From 726faba091854bb3ba7d923d621165e5c1c3baf9 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 22 Jan 2007 22:17:42 +0000 Subject: [PATCH] Hacks for OpenWRT Lite git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/shorecap | 2 +- Shorewall/Makefile-lite | 6 +++++- Shorewall/shorewall | 14 +++++++++++++- Shorewall/shorewall.conf | 2 ++ docs/CompiledPrograms.xml | 12 ++++++++++-- 5 files changed, 31 insertions(+), 5 deletions(-) diff --git a/Shorewall-lite/shorecap b/Shorewall-lite/shorecap index 8df81e630..9df3330e9 100755 --- a/Shorewall-lite/shorecap +++ b/Shorewall-lite/shorecap @@ -46,7 +46,7 @@ PRODUCT="Shorewall Lite" -. /usr/share/shorewall-lite/functions +. /usr/share/shorewall-lite/lib.base . /usr/share/shorewall-lite/configpath [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin diff --git a/Shorewall/Makefile-lite b/Shorewall/Makefile-lite index a25157ad3..711e87a6a 100644 --- a/Shorewall/Makefile-lite +++ b/Shorewall/Makefile-lite @@ -42,6 +42,10 @@ HOST = gateway # LITEDIR = /var/lib/shorewall-lite # +# Set this if the remote system has a non-standard modules directory +# +MODULESDIR= +# # Default target is the firewall script # ################################################################################ @@ -52,7 +56,7 @@ all: firewall # Only generate the capabilities file if it doesn't already exist # capabilities: - ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities" + ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities" scp root@$(HOST):$(LITEDIR)/capabilities . # # Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 2c0dea8d9..77d2a523c 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -941,6 +941,11 @@ reload_command() # $* = original arguments less the command. ;; esac + if [ -f $directory/shorewall.conf ]; then + litedir=$(grep '^\s*LITEDIR=' $directory/shorewall.conf | tail -n 1) + [ -n "$litedir" ] && LITEDIR=${litedir#*=} + fi + if [ -z "$getcaps" ]; then SHOREWALL_DIR=$(resolve_file $directory) capabilities=$(find_file capabilities) @@ -948,8 +953,15 @@ reload_command() # $* = original arguments less the command. fi if [ -n "$getcaps" ]; then + if [ -f $directory/shorewall.conf ]; then + MODULESDIR=$(grep '^\s*MODULESDIR=' $directory/shorewall.conf | tail -n 1) + MODULESDIR=${MODULESDIR#*=} + IPTABLES=$(grep '^\s*IPTABLES=' $directory/shorewall.conf | tail -n 1) + IPTABLES=${IPTABLES#*=} + fi + progress_message "Getting Capabilities on system $system..." - if ! ssh ${root}@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \ + if ! ssh ${root}@${system} "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES /usr/share/shorewall-lite/shorecap > ${LITEDIR}/capabilities" || \ ! scp ${root}@$system:${LITEDIR}/capabilities $directory; then fatal_error "ERROR: Capturing capabilities on system $system failed" fi diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index 7d4644596..99e19de6c 100644 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -72,6 +72,8 @@ RESTOREFILE= IPSECFILE=zones +#LITEDIR=/var/lib/shorewall-lite + ############################################################################### # D E F A U L T A C T I O N S / M A C R O S ############################################################################### diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 896699c88..8138a4090 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -382,6 +382,10 @@ HOST = gateway # LITEDIR = /var/lib/shorewall-lite # +# Set this if the remote system has a non-standard modules directory +# +MODULESDIR= +# # Default target is the firewall script # ################################################################################ @@ -392,7 +396,7 @@ all: firewall # Only generate the capabilities file if it doesn't already exist # capabilities: - ssh root@$(HOST) "/sbin/shorewall-lite show -f capabilities > $(LITEDIR)/capabilities" + ssh root@$(HOST) "MODULESDIR=$(MODULESDIR) /usr/share/shorewall-lite/shorecap > $(LITEDIR)/capabilities" scp root@$(HOST):$(LITEDIR)/capabilities . # # Compile the firewall script. Using the 'wildcard' function causes "*" to be expanded so that @@ -644,7 +648,7 @@ clean: changes and you need to create a new capabilities file, do the following: - /sbin/shorewall-lite show -f capabilities > capabilities + /usr/share/shorewall-lite/shorecap > capabilities scp capabilities <admin system>:<this system's config dir> Or, if you are running Shorewall 3.2.6 or later, simply use @@ -721,6 +725,10 @@ MANGLE_FORWARD # Mangle table has FORWARD chainshorewall-lite show -f capabilities > capabilities + + Note that unlike the shorecap program, the show + capabilities command shows the kernel's current capabilities; it + does not attempt to load additional kernel modules.