holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove the controversial symbolic link /sbin/shorewall

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4079 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-12 17:48:20 +00:00
parent ac636aabb2
commit b52477a629
21 changed files with 91 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall-lite/Makefile
View File

@ -5,13 +5,13 @@ RESTOREFILE?=.restore
all: $(VARDIR)/${RESTOREFILE}
$(VARDIR)/${RESTOREFILE}: $(SHAREDIR)/firewall
@/usr/share/shorewall-lite/shorewall -q save >/dev/null; \
@/sbin/shorewall-lite -q save >/dev/null; \
if \
/usr/share/shorewall-lite/shorewall -q restart >/dev/null 2>&1; \
/sbin/shorewall-lite -q restart >/dev/null 2>&1; \
then \
/usr/share/shorewall-lite/shorewall -q save >/dev/null; \
/sbin/shorewall-lite -q save >/dev/null; \
else \
/usr/share/shorewall-lite/shorewall -q restart 2>&1 | tail >&2; \
/sbin/shorewall-lite -q restart 2>&1 | tail >&2; \
fi
# EOF

2
Shorewall-lite/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{

6
Shorewall-lite/init.archlinux.sh
View File

@ -20,7 +20,7 @@ DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
case "$1" in
start)
stat_busy "Starting $DAEMON_NAME"
/usr/share/shorewall-lite/shorewall $OPTIONS start &>/dev/null
/sbin/shorewall-lite $OPTIONS start &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else
@ -32,7 +32,7 @@ case "$1" in
stop)
stat_busy "Stopping $DAEMON_NAME"
/usr/share/shorewall-lite/shorewall stop &>/dev/null
/sbin/shorewall-lite stop &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else
@ -43,7 +43,7 @@ case "$1" in
restart|reload)
stat_busy "Restarting $DAEMON_NAME"
/usr/share/shorewall-lite/shorewall restart &>/dev/null
/sbin/shorewall-lite restart &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else

2
Shorewall-lite/init.debian.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
SRWL=/usr/share/shorewall-lite/shorewall
SRWL=/sbin/shorewall-lite
WAIT_FOR_IFUP=/usr/share/shorewall-lite/wait4ifup
# Note, set INITLOG to /dev/null if you do not want to
# keep logs of the firewall (not recommended)

6
Shorewall-lite/init.sh
View File

@ -74,14 +74,14 @@ command="$1"
case "$command" in
start)
exec /usr/share/shorewall-lite/shorewall $OPTIONS $@
exec /sbin/shorewall-lite $OPTIONS $@
;;
stop|restart|status)
exec /usr/share/shorewall-lite/shorewall $@
exec /sbin/shorewall-lite $@
;;
reload)
shift
exec /usr/share/shorewall-lite/shorewall restart $@
exec /sbin/shorewall-lite restart $@
;;
*)
usage

16
Shorewall-lite/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{
@ -226,6 +226,10 @@ else
rm -rf ${PREFIX}/var/lib/shorewall-lite
fi
install_file_with_backup shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite"
#
# Install the Firewall Script
#
@ -268,16 +272,6 @@ fi
run_install $OWNERSHIP -m 0600 Makefile ${PREFIX}/etc/shorewall-lite/Makefile
echo "Makefile installed as ${PREFIX}/etc/shorewall-lite/Makefile"
install_file shorewall ${PREFIX}/usr/share/shorewall-lite/shorewall 0555
echo "shorewall control program installed in /usr/share/shorewall-lite/shorewall"
if [ -z "$PREFIX" ]; then
if [ ! -L /sbin/shorewall ]; then
[ -f /sbin/shorewall ] && backup_file /sbin/shorewall ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
fi
fi
#
# Install the default config path file
#

36
Shorewall-lite/releasenotes.txt
View File

@ -14,7 +14,13 @@ Problems Corrected in 3.2.0 RC 2
Other changes in 3.2.0 RC 3
None.
1) The controversial symbolic link /sbin/shorewall has been
eliminated. The Shorewall Lite control program is now
/sbin/shorewall-lite. Those users who only run Shorewall Lite and
who prefer the name /sbin/shorewall may create a symbolic link as
follows:
ln -sf shorewall-lite /sbin/shorewall
New Features:
@ -51,32 +57,8 @@ e) On the administrative system, for each firewall system you:
/sbin/shorewall compile -e . firewall
scp firewall root@<firewall system>:/usr/share/shorewall/
3) On the firewall system, 'shorewall start'.
3) On the firewall system, 'shorewall-lite start'.
It is possible to have both shorewall and Shorewall Lite
installed on the same system if you use RPM. Regardless of whether
you use RPM or the installer, Shorewall Lite directory names have
been change from 'shorewall' to 'shorewall-lite':
/etc/shorewall -> /etc/shorewall-lite
/usr/share/shorewall -> /usr/share/shorewall-lite
/var/lib/shorewall -> /var/lib/shorewall-lite
If you use the RPMs, whichever package is installed first will
determine which package /sbin/shorewall invokes. /sbin/shorewall is
now a symbolic link created by 'rpm':
Shorewall: /sbin/shorewall points to /usr/share/shorewall/shorewall
Shorewall Lite:
/sbin/shorewall points to /usr/share/shorewall/shorewall-lite
You may use the 'ln -sf' command to change from one to the other:
To use 'Shorewall' rather than 'Shorewall Lite'
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
To use 'Shorewall Lite' rather than 'Shorewall'
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
installed on the same system.

2
Shorewall-lite/shorewall → Shorewall-lite/shorewall-lite
View File

@ -6,7 +6,7 @@
#
# (c) 1999,2000,2001,2002,2003,2004,2005,2006 - Tom Eastep (teastep@shorewall.net)
#
# This file should be placed in /usr/share/shorewall-lite/shorewall.
# This file should be placed in /sbin/shorewall-lite.
#
# Shorewall documentation is available at http://shorewall.sourceforge.net
#

16
Shorewall-lite/shorewall-lite.spec
View File

@ -1,6 +1,6 @@
%define name shorewall-lite
%define version 3.2.0
%define release 0RC2
%define release 0RC3
%define prefix /usr
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
@ -51,8 +51,6 @@ if [ $1 -eq 1 ]; then
fi
fi
[ -L /sbin/shorewall ] || [ -f /sbin/shorewall ] || ln -s /usr/share/shorewall-lite/shorewall /sbin/shorewall
%preun
if [ $1 = 0 ]; then
@ -64,12 +62,6 @@ if [ $1 = 0 ]; then
fi
%triggerpostun -- shorewall-lite <= 3.2.0-0RC1
if [ -f /usr/share/shorewall-lite/shorewall ]; then
[ -L /sbin/shorewall ] || ln -s /usr/share/shorewall-lite/shorewall /sbin/shorewall
fi
%files
%defattr(0644,root,root,0755)
%attr(0755,root,root) %dir /etc/shorewall-lite
@ -79,7 +71,8 @@ fi
%attr(0755,root,root) %dir /usr/share/shorewall-lite
%attr(0700,root,root) %dir /var/lib/shorewall-lite
%attr(0555,root,root) /usr/share/shorewall-lite/shorewall
%attr(0555,root,root) /sbin/shorewall-lite
%attr(0644,root,root) /usr/share/shorewall-lite/version
%attr(0644,root,root) /usr/share/shorewall-lite/configpath
%attr(0444,root,root) /usr/share/shorewall-lite/functions
@ -91,6 +84,9 @@ fi
%doc COPYING changelog.txt releasenotes.txt
%changelog
* Mon Jun 12 2006 Tom Eastep tom@shorewall.net
- Change control program to /sbin/shorewall-lite
- Version 3.2.0-RC3
* Fri Jun 09 2006 Tom Eastep tom@shorewall.net
- Install Shorewall-lite in its own directories
* Wed Jun 07 2006 Tom Eastep tom@shorewall.net

2
Shorewall-lite/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{

2
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{

6
Shorewall/init.archlinux.sh
View File

@ -20,7 +20,7 @@ DAEMON_NAME="shorewall" # of course shorewall is NOT a deamon.
case "$1" in
start)
stat_busy "Starting $DAEMON_NAME"
/usr/share/shorewall/shorewall $OPTIONS start &>/dev/null
/sbin/shorewall $OPTIONS start &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else
@ -32,7 +32,7 @@ case "$1" in
stop)
stat_busy "Stopping $DAEMON_NAME"
/usr/share/shorewall/shorewall stop &>/dev/null
/sbin/shorewall stop &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else
@ -43,7 +43,7 @@ case "$1" in
restart|reload)
stat_busy "Restarting $DAEMON_NAME"
/usr/share/shorewall restart &>/dev/null
/sbin/shorewall restart &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else

2
Shorewall/init.debian.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
SRWL=/usr/share/shorewall/shorewall
SRWL=/sbin/shorewall
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
# Note, set INITLOG to /dev/null if you do not want to
# keep logs of the firewall (not recommended)

6
Shorewall/init.sh
View File

@ -74,14 +74,14 @@ command="$1"
case "$command" in
start)
exec /usr/share/shorewall/shorewall $OPTIONS $@
exec /sbin/shorewall $OPTIONS $@
;;
stop|restart|status)
exec /usr/share/shorewall/shorewall $@
exec /sbin/shorewall $@
;;
reload)
shift
exec /usr/share/shorewall/shorewall restart $@
exec /sbin/shorewall restart $@
;;
*)
usage

18
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{
@ -223,6 +223,10 @@ else
first_install="Yes"
fi
install_file_with_backup shorewall ${PREFIX}/sbin/shorewall 0555 ${PREFIX}/var/lib/shorewall-${VERSION}.bkout
echo "shorewall control program installed in ${PREFIX}/sbin/shorewall"
#
# Install the Firewall Script
#
@ -272,18 +276,6 @@ if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then
run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones
echo "Zones file installed as ${PREFIX}/etc/shorewall/zones"
fi
#
# Install control program
#
install_file shorewall ${PREFIX}/usr/share/shorewall/shorewall 0555
echo "shorewall control program installed in /usr/share/shorewall/shorewall"
if [ -z "$PREFIX" ]; then
if [ ! -L /sbin/shorewall ]; then
[ -f /sbin/shorewall ] && backup_file /sbin/shorewall ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
fi
fi
#
# Install the functions file

58
Shorewall/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 3.2.0 RC 2
Shorewall 3.2.0 RC 3
Note to users upgrading from Shorewall 2.x or 3.0
@ -31,52 +31,30 @@ Note to users upgrading from Shorewall 2.x or 3.0
Please see the "Migration Considerations" below for additional upgrade
information.
Problems Corrected in 3.2.0 RC 2
Problems Corrected in 3.2.0 RC 3
1) The treatment of IPTABLES and LOGFORMAT have been clarified with
respect to Shorewall Lite. If these options are set in the
shorewall.conf file used at compile time, then the generated
firewall script will use those values. /sbin/shorewall on the
firewall system will use the corresponding values from
/etc/shorewall/shorewall.conf on that system.
1) When -e is specified to the compile command, it is possible for an
incorrect direct reference to /var/lib/shorewall to be included in the
compiled script.
If the values are not given in shorewall.conf at compile time then
the values in /etc/shorewall/shorewall.conf on the firewall system
will be used by the generated firewall script.
2) A typo in the compiler resulted in a wrong file being removed during
"shorewall stop" and "shorewall restart". The result was generally harmless.
To take advantage of this change, both the administrative system
and the firewall system(s) must be running RC2 or later.
Replace /usr/share/shorewall/compiler with the 'compiler' file from the
errata/Shorewall sub-directory.
Other changes in 3.2.0 RC 2
Replace /usr/share/shorewall/prog.footer with the 'prog.footer' file from
the errata/Shorewall sub-directory.
1) The sample configurations have been updated for version 3.2.
Other changes in 3.2.0 RC 3
2) It is now possible to have both shorewall and Shorewall Lite
installed on the same system if you use RPM. Regardless of whether
you use RPM or the installer, Shorewall Lite directory names have
been change from 'shorewall' to 'shorewall-lite':
1) The controversial symbolic link /sbin/shorewall has been
eliminated. The Shorewall Lite control program is now
/sbin/shorewall-lite. Those users who only run Shorewall Lite and
who prefer the name /sbin/shorewall may create a symbolic link as
follows:
/etc/shorewall -> /etc/shorewall-lite
/usr/share/shorewall -> /usr/share/shorewall-lite
/var/lib/shorewall -> /var/lib/shorewall-lite
If you use the RPMs, whichever package is installed first will
determine which package /sbin/shorewall invokes. /sbin/shorewall is
now a symbolic link created by 'rpm':
Shorewall: /sbin/shorewall points to /usr/share/shorewall/shorewall
Shorewall Lite:
/sbin/shorewall points to /usr/share/shorewall/shorewall-lite
You may use the 'ln -sf' command to change from one to the other:
To use 'Shorewall' rather than 'Shorewall Lite'
ln -sf /usr/share/shorewall/shorewall /sbin/shorewall
To use 'Shorewall Lite' rather than 'Shorewall'
ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall
ln -sf shorewall-lite /sbin/shorewall
Migration Considerations:

13
Shorewall/shorewall.spec
View File

@ -1,6 +1,6 @@
%define name shorewall
%define version 3.2.0
%define release 0RC2
%define release 0RC3
%define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -48,8 +48,6 @@ if [ $1 -eq 1 ]; then
fi
fi
[ -L /sbin/shorewall ] || [ -f /sbin/shorewall ] || ln -s /usr/share/shorewall/shorewall /sbin/shorewall
%preun
if [ $1 = 0 ]; then
@ -63,12 +61,6 @@ if [ $1 = 0 ]; then
fi
%triggerpostun -- shorewall <= 3.2.0-0RC1
if [ -f /usr/share/shorewall/shorewall ]; then
[ -L /sbin/shorewall ] || ln -s /usr/share/shorewall/shorewall /sbin/shorewall
fi
%files
%defattr(0644,root,root,0755)
%attr(0544,root,root) /etc/init.d/shorewall
@ -109,7 +101,8 @@ fi
%attr(0600,root,root) %config(noreplace) /etc/shorewall/tcdevices
%attr(0600,root,root) /etc/shorewall/Makefile
%attr(0555,root,root) /usr/share/shorewall/shorewall
%attr(0555,root,root) /sbin/shorewall
%attr(0644,root,root) /usr/share/shorewall/version
%attr(0644,root,root) /usr/share/shorewall/actions.std
%attr(0644,root,root) /usr/share/shorewall/action.Drop

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=3.2.0-RC2
VERSION=3.2.0-RC3
usage() # $1 = exit status
{

76
docs/CompiledPrograms.xml
View File

@ -197,63 +197,10 @@
<para>The firewall systems do <emphasis role="bold">NOT</emphasis>
need to have the full Shorewall product installed but rather only
the Shorewall Lite product. Shorewall and Shorewall LIte may be
installed on the same system <emphasis role="bold">although we don't
recommend doing so</emphasis>; whichever package is installed first
will be the one invoked by <filename
class="symlink">/sbin/shorewall</filename>. <filename
class="symlink">/sbin/shorewall</filename> is a symbolic link that
points to the real shorewall script:</para>
<itemizedlist>
<listitem>
<para>It points to
<filename>/usr/share/shorewall/shorewall</filename> if the full
Shorewall package is to be used.</para>
</listitem>
<listitem>
<para>It points to
<filename>/usr/share/shorewall-lite/shorewall</filename> if
Shorewall Lite is to be used.</para>
</listitem>
</itemizedlist>
<para>You can switch between the two using the <command>ln
-sf</command> command:</para>
<itemizedlist>
<listitem>
<para>To select Shorewall:</para>
<programlisting><command>ln -sf /usr/share/shorewall/shorewall /sbin/shorewall</command></programlisting>
</listitem>
<listitem>
<para>To select Shorewall Lite</para>
<programlisting><command>ln -sf /usr/share/shorewall-lite/shorewall /sbin/shorewall</command></programlisting>
</listitem>
</itemizedlist>
installed on the same system.</para>
</note>
</listitem>
<listitem>
<para>You can always see which product is being used by running the
version command.</para>
<para>On a system running full Shorewall:</para>
<programlisting>wifitipper:~ # <command>shorewall version</command>
3.2.0-RC2
wifitipper:~ # </programlisting>
<para>On a system running Shorewall Lite:</para>
<programlisting>wireless:~ # <command>shorewall version</command>
3.2.0-RC2 Lite
wireless:~ # </programlisting>
</listitem>
<listitem>
<para>On the administrative system you create a separete
'configuration directory' for each firewall system. You copy the
@ -297,7 +244,7 @@ wireless:~ # </programlisting>
<para>If you are running Debian or one of its derivatives like Ubuntu
then edit /etc/default/shorewall-lite and set startup=1.</para>
<programlisting><command>shorewall start</command></programlisting>
<programlisting><command>shorewall-lite start</command></programlisting>
</listitem>
</orderedlist>
@ -337,9 +284,10 @@ wireless:~ # </programlisting>
</simplelist>
</blockquote>
<para>The <filename>/sbin/shorewall</filename> program included with
Shorewall Lite supports the same set of commands as the one in a full
Shorewall installation with the following exceptions:</para>
<para>The <filename>/sbin/shorewall-lite</filename> program included with
Shorewall Lite supports the same set of commands as the
<filename>/sbin/shorewall</filename> program in a full Shorewall
installation with the following exceptions:</para>
<blockquote>
<simplelist>
@ -357,6 +305,16 @@ wireless:~ # </programlisting>
</simplelist>
</blockquote>
<para>On systems with only Shorewall Lite installed, I recommend that you
create a symbolic link <filename>/sbin/shorewall</filename> and point it
at <filename>/sbin/shorewall-lite</filename>. That way, you can use
<command>shorewall</command> as the command regardless of which product is
installed.</para>
<blockquote>
<programlisting><command>ln -sf shorewall-lite /sbin/shorewall</command></programlisting>
</blockquote>
<section>
<title>Converting a system from Shorewall to Shorewall Lite</title>
@ -424,7 +382,7 @@ wireless:~ # </programlisting>
Ubuntu then edit /etc/default/shorewall-lite and set
startup=1.</para>
<programlisting><command>shorewall start</command></programlisting>
<programlisting><command>shorewall-lite start</command></programlisting>
</listitem>
</orderedlist>
</section>

21
docs/FAQ.xml
View File

@ -1837,27 +1837,6 @@ eth0 eth1 # eth1 = interface to local netwo
installed on at least one system within your network in order to use
Shorewall Lite.</para>
</section>
<section id="faq55">
<title>(FAQ 55) I just installed Shorewall but /sbin/shorewall runs
Shorewall Lite!</title>
<para>Example:</para>
<blockquote>
<programlisting>wireless:/usr/share/shorewall-lite # <command>shorewall version</command>
ERROR: Shorewall Lite is not properly installed
The file /usr/share/shorewall-lite/firewall does not exist
wireless:/usr/share/shorewall-lite #</programlisting>
</blockquote>
<para><emphasis role="bold">Answer</emphasis>: This means that Shorewall
Lite was already installed when you installed Shorewall and the
/sbin/shorewall symbolic link is still pointing to the Shorewall Lite
version of the program. See the <ulink
url="CompiledPrograms.html#Lite">Shorewall Lite documentation</ulink>
for instructions on how to correct this condition.</para>
</section>
</section>
<section>

13
docs/starting_and_stopping_shorewall.xml
View File

@ -95,10 +95,6 @@
</orderedlist>
</warning>
<para>Beginning with Shorewall version 3.2.0 RC 2,
<filename>/sbin/shorewall</filename> is a symbolic link that points to
<filename>/usr/share/shorewall/shorwall</filename>.</para>
<para>To see a list of supported commands, use the
<command>help</command> command:</para>
@ -156,9 +152,8 @@
<itemizedlist>
<listitem>
<para><filename>/sbin/shorewall</filename> — A symbolic link to
<filename>/usr/share/shorewall-lite/shorwall</filename>. This is the
program that you use to interact with Shorewall Lite.</para>
<para><filename>/sbin/shorewall-lite</filename> — This is the program
that you use to interact with Shorewall Lite.</para>
</listitem>
<listitem>
@ -596,7 +591,9 @@
<filename>/etc/shorewall/shorewall.conf</filename>.</para>
</blockquote>
<para>Following in alphabetical order are the supported commands.</para>
<para>Following in alphabetical order are the supported commands. Except
as noted, <filename>/sbin/shorewall-lite</filename> supports the same
commands as <filename>/sbin/shorewall</filename>.</para>
<variablelist>
<varlistentry>