forked from extern/shorewall_code
2.0.0 RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1177 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
a96129e9fc
commit
bf9e1ef4ed
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=2.0.0-Beta3
|
VERSION=2.0.0-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -65,7 +65,7 @@ error_message() # $* = Error Message
|
|||||||
fatal_error() # $* = Error Message
|
fatal_error() # $* = Error Message
|
||||||
{
|
{
|
||||||
echo " Error: $@" >&2
|
echo " Error: $@" >&2
|
||||||
if [ $command = check ]; then
|
if [ $COMMAND = check ]; then
|
||||||
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
|
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
|
||||||
else
|
else
|
||||||
stop_firewall
|
stop_firewall
|
||||||
@ -663,7 +663,7 @@ validate_policy()
|
|||||||
|
|
||||||
print_policy() # $1 = source zone, $2 = destination zone
|
print_policy() # $1 = source zone, $2 = destination zone
|
||||||
{
|
{
|
||||||
[ $command != check ] || \
|
[ $COMMAND != check ] || \
|
||||||
[ $1 = $2 ] || \
|
[ $1 = $2 ] || \
|
||||||
[ $1 = all ] || \
|
[ $1 = all ] || \
|
||||||
[ $2 = all ] || \
|
[ $2 = all ] || \
|
||||||
@ -982,7 +982,7 @@ stop_firewall() {
|
|||||||
#
|
#
|
||||||
# Turn off trace unless we were tracing "stop" or "clear"
|
# Turn off trace unless we were tracing "stop" or "clear"
|
||||||
#
|
#
|
||||||
case $command in
|
case $COMMAND in
|
||||||
stop|clear)
|
stop|clear)
|
||||||
;;
|
;;
|
||||||
check)
|
check)
|
||||||
@ -1080,7 +1080,7 @@ stop_firewall() {
|
|||||||
|
|
||||||
rm -rf $TMP_DIR
|
rm -rf $TMP_DIR
|
||||||
|
|
||||||
case $command in
|
case $COMMAND in
|
||||||
stop|clear)
|
stop|clear)
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -1468,7 +1468,7 @@ setup_mac_lists() {
|
|||||||
[ -z "$blob" ] && \
|
[ -z "$blob" ] && \
|
||||||
fatal_error "Interface $interface must be up before Shorewall can start"
|
fatal_error "Interface $interface must be up before Shorewall can start"
|
||||||
|
|
||||||
ip -f inet addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do
|
ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet //; s/brd //; s/scope.*//;' | while read address broadcast; do
|
||||||
if [ -n "$broadcast" ]; then
|
if [ -n "$broadcast" ]; then
|
||||||
run_iptables -A $chain -s ${address%/*} -d $broadcast -j RETURN
|
run_iptables -A $chain -s ${address%/*} -d $broadcast -j RETURN
|
||||||
fi
|
fi
|
||||||
@ -2176,7 +2176,7 @@ add_an_action()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ $command != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
if [ -n "${serv}" ]; then
|
if [ -n "${serv}" ]; then
|
||||||
for serv1 in $(separate_list $serv); do
|
for serv1 in $(separate_list $serv); do
|
||||||
for srv in $(ip_range $serv1); do
|
for srv in $(ip_range $serv1); do
|
||||||
@ -2339,7 +2339,7 @@ process_action() # $1 = action
|
|||||||
#
|
#
|
||||||
# Report Result
|
# Report Result
|
||||||
#
|
#
|
||||||
if [ $command = check ]; then
|
if [ $COMMAND = check ]; then
|
||||||
echo " Rule \"$rule\" checked."
|
echo " Rule \"$rule\" checked."
|
||||||
else
|
else
|
||||||
echo " Rule \"$rule\" added."
|
echo " Rule \"$rule\" added."
|
||||||
@ -2367,7 +2367,7 @@ process_actions1() {
|
|||||||
#
|
#
|
||||||
add_builtin_actions() {
|
add_builtin_actions() {
|
||||||
|
|
||||||
if [ "$command" != check ]; then
|
if [ "$COMMAND" != check ]; then
|
||||||
createchain dropBcast no
|
createchain dropBcast no
|
||||||
qt iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP
|
qt iptables -A dropBcast -m pkttype --pkt-type broadcast -j DROP
|
||||||
if ! qt iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP; then
|
if ! qt iptables -A dropBcast -m pkttype --pkt-type multicast -j DROP; then
|
||||||
@ -2407,7 +2407,7 @@ process_actions1() {
|
|||||||
eval ${temp}_common=$xaction
|
eval ${temp}_common=$xaction
|
||||||
if ! list_search $xaction $USEDACTIONS; then
|
if ! list_search $xaction $USEDACTIONS; then
|
||||||
USEDACTIONS="$USEDACTIONS $xaction"
|
USEDACTIONS="$USEDACTIONS $xaction"
|
||||||
[ $command = check ] || createactionchain $xaction
|
[ $COMMAND = check ] || createactionchain $xaction
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -2513,7 +2513,7 @@ process_actions2() {
|
|||||||
for action in $required; do
|
for action in $required; do
|
||||||
if ! list_search $action $USEDACTIONS; then
|
if ! list_search $action $USEDACTIONS; then
|
||||||
USEDACTIONS="$USEDACTIONS $action"
|
USEDACTIONS="$USEDACTIONS $action"
|
||||||
[ $command = check ] || createactionchain $action
|
[ $COMMAND = check ] || createactionchain $action
|
||||||
changed=Yes
|
changed=Yes
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
@ -2621,7 +2621,7 @@ add_nat_rule() {
|
|||||||
|
|
||||||
# Generate nat table rules
|
# Generate nat table rules
|
||||||
|
|
||||||
if [ $command != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
if [ "$source" = "$FW" ]; then
|
if [ "$source" = "$FW" ]; then
|
||||||
if [ -n "$excludedests" ]; then
|
if [ -n "$excludedests" ]; then
|
||||||
chain=nonat${nonat_seq}
|
chain=nonat${nonat_seq}
|
||||||
@ -2708,14 +2708,14 @@ add_nat_rule() {
|
|||||||
|
|
||||||
if [ -n "$snat" ]; then
|
if [ -n "$snat" ]; then
|
||||||
if [ -n "$cli" ]; then
|
if [ -n "$cli" ]; then
|
||||||
[ $command = check ] || addnatrule $(snat_chain $dest) $proto $cli $multiport \
|
[ $COMMAND = check ] || addnatrule $(snat_chain $dest) $proto $cli $multiport \
|
||||||
$sports -d $serv $dports -j SNAT --to-source $snat
|
$sports -d $serv $dports -j SNAT --to-source $snat
|
||||||
else
|
else
|
||||||
for source_host in $source_hosts; do
|
for source_host in $source_hosts; do
|
||||||
[ "x${source_host#*:}" = "x0.0.0.0/0" ] && \
|
[ "x${source_host#*:}" = "x0.0.0.0/0" ] && \
|
||||||
error_message "Warning: SNAT will occur on all connections to this server and port - rule \"$rule\""
|
error_message "Warning: SNAT will occur on all connections to this server and port - rule \"$rule\""
|
||||||
|
|
||||||
[ $command = check ] || addnatrule $(snat_chain $dest) \
|
[ $COMMAND = check ] || addnatrule $(snat_chain $dest) \
|
||||||
-s ${source_host#*:} $proto $sports $multiport \
|
-s ${source_host#*:} $proto $sports $multiport \
|
||||||
-d $serv $dports -j SNAT --to-source $snat
|
-d $serv $dports -j SNAT --to-source $snat
|
||||||
done
|
done
|
||||||
@ -2877,7 +2877,7 @@ add_a_rule()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${serv}${servport}" ]; then
|
if [ -n "${serv}${servport}" ]; then
|
||||||
if [ $command != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
|
|
||||||
# A specific server or server port given
|
# A specific server or server port given
|
||||||
|
|
||||||
@ -2931,7 +2931,7 @@ add_a_rule()
|
|||||||
"An ORIGINAL DESTINATION ($addr) is only allowed in" \
|
"An ORIGINAL DESTINATION ($addr) is only allowed in" \
|
||||||
" a DNAT or REDIRECT: \"$rule\""
|
" a DNAT or REDIRECT: \"$rule\""
|
||||||
|
|
||||||
if [ $command != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
if [ -n "$loglevel" ]; then
|
if [ -n "$loglevel" ]; then
|
||||||
log_rule_limit $loglevel $chain $logtarget "$ratelimit" $userandgroup \
|
log_rule_limit $loglevel $chain $logtarget "$ratelimit" $userandgroup \
|
||||||
$(fix_bang $proto $multiport $dest_interface $cli $sports $dports)
|
$(fix_bang $proto $multiport $dest_interface $cli $sports $dports)
|
||||||
@ -3145,7 +3145,7 @@ process_rule() # $1 = target
|
|||||||
|
|
||||||
# Create the canonical chain if it doesn't already exist
|
# Create the canonical chain if it doesn't already exist
|
||||||
|
|
||||||
[ $command = check ] || ensurechain $chain
|
[ $COMMAND = check ] || ensurechain $chain
|
||||||
|
|
||||||
# Generate Netfilter rule(s)
|
# Generate Netfilter rule(s)
|
||||||
|
|
||||||
@ -3233,7 +3233,7 @@ process_rule() # $1 = target
|
|||||||
#
|
#
|
||||||
# Report Result
|
# Report Result
|
||||||
#
|
#
|
||||||
if [ $command = check ]; then
|
if [ $COMMAND = check ]; then
|
||||||
echo " Rule \"$rule\" checked."
|
echo " Rule \"$rule\" checked."
|
||||||
else
|
else
|
||||||
echo " Rule \"$rule\" added."
|
echo " Rule \"$rule\" added."
|
||||||
@ -3295,7 +3295,7 @@ process_rules()
|
|||||||
*)
|
*)
|
||||||
if list_search $temp $ACTIONS; then
|
if list_search $temp $ACTIONS; then
|
||||||
if ! list_search $temp $USEDACTIONS; then
|
if ! list_search $temp $USEDACTIONS; then
|
||||||
[ $command = check ] || createactionchain $temp
|
[ $COMMAND = check ] || createactionchain $temp
|
||||||
USEDACTIONS="$USEDACTIONS $temp"
|
USEDACTIONS="$USEDACTIONS $temp"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -4079,7 +4079,7 @@ verify_os_version() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
[ $command = start -a -n "$(lsmod 2> /dev/null | grep '^ipchains')" ] && \
|
[ $COMMAND = start -a -n "$(lsmod 2> /dev/null | grep '^ipchains')" ] && \
|
||||||
startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8"
|
startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5645,9 +5645,9 @@ nolock=
|
|||||||
|
|
||||||
trap "my_mutex_off; exit 2" 1 2 3 4 5 6 9
|
trap "my_mutex_off; exit 2" 1 2 3 4 5 6 9
|
||||||
|
|
||||||
command="$1"
|
COMMAND="$1"
|
||||||
|
|
||||||
case "$command" in
|
case "$COMMAND" in
|
||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage
|
[ $# -ne 1 ] && usage
|
||||||
do_initialize
|
do_initialize
|
||||||
|
@ -22,14 +22,14 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=2.0.0-Beta3
|
VERSION=2.0.0-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
ME=$(basename $0)
|
ME=$(basename $0)
|
||||||
echo "usage: $ME
|
echo "usage: $ME"
|
||||||
echo " $ME -v"
|
echo " $ME -v"
|
||||||
echo " $ME -h "
|
echo " $ME -h"
|
||||||
exit $1
|
exit $1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 2.0.0
|
%define version 2.0.0
|
||||||
%define release 0Beta3
|
%define release 0RC1
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -33,7 +33,7 @@ a multi-function gateway/ router/server or on a standalone GNU/Linux system.
|
|||||||
export PREFIX=$RPM_BUILD_ROOT ; \
|
export PREFIX=$RPM_BUILD_ROOT ; \
|
||||||
export OWNER=`id -n -u` ; \
|
export OWNER=`id -n -u` ; \
|
||||||
export GROUP=`id -n -g` ;\
|
export GROUP=`id -n -g` ;\
|
||||||
./install.sh /etc/init.d
|
./install.sh
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -137,6 +137,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Feb 27 2004 Tom Eastep <tom@shorewall.net>
|
||||||
|
- Update for RC1
|
||||||
* Mon Feb 16 2004 Tom Eastep <tom@shorewall.net>
|
* Mon Feb 16 2004 Tom Eastep <tom@shorewall.net>
|
||||||
- Moved rfc1918 to /usr/share/shorewall
|
- Moved rfc1918 to /usr/share/shorewall
|
||||||
- Update for Beta 3
|
- Update for Beta 3
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Seattle Firewall
|
# shown below. Simply run this script to remove Seattle Firewall
|
||||||
|
|
||||||
VERSION=2.0.0-Beta2
|
VERSION=2.0.0-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user