forked from extern/shorewall_code
Clean up remote compilation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3271 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
bcffc35f78
commit
71bec3c0b1
@ -1237,8 +1237,6 @@ validate_interfaces_file() {
|
|||||||
if [ $COMMAND = generate ]; then
|
if [ $COMMAND = generate ]; then
|
||||||
cat >> $RESTOREBASE << __EOF__
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
|
||||||
progress_message "Verifying 'norfc1918' on $interface"
|
|
||||||
|
|
||||||
addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
||||||
if [ -n "\$addr" ]; then
|
if [ -n "\$addr" ]; then
|
||||||
addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
||||||
@ -1498,7 +1496,7 @@ __EOF__
|
|||||||
qt ip rule del from \$address
|
qt ip rule del from \$address
|
||||||
pref=\$((20000 + \$rulenum * 1000 + $number ))
|
pref=\$((20000 + \$rulenum * 1000 + $number ))
|
||||||
rulenum=\$((\$rulenum + 1))
|
rulenum=\$((\$rulenum + 1))
|
||||||
ip rule add from \$address pref \$pref table $number"
|
ip rule add from \$address pref \$pref table $number
|
||||||
done
|
done
|
||||||
|
|
||||||
__EOF__
|
__EOF__
|
||||||
@ -2023,25 +2021,6 @@ setup_forwarding() {
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
disable_ipv6_1() {
|
|
||||||
local foo="$(ip -f inet6 addr ls 2> /dev/null)"
|
|
||||||
|
|
||||||
if [ -n "$foo" ]; then
|
|
||||||
if qt mywhich ip6tables; then
|
|
||||||
progress_message "Disabling IPV6..."
|
|
||||||
ip6tables -P FORWARD DROP
|
|
||||||
ip6tables -P INPUT DROP
|
|
||||||
ip6tables -P OUTPUT DROP
|
|
||||||
ip6tables -F
|
|
||||||
ip6tables -X
|
|
||||||
ip6tables -A OUTPUT -o lo -j ACCEPT
|
|
||||||
ip6tables -A INPUT -i lo -j ACCEPT
|
|
||||||
else
|
|
||||||
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Process the routestopped file either adding or deleting rules
|
# Process the routestopped file either adding or deleting rules
|
||||||
#
|
#
|
||||||
@ -2273,7 +2252,7 @@ stop_firewall() {
|
|||||||
delete_proxy_arp
|
delete_proxy_arp
|
||||||
[ -n "$CLEAR_TC" ] && delete_tc1
|
[ -n "$CLEAR_TC" ] && delete_tc1
|
||||||
|
|
||||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6_1
|
[ -n "$DISABLE_IPV6" ] && disable_ipv6
|
||||||
|
|
||||||
process_criticalhosts
|
process_criticalhosts
|
||||||
|
|
||||||
@ -7734,7 +7713,7 @@ verify_os_version() {
|
|||||||
2.4.*|2.5.*|2.6.*)
|
2.4.*|2.5.*|2.6.*)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
startup_error "Shorewall version $version does not work with kernel version $osversion"
|
startup_error "Shorewall version $VERSION does not work with kernel version $osversion"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
@ -7746,7 +7725,7 @@ verify_os_version() {
|
|||||||
|
|
||||||
verify_ip() {
|
verify_ip() {
|
||||||
qt ip link ls ||\
|
qt ip link ls ||\
|
||||||
startup_error "Shorewall $version requires the iproute package ('ip' utility)"
|
startup_error "Shorewall $VERSION requires the iproute package ('ip' utility)"
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -8798,7 +8777,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
|
|
||||||
echo '#bin/sh' >> $RESTOREBASE
|
echo '#bin/sh' >> $RESTOREBASE
|
||||||
save_command "#"
|
save_command "#"
|
||||||
save_command "# Restore base file generated by Shorewall $version - $(date)"
|
save_command "# Restore base file generated by Shorewall $VERSION - $(date)"
|
||||||
save_command "#"
|
save_command "#"
|
||||||
save_command ". /usr/share/shorewall/functions"
|
save_command ". /usr/share/shorewall/functions"
|
||||||
|
|
||||||
@ -8878,7 +8857,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
> $RESTOREBASE
|
> $RESTOREBASE
|
||||||
|
|
||||||
save_command "#"
|
save_command "#"
|
||||||
save_command "# Restore tail file generated by Shorewall $version - $(date)"
|
save_command "# Restore tail file generated by Shorewall $VERSION - $(date)"
|
||||||
save_command "#"
|
save_command "#"
|
||||||
save_command "date > /var/lib/shorewall/restarted"
|
save_command "date > /var/lib/shorewall/restarted"
|
||||||
|
|
||||||
@ -9018,9 +8997,20 @@ compile_firewall() # $1 = File Name
|
|||||||
|
|
||||||
cat >> $RESTOREBASE << __EOF__
|
cat >> $RESTOREBASE << __EOF__
|
||||||
#
|
#
|
||||||
# Compiled startup file generated by Shorewall $version - $(date)"
|
# Compiled startup file generated by Shorewall $VERSION - $(date)"
|
||||||
#
|
#
|
||||||
. /usr/share/shorewall/functions
|
. /usr/share/shorewall/functions
|
||||||
|
|
||||||
|
fatal_error()
|
||||||
|
{
|
||||||
|
echo " ERROR: \$@" >&2
|
||||||
|
exit 2
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ ! -f /usr/share/shorewall/version ] || [ \$(cat /usr/share/shorewall/version) != $VERSION ]; then
|
||||||
|
fatal_error "This script requires Shorewall version $VERSION"
|
||||||
|
fi
|
||||||
|
|
||||||
__EOF__
|
__EOF__
|
||||||
f=$(find_file params)
|
f=$(find_file params)
|
||||||
|
|
||||||
@ -9033,12 +9023,6 @@ COMMAND=restore
|
|||||||
MODULESDIR="$MODULESDIR"
|
MODULESDIR="$MODULESDIR"
|
||||||
MODULE_SUFFIX="$MODULE_SUFFIX"
|
MODULE_SUFFIX="$MODULE_SUFFIX"
|
||||||
|
|
||||||
fatal_error()
|
|
||||||
{
|
|
||||||
echo " ERROR: \$@" >&2
|
|
||||||
exit 2
|
|
||||||
}
|
|
||||||
|
|
||||||
load_kernel_modules
|
load_kernel_modules
|
||||||
|
|
||||||
__EOF__
|
__EOF__
|
||||||
@ -9632,7 +9616,7 @@ do_initialize() {
|
|||||||
#
|
#
|
||||||
# Clear all configuration variables
|
# Clear all configuration variables
|
||||||
#
|
#
|
||||||
version=
|
VERSION=
|
||||||
IPTABLES=
|
IPTABLES=
|
||||||
FW=
|
FW=
|
||||||
SUBSYSLOCK=
|
SUBSYSLOCK=
|
||||||
@ -9720,7 +9704,7 @@ do_initialize() {
|
|||||||
|
|
||||||
VERSION_FILE=$SHARED_DIR/version
|
VERSION_FILE=$SHARED_DIR/version
|
||||||
|
|
||||||
[ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE)
|
[ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
|
||||||
|
|
||||||
run_user_exit params
|
run_user_exit params
|
||||||
|
|
||||||
|
|||||||
@ -1116,13 +1116,13 @@ disable_ipv6() {
|
|||||||
|
|
||||||
if [ -n "$foo" ]; then
|
if [ -n "$foo" ]; then
|
||||||
if qt mywhich ip6tables; then
|
if qt mywhich ip6tables; then
|
||||||
ip6tables -P FORWARD DROP && save_command ip6tables -P FORWARD DROP
|
ip6tables -P FORWARD DROP
|
||||||
ip6tables -P INPUT DROP && save_command ip6tables -P INPUT DROP
|
ip6tables -P INPUT DROP
|
||||||
ip6tables -P OUTPUT DROP && save_command ip6tables -P OUTPUT DROP
|
ip6tables -P OUTPUT DROP
|
||||||
ip6tables -F && save_command ip6tables -F
|
ip6tables -F
|
||||||
ip6tables -X && save_command ip6tables -X
|
ip6tables -X
|
||||||
ip6tables -A OUTPUT -o lo -j ACCEPT && save_command ip6tables -A OUTPUT -o lo -j ACCEPT
|
ip6tables -A OUTPUT -o lo -j ACCEPT
|
||||||
ip6tables -A INPUT -i lo -j ACCEPT && save_command ip6tables -A INPUT -i lo -j ACCEPT
|
ip6tables -A INPUT -i lo -j ACCEPT
|
||||||
else
|
else
|
||||||
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
|
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user