holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Replace '' with '' for readability

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1119 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-02 20:15:44 +00:00
parent 23fc4400b5
commit 63dd6bafe3
8 changed files with 318 additions and 315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall2/actions.std
View File

@ -28,6 +28,7 @@ AllowNTP #Allow Network Time Protocol (ntpd)
AllowRdate #Allow remote time (rdate).
AllowNNTP #Allow network news (Usenet).
AllowTrcrt #Allows Traceroute (20 hops)
AllowSNMP #Allows SNMP (including traps)
Drop:DROP #Common rules for DROP policy
Reject:REJECT #Common Action for Reject policy

2
Shorewall2/changelog.txt
View File

@ -23,3 +23,5 @@ Changes since 1.4.10
11) Install correct init script on Debian.
12) Get the attention of 'logunclean' and 'dropunclean' users.
13) Replace all instances of `...` with $(...) for readability.

4
Shorewall2/fallback.sh
View File

@ -32,7 +32,7 @@ VERSION=2.0.0-Alpha2
usage() # $1 = exit status
{
echo "usage: `basename $0`"
echo "usage: $(basename $0)"
exit $1
}
@ -57,7 +57,7 @@ fi
echo "Backing Out Installation of Shorewall $VERSION"
if [ -L /usr/share/shorewall2/init ]; then
FIREWALL=`ls -l /usr/share/shorewall2/firewall | sed 's/^.*> //'`
FIREWALL=$(ls -l /usr/share/shorewall2/firewall | sed 's/^.*> //')
restore_file $FIREWALL
else
restore_file /etc/init.d/shorewall2

458
Shorewall2/firewall
View File

File diff suppressed because it is too large Load Diff

60
Shorewall2/functions
View File

@ -96,15 +96,15 @@ find_display() # $1 = zone, $2 = name of the zone file
#
determine_zones()
{
local zonefile=`find_file zones`
local zonefile=$(find_file zones)
multi_display=Multi-zone
strip_file zones $zonefile
zones=`find_zones $TMP_DIR/zones`
zones=`echo $zones` # Remove extra trash
zones=$(find_zones $TMP_DIR/zones)
zones=$(echo $zones) # Remove extra trash
for zone in $zones; do
dsply=`find_display $zone $TMP_DIR/zones`
dsply=$(find_display $zone $TMP_DIR/zones)
eval ${zone}_display=\$dsply
done
}
@ -124,7 +124,7 @@ get_statedir()
{
MUTEX_TIMEOUT=
local config=`find_file shorewall.conf`
local config=$(find_file shorewall.conf)
if [ -f $config ]; then
. $config
@ -194,7 +194,7 @@ read_file() # $1 = file name, $2 = nest count
while read first rest; do
if [ "x$first" = "xINCLUDE" ]; then
if [ $2 -lt 4 ]; then
read_file `find_file ${rest%#*}` $(($2 + 1))
read_file $(find_file ${rest%#*}) $(($2 + 1))
else
echo " WARNING: INCLUDE in $1 ignored (nested too deeply)" >&2
fi
@ -212,7 +212,7 @@ read_file() # $1 = file name, $2 = nest count
# Function for including one file into another
#
INCLUDE() {
. `find_file $@`
. $(find_file $@)
}
#
@ -223,7 +223,7 @@ strip_file() # $1 = Base Name of the file, $2 = Full Name of File (optional)
{
local fname
[ $# = 1 ] && fname=`find_file $1` || fname=$2
[ $# = 1 ] && fname=$(find_file $1) || fname=$2
if [ -f $fname ]; then
read_file $fname 0 | cut -d'#' -f1 | grep -v '^[[:space:]]*$' > $TMP_DIR/$1
@ -300,8 +300,8 @@ ip_range() {
;;
esac
first=`decodeaddr ${1%-*}`
last=`decodeaddr ${1#*-}`
first=$(decodeaddr ${1%-*})
last=$(decodeaddr ${1#*-})
if [ $first -gt $last ]; then
fatal_error "Invalid IP address range: $1"
@ -322,7 +322,7 @@ ip_range() {
y=$(( $y * 2 ))
done
echo `encodeaddr $first`$vlsm
echo $(encodeaddr $first)$vlsm
first=$(($first + $z))
done
}
@ -339,15 +339,15 @@ ip_range_explicit() {
;;
esac
first=`decodeaddr ${1%-*}`
last=`decodeaddr ${1#*-}`
first=$(decodeaddr ${1%-*})
last=$(decodeaddr ${1#*-})
if [ $first -gt $last ]; then
fatal_error "Invalid IP address range: $1"
fi
while [ $first -le $last ]; do
echo `encodeaddr $first`
echo $(encodeaddr $first)
first=$(($first + 1))
done
}
@ -365,10 +365,10 @@ ip_netmask() {
# Network address from CIDR
#
ip_network() {
local decodedaddr=`decodeaddr ${1%/*}`
local netmask=`ip_netmask $1`
local decodedaddr=$(decodeaddr ${1%/*})
local netmask=$(ip_netmask $1)
echo `encodeaddr $(($decodedaddr & $netmask))`
echo $(encodeaddr $(($decodedaddr & $netmask)))
}
#
@ -386,11 +386,11 @@ ip_broadcast() {
# Calculate broadcast address from CIDR
#
broadcastaddress() {
local decodedaddr=`decodeaddr ${1%/*}`
local netmask=`ip_netmask $1`
local broadcast=`ip_broadcast $1`
local decodedaddr=$(decodeaddr ${1%/*})
local netmask=$(ip_netmask $1)
local broadcast=$(ip_broadcast $1)
echo `encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast ))`
echo $(encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast )))
}
#
@ -398,16 +398,16 @@ broadcastaddress() {
#
in_subnet() # $1 = IP address, $2 = CIDR network
{
local netmask=`ip_netmask $2`
local netmask=$(ip_netmask $2)
test $(( `decodeaddr $1` & $netmask)) -eq $(( `decodeaddr ${2%/*}` & $netmask ))
test $(( $(decodeaddr $1) & $netmask)) -eq $(( $(decodeaddr ${2%/*}) & $netmask ))
}
#
# Netmask to VLSM
#
ip_vlsm() {
local mask=`decodeaddr $1`
local mask=$(decodeaddr $1)
local vlsm=0
local x=$(( 128 $LEFTSHIFT 24 ))
@ -467,7 +467,7 @@ if_match() # $1 = Name in interfaces file - may end in "+"
case $if_file in
*+)
test "`strip_trailing_digits $rt_table`" = "${if_file%+}"
test "$(strip_trailing_digits $rt_table)" = "${if_file%+}"
;;
*)
test "$rt_table" = "$if_file"
@ -495,13 +495,13 @@ find_rt_interface() {
ip route ls | while read addr rest; do
case $addr in
*/*)
in_subnet ${1%/*} $addr && echo `find_device $rest`
in_subnet ${1%/*} $addr && echo $(find_device $rest)
;;
default)
;;
*)
if [ "$addr" = "$1" -o "$addr/32" = "$1" ]; then
echo `find_device $rest`
echo $(find_device $rest)
fi
;;
esac
@ -513,7 +513,7 @@ find_rt_interface() {
#
find_default_interface() {
ip route ls | while read first rest; do
[ "$first" = default ] && echo `find_device $rest` && return
[ "$first" = default ] && echo $(find_device $rest) && return
done
}
@ -523,10 +523,10 @@ find_default_interface() {
#
find_interface_by_address() {
local dev="`find_rt_interface $1`"
local dev="$(find_rt_interface $1)"
local first rest
[ -z "$dev" ] && dev=`find_default_interface`
[ -z "$dev" ] && dev=$(find_default_interface)
[ -n "$dev" ] && echo $dev
}

4
Shorewall2/install.sh
View File

@ -58,7 +58,7 @@ VERSION=2.0.0-Alpha2
usage() # $1 = exit status
{
ME=`basename $0`
ME=$(basename $0)
echo "usage: $ME [ -r \"<chkconfig parameters>\" ] [ <init scripts directory> ]"
echo " $ME [ -v ]"
echo " $ME [ -h ]"
@ -190,7 +190,7 @@ FIREWALL="shorewall2"
#
# Change to the directory containing this script
#
cd "`dirname $0`"
cd "$(dirname $0)"
echo "Installing Shorewall Version $VERSION"

94
Shorewall2/shorewall
View File

@ -179,7 +179,7 @@ display_chains()
iptables -L -n -v > /tmp/chains-$$
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo "Standard Chains"
echo
@ -191,13 +191,13 @@ display_chains()
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
firstchain=Yes
echo "Input Chains"
echo
chains=`grep '^Chain.*_[in|fwd]' /tmp/chains-$$ | cut -d' ' -f 2`
chains=$(grep '^Chain.*_[in|fwd]' /tmp/chains-$$ | cut -d' ' -f 2)
for chain in $chains; do
showchain $chain
@ -207,9 +207,9 @@ display_chains()
for zone in $zones; do
if [ -n "`grep "^Chain \.*${zone}" /tmp/chains-$$`" ] ; then
if [ -n "$(grep "^Chain \.*${zone}" /tmp/chains-$$)" ] ; then
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
firstchain=Yes
eval display=\$${zone}_display
@ -228,7 +228,7 @@ display_chains()
done
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
firstchain=Yes
echo "Policy Chains"
@ -249,7 +249,7 @@ display_chains()
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
firstchain=Yes
echo "Dynamic Chain"
@ -301,7 +301,7 @@ show_tc() {
show_one_tc() {
local device=${1%@*}
qdisc=`tc qdisc list dev $device`
qdisc=$(tc qdisc list dev $device)
if [ -n "$qdisc" ]; then
echo Device $device:
@ -331,7 +331,7 @@ show_classifiers() {
show_one_classifier() {
local device=${1%@*}
qdisc=`tc qdisc list dev $device`
qdisc=$(tc qdisc list dev $device)
if [ -n "$qdisc" ]; then
echo Device $device:
@ -360,8 +360,8 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
{
get_config
host=`echo $HOSTNAME | sed 's/\..*$//'`
oldrejects=`iptables -L -v -n | grep 'LOG'`
host=$(echo $HOSTNAME | sed 's/\..*$//')
oldrejects=$(iptables -L -v -n | grep 'LOG')
if [ $1 -lt 0 ]; then
let "timeout=- $1"
@ -386,7 +386,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
display_chains
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo "Dropped/Rejected Packet Log"
@ -394,7 +394,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
show_reset
rejects=`iptables -L -v -n | grep 'LOG'`
rejects=$(iptables -L -v -n | grep 'LOG')
if [ "$rejects" != "$oldrejects" ]; then
oldrejects="$rejects"
@ -417,7 +417,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
fi
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo "NAT Status"
echo
@ -425,7 +425,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo
echo "TOS/MARK Status"
@ -434,7 +434,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo
echo "Tracked Connections"
@ -443,7 +443,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo
echo "Traffic Shaping/Control"
@ -452,7 +452,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
timed_read
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo
echo "Packet Classifiers"
@ -470,8 +470,8 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
{
get_config
host=`echo $HOSTNAME | sed 's/\..*$//'`
oldrejects=`iptables -L -v -n | grep 'LOG'`
host=$(echo $HOSTNAME | sed 's/\..*$//')
oldrejects=$(iptables -L -v -n | grep 'LOG')
if [ $1 -lt 0 ]; then
timeout=$((- $1))
@ -485,7 +485,7 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
while true; do
clear
echo "$banner `date`"
echo "$banner $(date)"
echo
echo "Dropped/Rejected Packet Log"
@ -493,7 +493,7 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
show_reset
rejects=`iptables -L -v -n | grep 'LOG'`
rejects=$(iptables -L -v -n | grep 'LOG')
if [ "$rejects" != "$oldrejects" ]; then
oldrejects="$rejects"
@ -531,7 +531,7 @@ help()
#
usage() # $1 = exit status
{
echo "Usage: `basename $0` [debug] [nolock] [-c <directory>] <command>"
echo "Usage: $(basename $0) [debug] [nolock] [-c <directory>] <command>"
echo "where <command> is one of:"
echo " add <interface>[:<host>] <zone>"
echo " allow <address> ..."
@ -564,7 +564,7 @@ usage() # $1 = exit status
#
show_reset() {
[ -f $STATEDIR/restarted ] && \
echo "Counters reset `cat $STATEDIR/restarted`" && \
echo "Counters reset $(cat $STATEDIR/restarted)" && \
echo
}
@ -634,7 +634,7 @@ else
exit 2
fi
config=`find_file shorewall.conf`
config=$(find_file shorewall.conf)
if [ -f $config ]; then
. $config
@ -658,7 +658,7 @@ if [ ! -f $FIREWALL ]; then
fi
if [ -f $VERSION_FILE ]; then
version=`cat $VERSION_FILE`
version=$(cat $VERSION_FILE)
else
echo "ERROR: Shorewall is not properly installed"
echo " The file $VERSION_FILE does not exist"
@ -668,7 +668,7 @@ fi
banner="Shorewall-$version Status at $HOSTNAME -"
case `echo -e` in
case $(echo -e) in
-e*)
RING_BELL="echo \a"
;;
@ -677,7 +677,7 @@ case `echo -e` in
;;
esac
case `echo -n "Testing"` in
case $(echo -n "Testing") in
-n*)
ECHO_N=
;;
@ -701,20 +701,20 @@ case "$1" in
case "$2" in
connections)
[ $# -gt 2 ] && usage 1
echo "Shorewall-$version Connections at $HOSTNAME - `date`"
echo "Shorewall-$version Connections at $HOSTNAME - $(date)"
echo
cat /proc/net/ip_conntrack
;;
nat)
[ $# -gt 2 ] && usage 1
echo "Shorewall-$version NAT at $HOSTNAME - `date`"
echo "Shorewall-$version NAT at $HOSTNAME - $(date)"
echo
show_reset
iptables -t nat -L -n -v
;;
tos|mangle)
[ $# -gt 2 ] && usage 1
echo "Shorewall-$version TOS at $HOSTNAME - `date`"
echo "Shorewall-$version TOS at $HOSTNAME - $(date)"
echo
show_reset
iptables -t mangle -L -n -v
@ -722,28 +722,28 @@ case "$1" in
log)
[ $# -gt 2 ] && usage 1
get_config
echo "Shorewall-$version Log at $HOSTNAME - `date`"
echo "Shorewall-$version Log at $HOSTNAME - $(date)"
echo
show_reset
host=`echo $HOSTNAME | sed 's/\..*$//'`
host=$(echo $HOSTNAME | sed 's/\..*$//')
packet_log 20
;;
tc)
[ $# -gt 2 ] && usage 1
echo "Shorewall-$version Traffic Control at $HOSTNAME - `date`"
echo "Shorewall-$version Traffic Control at $HOSTNAME - $(date)"
echo
show_tc
;;
classifiers)
[ $# -gt 2 ] && usage 1
echo "Shorewall-$version Clasifiers at $HOSTNAME - `date`"
echo "Shorewall-$version Clasifiers at $HOSTNAME - $(date)"
echo
show_classifiers
;;
*)
shift
echo "Shorewall-$version `[ $# -gt 1 ] && echo Chains || echo Chain` $* at $HOSTNAME - `date`"
echo "Shorewall-$version $([ $# -gt 1 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
echo
show_reset
if [ $# -gt 0 ]; then
@ -769,10 +769,10 @@ case "$1" in
[ $# -eq 1 ] || usage 1
get_config
clear
echo "Shorewall-$version Status at $HOSTNAME - `date`"
echo "Shorewall-$version Status at $HOSTNAME - $(date)"
echo
show_reset
host=`echo $HOSTNAME | sed 's/\..*$//'`
host=$(echo $HOSTNAME | sed 's/\..*$//')
iptables -L -n -v
echo
packet_log 20
@ -791,12 +791,12 @@ case "$1" in
[ $# -eq 1 ] || usage 1
get_config
clear
echo "Shorewall-$version Hits at $HOSTNAME - `date`"
echo "Shorewall-$version Hits at $HOSTNAME - $(date)"
echo
timeout=30
if [ `grep -c "$LOGFORMAT" $LOGFILE ` -gt 0 ] ; then
if [ $(grep -c "$LOGFORMAT" $LOGFILE ) -gt 0 ] ; then
echo " HITS IP DATE"
echo " ---- --------------- ------"
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\3 \1/' | sort | uniq -c | sort -rn
@ -819,8 +819,8 @@ case "$1" in
grep "$LOGFORMAT.*DPT" $LOGFILE | sed 's/\(.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2/' | sort | uniq -c | sort -rn | \
while read count port ; do
# List all services defined for the given port
srv=`grep "^[^#].*\\b$port/" /etc/services | cut -f 1 | sort -u`
srv=`echo $srv | sed 's/ /,/g'`
srv=$(grep "^[^#].*\\b$port/" /etc/services | cut -f 1 | sort -u)
srv=$(echo $srv | sed 's/ /,/g')
if [ -n "$srv" ] ; then
printf '%7d %5d %s\n' $count $port $srv
@ -915,7 +915,7 @@ case "$1" in
vlsm=${2#*/}
elif [ $# -eq 3 ]; then
address=$2
vlsm=`ip_vlsm $3`
vlsm=$(ip_vlsm $3)
else
usage 1
fi
@ -926,10 +926,10 @@ case "$1" in
address=$address/$vlsm
echo " CIDR=$address"
temp=`ip_netmask $address`; echo " NETMASK=`encodeaddr $temp`"
temp=`ip_network $address`; echo " NETWORK=$temp"
temp=`broadcastaddress $address`; echo " BROADCAST=$temp"
echo " CIDR=$address"
temp=$(ip_netmask $address); echo " NETMASK=$(encodeaddr $temp)"
temp=$(ip_network $address); echo " NETWORK=$temp"
temp=$(broadcastaddress $address); echo " BROADCAST=$temp"
;;
iprange)

10
Shorewall2/uninstall.sh
View File

@ -30,7 +30,7 @@ VERSION=2.0.0-Alpha2
usage() # $1 = exit status
{
ME=`basename $0`
ME=$(basename $0)
echo "usage: $ME"
exit $1
}
@ -61,7 +61,7 @@ remove_file() # $1 = file to restore
}
if [ -f /usr/share/shorewall2/version ]; then
INSTALLED_VERSION="`cat /usr/share/shorewall2/version`"
INSTALLED_VERSION="$(cat /usr/share/shorewall2/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -79,7 +79,7 @@ if qt iptables -L shorewall -n; then
fi
if [ -L /usr/share/shorewall2/init ]; then
FIREWALL=`ls -l /usr/share/shorewall2/init | sed 's/^.*> //'`
FIREWALL=$(ls -l /usr/share/shorewall2/init | sed 's/^.*> //')
else
FIREWALL=/etc/init.d/shorewall2
fi
@ -88,9 +88,9 @@ if [ -n "$FIREWALL" ]; then
if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
chkconfig --del `basename $FIREWALL`
chkconfig --del $(basename $FIREWALL)
else
rm -f /etc/rc*.d/*`basename $FIREWALL`
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL