From 888f9351b5d96d947c8a5dadcf8bdafeffc480a3 Mon Sep 17 00:00:00 2001 From: paulgear Date: Thu, 8 Jun 2006 07:01:29 +0000 Subject: [PATCH] Getting started on a 3.2.x-compatible release git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4027 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- contrib/shoregen/BUGS | 7 +------ contrib/shoregen/ChangeLog | 14 ++++++++++++++ contrib/shoregen/README | 13 ++++++------- contrib/shoregen/TODO | 10 +++++----- contrib/shoregen/samples/Makefile | 2 +- contrib/shoregen/shoregen | 26 +++++++++++++------------- 6 files changed, 40 insertions(+), 32 deletions(-) create mode 100644 contrib/shoregen/ChangeLog diff --git a/contrib/shoregen/BUGS b/contrib/shoregen/BUGS index a7664840c..f84a1ad55 100644 --- a/contrib/shoregen/BUGS +++ b/contrib/shoregen/BUGS @@ -1,6 +1 @@ -Sat Apr 24 23:10:10 EST 2004: - -- The "minimal" in "Only the minimal information necessary for operation is - stored on each firewall" is a bit of an overstatement. This could - probably use some work. - +None known at present. diff --git a/contrib/shoregen/ChangeLog b/contrib/shoregen/ChangeLog new file mode 100644 index 000000000..500f06250 --- /dev/null +++ b/contrib/shoregen/ChangeLog @@ -0,0 +1,14 @@ +0.1.1 Paul Gear No idea when + - Initial release. + +0.1.2 Paul Gear No idea when + - Removed filtering of zones that are on the same interface. + This caused problems when a zone was accessible via more than + one interface. + +0.1.3 Paul Gear No idea when + - Optimisation to detect whether system is a router and remove + redundant zones from rules and policies if so. + +3.2.0-beta1 Paul Gear + - First attempt at compatibility with Shorewall 3.2.x. diff --git a/contrib/shoregen/README b/contrib/shoregen/README index 97c2cbcd7..ceac0ef72 100644 --- a/contrib/shoregen/README +++ b/contrib/shoregen/README @@ -1,6 +1,5 @@ -shoregen 0.1 Shoreline Firewall configuration generator -(c) Copyright 2004 Paul D. Gear +(c) Copyright 2004-2006 Paul D. Gear This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,7 +20,7 @@ SHOREWALL The quick plug: - - I love shorewall. Shorewall is the only firewall i trust. + - Shorewall is the only firewall i trust. The IT Manager plug: @@ -69,10 +68,10 @@ you're probably not reading this document. :-) DESIGN Shoregen distinguishes between two different types of shorewall -configurations. Most shorewall configuration files are simply concatenated -together from parts constructed from common and host-specific parts. These -are called simple configs, and shoregen doesn't substantially alter them, -and uses little information from them. +configuration files. Most shorewall configuration files are simply +concatenated together from parts constructed from common and host-specific +parts. These are called simple configs; shoregen doesn't substantially +alter them, and uses little information from them. Configs with which shoregen is more concerned are treated separately, and additional features beyond the scope of shorewall itself are implemented. diff --git a/contrib/shoregen/TODO b/contrib/shoregen/TODO index 7741da178..3a1d3aa1f 100644 --- a/contrib/shoregen/TODO +++ b/contrib/shoregen/TODO @@ -1,14 +1,14 @@ -As at Wed Apr 21 22:30:12 EST 2004: -- Need to make it possible for a host to have the same $FW name as the zone - in which it belongs, and have shoregen automatically create appropriate +- Make it possible for a host to have the same $FW name as the zone in + which it belongs, and have shoregen automatically create appropriate rules. - At the moment, if a fully-expanded policy file (such as is shown -- Better documentation & samples. I'm sure there is room for improvement. +- Better rule & policy sanitisation. -- Better rule & policy sanitisation. Again, there is room for improvement. +- Hosts and interfaces could be reduced based on what's used in the policy + and rules files. - The Makefile could be improved to detect changes in the lower level config files and call shoregen automatically when they are out-of-date. diff --git a/contrib/shoregen/samples/Makefile b/contrib/shoregen/samples/Makefile index 2e74e1c28..1d18073d6 100644 --- a/contrib/shoregen/samples/Makefile +++ b/contrib/shoregen/samples/Makefile @@ -6,5 +6,5 @@ default: $(HOSTS) $(HOSTS): shoregen $@ -install: +install: $(HOSTS) install_shoregen -c -r $(HOSTS) diff --git a/contrib/shoregen/shoregen b/contrib/shoregen/shoregen index 669f9a899..ef8956572 100644 --- a/contrib/shoregen/shoregen +++ b/contrib/shoregen/shoregen @@ -48,23 +48,28 @@ my $dir = "$spool/$host"; # usual perl 'die' or 'warn' functions. # +sub info +{ + print "$0: @_\n"; +} + sub mesg { my $type = shift; print STDERR "$0: $type - @_\n"; } +sub warning +{ + mesg "WARNING", @_; +} + sub error { mesg "ERROR", @_; ++$ret; } -sub warning -{ - mesg "WARNING", @_; -} - sub fatal { mesg "FATAL", @_; @@ -72,11 +77,6 @@ sub fatal exit $ret; } -sub message -{ - print "$0: @_\n"; -} - # # These bits make the files that actually get copied to the target host @@ -105,7 +105,7 @@ sub constructfile my $dst = shift; my $foundone = 0; - message "Constructing $confname" if $VERBOSE > 1; + info "Constructing $confname" if $VERBOSE > 1; open( my $DST, ">$dst" ) or die "Can't create $dst: $!"; printf $DST $HEADER, $confname; @@ -275,8 +275,8 @@ undef %tmpzones; my @tmp = sort keys %hostzones; -message "FW zone for $host: $fw" if $VERBOSE > 0; -message "Other zones for $host: @tmp" if $VERBOSE > 0; +info "FW zone for $host: $fw" if $VERBOSE > 0; +info "Other zones for $host: @tmp" if $VERBOSE > 0; # # Add 'all' as a valid source or destination. Added here so it doesn't get