diff --git a/Shorewall2/action.AllowSNMP b/Shorewall2/action.AllowSNMP new file mode 100644 index 000000000..11d78d126 --- /dev/null +++ b/Shorewall2/action.AllowSNMP @@ -0,0 +1,11 @@ +# +# Shorewall 2.0 /etc/shorewall/action.AllowSNMP +# +# This action accepts SNMP traffic (including traps): +# +###################################################################################### +#TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT PORT(S) LIMIT GROUP +ACCEPT - - udp 161:162 +ACCEPT - - tcp 161 +#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 1ad3772be..87cbc728f 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -25,3 +25,7 @@ Changes since 1.4.10 12) Get the attention of 'logunclean' and 'dropunclean' users. 13) Replace all instances of `...` with $(...) for readability. + +14) Add action.AllowSNMP + +15) Move some code from firewall to functions diff --git a/Shorewall2/firewall b/Shorewall2/firewall index fb8c36e68..fb7ccd296 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -40,37 +40,6 @@ # shorewall refresh . Rebuild the common chain # shorewall check Verify the more heavily-used # configuration files. -# -# Search a list looking for a match -- returns zero if a match found -# 1 otherwise -# -list_search() # $1 = element to search for , $2-$n = list -{ - local e=$1 - - while [ $# -gt 1 ]; do - shift - [ "x$e" = "x$1" ] && return 0 - done - - return 1 -} - -# -# Functions to count list elements -# - - - - - - - - - - - - - - - - -# Whitespace-separated list -# -list_count1() { - echo $# -} -# -# Comma-separated list -# -list_count() { - list_count1 $(separate_list $1) -} - # # Mutual exclusion -- These functions are jackets for the mutual exclusion # routines in $FUNCTIONS. They invoke @@ -128,47 +97,6 @@ report () { # $* = message logger "$@" } -# -# Perform variable substitution on the passed argument and echo the result -# -expand() # $1 = contents of variable which may be the name of another variable -{ - eval echo \"$1\" -} - -# -# Perform variable substitition on the values of the passed list of variables -# -expandv() # $* = list of variable names -{ - local varval - - while [ $# -gt 0 ]; do - eval varval=\$${1} - eval $1=\"$varval\" - shift - done -} - -# -# Replace all leading "!" with "! " in the passed argument list -# - -fix_bang() { - local i; - - for i in $@; do - case $i in - !*) - echo "! ${i#!}" - ;; - *) - echo $i - ;; - esac - done -} - # # Run iptables and if an error occurs, stop the firewall and quit # @@ -414,7 +342,7 @@ find_interfaces() # $1 = interface zone local interface for interface in $all_interfaces; do - eval z=\$$(chain_base ${interface})_zone + eval z=\$$(chain_base $interface)_zone [ "x${z}" = x${zne} ] && echo $interface done } @@ -543,7 +471,7 @@ determine_hosts() { eval interfaces=\$${zone}_interfaces for interface in $interfaces; do - eval options=\$$(chain_base ${interface})_options + eval options=\$$(chain_base $interface)_options if list_search detectnets $options; then subnets=$(get_routed_subnets $interface) @@ -895,7 +823,7 @@ find_interface_addresses() # $1 = interface find_interfaces_by_option() # $1 = option { for interface in $all_interfaces; do - eval options=\$$(chain_base ${interface})_options + eval options=\$$(chain_base $interface)_options list_search $1 $options && echo $interface done } @@ -920,7 +848,7 @@ find_hosts_by_option() # $1 = option done < $TMP_DIR/hosts for interface in $all_interfaces; do - eval options=\$$(chain_base ${interface})_options + eval options=\$$(chain_base $interface)_options list_search $1 $options && \ echo ${interface}:0.0.0.0/0 done @@ -4726,7 +4654,7 @@ activate_rules() if [ "$subnet" != 0.0.0.0/0 ]; then if ! list_search $interface $need_broadcast ; then - eval options=\$$(chain_base ${interface})_options + eval options=\$$(chain_base $interface)_options list_search detectnets $options && need_broadcast="$need_broadcast $interface" fi fi diff --git a/Shorewall2/functions b/Shorewall2/functions index 87cd7597e..f71fec5f1 100755 --- a/Shorewall2/functions +++ b/Shorewall2/functions @@ -2,6 +2,37 @@ # # Shorewall 2.0 -- /usr/lib/shorewall/functions +# +# Search a list looking for a match -- returns zero if a match found +# 1 otherwise +# +list_search() # $1 = element to search for , $2-$n = list +{ + local e=$1 + + while [ $# -gt 1 ]; do + shift + [ "x$e" = "x$1" ] && return 0 + done + + return 1 +} + +# +# Functions to count list elements +# - - - - - - - - - - - - - - - - +# Whitespace-separated list +# +list_count1() { + echo $# +} +# +# Comma-separated list +# +list_count() { + list_count1 $(separate_list $1) +} + # # Suppress all output for a command # @@ -10,6 +41,47 @@ qt() "$@" >/dev/null 2>&1 } +# +# Perform variable substitution on the passed argument and echo the result +# +expand() # $1 = contents of variable which may be the name of another variable +{ + eval echo \"$1\" +} + +# +# Perform variable substitition on the values of the passed list of variables +# +expandv() # $* = list of variable names +{ + local varval + + while [ $# -gt 0 ]; do + eval varval=\$${1} + eval $1=\"$varval\" + shift + done +} + +# +# Replace all leading "!" with "! " in the passed argument list +# + +fix_bang() { + local i; + + for i in $@; do + case $i in + !*) + echo "! ${i#!}" + ;; + *) + echo $i + ;; + esac + done +} + # # Find a File -- For relative file name, look first in $SHOREWALL_DIR then in /etc/shorewall2 #