forked from extern/shorewall_code
Hacks for OpenWRT Lite
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
4b2ee53e9c
commit
726faba091
@ -46,7 +46,7 @@
|
||||
|
||||
PRODUCT="Shorewall Lite"
|
||||
|
||||
. /usr/share/shorewall-lite/functions
|
||||
. /usr/share/shorewall-lite/lib.base
|
||||
. /usr/share/shorewall-lite/configpath
|
||||
|
||||
[ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
@ -42,6 +42,10 @@ HOST = gateway
|
||||
#
|
||||
LITEDIR = /var/lib/shorewall-lite
|
||||
#
|
||||
# Set this if the remote system has a non-standard modules directory
|
||||
#
|
||||
MODULESDIR=
|
||||
#
|
||||
# Default target is the firewall script
|
||||
#
|
||||
################################################################################
|
||||
@ -52,7 +56,7 @@ all: firewall
|
||||
# Only generate the capabilities file if it doesn't already exist
|
||||
#
|
||||
capabilities:
|
||||
ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities"
|
||||
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
|
||||
scp root@$(HOST):$(LITEDIR)/capabilities .
|
||||
#
|
||||
# Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that
|
||||
|
||||
@ -941,6 +941,11 @@ reload_command() # $* = original arguments less the command.
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -f $directory/shorewall.conf ]; then
|
||||
litedir=$(grep '^\s*LITEDIR=' $directory/shorewall.conf | tail -n 1)
|
||||
[ -n "$litedir" ] && LITEDIR=${litedir#*=}
|
||||
fi
|
||||
|
||||
if [ -z "$getcaps" ]; then
|
||||
SHOREWALL_DIR=$(resolve_file $directory)
|
||||
capabilities=$(find_file capabilities)
|
||||
@ -948,8 +953,15 @@ reload_command() # $* = original arguments less the command.
|
||||
fi
|
||||
|
||||
if [ -n "$getcaps" ]; then
|
||||
if [ -f $directory/shorewall.conf ]; then
|
||||
MODULESDIR=$(grep '^\s*MODULESDIR=' $directory/shorewall.conf | tail -n 1)
|
||||
MODULESDIR=${MODULESDIR#*=}
|
||||
IPTABLES=$(grep '^\s*IPTABLES=' $directory/shorewall.conf | tail -n 1)
|
||||
IPTABLES=${IPTABLES#*=}
|
||||
fi
|
||||
|
||||
progress_message "Getting Capabilities on system $system..."
|
||||
if ! ssh ${root}@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \
|
||||
if ! ssh ${root}@${system} "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES /usr/share/shorewall-lite/shorecap > ${LITEDIR}/capabilities" || \
|
||||
! scp ${root}@$system:${LITEDIR}/capabilities $directory; then
|
||||
fatal_error "ERROR: Capturing capabilities on system $system failed"
|
||||
fi
|
||||
|
||||
@ -72,6 +72,8 @@ RESTOREFILE=
|
||||
|
||||
IPSECFILE=zones
|
||||
|
||||
#LITEDIR=/var/lib/shorewall-lite
|
||||
|
||||
###############################################################################
|
||||
# D E F A U L T A C T I O N S / M A C R O S
|
||||
###############################################################################
|
||||
|
||||
@ -382,6 +382,10 @@ HOST = gateway
|
||||
#
|
||||
LITEDIR = /var/lib/shorewall-lite
|
||||
#
|
||||
# Set this if the remote system has a non-standard modules directory
|
||||
#
|
||||
MODULESDIR=
|
||||
#
|
||||
# Default target is the firewall script
|
||||
#
|
||||
################################################################################
|
||||
@ -392,7 +396,7 @@ all: firewall
|
||||
# Only generate the capabilities file if it doesn't already exist
|
||||
#
|
||||
capabilities:
|
||||
ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities"
|
||||
ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities"
|
||||
scp root@$(HOST):$(LITEDIR)/capabilities .
|
||||
#
|
||||
# Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that
|
||||
@ -644,7 +648,7 @@ clean:
|
||||
changes and you need to create a new capabilities file, do the
|
||||
following:</para>
|
||||
|
||||
<programlisting><command>/sbin/shorewall-lite show -f capabilities > capabilities</command>
|
||||
<programlisting><command>/usr/share/shorewall-lite/shorecap > capabilities</command>
|
||||
<command>scp capabilities <admin system>:<this system's config dir></command></programlisting>
|
||||
|
||||
<para>Or, if you are running Shorewall 3.2.6 or later, simply use
|
||||
@ -721,6 +725,10 @@ MANGLE_FORWARD # Mangle table has FORWARD chain</programlisting
|
||||
<para><command>shorewall-lite show -f capabilities >
|
||||
capabilities</command></para>
|
||||
</blockquote></para>
|
||||
|
||||
<para>Note that unlike the shorecap program, the <command>show
|
||||
capabilities</command> command shows the kernel's current capabilities; it
|
||||
does not attempt to load additional kernel modules.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user