forked from extern/shorewall_code
Clean up remote compilation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3271 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
bcffc35f78
commit
71bec3c0b1
@ -1237,8 +1237,6 @@ validate_interfaces_file() {
|
||||
if [ $COMMAND = generate ]; then
|
||||
cat >> $RESTOREBASE << __EOF__
|
||||
|
||||
progress_message "Verifying 'norfc1918' on $interface"
|
||||
|
||||
addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
||||
if [ -n "\$addr" ]; then
|
||||
addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
||||
@ -1498,7 +1496,7 @@ __EOF__
|
||||
qt ip rule del from \$address
|
||||
pref=\$((20000 + \$rulenum * 1000 + $number ))
|
||||
rulenum=\$((\$rulenum + 1))
|
||||
ip rule add from \$address pref \$pref table $number"
|
||||
ip rule add from \$address pref \$pref table $number
|
||||
done
|
||||
|
||||
__EOF__
|
||||
@ -2023,25 +2021,6 @@ setup_forwarding() {
|
||||
esac
|
||||
}
|
||||
|
||||
disable_ipv6_1() {
|
||||
local foo="$(ip -f inet6 addr ls 2> /dev/null)"
|
||||
|
||||
if [ -n "$foo" ]; then
|
||||
if qt mywhich ip6tables; then
|
||||
progress_message "Disabling IPV6..."
|
||||
ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP
|
||||
ip6tables -F
|
||||
ip6tables -X
|
||||
ip6tables -A OUTPUT -o lo -j ACCEPT
|
||||
ip6tables -A INPUT -i lo -j ACCEPT
|
||||
else
|
||||
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Process the routestopped file either adding or deleting rules
|
||||
#
|
||||
@ -2273,7 +2252,7 @@ stop_firewall() {
|
||||
delete_proxy_arp
|
||||
[ -n "$CLEAR_TC" ] && delete_tc1
|
||||
|
||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6_1
|
||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6
|
||||
|
||||
process_criticalhosts
|
||||
|
||||
@ -7734,7 +7713,7 @@ verify_os_version() {
|
||||
2.4.*|2.5.*|2.6.*)
|
||||
;;
|
||||
*)
|
||||
startup_error "Shorewall version $version does not work with kernel version $osversion"
|
||||
startup_error "Shorewall version $VERSION does not work with kernel version $osversion"
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -7746,7 +7725,7 @@ verify_os_version() {
|
||||
|
||||
verify_ip() {
|
||||
qt ip link ls ||\
|
||||
startup_error "Shorewall $version requires the iproute package ('ip' utility)"
|
||||
startup_error "Shorewall $VERSION requires the iproute package ('ip' utility)"
|
||||
}
|
||||
|
||||
#
|
||||
@ -8798,7 +8777,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
|
||||
echo '#bin/sh' >> $RESTOREBASE
|
||||
save_command "#"
|
||||
save_command "# Restore base file generated by Shorewall $version - $(date)"
|
||||
save_command "# Restore base file generated by Shorewall $VERSION - $(date)"
|
||||
save_command "#"
|
||||
save_command ". /usr/share/shorewall/functions"
|
||||
|
||||
@ -8878,7 +8857,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
> $RESTOREBASE
|
||||
|
||||
save_command "#"
|
||||
save_command "# Restore tail file generated by Shorewall $version - $(date)"
|
||||
save_command "# Restore tail file generated by Shorewall $VERSION - $(date)"
|
||||
save_command "#"
|
||||
save_command "date > /var/lib/shorewall/restarted"
|
||||
|
||||
@ -9018,9 +8997,20 @@ compile_firewall() # $1 = File Name
|
||||
|
||||
cat >> $RESTOREBASE << __EOF__
|
||||
#
|
||||
# Compiled startup file generated by Shorewall $version - $(date)"
|
||||
# Compiled startup file generated by Shorewall $VERSION - $(date)"
|
||||
#
|
||||
. /usr/share/shorewall/functions
|
||||
|
||||
fatal_error()
|
||||
{
|
||||
echo " ERROR: \$@" >&2
|
||||
exit 2
|
||||
}
|
||||
|
||||
if [ ! -f /usr/share/shorewall/version ] || [ \$(cat /usr/share/shorewall/version) != $VERSION ]; then
|
||||
fatal_error "This script requires Shorewall version $VERSION"
|
||||
fi
|
||||
|
||||
__EOF__
|
||||
f=$(find_file params)
|
||||
|
||||
@ -9033,12 +9023,6 @@ COMMAND=restore
|
||||
MODULESDIR="$MODULESDIR"
|
||||
MODULE_SUFFIX="$MODULE_SUFFIX"
|
||||
|
||||
fatal_error()
|
||||
{
|
||||
echo " ERROR: \$@" >&2
|
||||
exit 2
|
||||
}
|
||||
|
||||
load_kernel_modules
|
||||
|
||||
__EOF__
|
||||
@ -9632,7 +9616,7 @@ do_initialize() {
|
||||
#
|
||||
# Clear all configuration variables
|
||||
#
|
||||
version=
|
||||
VERSION=
|
||||
IPTABLES=
|
||||
FW=
|
||||
SUBSYSLOCK=
|
||||
@ -9720,7 +9704,7 @@ do_initialize() {
|
||||
|
||||
VERSION_FILE=$SHARED_DIR/version
|
||||
|
||||
[ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE)
|
||||
[ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
|
||||
|
||||
run_user_exit params
|
||||
|
||||
|
||||
@ -1116,13 +1116,13 @@ disable_ipv6() {
|
||||
|
||||
if [ -n "$foo" ]; then
|
||||
if qt mywhich ip6tables; then
|
||||
ip6tables -P FORWARD DROP && save_command ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP && save_command ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP && save_command ip6tables -P OUTPUT DROP
|
||||
ip6tables -F && save_command ip6tables -F
|
||||
ip6tables -X && save_command ip6tables -X
|
||||
ip6tables -A OUTPUT -o lo -j ACCEPT && save_command ip6tables -A OUTPUT -o lo -j ACCEPT
|
||||
ip6tables -A INPUT -i lo -j ACCEPT && save_command ip6tables -A INPUT -i lo -j ACCEPT
|
||||
ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP
|
||||
ip6tables -F
|
||||
ip6tables -X
|
||||
ip6tables -A OUTPUT -o lo -j ACCEPT
|
||||
ip6tables -A INPUT -i lo -j ACCEPT
|
||||
else
|
||||
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user