Add action.AllowSNMP and move some code around

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1120 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/action.AllowSNMP

@@ -0,0 +1,11 @@
+#
+# Shorewall 2.0 /etc/shorewall/action.AllowSNMP
+#
+#	This action accepts SNMP traffic (including traps):
+#
+######################################################################################
+#TARGET  SOURCE		DEST      	PROTO	DEST    SOURCE	 	RATE	USER/
+#                       	        	PORT    PORT(S)		LIMIT	GROUP
+ACCEPT	 -		-		udp	161:162	
+ACCEPT	 -		-		tcp	161
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall2/changelog.txt

@@ -25,3 +25,7 @@ Changes since 1.4.10
 12) Get the attention of 'logunclean' and 'dropunclean' users.
 
 13) Replace all instances of `...` with $(...) for readability.
+
+14) Add action.AllowSNMP
+
+15) Move some code from firewall to functions

Shorewall2/firewall

@@ -40,37 +40,6 @@
 #	   shorewall refresh	.		  Rebuild the common chain
 #          shorewall check                        Verify the more heavily-used
 #                                                 configuration files.
-#
-# Search a list looking for a match -- returns zero if a match found
-# 1 otherwise
-#
-list_search() # $1 = element to search for , $2-$n = list
-{
-    local e=$1
-
-    while [ $# -gt 1 ]; do
-	shift
-	[ "x$e" = "x$1" ] && return 0
-    done
-
-    return 1
-}
-
-#
-# Functions to count list elements
-# - - - - - - - - - - - - - - - -
-# Whitespace-separated list
-#
-list_count1() {
-    echo $#
-}
-#
-# Comma-separated list
-#
-list_count() {
-    list_count1 $(separate_list $1)
-}
-
 #
 # Mutual exclusion -- These functions are jackets for the mutual exclusion
 #		      routines in $FUNCTIONS. They invoke
@@ -128,47 +97,6 @@ report () { # $* = message
     logger "$@"
 }
 
-#
-# Perform variable substitution on the passed argument and echo the result
-#
-expand() # $1 = contents of variable which may be the name of another variable
-{
-    eval echo \"$1\"
-}
-
-#
-# Perform variable substitition on the values of the passed list of variables
-#
-expandv() # $* = list of variable names
-{
-    local varval
-
-    while [ $# -gt 0 ]; do
-	eval varval=\$${1}
-	eval $1=\"$varval\"
-	shift
-    done
-}
-
-#
-# Replace all leading "!" with "! " in the passed argument list
-#
-
-fix_bang() {
-    local i;
-
-    for i in $@; do
-	case $i in
-	    !*)
-		echo "! ${i#!}"
-		;;
-	    *)
-		echo $i
-		;;
-	esac
-    done
-}
-
 #
 # Run iptables and if an error occurs, stop the firewall and quit
 #
@@ -414,7 +342,7 @@ find_interfaces() # $1 = interface zone
     local interface
 
     for interface in $all_interfaces; do
-	eval z=\$$(chain_base ${interface})_zone
+	eval z=\$$(chain_base $interface)_zone
 	[ "x${z}" = x${zne} ] && echo $interface
     done
 }
@@ -543,7 +471,7 @@ determine_hosts() {
 	eval interfaces=\$${zone}_interfaces
 
 	for interface in $interfaces; do
-	    eval options=\$$(chain_base ${interface})_options
+	    eval options=\$$(chain_base $interface)_options
 
 	    if list_search detectnets $options; then
 		subnets=$(get_routed_subnets $interface)
@@ -895,7 +823,7 @@ find_interface_addresses() # $1 = interface
 find_interfaces_by_option() # $1 = option
 {
     for interface in $all_interfaces; do
-	eval options=\$$(chain_base ${interface})_options
+	eval options=\$$(chain_base $interface)_options
 	list_search $1 $options && echo $interface
     done
 }
@@ -920,7 +848,7 @@ find_hosts_by_option() # $1 = option
     done < $TMP_DIR/hosts
 
     for interface in $all_interfaces; do
-	eval options=\$$(chain_base ${interface})_options
+	eval options=\$$(chain_base $interface)_options
 	list_search $1 $options && \
 	    echo ${interface}:0.0.0.0/0
     done
@@ -4726,7 +4654,7 @@ activate_rules()
 
 	    if [ "$subnet" != 0.0.0.0/0 ]; then
 		if ! list_search $interface $need_broadcast ; then
-		    eval options=\$$(chain_base ${interface})_options
+		    eval options=\$$(chain_base $interface)_options
 		    list_search detectnets $options && need_broadcast="$need_broadcast $interface"
 		fi
 	    fi

Shorewall2/functions

@@ -2,6 +2,37 @@
 #
 # Shorewall 2.0 -- /usr/lib/shorewall/functions
 
+#
+# Search a list looking for a match -- returns zero if a match found
+# 1 otherwise
+#
+list_search() # $1 = element to search for , $2-$n = list
+{
+    local e=$1
+
+    while [ $# -gt 1 ]; do
+	shift
+	[ "x$e" = "x$1" ] && return 0
+    done
+
+    return 1
+}
+
+#
+# Functions to count list elements
+# - - - - - - - - - - - - - - - -
+# Whitespace-separated list
+#
+list_count1() {
+    echo $#
+}
+#
+# Comma-separated list
+#
+list_count() {
+    list_count1 $(separate_list $1)
+}
+
 #
 # Suppress all output for a command
 #
@@ -10,6 +41,47 @@ qt()
     "$@" >/dev/null 2>&1
 }
 
+#
+# Perform variable substitution on the passed argument and echo the result
+#
+expand() # $1 = contents of variable which may be the name of another variable
+{
+    eval echo \"$1\"
+}
+
+#
+# Perform variable substitition on the values of the passed list of variables
+#
+expandv() # $* = list of variable names
+{
+    local varval
+
+    while [ $# -gt 0 ]; do
+	eval varval=\$${1}
+	eval $1=\"$varval\"
+	shift
+    done
+}
+
+#
+# Replace all leading "!" with "! " in the passed argument list
+#
+
+fix_bang() {
+    local i;
+
+    for i in $@; do
+	case $i in
+	    !*)
+		echo "! ${i#!}"
+		;;
+	    *)
+		echo $i
+		;;
+	esac
+    done
+}
+
 #
 # Find a File -- For relative file name, look first in $SHOREWALL_DIR then in /etc/shorewall2
 #