From b6f49d77acbbe17b6917b392357cb2d929d1259b Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 16 May 2004 17:10:55 +0000 Subject: [PATCH] Shorewall 2.0.2a git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE2/changelog.txt | 4 +++ STABLE2/fallback.sh | 2 +- STABLE2/firewall | 66 ++++++++++++++++------------------------ STABLE2/functions | 49 +++++++++++++++++++++++++++++ STABLE2/install.sh | 2 +- STABLE2/maclist | 5 ++- STABLE2/releasenotes.txt | 13 ++++++-- STABLE2/routestopped | 10 ++++-- STABLE2/shorewall.spec | 4 ++- STABLE2/uninstall.sh | 2 +- 10 files changed, 108 insertions(+), 49 deletions(-) diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index 7d9d10013..cbafd13e7 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -59,3 +59,7 @@ Changes since 2.0.1 28) Correct typo that broke "shorewall delete" 29) Apply Stijn Jonker's -q fix. + +30) Remove restore-$$ files. + +31) Save 'loadmodule' commands in /var/lib/shorewall/restore-base. diff --git a/STABLE2/fallback.sh b/STABLE2/fallback.sh index 3b6886011..dc08c193c 100755 --- a/STABLE2/fallback.sh +++ b/STABLE2/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=2.0.2 +VERSION=2.0.2a usage() # $1 = exit status { diff --git a/STABLE2/firewall b/STABLE2/firewall index 469074252..5db13ea3c 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -87,6 +87,7 @@ startup_error() # $* = Error Message echo " Error: $@" >&2 my_mutex_off [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR + rm -f /var/lib/shorewall/restore-$$ kill $$ exit 2 } @@ -1213,6 +1214,9 @@ stop_firewall() { # # Turn off trace unless we were tracing "stop" or "clear" # + + rm -f /var/lib/shorewall/restore-$$ + case $COMMAND in stop|clear) ;; @@ -1222,8 +1226,6 @@ stop_firewall() { ;; *) set +x - rm -f /var/lib/shorewall/restore-$$ - if [ -f /var/lib/shorewall/restore ]; then echo Restoring Shorewall... . /var/lib/shorewall/restore @@ -2325,6 +2327,7 @@ check_config() { process_actions2 rm -rf $TMP_DIR + rm -f /var/lib/shorewall/restore-$$ echo "Configuration Validated" @@ -3842,42 +3845,6 @@ process_tos() # $1 = name of tos file run_iptables -t mangle -A OUTPUT -j outtos } -# -# Load a Kernel Module -# -loadmodule() # $1 = module name, $2 - * arguments -{ - local modulename=$1 - local modulefile - local suffix - moduleloader=modprobe - - if ! qt which modprobe; then - moduleloader=insmod - fi - - if [ -z "$(lsmod | grep $modulename)" ]; then - shift - - for suffix in $MODULE_SUFFIX ; do - modulefile=$MODULESDIR/${modulename}.${suffix} - - if [ -f $modulefile ]; then - case $moduleloader in - insmod) - insmod $modulefile $* - ;; - *) - modprobe $modulename - ;; - esac - - return - fi - done - fi -} - # # Display elements of a list with leading white space # @@ -4570,6 +4537,20 @@ load_kernel_modules() { if [ -f $modules -a -d $MODULESDIR ]; then echo "Loading Modules..." . $modules + + if [ "$command" != check ]; then + save_command "reload_kernel_modules < /var/lib/shorewall/restore-$$ + echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$ + + save_command "MODULESDIR=\"$MODULESDIR\"" + save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\"" + load_kernel_modules echo "Initializing..."; initialize_netfilter @@ -6078,8 +6066,6 @@ do_initialize() { rm -f $TMP_DIR/physdev - echo '#bin/sh' > /var/lib/shorewall/restore-$$ - echo ". /usr/share/shorewall/functions" >> /var/lib/shorewall/restore-$$ } # diff --git a/STABLE2/functions b/STABLE2/functions index a856a3d32..57f079376 100755 --- a/STABLE2/functions +++ b/STABLE2/functions @@ -162,6 +162,55 @@ separate_list() { echo "$newlist" } +# +# Load a Kernel Module +# +loadmodule() # $1 = module name, $2 - * arguments +{ + local modulename=$1 + local modulefile + local suffix + moduleloader=modprobe + + if ! qt which modprobe; then + moduleloader=insmod + fi + + if [ -z "$(lsmod | grep $modulename)" ]; then + shift + + for suffix in $MODULE_SUFFIX ; do + modulefile=$MODULESDIR/${modulename}.${suffix} + + if [ -f $modulefile ]; then + case $moduleloader in + insmod) + insmod $modulefile $* + ;; + *) + modprobe $modulename $* + ;; + esac + + return + fi + done + fi +} + +# +# Reload the Modules +# +reload_kernel_modules() { + + [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter + + while read command; do + eval $command + done + +} + # # Find the zones # diff --git a/STABLE2/install.sh b/STABLE2/install.sh index e87fd8e70..54959295a 100755 --- a/STABLE2/install.sh +++ b/STABLE2/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=2.0.2 +VERSION=2.0.2a usage() # $1 = exit status { diff --git a/STABLE2/maclist b/STABLE2/maclist index e26c3bf42..3374fd83c 100644 --- a/STABLE2/maclist +++ b/STABLE2/maclist @@ -5,7 +5,10 @@ # # Columns are: # -# INTERFACE Network interface to a host +# INTERFACE Network interface to a host. If the interface +# names a bridge, it may be optionally followed by +# a colon (":") and a physical port name (e.g., +# br0:eth4). # # MAC MAC address of the host -- you do not need to use # the Shorewall format for MAC addresses here diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index 49dda9546..5dc3cdebc 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.0.2 +Shorewall 2.0.2a ---------------------------------------------------------------------- Problems Corrected since 2.0.1 @@ -16,8 +16,17 @@ Problems Corrected since 2.0.1 rules pertaining to the host(s) being deleted. Thanks to Stefan Engel for this correction. +Problems Corrected since 2.0.2 + +1) The 'firewall' script is not purging temporary restore files in + /var/lib/shorewall. These files have names of the form + "restore-nnnnn". + +2) The /var/lib/shorewall/restore script did not load the kernel + modules specified in /etc/shorewall/modules. + ----------------------------------------------------------------------- -Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1: +Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: 1) Extension Scripts diff --git a/STABLE2/routestopped b/STABLE2/routestopped index 40d0f4d29..8d5a0b41c 100644 --- a/STABLE2/routestopped +++ b/STABLE2/routestopped @@ -14,12 +14,18 @@ # HOST(S) - (Optional) Comma-separated list of IP/subnet # If left empty or supplied as "-", # 0.0.0.0/0 is assumed. +# OPTIONS - (Optional) A comma-separated list of +# options. The currently-supported options are: +# +# routeback - Set up a rule to ACCEPT traffic from +# these hosts back to themselves. # # Example: # -# INTERFACE HOST(S) +# INTERFACE HOST(S) OPTIONS # eth2 192.168.1.0/24 # eth0 192.0.2.44 +# br0 - routeback ############################################################################## -#INTERFACE HOST(S) +#INTERFACE HOST(S) OPTIONS #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/STABLE2/shorewall.spec b/STABLE2/shorewall.spec index b69ba0778..84bd50feb 100644 --- a/STABLE2/shorewall.spec +++ b/STABLE2/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 2.0.2 +%define version 2.0.2a %define release 1 %define prefix /usr @@ -141,6 +141,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Sat May 15 2004 Tom Eastep tom@shorewall.net +- Updated for 2.0.2a-1 * Thu May 13 2004 Tom Eastep tom@shorewall.net - Updated for 2.0.2-1 * Mon May 10 2004 Tom Eastep tom@shorewall.net diff --git a/STABLE2/uninstall.sh b/STABLE2/uninstall.sh index e09e75742..28c45eb8c 100755 --- a/STABLE2/uninstall.sh +++ b/STABLE2/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=2.0.2 +VERSION=2.0.2a usage() # $1 = exit status {