Hacks for OpenWRT Lite

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-01-22 22:17:42 +00:00
parent 4b2ee53e9c
commit 726faba091
5 changed files with 31 additions and 5 deletions

View File

@ -46,7 +46,7 @@
PRODUCT="Shorewall Lite"
. /usr/share/shorewall-lite/functions
. /usr/share/shorewall-lite/lib.base
. /usr/share/shorewall-lite/configpath
[ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

View File

@ -42,6 +42,10 @@ HOST = gateway
#
LITEDIR = /var/lib/shorewall-lite
#
# Set this if the remote system has a non-standard modules directory
#
MODULESDIR=
#
# Default target is the firewall script
#
################################################################################
@ -52,7 +56,7 @@ all: firewall
# Only generate the capabilities file if it doesn't already exist
#
capabilities:
ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities"
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
scp root@$(HOST):$(LITEDIR)/capabilities .
#
# Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that

View File

@ -941,6 +941,11 @@ reload_command() # $* = original arguments less the command.
;;
esac
if [ -f $directory/shorewall.conf ]; then
litedir=$(grep '^\s*LITEDIR=' $directory/shorewall.conf | tail -n 1)
[ -n "$litedir" ] && LITEDIR=${litedir#*=}
fi
if [ -z "$getcaps" ]; then
SHOREWALL_DIR=$(resolve_file $directory)
capabilities=$(find_file capabilities)
@ -948,8 +953,15 @@ reload_command() # $* = original arguments less the command.
fi
if [ -n "$getcaps" ]; then
if [ -f $directory/shorewall.conf ]; then
MODULESDIR=$(grep '^\s*MODULESDIR=' $directory/shorewall.conf | tail -n 1)
MODULESDIR=${MODULESDIR#*=}
IPTABLES=$(grep '^\s*IPTABLES=' $directory/shorewall.conf | tail -n 1)
IPTABLES=${IPTABLES#*=}
fi
progress_message "Getting Capabilities on system $system..."
if ! ssh ${root}@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \
if ! ssh ${root}@${system} "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES /usr/share/shorewall-lite/shorecap > ${LITEDIR}/capabilities" || \
! scp ${root}@$system:${LITEDIR}/capabilities $directory; then
fatal_error "ERROR: Capturing capabilities on system $system failed"
fi

View File

@ -72,6 +72,8 @@ RESTOREFILE=
IPSECFILE=zones
#LITEDIR=/var/lib/shorewall-lite
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################

View File

@ -382,6 +382,10 @@ HOST = gateway
#
LITEDIR = /var/lib/shorewall-lite
#
# Set this if the remote system has a non-standard modules directory
#
MODULESDIR=
#
# Default target is the firewall script
#
################################################################################
@ -392,7 +396,7 @@ all: firewall
# Only generate the capabilities file if it doesn't already exist
#
capabilities:
ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities"
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
scp root@$(HOST):$(LITEDIR)/capabilities .
#
# Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that
@ -644,7 +648,7 @@ clean:
changes and you need to create a new capabilities file, do the
following:</para>
<programlisting><command>/sbin/shorewall-lite show -f capabilities &gt; capabilities</command>
<programlisting><command>/usr/share/shorewall-lite/shorecap &gt; capabilities</command>
<command>scp capabilities &lt;admin system&gt;:&lt;this system's config dir&gt;</command></programlisting>
<para>Or, if you are running Shorewall 3.2.6 or later, simply use
@ -721,6 +725,10 @@ MANGLE_FORWARD # Mangle table has FORWARD chain</programlisting
<para><command>shorewall-lite show -f capabilities &gt;
capabilities</command></para>
</blockquote></para>
<para>Note that unlike the shorecap program, the <command>show
capabilities</command> command shows the kernel's current capabilities; it
does not attempt to load additional kernel modules.</para>
</section>
<section>