From e0570cc35e85aed61e0750d78d9ca80d6524be5d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 27 Apr 2012 07:16:11 -0700 Subject: [PATCH 1/3] Install fixes for Slackware Signed-off-by: Tom Eastep --- Shorewall-core/shorewallrc.slackware | 4 ++-- Shorewall/install.sh | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Shorewall-core/shorewallrc.slackware b/Shorewall-core/shorewallrc.slackware index eabccafbd..8eb4f28f7 100644 --- a/Shorewall-core/shorewallrc.slackware +++ b/Shorewall-core/shorewallrc.slackware @@ -11,9 +11,9 @@ CONFDIR=/etc #Directory where subsystem configurat SBINDIR=/sbin #Directory where system administration programs are installed MANDIR=${PREFIX}/man #Directory where manpages are installed. INITDIR=/etc/rc.d #Directory where SysV init scripts are installed. -INITSOURCE=init.slackware.firewall #Name of the distributed file to be installed as the SysV init script +INITSOURCE=init.slackware.firewall.sh #Name of the distributed file to be installed as the SysV init script INITFILE=rc.firewall #Name of the product's installed SysV init script -AUXINITSOURCE=init.slackware.$PRODUCT #Name of the distributed file to be installed as a second SysV init script +AUXINITSOURCE=init.slackware.$PRODUCT.sh #Name of the distributed file to be installed as a second SysV init script AUXINITFILE=rc.$PRODUCT #Name of the product's installed second init script SYSTEMD= #Name of the directory where .service files are installed (systems running systemd only) SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 2610ca2cc..d0ebba7d2 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -333,14 +333,18 @@ echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT" # Install the Firewall Script # if [ -n "$INITFILE" ]; then - install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544 - [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE - - if [ -n "${AUXINITSOURCE}" ]; then + if [ -f "${INITSOURCE}" ]; then install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544 + [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE + echo "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE" + fi + + if [ -n "${AUXINITSOURCE}" ]; then + install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544 + [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE + echo "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE" fi - echo "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE" fi # From 9efb60c53a6f585c34e5bd404084329718d7e21b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 27 Apr 2012 16:15:04 -0700 Subject: [PATCH 2/3] Move init.slackware.firewall.sh to Shorewall-core Signed-off-by: Tom Eastep --- .../init.slackware.firewall.sh | 0 Shorewall-core/install.sh | 10 ++++++++++ Shorewall-core/shorewallrc.slackware | 8 ++++---- Shorewall/install.sh | 7 ------- 4 files changed, 14 insertions(+), 11 deletions(-) rename {Shorewall => Shorewall-core}/init.slackware.firewall.sh (100%) diff --git a/Shorewall/init.slackware.firewall.sh b/Shorewall-core/init.slackware.firewall.sh similarity index 100% rename from Shorewall/init.slackware.firewall.sh rename to Shorewall-core/init.slackware.firewall.sh diff --git a/Shorewall-core/install.sh b/Shorewall-core/install.sh index ff2736863..a37de7801 100755 --- a/Shorewall-core/install.sh +++ b/Shorewall-core/install.sh @@ -307,6 +307,16 @@ chmod 755 ${DESTDIR}${SBINDIR} mkdir -p ${DESTDIR}${MANDIR} chmod 755 ${DESTDIR}${MANDIR} +if [ -n "${INITFILE}" ]; then + mkdir -p ${DESTDIR}${INITDIR} + chmod 755 ${DESTDIR}${INITDIR} + + if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then + install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544 + [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE + echo "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE" + fi +fi # # Note: ${VARDIR} is created at run-time since it has always been # a relocatable directory on a per-product basis diff --git a/Shorewall-core/shorewallrc.slackware b/Shorewall-core/shorewallrc.slackware index 8eb4f28f7..c04e0bf12 100644 --- a/Shorewall-core/shorewallrc.slackware +++ b/Shorewall-core/shorewallrc.slackware @@ -11,10 +11,10 @@ CONFDIR=/etc #Directory where subsystem configurat SBINDIR=/sbin #Directory where system administration programs are installed MANDIR=${PREFIX}/man #Directory where manpages are installed. INITDIR=/etc/rc.d #Directory where SysV init scripts are installed. -INITSOURCE=init.slackware.firewall.sh #Name of the distributed file to be installed as the SysV init script -INITFILE=rc.firewall #Name of the product's installed SysV init script -AUXINITSOURCE=init.slackware.$PRODUCT.sh #Name of the distributed file to be installed as a second SysV init script -AUXINITFILE=rc.$PRODUCT #Name of the product's installed second init script +AUXINITSOURCE=init.slackware.firewall.sh #Name of the distributed file to be installed as the SysV init script +AUXINITFILE=rc.firewall #Name of the product's installed SysV init script +INITSOURCE=init.slackware.$PRODUCT.sh #Name of the distributed file to be installed as a second SysV init script +INITFILE=rc.$PRODUCT #Name of the product's installed second init script SYSTEMD= #Name of the directory where .service files are installed (systems running systemd only) SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR SYSCONFDIR= #Name of the directory where SysV init parameter files are installed. diff --git a/Shorewall/install.sh b/Shorewall/install.sh index d0ebba7d2..cce9a0d53 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -338,13 +338,6 @@ if [ -n "$INITFILE" ]; then [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE echo "$Product script installed in ${DESTDIR}${INITDIR}/$INITFILE" fi - - if [ -n "${AUXINITSOURCE}" ]; then - install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544 - [ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE - echo "$Product script installed in ${DESTDIR}${INITDIR}/$AUXINITFILE" - fi - fi # From b9e634999421b96004aaf5e2333f11a1f1435efb Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 29 Apr 2012 09:07:34 -0700 Subject: [PATCH 3/3] Add some comments Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 1c5885254..fbdb608a0 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -468,7 +468,7 @@ sub convert_blacklist() { open $blrules, '>', $fn1 or fatal_error "Unable to open $fn1: $!"; print $blrules <<'EOF'; # -# Shorewall version 5 - Blacklist Rules File +# Shorewall version 4.55 - Blacklist Rules File # # For information about entries in this file, type "man shorewall-blrules" # @@ -1476,17 +1476,21 @@ sub generate_matrix() { progress_message ' Handling complex zones...'; # - # Special processing for complex configurations + # Special processing for configurations with more than 2 off-firewall zones or with other special considerations like IPSEC. # for my $zone ( @zones ) { my $zoneref = find_zone( $zone ); next if @zones <= 2 && ! $zoneref->{complex}; # - # Complex zone or we have more than one non-firewall zone -- Shorewall::Rules::classic_blacklist created a zone forwarding chain + # Complex zone or we have more than two off-firewall zones -- Shorewall::Rules::classic_blacklist created a zone forwarding chain # my $frwd_ref = $filter_table->{zone_forward_chain( $zone )}; + assert( $frwd_ref, $zone ); + # + # Add Zone mark if any + # add_ijump( $frwd_ref , j => 'MARK --set-mark ' . in_hex( $zoneref->{mark} ) . '/' . in_hex( $globals{ZONE_MASK} ) ) if $zoneref->{mark}; if ( have_ipsec ) {