forked from extern/shorewall_code
Getting started on a 3.2.x-compatible release
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4027 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
5588635046
commit
888f9351b5
@ -1,6 +1 @@
|
||||
Sat Apr 24 23:10:10 EST 2004:
|
||||
|
||||
- The "minimal" in "Only the minimal information necessary for operation is
|
||||
stored on each firewall" is a bit of an overstatement. This could
|
||||
probably use some work.
|
||||
|
||||
None known at present.
|
||||
|
14
contrib/shoregen/ChangeLog
Normal file
14
contrib/shoregen/ChangeLog
Normal file
@ -0,0 +1,14 @@
|
||||
0.1.1 Paul Gear <paul@gear.dyndns.org> No idea when
|
||||
- Initial release.
|
||||
|
||||
0.1.2 Paul Gear <paul@gear.dyndns.org> No idea when
|
||||
- Removed filtering of zones that are on the same interface.
|
||||
This caused problems when a zone was accessible via more than
|
||||
one interface.
|
||||
|
||||
0.1.3 Paul Gear <paul@gear.dyndns.org> No idea when
|
||||
- Optimisation to detect whether system is a router and remove
|
||||
redundant zones from rules and policies if so.
|
||||
|
||||
3.2.0-beta1 Paul Gear <paul@gear.dyndns.org>
|
||||
- First attempt at compatibility with Shorewall 3.2.x.
|
@ -1,6 +1,5 @@
|
||||
shoregen 0.1
|
||||
Shoreline Firewall configuration generator
|
||||
(c) Copyright 2004 Paul D. Gear <paul@gear.dyndns.org>
|
||||
(c) Copyright 2004-2006 Paul D. Gear <paul@gear.dyndns.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -21,7 +20,7 @@ SHOREWALL
|
||||
|
||||
The quick plug:
|
||||
|
||||
- I love shorewall. Shorewall is the only firewall i trust.
|
||||
- Shorewall is the only firewall i trust.
|
||||
|
||||
The IT Manager plug:
|
||||
|
||||
@ -69,10 +68,10 @@ you're probably not reading this document. :-)
|
||||
DESIGN
|
||||
|
||||
Shoregen distinguishes between two different types of shorewall
|
||||
configurations. Most shorewall configuration files are simply concatenated
|
||||
together from parts constructed from common and host-specific parts. These
|
||||
are called simple configs, and shoregen doesn't substantially alter them,
|
||||
and uses little information from them.
|
||||
configuration files. Most shorewall configuration files are simply
|
||||
concatenated together from parts constructed from common and host-specific
|
||||
parts. These are called simple configs; shoregen doesn't substantially
|
||||
alter them, and uses little information from them.
|
||||
|
||||
Configs with which shoregen is more concerned are treated separately, and
|
||||
additional features beyond the scope of shorewall itself are implemented.
|
||||
|
@ -1,14 +1,14 @@
|
||||
As at Wed Apr 21 22:30:12 EST 2004:
|
||||
|
||||
- Need to make it possible for a host to have the same $FW name as the zone
|
||||
in which it belongs, and have shoregen automatically create appropriate
|
||||
- Make it possible for a host to have the same $FW name as the zone in
|
||||
which it belongs, and have shoregen automatically create appropriate
|
||||
rules.
|
||||
|
||||
- At the moment, if a fully-expanded policy file (such as is shown
|
||||
|
||||
- Better documentation & samples. I'm sure there is room for improvement.
|
||||
- Better rule & policy sanitisation.
|
||||
|
||||
- Better rule & policy sanitisation. Again, there is room for improvement.
|
||||
- Hosts and interfaces could be reduced based on what's used in the policy
|
||||
and rules files.
|
||||
|
||||
- The Makefile could be improved to detect changes in the lower level
|
||||
config files and call shoregen automatically when they are out-of-date.
|
||||
|
@ -6,5 +6,5 @@ default: $(HOSTS)
|
||||
$(HOSTS):
|
||||
shoregen $@
|
||||
|
||||
install:
|
||||
install: $(HOSTS)
|
||||
install_shoregen -c -r $(HOSTS)
|
||||
|
@ -48,23 +48,28 @@ my $dir = "$spool/$host";
|
||||
# usual perl 'die' or 'warn' functions.
|
||||
#
|
||||
|
||||
sub info
|
||||
{
|
||||
print "$0: @_\n";
|
||||
}
|
||||
|
||||
sub mesg
|
||||
{
|
||||
my $type = shift;
|
||||
print STDERR "$0: $type - @_\n";
|
||||
}
|
||||
|
||||
sub warning
|
||||
{
|
||||
mesg "WARNING", @_;
|
||||
}
|
||||
|
||||
sub error
|
||||
{
|
||||
mesg "ERROR", @_;
|
||||
++$ret;
|
||||
}
|
||||
|
||||
sub warning
|
||||
{
|
||||
mesg "WARNING", @_;
|
||||
}
|
||||
|
||||
sub fatal
|
||||
{
|
||||
mesg "FATAL", @_;
|
||||
@ -72,11 +77,6 @@ sub fatal
|
||||
exit $ret;
|
||||
}
|
||||
|
||||
sub message
|
||||
{
|
||||
print "$0: @_\n";
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# These bits make the files that actually get copied to the target host
|
||||
@ -105,7 +105,7 @@ sub constructfile
|
||||
my $dst = shift;
|
||||
my $foundone = 0;
|
||||
|
||||
message "Constructing $confname" if $VERBOSE > 1;
|
||||
info "Constructing $confname" if $VERBOSE > 1;
|
||||
|
||||
open( my $DST, ">$dst" ) or die "Can't create $dst: $!";
|
||||
printf $DST $HEADER, $confname;
|
||||
@ -275,8 +275,8 @@ undef %tmpzones;
|
||||
|
||||
|
||||
my @tmp = sort keys %hostzones;
|
||||
message "FW zone for $host: $fw" if $VERBOSE > 0;
|
||||
message "Other zones for $host: @tmp" if $VERBOSE > 0;
|
||||
info "FW zone for $host: $fw" if $VERBOSE > 0;
|
||||
info "Other zones for $host: @tmp" if $VERBOSE > 0;
|
||||
|
||||
#
|
||||
# Add 'all' as a valid source or destination. Added here so it doesn't get
|
||||
|
Loading…
Reference in New Issue
Block a user