holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' into 4.4.26

Browse Source
This commit is contained in:
Tom Eastep 2011-12-01 12:14:58 -08:00
commit 7754c45a07
11 changed files with 155 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall-lite/shorewall-lite
View File

@ -365,8 +365,10 @@ usage() # $1 = exit status
echo " allow <address> ..." echo " allow <address> ..."
echo " clear" echo " clear"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " disable <interface>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " enable <interface>"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
@ -664,7 +666,7 @@ case "$COMMAND" in
;; ;;
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
echo "Shorewall Lite $SHOREWALL_VERSION Status at $g_hostname - $(date)" echo "Shorewall Lite $SHOREWALL_VERSION Status at $g_hostname - $(date)"
echo echo
if shorewall_is_started ; then if shorewall_is_started ; then
@ -754,6 +756,14 @@ case "$COMMAND" in
shift shift
add_command $@ add_command $@
;; ;;
disable|enable)
get_config Yes
if shorewall_is_started; then
run_it ${VARDIR}/firewall $g_debugging $@
else
fatal_error "Shorewall is not running"
fi
;;
save) save)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x

1
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -76,6 +76,7 @@ our @EXPORT = qw( NOTHING
get_interface_option get_interface_option
interface_has_option interface_has_option
set_interface_option set_interface_option
set_interface_provider
interface_zones interface_zones
verify_required_interfaces verify_required_interfaces
compile_updown compile_updown

2
Shorewall/lib.cli
View File

@ -29,7 +29,7 @@
# #
fatal_error() # $@ = Message fatal_error() # $@ = Message
{ {
echo " $@" >&2 echo " ERROR: $@" >&2
exit 2 exit 2
} }

16
Shorewall/shorewall
View File

@ -1379,7 +1379,7 @@ reload_command() # $* = original arguments less the command.
progress_message "Getting Capabilities on system $system..." progress_message "Getting Capabilities on system $system..."
if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $directory/capabilities; then if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $directory/capabilities; then
fatal_error "ERROR: Capturing capabilities on system $system failed" fatal_error "Capturing capabilities on system $system failed"
fi fi
fi fi
@ -1460,7 +1460,7 @@ export_command() # $* = original arguments less the command.
target=$2 target=$2
;; ;;
*) *)
fatal_error "ERROR: Invalid command syntax (\"man shorewall\" for help)" fatal_error "Invalid command syntax (\"man shorewall\" for help)"
;; ;;
esac esac
@ -1499,8 +1499,10 @@ usage() # $1 = exit status
echo " clear" echo " clear"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]" echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " disable <interface>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " enable <interface>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]" echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
@ -1844,6 +1846,14 @@ case "$COMMAND" in
shift shift
update_command $@ update_command $@
;; ;;
disable|enable)
get_config Yes
if shorewall_is_started; then
run_it ${VARDIR}/firewall $g_debugging $@
else
fatal_error "Shorewall is not running"
fi
;;
show|list) show|list)
get_config Yes No Yes get_config Yes No Yes
shift shift
@ -1861,7 +1871,7 @@ case "$COMMAND" in
;; ;;
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
get_config get_config
echo "Shorewall-$SHOREWALL_VERSION Status at $g_hostname - $(date)" echo "Shorewall-$SHOREWALL_VERSION Status at $g_hostname - $(date)"
echo echo

13
Shorewall6-lite/shorewall6-lite
View File

@ -361,8 +361,10 @@ usage() # $1 = exit status
echo "where <command> is one of:" echo "where <command> is one of:"
echo " allow <address> ..." echo " allow <address> ..."
echo " clear" echo " clear"
echo " disable <interface>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " enable <interface>"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
echo " load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>" echo " load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
@ -648,7 +650,7 @@ case "$COMMAND" in
;; ;;
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
echo "Shorewall6 Lite $SHOREWALL_VERSION Status at $g_hostname - $(date)" echo "Shorewall6 Lite $SHOREWALL_VERSION Status at $g_hostname - $(date)"
echo echo
if shorewall6_is_started ; then if shorewall6_is_started ; then
@ -728,6 +730,14 @@ case "$COMMAND" in
allow) allow)
allow_command $@ allow_command $@
;; ;;
disable|enable)
get_config Yes
if shorewall6_is_started; then
run_it ${VARDIR}/firewall $g_debugging $@
else
fatal_error "Shorewall is not running"
fi
;;
save) save)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
@ -806,7 +816,6 @@ case "$COMMAND" in
temp=$(ip_network $address); echo " NETWORK=$temp" temp=$(ip_network $address); echo " NETWORK=$temp"
temp=$(broadcastaddress $address); echo " BROADCAST=$temp" temp=$(broadcastaddress $address); echo " BROADCAST=$temp"
;; ;;
iprange) iprange)
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
case $2 in case $2 in

2
Shorewall6/lib.cli
View File

@ -29,7 +29,7 @@
# #
fatal_error() # $@ = Message fatal_error() # $@ = Message
{ {
echo " $@" >&2 echo " ERROR: $@" >&2
exit 2 exit 2
} }

16
Shorewall6/shorewall6
View File

@ -1380,7 +1380,7 @@ reload_command() # $* = original arguments less the command.
progress_message "Getting Capabilities on system $system..." progress_message "Getting Capabilities on system $system..."
if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $directory/capabilities; then if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $directory/capabilities; then
fatal_error "ERROR: Capturing capabilities on system $system failed" fatal_error "Capturing capabilities on system $system failed"
fi fi
fi fi
@ -1461,7 +1461,7 @@ export_command() # $* = original arguments less the command.
target=$2 target=$2
;; ;;
*) *)
fatal_error "ERROR: Invalid command syntax (\"man shorewall6\" for help)" fatal_error "Invalid command syntax (\"man shorewall6\" for help)"
;; ;;
esac esac
@ -1500,8 +1500,10 @@ usage() # $1 = exit status
echo " clear" echo " clear"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]" echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " disable <interface>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " enable <interface>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]" echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
@ -1840,6 +1842,14 @@ case "$COMMAND" in
shift shift
update_command $@ update_command $@
;; ;;
disable|enable)
get_config Yes
if shorewall6_is_started; then
run_it ${VARDIR}/firewall $g_debugging $@
else
fatal_error "Shorewall is not running"
fi
;;
show|list) show|list)
get_config Yes No Yes get_config Yes No Yes
shift shift
@ -1857,7 +1867,7 @@ case "$COMMAND" in
;; ;;
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1
[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root" [ "$(id -u)" != 0 ] && fatal_error "The status command may only be run by root"
get_config get_config
echo "Shorewall6-$SHOREWALL_VERSION Status at $g_hostname - $(date)" echo "Shorewall6-$SHOREWALL_VERSION Status at $g_hostname - $(date)"
echo echo

26
manpages-lite/shorewall-lite.xml
View File

@ -40,6 +40,19 @@
<arg choice="plain"><option>clear</option></arg> <arg choice="plain"><option>clear</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>disable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall-lite</command> <command>shorewall-lite</command>
@ -67,6 +80,19 @@
<arg><option>-m</option></arg> <arg><option>-m</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>enable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall-lite</command> <command>shorewall-lite</command>

26
manpages/shorewall.xml
View File

@ -117,6 +117,19 @@
<arg choice="plain"><replaceable>zone</replaceable></arg> <arg choice="plain"><replaceable>zone</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>disable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall</command> <command>shorewall</command>
@ -146,6 +159,19 @@
<arg><option>-m</option></arg> <arg><option>-m</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>enable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall</command> <command>shorewall</command>

26
manpages6-lite/shorewall6-lite.xml
View File

@ -40,6 +40,19 @@
<arg choice="plain"><option>clear</option></arg> <arg choice="plain"><option>clear</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>disable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6-lite</command> <command>shorewall6-lite</command>
@ -67,6 +80,19 @@
<arg><option>-m</option></arg> <arg><option>-m</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>enable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6-lite</command> <command>shorewall6-lite</command>

26
manpages6/shorewall6.xml
View File

@ -98,6 +98,19 @@
<arg choice="opt"><replaceable>pathname</replaceable></arg> <arg choice="opt"><replaceable>pathname</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>disable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6</command> <command>shorewall6</command>
@ -127,6 +140,19 @@
<arg><option>-m</option></arg> <arg><option>-m</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>enable</option></arg>
<arg choice="plain"><replaceable>interface</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6</command> <command>shorewall6</command>