diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 0e2de1525..60499180d 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -1201,11 +1201,17 @@ show_saves_command() { echo for f in ${VARDIR}/*-iptables; do - fn=$(basename $f) - fn=${fn%-iptables} - mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' ) - [ $fn = "$RESTOREFILE" ] && fn="$fn (default)" - echo " $mtime ${fn%-iptables}" + case $f in + *\**) + ;; + *) + fn=$(basename $f) + fn=${fn%-iptables} + mtime=$(ls -lt $f | tail -n 1 | cut -d ' ' -f '6 7 8' ) + [ $fn = "$RESTOREFILE" ] && fn="$fn (default)" + echo " $mtime ${fn%-iptables}" + ;; + esac done echo diff --git a/Shorewall/Macros/macro.IPFS-swarm b/Shorewall/Macros/macro.IPFS-swarm new file mode 100644 index 000000000..1256b3152 --- /dev/null +++ b/Shorewall/Macros/macro.IPFS-swarm @@ -0,0 +1,9 @@ +# +# Shorewall -- /usr/share/shorewall/macro.IPFS-swarm +# +# This macro handles IPFS data traffic (the connection to IPFS swarm). +# +############################################################################### +#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER + +PARAM - - tcp 4001 diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 339bf483a..38977b2fd 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -2529,6 +2529,10 @@ sub split_rawline2( $$;$$$ ) { # Delete trailing comment # $currentline =~ s/\s*#.*//; + # + # Convert ${...} to $... + # + $currentline =~ s/\$\{(.*?)\}/\$$1/g; my @result = &split_line2( @_ ); @@ -5459,7 +5463,7 @@ sub update_config_file( $ ) { update_default( 'BLACKLIST_DEFAULT', 'AllowICMPs,dropBcasts,dropNotSyn,dropInvalid' ); } - for ( qw/DROP_DEFAULT REJECT_DEFAULT/ ) { + for ( qw/DROP_DEFAULT REJECT_DEFAULT BLACKLIST_DEFAULT/ ) { my $policy = $config{ $_ }; if ( $policy =~ /\bA_(?:Drop|Reject)\b/ ) { @@ -6599,7 +6603,7 @@ sub get_configuration( $$$ ) { default_yes_no 'BALANCE_PROVIDERS' , $config{USE_DEFAULT_RT} ? 'Yes' : ''; default_yes_no 'USE_NFLOG_SIZE' , ''; - if ( ( $val = $config{AUTOMAKE} ) !~ /^[Rr]ecursive$/ ) { + if ( ( $val = ( $config{AUTOMAKE} || '' ) ) !~ /^[Rr]ecursive$/ ) { default_yes_no( 'AUTOMAKE' , '' ) unless $val && $val =~ /^\d{1,2}$/; } diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 60efeb0a1..8544aa0a0 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -810,7 +810,7 @@ sub add_common_rules ( $ ) { $dbl_dst_target = $dbl_src_target; } } elsif ( $dbl_level ) { - my $chainref = set_optflags( new_standard_chain( $dbl_src_target = 'dbl_log' ) , DONT_OPTIMIZE | DONT_DELETE ); + my $chainref = set_optflags( new_standard_chain( $dbl_src_target = $dbl_dst_target = 'dbl_log' ) , DONT_OPTIMIZE | DONT_DELETE ); log_rule_limit( $dbl_level, $chainref, diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime index f8d8fdcdc..947a8524a 100644 --- a/Shorewall/Perl/lib.runtime +++ b/Shorewall/Perl/lib.runtime @@ -675,7 +675,7 @@ interface_is_usable() # $1 = interface status=0 if ! loopback_interface $1; then - if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then + if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then if [ "$COMMAND" != enable ]; then [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 status=$? @@ -1101,7 +1101,7 @@ interface_is_usable() # $1 = interface status=0 if [ "$1" != lo ]; then - if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ]; then + if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then if [ "$COMMAND" != enable ]; then [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 status=$? diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 9896e18d4..46c932335 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -412,10 +412,14 @@ uptodate() { elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print)" ]; then return 1; fi - elif [ $AUTOMAKE = recursive ]; then + elif [ "$AUTOMAKE" = recursive ]; then if [ -n "$(${find} ${dir} -newer $1 -print -quit)" ]; then return 1; fi + elif [ -z "$AUTOMAKE" ]; then + if [ -n "$(${find} ${dir} -maxdepth 1 -type f -newer $1 -print -quit)" ]; then + return 1; + fi elif [ -n "$(${find} ${dir} -maxdepth $AUTOMAKE -type f -newer $1 -print -quit)" ]; then return 1; fi @@ -1063,6 +1067,41 @@ restart_command() { return $rc } +read_yesno_with_timeout() { + local timeout + timeout=${1:-60} + + case $timeout in + *s) + ;; + *m) + timeout=$((${timeout%m} * 60)) + ;; + *h) + timeout=$((${timeout%h} * 3600)) + ;; + esac + + read -t $timeout yn 2> /dev/null + if [ $? -eq 2 ] + then + # read doesn't support timeout + test -x /bin/bash || return 2 # bash is not installed so the feature is not available + /bin/bash -c "read -t $timeout yn ; if [ \"\$yn\" == \"y\" ] ; then exit 0 ; else exit 1 ; fi" # invoke bash and use its version of read + return $? + else + # read supports timeout + case "$yn" in + y|Y) + return 0 + ;; + *) + return 1 + ;; + esac + fi +} + # # Safe-start/safe-reload/safe-restart Command Executor #