holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Change annotated documentation default

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-06 15:40:21 -07:00
parent cfb3d6a801
commit 642319d706
11 changed files with 95 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -354,9 +354,9 @@ sub generate_script_3($) {
emit '';
load_ipsets;
if ( $family == F_IPV4 ) {
load_ipsets;
emit ( 'if [ "$COMMAND" = refresh ]; then' ,
' run_refresh_exit' ,
'else' ,

5
Shorewall/changelog.txt
View File

@ -2,7 +2,10 @@ Changes in Shorewall 4.4.20.1
1) Corrected FSF address.
2) Don't modify configfiles/shorewall.conf & configfiles/shorewall6.conf.
2) Don't modify configfiles/shorewall.conf &
configfiles/shorewall6.conf.
3) Change 'plain' default.
Changes in Shorewall 4.4.20 Final

21
Shorewall/install.sh
View File

@ -31,7 +31,7 @@ usage() # $1 = exit status
echo " $ME -v"
echo " $ME -h"
echo " $ME -s"
echo " $ME -p"
echo " $ME -f"
exit $1
}
@ -106,6 +106,7 @@ if [ -z "$INIT" ] ; then
INIT="shorewall"
fi
PLAIN=Yes
SPARSE=
MANDIR=${MANDIR:-"/usr/share/man"}
[ -n "${LIBEXEC:=/usr/share}" ]
@ -184,6 +185,10 @@ while [ $finished -eq 0 ]; do
SPARSE=Yes
option=${option#s}
;;
a*)
PLAIN=
option=${option#a}
;;
p*)
PLAIN=Yes
option=${option#p}
@ -323,14 +328,14 @@ if [ -n "$DESTDIR" ]; then
chmod 755 ${DESTDIR}/etc/logrotate.d
fi
if [ -n "$PLAIN" ]; then
mkdir plain/
cp configfiles/* plain/
for f in plain/*.plain; do
mv $f ${f%.plain}
if [ -z "$PLAIN" ]; then
mkdir annotated/
cp configfiles/* annotated/
for f in annotated/*.annotated; do
mv $f ${f%.annotated}
done
CONFIGFILES=plain
CONFIGFILES=annotated
else
CONFIGFILES=configfiles
fi
@ -826,7 +831,7 @@ if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/actions ]; then
echo "Actions file installed as ${DESTDIR}/etc/shorewall/actions"
fi
rm -rf plain/
rm -rf annotated/
#
# Install the Makefiles

8
Shorewall/releasenotes.txt
View File

@ -260,13 +260,13 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
message.
10) The Shorewall and Shorewall6 configuration files (including the
samples) are now annotated with documentation from the associated
samples) may now be annotated with documentation from the associated
manpage.
The installers for these two packages support a -p (plain)
option that installs unannotated versions of the packages. Both
The installers for these two packages support a -a (annotated)
option that installs annotated versions of the packages. Both
versions are available in the configfiles directory within the
tarball.
tarball and in the Sample directories.
11) The STATE subcolumn of the secmarks file now allows the values 'I'
which will match packets in the INVALID state, and 'NI'

66
Shorewall6/install.sh
View File

@ -30,6 +30,8 @@ usage() # $1 = exit status
echo "usage: $ME"
echo " $ME -v"
echo " $ME -h"
echo " $ME -s"
echo " $ME -a"
exit $1
}
@ -104,6 +106,7 @@ if [ -z "$INIT" ] ; then
INIT="shorewall6"
fi
PLAIN=Yes
DEBIAN=
CYGWIN=
MAC=
@ -183,6 +186,10 @@ while [ $finished -eq 0 ]; do
SPARSE=Yes
option=${option#s}
;;
a*)
PLAIN=
option=${option#a}
;;
p*)
PLAIN=Yes
option=${option#p}
@ -314,28 +321,6 @@ if [ -n "$DESTDIR" ]; then
chmod 755 ${DESTDIR}/etc/logrotate.d
fi
#
# Install the config file
#
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf
if [ -n "$DEBIAN" ] && mywhich perl; then
#
# Make a Debian-like shorewall6.conf
#
perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}/etc/shorewall6/shorewall6.conf
fi
echo "Config file installed as ${DESTDIR}/etc/shorewall6/shorewall6.conf"
fi
if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6/shorewall6.conf
fi
delete_file ${DESTDIR}/usr/share/shorewall6/compiler
delete_file ${DESTDIR}/usr/share/shorewall6/lib.accounting
delete_file ${DESTDIR}/usr/share/shorewall6/lib.actions
@ -387,16 +372,39 @@ echo "Default config path file installed as ${DESTDIR}/usr/share/shorewall6/conf
install_file actions.std ${DESTDIR}/usr/share/shorewall6/actions.std 0644
echo "Standard actions file installed as ${DESTDIR}/usr/shared/shorewall6/actions.std"
if [ -n "$PLAIN" ]; then
mkdir plain
cp configfiles/* plain/
cd plain
for f in *.plain; do
mv -f $f ${f%.plain}
if [ -z "$PLAIN" ]; then
mkdir annotated
cp configfiles/* annotated/
cd annotated
for f in *.annotated; do
mv -f $f ${f%.annotated}
done
else
cd configfiles
fi
#
# Install the config file
#
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf
if [ -n "$DEBIAN" ] && mywhich perl; then
#
# Make a Debian-like shorewall6.conf
#
perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}/etc/shorewall6/shorewall6.conf
fi
echo "Config file installed as ${DESTDIR}/etc/shorewall6/shorewall6.conf"
fi
if [ -n "$ARCHLINUX" ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6/shorewall6.conf
fi
#
# Install the init file
#
@ -749,7 +757,7 @@ fi
cd ..
[ -n "$PLAIN" ] && rm -rf plain/
rm -rf annotated/
#
# Install the Makefiles

264
Shorewall6/lib.cli
View File

@ -292,37 +292,6 @@ do_save() {
status=1
fi
case ${SAVE_IPSETS:=No} in
[Yy]es)
case ${IPSET:=ipset} in
*/*)
if [ ! -x "$IPSET" ]; then
error_message "ERROR: IPSET=$IPSET does not exist or is not executable - ipsets are not saved"
IPSET=
fi
;;
*)
IPSET="$(mywhich $IPSET)"
[ -n "$IPSET" ] || error_message "ERROR: The ipset utility cannot be located - ipsets are not saved"
;;
esac
if [ -n "$IPSET" ]; then
if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
#
# Don't save an 'empty' file
#
grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
fi
fi
;;
[Nn]o)
;;
*)
error_message "WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS"
;;
esac
return $status
}
@ -388,34 +357,6 @@ show_routing() {
fi
}
#
# 'list dynamic' command executor
#
find_sets() {
local junk
local setname
ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
}
list_zone() {
local sets
local setname
[ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
sets=$(find_sets $1)
for setname in $sets; do
echo "${setname#${1}_}:"
ipset -L $setname -n | awk 'BEGIN {prnt=0;}; \
/^Members:/ {prnt=1; next; }; \
/^Bindings:/ {prnt=0; }; \
{ if (prnt == 1) print " ", $1; };'
done
}
#
# Show Filter - For Shorewall6-lite, if there was an scfilter file at compile-time,
# then the compiler generated another version of this function and
@ -731,13 +672,6 @@ show_command() {
fi
if [ $# -gt 0 ]; then
if [ $1 = dynamic -a $# -gt 1 ]; then
shift
[ $# -eq 1 ] || usage 1
list_zone $1
return;
fi
[ -n "$table_given" ] || for chain in $*; do
if ! qt $IP6TABLES -t $table -L $chain $g_ipt_options; then
error_message "ERROR: Chain '$chain' is not recognized by $IP6TABLES."
@ -1000,6 +934,13 @@ restore_command() {
[ -n "$nolock" ] || mutex_on
if [ -x $g_restorepath ]; then
if [ -x ${g_restorepath}-ipsets ] ; then
echo Restoring Ipsets...
$IP6TABLES -F
$IP6TABLES -X
$SHOREWALL_SHELL ${g_restorepath}-ipsets
fi
progress_message3 "Restoring Shorewall6..."
run_it $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
@ -1144,191 +1085,6 @@ block() # $1 = command, $2 = Finished, $3 - $n addresses
done
}
#
# Replace commas with spaces and echo the result
#
separate_list() {
local list
list="$@"
local part
local newlist
local firstpart
local lastpart
local enclosure
case "$list" in
*,|,*|*,,*|*[[:space:]]*)
#
# There's been whining about us not catching embedded white space in
# comma-separated lists. This is an attempt to snag some of the cases.
#
echo "WARNING -- invalid comma-separated list \"$@\"" >&2
;;
*\[*\]*)
#
# Where we need to embed comma-separated lists within lists, we enclose them
# within square brackets.
#
firstpart=${list%%\[*}
lastpart=${list#*\[}
enclosure=${lastpart%%\]*}
lastpart=${lastpart#*\]}
case $lastpart in
\,*)
case $firstpart in
*\,)
echo "$(separate_list ${firstpart%,}) [$enclosure] $(separate_list ${lastpart#,})"
;;
*)
echo "$(separate_list $firstpart)[$enclosure] $(separate_list ${lastpart#,})"
;;
esac
;;
*)
case $firstpart in
*\,)
echo "$(separate_list ${firstpart%,}) [$enclosure]$(separate_list $lastpart)"
;;
*)
echo "$(separate_list $firstpart)[$enclosure]$(separate_list $lastpart)"
;;
esac
;;
esac
return
;;
esac
list="$@"
part="${list%%,*}"
newlist="$part"
while [ "x$part" != "x$list" ]; do
list="${list#*,}";
part="${list%%,*}";
newlist="$newlist $part";
done
echo "$newlist"
}
#
# add command executor
#
add_command() {
local interface host hostlist zone ipset
if ! shorewall_is_started ; then
echo "Shorewall Not Started" >&2
exit 2
fi
case "$IPSET" in
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
#
# Normalize host list
#
while [ $# -gt 1 ]; do
interface=${1%%:*}
host=${1#*:}
[ "$host" = "$1" ] && host=
if [ -z "$host" ]; then
hostlist="$hostlist $interface:::/0"
else
for h in $(separate_list $host); do
hostlist="$hostlist $interface:$h"
done
fi
shift
done
zone=$1
for host in $hostlist; do
interface=${host%:*}
ipset=${zone}_${interface};
if ! qt $IPSET -L $ipset -n; then
fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
fi
host=${host#*:}
if $IPSET -A $ipset $host; then
echo "Host $interface:$host added to zone $zone"
else
fatal_error "Unable to add $interface:$host to zone $zone"
fi
done
}
#
# delete command executor
#
delete_command() {
local interface host hostent hostlist zone ipset
if ! shorewall_is_started ; then
echo "Shorewall Not Started" >&2
exit 2;
fi
case "$IPSET" in
*/*)
;;
*)
[ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
;;
esac
#
# Normalize host list
#
while [ $# -gt 1 ]; do
interface=${1%%:*}
host=${1#*:}
[ "$host" = "$1" ] && host=
if [ -z "$host" ]; then
hostlist="$hostlist $interface:::/0"
else
for h in $(separate_list $host); do
hostlist="$hostlist $interface:$h"
done
fi
shift
done
zone=$1
for hostent in $hostlist; do
interface=${hostent%:*}
ipset=${zone}_${interface};
if ! qt $IPSET -L $ipset -n; then
fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
fi
host=${hostent#*:}
if $IPSET -D $ipset $host; then
echo "Host $hostend deleted from zone $zone"
else
echo " WARNING: Unable to delete host $hostent to zone $zone" >&2
fi
done
}
#
# 'hits' commmand executor
#
@ -1778,8 +1534,10 @@ report_capabilities() {
report_capability "IP range Match" $IPRANGE_MATCH
report_capability "Recent Match" $RECENT_MATCH
report_capability "Owner Match" $OWNER_MATCH
report_capability "Ipset Match" $IPSET_MATCH
[ -n "$IPSET_MATCH" ] && report_capability "OLD_Ipset Match" $OLD_IPSET_MATCH
if [ -n "$IPSET_MATCH" ]; then
report_capability "Ipset Match" $IPSET_MATCH
[ -n "$OLD_IPSET_MATCH" ] && report_capability "OLD_Ipset Match" $OLD_IPSET_MATCH
fi
report_capability "CONNMARK Target" $CONNMARK
[ -n "$CONNMARK" ] && report_capability "Extended CONNMARK Target" $XCONNMARK
report_capability "Connmark Match" $CONNMARK_MATCH

10
Shorewall6/shorewall6
View File

@ -1827,16 +1827,6 @@ case "$COMMAND" in
get_config
allow_command $@
;;
add)
get_config
shift
add_command $@
;;
delete)
get_config
shift
delete_command $@
;;
save)
get_config
[ -n "$g_debugging" ] && set -x

18
docs/Install.xml
View File

@ -174,18 +174,12 @@
</listitem>
</orderedlist>
<para>Beginning with shorewall 4.4.20, the installer also supports a
<option>-p</option> (plain) option. Beginning with that release, the
standard configuration files (including samples) are annotated with the
contents of the associated manpage. The <option>-p</option> option
suppresses that behavior such that the configuration files do not include
documentation.</para>
<note>
<para>Setting the <emphasis role="bold">PLAIN</emphasis> environmental
variable to a non-empty value is equivalent to specifying
<option>-p</option>.</para>
</note>
<para>Beginning with shorewall 4.4.20.1, the installer also supports a
<option>-a</option> (annotated) option. Beginning with that release, the
standard configuration files (including samples) may be annotated with the
contents of the associated manpage. The <option>-a</option> option enables
that behavior. The default remains that the configuration files do not
include documentation.</para>
<section>
<title>Executables in /usr and Perl Modules</title>

13
docs/standalone.xml
View File

@ -201,18 +201,17 @@
copies.</para>
</warning>
<para>If you are installing Shorewall version 3.4.0 or later then as each
file is introduced, I suggest that you look at the actual file on your
system and that you look at the <ulink
<para>As each file is introduced, I suggest that you look at the actual
file on your system and that you look at the <ulink
url="configuration_file_basics.htm#Manpages">man page</ulink> for that
file. For example, to look at the man page for the
<filename>/etc/shorewall/zones</filename> file, type <command>man
shorewall-zones</command> at a shell prompt.</para>
<para>If you are installing a Shorewall version earlier than 3.4.0, then
as each file is introduced, I suggest that you look through the actual
file on your system -- each file contains detailed configuration
instructions and default entries.</para>
<para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
sample files that are annotated with the corresponding manpage contents.
These files have names ending in '.annotated'. You might choose to look at
those files instead.</para>
<para>Shorewall views the network where it is running as being composed of
a set of <emphasis>zones</emphasis>. In the one-interface sample

13
docs/three-interface.xml
View File

@ -232,18 +232,17 @@
</listitem>
</orderedlist>
<para>If you are installing Shorewall version 3.4.0 or later then as each
file is introduced, I suggest that you look at the actual file on your
system and that you look at the <ulink
<para>As each file is introduced, I suggest that you look at the actual
file on your system and that you look at the <ulink
url="configuration_file_basics.htm#Manpages">man page</ulink> for that
file. For example, to look at the man page for the
<filename>/etc/shorewall/zones</filename> file, type <command>man
shorewall-zones</command> at a shell prompt.</para>
<para>If you are installing a Shorewall version earlier than 3.4.0, then
as each file is introduced, I suggest that you look through the actual
file on your system -- each file contains detailed configuration
instructions and default entries.</para>
<para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
sample files that are annotated with the corresponding manpage contents.
These files have names ending in '.annotated'. You might choose to look at
those files instead.</para>
<para>Shorewall views the network where it is running as being composed of
a set of zones. In the three-interface sample configuration, the following

13
docs/two-interface.xml
View File

@ -214,18 +214,17 @@
</orderedlist>
</important></para>
<para>If you are installing Shorewall version 3.4.0 or later then as each
file is introduced, I suggest that you look at the actual file on your
system and that you look at the <ulink
<para>As each file is introduced, I suggest that you look at the actual
file on your system and that you look at the <ulink
url="configuration_file_basics.htm#Manpages">man page</ulink> for that
file. For example, to look at the man page for the
<filename>/etc/shorewall/zones</filename> file, type <command>man
shorewall-zones</command> at a shell prompt.</para>
<para>If you are installing a Shorewall version earlier than 3.4.0, then
as each file is introduced, I suggest that you look through the actual
file on your system -- each file contains detailed configuration
instructions and default entries.</para>
<para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
sample files that are annotated with the corresponding manpage contents.
These files have names ending in '.annotated'. You might choose to look at
those files instead.</para>
<para>Shorewall views the network where it is running as being composed of
a set of zones. In the two-interface sample configuration, the following