBASE << __EOF__
|
cat >> $RESTOREBASE << __EOF__
|
||||||
gateway=\$(detect_gateway $interface)
|
gateway=\$(detect_gateway $interface)
|
||||||
|
|
||||||
if [ -n \"\$gateway\" ]; then
|
if [ -n "\$gateway" ]; then
|
||||||
ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number
|
ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number
|
||||||
ip route add default via \$gateway dev $interface table $number
|
ip route add default via \$gateway dev $interface table $number
|
||||||
else
|
else
|
||||||
@ -1497,7 +1497,7 @@ __EOF__
|
|||||||
|
|
||||||
if [ $COMMAND != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
progress_message2 "Processing $1..."
|
progress_message2 "Processing $1..."
|
||||||
save_progress_message "Restoring Providers..."
|
save_progress_message "Adding Providers..."
|
||||||
save_command "if [ -z \"\$NOROUTES\" ]; then"
|
save_command "if [ -z \"\$NOROUTES\" ]; then"
|
||||||
[ $COMMAND = generate ] && save_command " DEFAULT_ROUTE="
|
[ $COMMAND = generate ] && save_command " DEFAULT_ROUTE="
|
||||||
else
|
else
|
||||||
@ -1992,7 +1992,7 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo
|
|||||||
#
|
#
|
||||||
setup_forwarding() {
|
setup_forwarding() {
|
||||||
|
|
||||||
save_progress_message "Restoring IP Forwarding..."
|
save_progress_message "Setting up IP Forwarding..."
|
||||||
|
|
||||||
case "$IP_FORWARDING" in
|
case "$IP_FORWARDING" in
|
||||||
[Oo][Nn])
|
[Oo][Nn])
|
||||||
@ -2860,7 +2860,7 @@ setup_proxy_arp() {
|
|||||||
if [ $COMMAND != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
> $STATEDIR/proxyarp
|
> $STATEDIR/proxyarp
|
||||||
|
|
||||||
save_progress_message "Restoring Proxy ARP..."
|
save_progress_message "Setting up Proxy ARP..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while read address interface external haveroute persistent; do
|
while read address interface external haveroute persistent; do
|
||||||
@ -3187,7 +3187,7 @@ setup_nat() {
|
|||||||
policyout="-m policy --pol none --dir out"
|
policyout="-m policy --pol none --dir out"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -n "$RETAIN_ALIASES" -o $COMMAND = check ] || save_progress_message "Restoring one-to-one NAT..."
|
[ -n "$RETAIN_ALIASES" -o $COMMAND = check ] || save_progress_message "Setting up one-to-one NAT..."
|
||||||
|
|
||||||
while read external interface internal allints localnat; do
|
while read external interface internal allints localnat; do
|
||||||
expandv external interface internal allints localnat
|
expandv external interface internal allints localnat
|
||||||
@ -3524,7 +3524,7 @@ setup_traffic_shaping()
|
|||||||
|
|
||||||
if [ $COMMAND != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
if [ -s $TMP_DIR/tcdevices ]; then
|
if [ -s $TMP_DIR/tcdevices ]; then
|
||||||
save_progress_message "Restoring Traffic Control..."
|
save_progress_message "Setting up Traffic Control..."
|
||||||
progress_message2 "Processing $devfile..."
|
progress_message2 "Processing $devfile..."
|
||||||
|
|
||||||
while read device inband outband defmark ackmark; do
|
while read device inband outband defmark ackmark; do
|
||||||
@ -3886,7 +3886,7 @@ setup_tc1() {
|
|||||||
|
|
||||||
run_user_exit $TC_SCRIPT
|
run_user_exit $TC_SCRIPT
|
||||||
|
|
||||||
save_progress_message "Restoring Traffic Control..."
|
save_progress_message "Setting up Traffic Control..."
|
||||||
save_command . $TC_SCRIPT
|
save_command . $TC_SCRIPT
|
||||||
elif [ -n "$TC_ENABLED" ]; then
|
elif [ -n "$TC_ENABLED" ]; then
|
||||||
setup_traffic_shaping
|
setup_traffic_shaping
|
||||||
@ -4183,7 +4183,7 @@ setup_accounting() # $1 = Name of accounting file
|
|||||||
|
|
||||||
progress_message2 "Setting up Accounting..."
|
progress_message2 "Setting up Accounting..."
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring Accounting..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up Accounting..."
|
||||||
|
|
||||||
strip_file accounting $1
|
strip_file accounting $1
|
||||||
|
|
||||||
@ -7493,7 +7493,7 @@ setup_masq()
|
|||||||
|
|
||||||
if [ -n "$NAT_ENABLED" ]; then
|
if [ -n "$NAT_ENABLED" ]; then
|
||||||
progress_message2 "Masqueraded Networks and Hosts:"
|
progress_message2 "Masqueraded Networks and Hosts:"
|
||||||
[ $COMMAND = check ] || save_progress_message "Restoring Masquerading/SNAT..."
|
[ $COMMAND = check ] || save_progress_message "Setting up Masquerading/SNAT..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while read fullinterface networks addresses proto ports ipsec; do
|
while read fullinterface networks addresses proto ports ipsec; do
|
||||||
@ -7619,7 +7619,7 @@ setup_blacklist() {
|
|||||||
if [ -n "$hosts" -a -f $f ]; then
|
if [ -n "$hosts" -a -f $f ]; then
|
||||||
progress_message2 "Setting up Blacklisting..."
|
progress_message2 "Setting up Blacklisting..."
|
||||||
|
|
||||||
[ $COMMAND = restore ] && save_progress_message "Restoring Blacklisting..."
|
[ $COMMAND = restore ] && save_progress_message "Setting up Blacklisting..."
|
||||||
|
|
||||||
strip_file blacklist $f
|
strip_file blacklist $f
|
||||||
|
|
||||||
@ -7927,7 +7927,7 @@ initialize_netfilter () {
|
|||||||
createchain smurfs no
|
createchain smurfs no
|
||||||
|
|
||||||
if [ -f /var/lib/shorewall/save ]; then
|
if [ -f /var/lib/shorewall/save ]; then
|
||||||
progress_message2 "Restoring dynamic rules..."
|
progress_message2 "Setting up dynamic rules..."
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring dynamic rules..."
|
[ $COMMAND = generate ] && save_progress_message "Restoring dynamic rules..."
|
||||||
|
|
||||||
@ -7974,7 +7974,7 @@ add_common_rules() {
|
|||||||
#
|
#
|
||||||
# Populate the smurf chain
|
# Populate the smurf chain
|
||||||
#
|
#
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring SMURF control..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up SMURF control..."
|
||||||
|
|
||||||
for address in $broadcasts ; do
|
for address in $broadcasts ; do
|
||||||
[ -n "$SMURF_LOG_LEVEL" ] && log_rule $SMURF_LOG_LEVEL smurfs DROP -s $address
|
[ -n "$SMURF_LOG_LEVEL" ] && log_rule $SMURF_LOG_LEVEL smurfs DROP -s $address
|
||||||
@ -8020,7 +8020,7 @@ add_common_rules() {
|
|||||||
#
|
#
|
||||||
# Process Black List
|
# Process Black List
|
||||||
#
|
#
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring Black List..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up Black List..."
|
||||||
|
|
||||||
setup_blacklist
|
setup_blacklist
|
||||||
|
|
||||||
@ -8056,7 +8056,7 @@ add_common_rules() {
|
|||||||
|
|
||||||
progress_message2 "Adding rules for DHCP"
|
progress_message2 "Adding rules for DHCP"
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring rules for DHCP..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up rules for DHCP..."
|
||||||
|
|
||||||
for interface in $interfaces; do
|
for interface in $interfaces; do
|
||||||
if [ -n "$BRIDGING" ]; then
|
if [ -n "$BRIDGING" ]; then
|
||||||
@ -8076,7 +8076,7 @@ add_common_rules() {
|
|||||||
if [ -n "$hosts" ]; then
|
if [ -n "$hosts" ]; then
|
||||||
progress_message2 "Enabling RFC1918 Filtering"
|
progress_message2 "Enabling RFC1918 Filtering"
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring RFC1918 Filtering..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up RFC1918 Filtering..."
|
||||||
|
|
||||||
strip_file rfc1918
|
strip_file rfc1918
|
||||||
|
|
||||||
@ -8169,7 +8169,7 @@ add_common_rules() {
|
|||||||
if [ -n "$hosts" ]; then
|
if [ -n "$hosts" ]; then
|
||||||
progress_message2 "Setting up TCP Flags checking..."
|
progress_message2 "Setting up TCP Flags checking..."
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring TCP Flags checking..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up TCP Flags checking..."
|
||||||
|
|
||||||
createchain tcpflags no
|
createchain tcpflags no
|
||||||
|
|
||||||
@ -8224,7 +8224,7 @@ add_common_rules() {
|
|||||||
#
|
#
|
||||||
# ARP Filtering
|
# ARP Filtering
|
||||||
#
|
#
|
||||||
save_progress_message "Restoring ARP filtering..."
|
save_progress_message "Setting up ARP filtering..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*; do
|
for f in /proc/sys/net/ipv4/conf/*; do
|
||||||
run_and_save_command "[ -f $f/arp_filter ] && echo 0 > $f/arp_filter"
|
run_and_save_command "[ -f $f/arp_filter ] && echo 0 > $f/arp_filter"
|
||||||
@ -8266,7 +8266,7 @@ add_common_rules() {
|
|||||||
if [ -n "$interfaces" -o -n "$ROUTE_FILTER" ]; then
|
if [ -n "$interfaces" -o -n "$ROUTE_FILTER" ]; then
|
||||||
progress_message2 "Setting up Kernel Route Filtering..."
|
progress_message2 "Setting up Kernel Route Filtering..."
|
||||||
|
|
||||||
save_progress_message "Restoring Route Filtering..."
|
save_progress_message "Setting up Route Filtering..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*; do
|
for f in /proc/sys/net/ipv4/conf/*; do
|
||||||
run_and_save_command "[ -f $f/rp_filter ] && echo 0 > $f/rp_filter"
|
run_and_save_command "[ -f $f/rp_filter ] && echo 0 > $f/rp_filter"
|
||||||
@ -8300,7 +8300,7 @@ add_common_rules() {
|
|||||||
if [ -n "$interfaces" -o -n "$LOG_MARTIANS" ]; then
|
if [ -n "$interfaces" -o -n "$LOG_MARTIANS" ]; then
|
||||||
progress_message2 "Setting up Martian Logging..."
|
progress_message2 "Setting up Martian Logging..."
|
||||||
|
|
||||||
save_progress_message "Restoring Martian Logging..."
|
save_progress_message "Setting up Martian Logging..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*; do
|
for f in /proc/sys/net/ipv4/conf/*; do
|
||||||
run_and_save_command "[ -f $f/log_martians ] && echo 0 > $f/log_martians"
|
run_and_save_command "[ -f $f/log_martians ] && echo 0 > $f/log_martians"
|
||||||
@ -8326,7 +8326,7 @@ add_common_rules() {
|
|||||||
#
|
#
|
||||||
# Source Routing
|
# Source Routing
|
||||||
#
|
#
|
||||||
save_progress_message "Restoring Accept Source Routing..."
|
save_progress_message "Setting up Accept Source Routing..."
|
||||||
|
|
||||||
for f in /proc/sys/net/ipv4/conf/*; do
|
for f in /proc/sys/net/ipv4/conf/*; do
|
||||||
run_and_save_command "[ -f $f/accept_source_route ] && echo 0 > $f/accept_source_route"
|
run_and_save_command "[ -f $f/accept_source_route ] && echo 0 > $f/accept_source_route"
|
||||||
@ -8337,7 +8337,7 @@ add_common_rules() {
|
|||||||
if [ -n "$interfaces" ]; then
|
if [ -n "$interfaces" ]; then
|
||||||
progress_message2 "Setting up Accept Source Routing..."
|
progress_message2 "Setting up Accept Source Routing..."
|
||||||
|
|
||||||
save_progress_message "Restoring Source Routing..."
|
save_progress_message "Setting up Source Routing..."
|
||||||
|
|
||||||
for interface in $interfaces; do
|
for interface in $interfaces; do
|
||||||
file=/proc/sys/net/ipv4/conf/$interface/accept_source_route
|
file=/proc/sys/net/ipv4/conf/$interface/accept_source_route
|
||||||
@ -8374,7 +8374,7 @@ add_common_rules() {
|
|||||||
if [ -n "$interfaces" ]; then
|
if [ -n "$interfaces" ]; then
|
||||||
progress_message2 "Setting up UPnP..."
|
progress_message2 "Setting up UPnP..."
|
||||||
|
|
||||||
[ $COMMAND = generate ] && save_progress_message "Restoring UPnP..."
|
[ $COMMAND = generate ] && save_progress_message "Setting up UPnP..."
|
||||||
|
|
||||||
createnatchain UPnP
|
createnatchain UPnP
|
||||||
|
|
||||||
@ -9029,33 +9029,33 @@ __EOF__
|
|||||||
progress_message2 "Compiling NETMAP..."; setup_netmap
|
progress_message2 "Compiling NETMAP..."; setup_netmap
|
||||||
progress_message2 "Compiling Common Rules"; add_common_rules
|
progress_message2 "Compiling Common Rules"; add_common_rules
|
||||||
|
|
||||||
save_progress_message "Restoring SYN Flood Protection..."
|
save_progress_message "Setting up SYN Flood Protection..."
|
||||||
|
|
||||||
setup_syn_flood_chains
|
setup_syn_flood_chains
|
||||||
|
|
||||||
save_progress_message "Restoring IPSEC management..."
|
save_progress_message "Setting up IPSEC management..."
|
||||||
|
|
||||||
setup_ipsec
|
setup_ipsec
|
||||||
|
|
||||||
maclist_hosts=$(find_hosts_by_option maclist)
|
maclist_hosts=$(find_hosts_by_option maclist)
|
||||||
|
|
||||||
if [ -n "$maclist_hosts" ]; then
|
if [ -n "$maclist_hosts" ]; then
|
||||||
save_progress_message "Restoring MAC Filtration..."
|
save_progress_message "Setting up MAC Filtration..."
|
||||||
setup_mac_lists
|
setup_mac_lists
|
||||||
fi
|
fi
|
||||||
|
|
||||||
progress_message2 "Compiling $(find_file rules)..."
|
progress_message2 "Compiling $(find_file rules)..."
|
||||||
save_progress_message "Restoring Rules..."
|
save_progress_message "Setting up Rules..."
|
||||||
process_rules
|
process_rules
|
||||||
|
|
||||||
tunnels=$(find_file tunnels)
|
tunnels=$(find_file tunnels)
|
||||||
if [ -f $tunnels ]; then
|
if [ -f $tunnels ]; then
|
||||||
progress_message2 "Compiling $tunnels..."
|
progress_message2 "Compiling $tunnels..."
|
||||||
save_progress_message "Restoring Tunnels..."
|
save_progress_message "Setting up Tunnels..."
|
||||||
setup_tunnels $tunnels
|
setup_tunnels $tunnels
|
||||||
fi
|
fi
|
||||||
|
|
||||||
save_progress_message "Restoring Actions..."
|
save_progress_message "Setting up Actions..."
|
||||||
|
|
||||||
progress_message2 "Compiling Actions..."; process_actions2
|
progress_message2 "Compiling Actions..."; process_actions2
|
||||||
process_actions3
|
process_actions3
|
||||||
@ -9071,18 +9071,18 @@ __EOF__
|
|||||||
|
|
||||||
tos=$(find_file tos)
|
tos=$(find_file tos)
|
||||||
if [ -f $tos -a -n "$MANGLE_ENABLED" ]; then
|
if [ -f $tos -a -n "$MANGLE_ENABLED" ]; then
|
||||||
save_progress_message "Restoring TOS..."
|
save_progress_message "Setting up TOS..."
|
||||||
process_tos $tos
|
process_tos $tos
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ecn=$(find_file ecn)
|
ecn=$(find_file ecn)
|
||||||
if [ -f $ecn -a -n "$MANGLE_ENABLED" ]; then
|
if [ -f $ecn -a -n "$MANGLE_ENABLED" ]; then
|
||||||
save_progress_message "Restoring ECN..."
|
save_progress_message "Setting up ECN..."
|
||||||
setup_ecn $ecn
|
setup_ecn $ecn
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$MANGLE_ENABLED" ]; then
|
if [ -n "$MANGLE_ENABLED" ]; then
|
||||||
save_progress_message "Restoring TC Rules..."
|
save_progress_message "Setting up TC Rules..."
|
||||||
setup_tc
|
setup_tc
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user