2.0.0 RC1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1177 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-02-29 15:51:08 +00:00
parent a96129e9fc
commit bf9e1ef4ed
5 changed files with 30 additions and 28 deletions

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.0.0-Beta3 VERSION=2.0.0-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -65,7 +65,7 @@ error_message() # $* = Error Message
fatal_error() # $* = Error Message fatal_error() # $* = Error Message
{ {
echo " Error: $@" >&2 echo " Error: $@" >&2
if [ $command = check ]; then if [ $COMMAND = check ]; then
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
else else
stop_firewall stop_firewall
@ -663,7 +663,7 @@ validate_policy()
print_policy() # $1 = source zone, $2 = destination zone print_policy() # $1 = source zone, $2 = destination zone
{ {
[ $command != check ] || \ [ $COMMAND != check ] || \
[ $1 = $2 ] || \ [ $1 = $2 ] || \
[ $1 = all ] || \ [ $1 = all ] || \
[ $2 = all ] || \ [ $2 = all ] || \
@ -982,7 +982,7 @@ stop_firewall() {
# #
# Turn off trace unless we were tracing "stop" or "clear" # Turn off trace unless we were tracing "stop" or "clear"
# #
case $command in case $COMMAND in
stop|clear) stop|clear)
;; ;;
check) check)
@ -1080,7 +1080,7 @@ stop_firewall() {
rm -rf $TMP_DIR rm -rf $TMP_DIR
case $command in case $COMMAND in
stop|clear) stop|clear)
;; ;;
*) *)
@ -1468,7 +1468,7 @@ setup_mac_lists() {
[ -z "$blob" ] && \ [ -z "$blob" ] && \
fatal_error "Interface $interface must be up before Shorewall can start" fatal_error "Interface $interface must be up before Shorewall can start"
ip -f inet addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do
if [ -n "$broadcast" ]; then if [ -n "$broadcast" ]; then
run_iptables -A $chain -s ${address%/*} -d $broadcast -j RETURN run_iptables -A $chain -s ${address%/*} -d $broadcast -j RETURN
fi fi
@ -2176,7 +2176,7 @@ add_an_action()
;; ;;
esac esac
if [ $command != check ]; then if [ $COMMAND != check ]; then
if [ -n "${serv}" ]; then if [ -n "${serv}" ]; then
for serv1 in $(separate_list $serv); do for serv1 in $(separate_list $serv); do
for srv in $(ip_range $serv1); do for srv in $(ip_range $serv1); do
@ -2339,7 +2339,7 @@ process_action() # $1 = action
# #
# Report Result # Report Result
# #
if [ $command = check ]; then if [ $COMMAND = check ]; then
echo " Rule \"$rule\" checked." echo " Rule \"$rule\" checked."
else else
echo " Rule \"$rule\" added." echo " Rule \"$rule\" added."
@ -2367,7 +2367,7 @@ process_actions1() {
# #
add_builtin_actions() { add_builtin_actions() {
if [ "$command" != check ]; then if [ "$COMMAND" != check ]; then
createchain dropBcast no createchain dropBcast no
qt iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP qt iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP
if ! qt iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP; then if ! qt iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP; then
@ -2407,7 +2407,7 @@ process_actions1() {
eval ${temp}_common=$xaction eval ${temp}_common=$xaction
if ! list_search $xaction $USEDACTIONS; then if ! list_search $xaction $USEDACTIONS; then
USEDACTIONS="$USEDACTIONS $xaction" USEDACTIONS="$USEDACTIONS $xaction"
[ $command = check ] || createactionchain $xaction [ $COMMAND = check ] || createactionchain $xaction
fi fi
;; ;;
*) *)
@ -2513,7 +2513,7 @@ process_actions2() {
for action in $required; do for action in $required; do
if ! list_search $action $USEDACTIONS; then if ! list_search $action $USEDACTIONS; then
USEDACTIONS="$USEDACTIONS $action" USEDACTIONS="$USEDACTIONS $action"
[ $command = check ] || createactionchain $action [ $COMMAND = check ] || createactionchain $action
changed=Yes changed=Yes
fi fi
done done
@ -2621,7 +2621,7 @@ add_nat_rule() {
# Generate nat table rules # Generate nat table rules
if [ $command != check ]; then if [ $COMMAND != check ]; then
if [ "$source" = "$FW" ]; then if [ "$source" = "$FW" ]; then
if [ -n "$excludedests" ]; then if [ -n "$excludedests" ]; then
chain=nonat${nonat_seq} chain=nonat${nonat_seq}
@ -2708,14 +2708,14 @@ add_nat_rule() {
if [ -n "$snat" ]; then if [ -n "$snat" ]; then
if [ -n "$cli" ]; then if [ -n "$cli" ]; then
[ $command = check ] || addnatrule $(snat_chain $dest) $proto $cli $multiport \ [ $COMMAND = check ] || addnatrule $(snat_chain $dest) $proto $cli $multiport \
$sports -d $serv $dports -j SNAT --to-source $snat $sports -d $serv $dports -j SNAT --to-source $snat
else else
for source_host in $source_hosts; do for source_host in $source_hosts; do
[ "x${source_host#*:}" = "x0.0.0.0/0" ] && \ [ "x${source_host#*:}" = "x0.0.0.0/0" ] && \
error_message "Warning: SNAT will occur on all connections to this server and port - rule \"$rule\"" error_message "Warning: SNAT will occur on all connections to this server and port - rule \"$rule\""
[ $command = check ] || addnatrule $(snat_chain $dest) \ [ $COMMAND = check ] || addnatrule $(snat_chain $dest) \
-s ${source_host#*:} $proto $sports $multiport \ -s ${source_host#*:} $proto $sports $multiport \
-d $serv $dports -j SNAT --to-source $snat -d $serv $dports -j SNAT --to-source $snat
done done
@ -2877,7 +2877,7 @@ add_a_rule()
fi fi
if [ -n "${serv}${servport}" ]; then if [ -n "${serv}${servport}" ]; then
if [ $command != check ]; then if [ $COMMAND != check ]; then
# A specific server or server port given # A specific server or server port given
@ -2931,7 +2931,7 @@ add_a_rule()
"An ORIGINAL DESTINATION ($addr) is only allowed in" \ "An ORIGINAL DESTINATION ($addr) is only allowed in" \
" a DNAT or REDIRECT: \"$rule\"" " a DNAT or REDIRECT: \"$rule\""
if [ $command != check ]; then if [ $COMMAND != check ]; then
if [ -n "$loglevel" ]; then if [ -n "$loglevel" ]; then
log_rule_limit $loglevel $chain $logtarget "$ratelimit" $userandgroup \ log_rule_limit $loglevel $chain $logtarget "$ratelimit" $userandgroup \
$(fix_bang $proto $multiport $dest_interface $cli $sports $dports) $(fix_bang $proto $multiport $dest_interface $cli $sports $dports)
@ -3145,7 +3145,7 @@ process_rule() # $1 = target
# Create the canonical chain if it doesn't already exist # Create the canonical chain if it doesn't already exist
[ $command = check ] || ensurechain $chain [ $COMMAND = check ] || ensurechain $chain
# Generate Netfilter rule(s) # Generate Netfilter rule(s)
@ -3233,7 +3233,7 @@ process_rule() # $1 = target
# #
# Report Result # Report Result
# #
if [ $command = check ]; then if [ $COMMAND = check ]; then
echo " Rule \"$rule\" checked." echo " Rule \"$rule\" checked."
else else
echo " Rule \"$rule\" added." echo " Rule \"$rule\" added."
@ -3295,7 +3295,7 @@ process_rules()
*) *)
if list_search $temp $ACTIONS; then if list_search $temp $ACTIONS; then
if ! list_search $temp $USEDACTIONS; then if ! list_search $temp $USEDACTIONS; then
[ $command = check ] || createactionchain $temp [ $COMMAND = check ] || createactionchain $temp
USEDACTIONS="$USEDACTIONS $temp" USEDACTIONS="$USEDACTIONS $temp"
fi fi
@ -4079,7 +4079,7 @@ verify_os_version() {
;; ;;
esac esac
[ $command = start -a -n "$(lsmod 2> /dev/null | grep '^ipchains')" ] && \ [ $COMMAND = start -a -n "$(lsmod 2> /dev/null | grep '^ipchains')" ] && \
startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8" startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8"
} }
@ -5645,9 +5645,9 @@ nolock=
trap "my_mutex_off; exit 2" 1 2 3 4 5 6 9 trap "my_mutex_off; exit 2" 1 2 3 4 5 6 9
command="$1" COMMAND="$1"
case "$command" in case "$COMMAND" in
stop) stop)
[ $# -ne 1 ] && usage [ $# -ne 1 ] && usage
do_initialize do_initialize

View File

@ -22,14 +22,14 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=2.0.0-Beta3 VERSION=2.0.0-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME echo "usage: $ME"
echo " $ME -v" echo " $ME -v"
echo " $ME -h " echo " $ME -h"
exit $1 exit $1
} }

View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 2.0.0 %define version 2.0.0
%define release 0Beta3 %define release 0RC1
%define prefix /usr %define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -33,7 +33,7 @@ a multi-function gateway/ router/server or on a standalone GNU/Linux system.
export PREFIX=$RPM_BUILD_ROOT ; \ export PREFIX=$RPM_BUILD_ROOT ; \
export OWNER=`id -n -u` ; \ export OWNER=`id -n -u` ; \
export GROUP=`id -n -g` ;\ export GROUP=`id -n -g` ;\
./install.sh /etc/init.d ./install.sh
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -137,6 +137,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Fri Feb 27 2004 Tom Eastep <tom@shorewall.net>
- Update for RC1
* Mon Feb 16 2004 Tom Eastep <tom@shorewall.net> * Mon Feb 16 2004 Tom Eastep <tom@shorewall.net>
- Moved rfc1918 to /usr/share/shorewall - Moved rfc1918 to /usr/share/shorewall
- Update for Beta 3 - Update for Beta 3

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=2.0.0-Beta2 VERSION=2.0.0-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {