holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' into 4.5.2

Browse Source
This commit is contained in:
Tom Eastep 2012-03-31 20:03:57 -07:00
commit c616e203df
50 changed files with 2738 additions and 1442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
Shorewall-core/configure vendored Executable file
View File

@ -0,0 +1,127 @@
#!/bin/bash
#
# Shorewall Packet Filtering Firewall RPM configuration program - V4.5
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at http://www.shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Usage: ./configure <vendor> [ <option>=<setting> ] ...
#
#
################################################################################################
declare -A params
declare -A options
getfileparams() {
while read option; do
case $option in
\#*)
;;
*)
on=${option%=*}
ov=${option#*=}
ov=${ov%#*}
[ -n "$on" ] && options[${on}]="${ov}"
;;
esac
done
return 0
}
if [ $# -eq 0 ]; then
echo "Usage: $0 <var>=<val> ..." >&2
exit 1
fi
for p in $@; do
p=${p#--}
if [ -n "${p}" ]; then
declare -u pn
pn=${p%=*}
pv=${p#*=}
if [ -n "${pn}" ]; then
case ${pn} in
VENDOR)
pn=HOST
;;
SHAREDSTATEDIR)
pn=VARDIR
;;
DATADIR)
pn=SHAREDIR
;;
SYSCONFDIR)
pn=CONFDIR
;;
esac
params[${pn}]="${pv}"
fi
fi
done
vendor=${params[HOST]}
if [ -z "$vendor" ]; then
rcfile=shorewallrc.default
vendor=linux
else
rcfile=shorewallrc.$vendor
fi
getfileparams < $rcfile || exit 1
for p in ${!params[@]}; do
options[${p}]="${params[${p}]}"
options[${p}]="${params[${p}]}"
done
echo "HOST=$vendor" > shorewallrc
for on in \
PREFIX \
SHAREDIR \
LIBEXECDIR \
PERLLIBDIR \
CONFDIR \
SBINDIR \
MANDIR \
INITDIR \
INITSOURCE \
INITFILE \
AUXINITSOURCE \
AUXINITFILE \
SYSTEMD \
SYSCONFILE \
SYSCONFDIR \
ANNOTATED \
VARDIR
do
echo "$on=${options[${on}]}" >> shorewallrc
done
cat shorewallrc

213
Shorewall-core/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ] "
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -85,43 +91,87 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2}
}
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
# ARGS is "yes" if we've already parsed an argument
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc
file=~/.shorewallrc
elif [ -f ./.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
file=/usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARDIR; do
require $var
done
[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
T="-T"
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
case "$PERLLIB" in
/*)
;;
*)
echo "The PERLLIB setting must be an absolute path name" >&2
exit 1
;;
esac
INSTALLD='-D'
if [ -z "$BUILD" ]; then
@ -180,41 +230,6 @@ esac
OWNERSHIP="-o $OWNER -g $GROUP"
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
[ -n "$option" ] && usage 1
finished=1
;;
esac
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
#
# Determine where to install the firewall script
#
@ -236,6 +251,23 @@ case "$HOST" in
;;
esac
if [ -z "$file" ]; then
if $HOST = linux; then
file=shorewallrc.default
else
file=shorewallrc.${HOST}
fi
echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
echo "" >&2
echo "Example:" >&2
echo "" >&2
echo " ./install.sh $file" &>2
fi
if [ -n "$DESTDIR" ]; then
if [ $BUILD != cygwin ]; then
if [ `id -u` != 0 ] ; then
@ -245,56 +277,55 @@ if [ -n "$DESTDIR" ]; then
fi
fi
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
echo "Installing Shorewall Core Version $VERSION"
#
# Create /usr/share/shorewall
#
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
chmod 755 ${DESTDIR}${LIBEXEC}/shorewall
mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall
chmod 755 ${DESTDIR}${LIBEXECDIR}/shorewall
if [ $LIBEXEC != /usr/shorewall/ ]; then
mkdir -p ${DESTDIR}/usr/share/shorewall
chmod 755 ${DESTDIR}/usr/share/shorewall
fi
mkdir -p ${DESTDIR}${SHAREDIR}/shorewall
chmod 755 ${DESTDIR}${SHAREDIR}/shorewall
#
# Install wait4ifup
#
install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup 0755
install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
echo
echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall/wait4ifup"
echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
#
# Install the libraries
#
for f in lib.* ; do
install_file $f ${DESTDIR}/usr/share/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall/$f"
install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
done
if [ $BUILD != apple ]; then
eval sed -i \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
else
eval sed -i \'\' -e \'s\|g_libexec=.\*\|g_libexec=$LIBEXEC\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
eval sed -i \'\' -e \'s\|g_perllib=.\*\|g_perllib=$PERLLIB\|\' ${DESTDIR}/usr/share/shorewall/lib.cli
fi
#
# Symbolically link 'functions' to lib.base
#
ln -sf lib.base ${DESTDIR}/usr/share/shorewall/functions
ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
#
# Create the version file
#
echo "$VERSION" > ${DESTDIR}/usr/share/shorewall/coreversion
chmod 644 ${DESTDIR}/usr/share/shorewall/coreversion
echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
chmod 644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
[ $file != "${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
if [ ${SHAREDIR} != /usr/share ]; then
for f in lib.*; do
if [ $BUILD != apple ]; then
eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/$f
else
eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/$f
fi
done
fi
#
# Report Success
#

47
Shorewall-core/lib.base
View File

@ -32,45 +32,60 @@ SHOREWALL_CAPVERSION=40502
[ -n "${g_program:=shorewall}" ]
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_vardir="$VARDIR"
g_readrc=1
fi
case $g_program in
shorewall)
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
SHAREDIR=${SHAREDIR}/shorewall
CONFDIR=${CONFDIR}/shorewall
g_product="Shorewall"
g_family=4
g_tool=
g_basedir=/usr/share/shorewall
g_basedir=${SHAREDIR}/shorewall
g_lite=
;;
shorewall6)
SHAREDIR=/usr/share/shorewall6
CONFDIR=/etc/shorewall6
SHAREDIR=${SHAREDIR}/shorewall6
CONFDIR=${CONFDIR}/shorewall6
g_product="Shorewall6"
g_family=6
g_tool=
g_basedir=/usr/share/shorewall
g_basedir=${SHAREDIR}/shorewall
g_lite=
;;
shorewall-lite)
SHAREDIR=/usr/share/shorewall-lite
CONFDIR=/etc/shorewall-lite
SHAREDIR=${SHAREDIR}/shorewall-lite
CONFDIR=${CONFDIR}/shorewall-lite
g_product="Shorewall Lite"
g_family=4
g_tool=iptables
g_basedir=/usr/share/shorewall-lite
g_basedir=${SHAREDIR}/shorewall-lite
g_lite=Yes
;;
shorewall6-lite)
SHAREDIR=/usr/share/shorewall6-lite
CONFDIR=/etc/shorewall6-lite
SHAREDIR=${SHAREDIR}/shorewall6-lite
CONFDIR=${CONFDIR}/shorewall6-lite
g_product="Shorewall6 Lite"
g_family=6
g_tool=ip6tables
g_basedir=/usr/share/shorewall6-lite
g_basedir=${SHAREDIR}/shorewall6-lite
g_lite=Yes
;;
esac
VARDIR=${VARDIR}/${g_program}
#
# Conditionally produce message
#
@ -186,7 +201,7 @@ mutex_off()
rm -f ${LOCKFILE:=${VARDIR}/lock}
}
[ -z "$LEFTSHIFT" ] && . /usr/share/shorewall/lib.common
[ -z "$LEFTSHIFT" ] && . ${g_sharedir}/shorewall/lib.common
#
# Validate an IP address
@ -455,14 +470,14 @@ mktempfile() {
else
case "$MKTEMP" in
BSD)
mktemp /tmp/shorewall.XXXXXX
mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
;;
STD)
mktemp -t shorewall.XXXXXX
;;
None)
rm -f /tmp/shorewall-$$
> /tmp/shorewall-$$ && echo /tmp/shorewall-$$
rm -f ${TMPDIR:-/tmp}/shorewall-$$
> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
;;
*)
error_message "ERROR:Internal error in mktempfile"

22
Shorewall-core/lib.cli
View File

@ -23,7 +23,21 @@
# This library contains the command processing code common to /sbin/shorewall[6] and
# /sbin/shorewall[6]-lite.
#
. /usr/share/shorewall/lib.base
if [ -z "$g_readrc" ]; then
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
fi
. ${g_sharedir}/shorewall/lib.base
#
# Fatal Error
#
@ -842,11 +856,13 @@ show_command() {
echo "CONFIG_PATH=$CONFIG_PATH"
echo "VARDIR=$VARDIR"
echo "LIBEXEC=$g_libexec"
echo "SBINDIR=$g_sbindir"
[ -n "$g_lite" ] && ${VARDIR} ne /var/lib/$program && echo "LITEDIR=${VARDIR}"
else
echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "Default VARDIR is /var/lib/$g_program"
echo "LIBEXEC is $g_libexec"
echo "SBINDIR is $g_sbindir"
[ -n "$g_lite" ] && [ ${VARDIR} != /var/lib/$g_program ] && echo "LITEDIR is ${VARDIR}"
fi
;;
@ -2958,14 +2974,12 @@ shorewall_cli() {
g_annotate=
g_recovering=
g_timestamp=
g_libexec=/usr/share
g_perllib=/usr/share/shorewall
g_shorewalldir=
VERBOSE=
VERBOSITY=
[ -n "$g_lite" ] || . /usr/share/shorewall/lib.cli-std
[ -n "$g_lite" ] || . ${g_sharedir}/shorewall/lib.cli-std
finished=0

20
Shorewall-core/shorewallrc.apple Normal file
View File

@ -0,0 +1,20 @@
#
# Apple OS X Shorewall 4.5 rc file
#
BUILD=apple
HOST=apple
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

19
Shorewall-core/shorewallrc.archlinux Normal file
View File

@ -0,0 +1,19 @@
#
# Archlinux Shorewall 4.5 rc file
#
BUILD=archlinux
HOST=archlinux
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSCONFDIR=
SYSTEMD=
VARDIR=/var/lib

20
Shorewall-core/shorewallrc.cygwin Normal file
View File

@ -0,0 +1,20 @@
#
# Cygwin Shorewall 4.5 rc file
#
BUILD=cygwin
HOST=cygwin
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/bin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/init.d
INITFILE=
INITSOURCE=
ANNOTATED=
SYSTEMD=
SYSCONFDIR=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.debian Normal file
View File

@ -0,0 +1,21 @@
#
# Debian Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=debian
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.debian.sh
ANNOTATED=
SYSCONFFILE=default.debian
SYSCONFDIR=/etc/default
SYSTEMD=
SPARSE=Yes
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.default Normal file
View File

@ -0,0 +1,21 @@
#
# Default Shorewall 4.5 rc file
#
HOST= #Default is to detect the host system
BUILD= #Default is to detect the build system
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
SPARSE=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.redhat Normal file
View File

@ -0,0 +1,21 @@
#
# RedHat/FedoraShorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=redhat
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=/usr/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man
INITDIR=/etc/rc.d/init.d
INITFILE=$PRODUCT
INITSOURCE=init.fedora.sh
ANNOTATED=
SYSTEMD=/lib/systemd/system
SYSCONFFILE=sysconfig
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

22
Shorewall-core/shorewallrc.slackware Normal file
View File

@ -0,0 +1,22 @@
#
# Slackware Shorewall 4.5 rc file
#
BUILD=slackware
HOST=slackware
PREFIX=/usr
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/share
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/sbin
MANDIR=${PREFIX}/man
INITDIR=/etc/rc.d
INITSOURCE=init.slackware.firewall
INITFILE=rc.firewall
AUXINITSOURCE=init.slackware.$PRODUCT
AUXINITFILE=rc.$PRODUCT
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=
ANNOTATED=
VARDIR=/var/lib

21
Shorewall-core/shorewallrc.suse Normal file
View File

@ -0,0 +1,21 @@
#
# SuSE Shorewall 4.5 rc file
#
BUILD= #Default is to detect the build system
HOST=suse
PREFIX=/usr
CONFDIR=/etc
SHAREDIR=${PREFIX}/share
LIBEXECDIR=${PREFIX}/lib
PERLLIBDIR=${PREFIX}/lib/perl5/vendor_perl/5.14.2
SBINDIR=/sbin
MANDIR=${SHAREDIR}/man/
INITDIR=/etc/init.d
INITFILE=$PRODUCT
INITSOURCE=init.sh
ANNOTATED=
SYSTEMD=
SYSCONFFILE=
SYSCONFDIR=/etc/sysconfig/
SPARSE=
VARDIR=/var/lib

28
Shorewall-core/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -60,8 +60,25 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/coreversion)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Core Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,12 +89,9 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling Shorewall Core $VERSION"
rm -rf /usr/share/shorewall
rm -rf ${SHAREDIR}/shorewall
echo "Shorewall Core Uninstalled"

9
Shorewall-init/ifupdown.sh
View File

@ -71,6 +71,11 @@ Debian_SuSE_ppp() {
IFUPDOWN=0
PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then
@ -182,10 +187,8 @@ else
fi
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x $VARDIR/firewall ]; then
( . /usr/share/$PRODUCT/lib.base
( . ${SHAREDIR}/shorewall/lib.base
mutex_on
${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
mutex_off

9
Shorewall-init/init.debian.sh
View File

@ -62,10 +62,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not
if [ -f "/etc/default/shorewall-init" ]
if [ -f "$SYSCONFDIR/shorewall-init" ]
then
. /etc/default/shorewall-init
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]
then
not_configured

21
Shorewall-init/init.fedora.sh
View File

@ -13,6 +13,15 @@
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
#determine where the files were installed
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SBINDIR=/sbin
SYSCONFDIR=/etc/default
VARDIR=/var/lib
fi
prog="shorewall-init"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/shorewall-init"
@ -44,10 +53,8 @@ start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall stop 2>&1 | $logger
if [ -x ${VARDIR}/$product/firewall ]; then
${VARDIR}/$product/firewall stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi
@ -70,10 +77,8 @@ stop () {
echo -n "Clearing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall clear 2>&1 | $logger
if [ -x ${VARDIR}/$product/firewall ]; then
${VARDIR}/$product/firewall clear 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ retval -ne 0 ] && break
fi

11
Shorewall-init/init.sh
View File

@ -53,6 +53,11 @@ else
exit 0
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# Initialize the firewall
shorewall_start () {
local PRODUCT
@ -60,10 +65,8 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || echo_notdone
fi
fi
@ -83,8 +86,6 @@ shorewall_stop () {
echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall clear || exit 1
fi

212
Shorewall-init/install.sh
View File

@ -28,12 +28,18 @@ VERSION=xxx #The Build script inserts the actual version.
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -76,9 +82,9 @@ cant_autostart()
echo "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
}
delete_file() # $1 = file to delete
require()
{
rm -f $1
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
install_file() # $1 = source $2 = target $3 = mode
@ -88,44 +94,78 @@ install_file() # $1 = source $2 = target $3 = mode
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
PRODUCT=shorewall-init
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
finished=0
while [ $# -gt 0 ] ; do
while [ $finished -eq 0 ] ; do
case "$1" in
-h|help|?)
usage 0
;;
-v)
echo "Shorewall Init Installer Version $VERSION"
exit 0
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "Shorewall-init Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
usage 1
finished=1
;;
esac
shift
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
#
# Load packager's settings if any
#
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=~/.shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
file=./.shorewallrc
else
fatal_error "No configuration file specified and ~/.shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
. $file
else
usage 1
fi
for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARDIR; do
require $var
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=/usr/share}" ]
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
INITFILE="shorewall-init"
if [ -z "$BUILD" ]; then
case $(uname) in
cygwin*)
@ -174,11 +214,9 @@ OWNERSHIP="-o $OWNER -g $GROUP"
case "$HOST" in
debian)
echo "Installing Debian-specific configuration..."
SPARSE=yes
;;
redhat|redhat)
echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;;
slackware)
echo "Shorewall-init is currently not supported on Slackware" >&2
@ -202,10 +240,6 @@ esac
[ -z "$TARGET" ] && TARGET=$HOST
if [ -z "$INITDIR" -a -n "$INITFILE" ] ; then
INITDIR="/etc/init.d"
fi
if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root."
@ -215,57 +249,44 @@ if [ -n "$DESTDIR" ]; then
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
fi
if [ -z "$DESTDIR" ]; then
if [ -d /lib/systemd/system ]; then
SYSTEMD=Yes
INITFILE=
fi
elif [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system
INITFILE=
fi
echo "Installing Shorewall Init Version $VERSION"
#
# Check for /usr/share/shorewall-init/version
#
if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
if [ -f ${DESTDIR}${SHAREDIR}/shorewall-init/version ]; then
first_install=""
else
first_install="Yes"
fi
#
# Install the Firewall Script
#
if [ -n "$INITFILE" ]; then
#
# Install the Init Script
#
case $TARGET in
debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
*)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
;;
esac
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}${INITDIR}/$INITFILE
if [ -n "${AUXINITSOURCE}" ]; then
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
fi
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
echo "Shorewall-init script installed in ${DESTDIR}${INITDIR}/$INITFILE"
fi
#
# Install the .service file
#
if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}/lib/systemd/system/shorewall-init.service
echo "Service file installed as ${DESTDIR}/lib/systemd/system/shorewall-init.service"
mkdir -p ${DESTDIR}${SYSTEMD}
run_install $OWNERSHIP -m 600 shorewall-init.service ${DESTDIR}${SYSTEMD}/shorewall-init.service
echo "Service file installed as ${DESTDIR}${SYSTEMD}/shorewall-init.service"
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/sbin/
chmod 755 ${DESTDIR}/sbin
mkdir -p ${DESTDIR}${SBINDIR}
chmod 755 ${DESTDIR}${SBINDIR}
fi
run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}/sbin/shorewall-init
echo "CLI installed as ${DESTDIR}/sbin/shorewall-init"
run_install $OWNERSHIP -m 700 shorewall-init ${DESTDIR}${SBINDIR}/shorewall-init
echo "CLI installed as ${DESTDIR}${SBINDIR}/shorewall-init"
fi
#
@ -285,7 +306,7 @@ chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
#
if [ -z "$DESTDIR" ]; then
rm -f /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
fi
if [ $HOST = debian ]; then
@ -303,20 +324,20 @@ if [ $HOST = debian ]; then
fi
else
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/sysconfig
mkdir -p ${DESTDIR}${SYSCONFDIR}
if [ -z "$RPM" ]; then
if [ $HOST = suse ]; then
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
mkdir -p ${DESTDIR}${SYSCONFDIR}/network/if-down.d
else
mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
fi
fi
fi
if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
if [ -d ${DESTDIR}${SYSCONFDIR} -a ! -f ${DESTDIR}${SYSCONFDIR}/shorewall-init ]; then
install_file sysconfig ${DESTDIR}${SYSCONFDIR}/shorewall-init 0644
fi
fi
@ -324,31 +345,35 @@ fi
# Install the ifupdown script
#
mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init
cp ifupdown.sh ifupdown
install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544
d[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ifupdown
mkdir -p ${DESTDIR}${LIBEXECDIR}/shorewall-init
install_file ifupdown ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown 0544
if [ -d ${DESTDIR}/etc/NetworkManager ]; then
install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
install_file ifupdown ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
fi
case $HOST in
debian)
install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
;;
suse)
if [ -z "$RPM" ]; then
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
fi
;;
redhat)
if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
if [ -f ${DESTDIR}${SBINDIR}/ifup-local -o -f ${DESTDIR}${SBINDIR}/ifdown-local ]; then
echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
elif [ -z "$DESTDIR" ]; then
install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
fi
;;
esac
@ -365,20 +390,20 @@ if [ -z "$DESTDIR" ]; then
if systemctl enable shorewall-init; then
echo "Shorewall Init will start automatically at boot"
fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
if insserv /etc/init.d/shorewall-init ; then
elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
if insserv ${INITDIR}/shorewall-init ; then
echo "Shorewall Init will start automatically at boot"
else
cant_autostart
fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then
if chkconfig --add shorewall-init ; then
echo "Shorewall Init will start automatically in run levels as follows:"
chkconfig --list shorewall-init
else
cant_autostart
fi
elif [ -x /sbin/rc-update ]; then
elif [ -x ${SBINDIR}/rc-update ]; then
if rc-update add shorewall-init default; then
echo "Shorewall Init will start automatically at boot"
else
@ -387,7 +412,6 @@ if [ -z "$DESTDIR" ]; then
else
cant_autostart
fi
fi
fi
else
@ -397,18 +421,20 @@ else
mkdir -p ${DESTDIR}/etc/rcS.d
fi
ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
ln -sf ../init.d/shorewall-init ${DESTDIR}${CONFDIR}/rcS.d/S38shorewall-init
echo "Shorewall Init will start automatically at boot"
fi
fi
fi
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc .
if [ -f ${DESTDIR}/etc/ppp ]; then
case $HOST in
debian|suse)
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall
done
;;
redhat)
@ -419,13 +445,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
FILE=${DESTDIR}/etc/ppp/$file
if [ -f $FILE ]; then
if fgrep -q Shorewall-based $FILE ; then
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
else
echo "$FILE already exists -- ppp devices will not be handled"
break
fi
else
cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
cp -fp ${DESTDIR}${LIBEXECDIR}/shorewall-init/ifupdown $FILE
fi
done
;;

11
Shorewall-init/shorewall-init
View File

@ -23,9 +23,14 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#########################################################################################
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init
if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2
exit 1
@ -42,8 +47,6 @@ shorewall_start () {
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || exit 1

91
Shorewall-init/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
{
if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,25 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall-init/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-init/version)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
. $file || exit 1
if [ -f ${SHAREDIR}/shorewall-init/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-init/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Init Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -60,56 +98,55 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${LIBEXEC:=${SHAREDIR}}" ]
echo "Uninstalling Shorewall Init $VERSION"
INITSCRIPT=/etc/init.d/shorewall-init
INITSCRIPT=${CONFDIR}/init.d/shorewall-init
if [ -n "$INITSCRIPT" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$INITSCRIPT" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall-init remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $INITSCRIPT
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $INITSCRIPT)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall-init
else
rm -f /etc/rc*.d/*$(basename $INITSCRIPT)
fi
remove_file $INITSCRIPT
fi
[ "$(readlink -m -q /sbin/ifup-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifup-local
[ "$(readlink -m -q /sbin/ifdown-local)" = /usr/share/shorewall-init ] && remove_file /sbin/ifdown-local
[ "$(readlink -m -q ${SBINDIR}/ifup-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local
[ "$(readlink -m -q ${SBINDIR}/ifdown-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifdown-local
remove_file /etc/default/shorewall-init
remove_file /etc/sysconfig/shorewall-init
remove_file ${CONFDIR}/default/shorewall-init
remove_file ${CONFDIR}/sysconfig/shorewall-init
remove_file /etc/NetworkManager/dispatcher.d/01-shorewall
remove_file ${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
remove_file /etc/network/if-up.d/shorewall
remove_file /etc/network/if-down.d/shorewall
remove_file ${CONFDIR}/network/if-up.d/shorewall
remove_file ${CONFDIR}/network/if-down.d/shorewall
remove_file /etc/sysconfig/network/if-up.d/shorewall
remove_file /etc/sysconfig/network/if-down.d/shorewall
remove_file /lib/systemd/system/shorewall.service
remove_file ${CONFDIR}/sysconfig/network/if-up.d/shorewall
remove_file ${CONFDIR}/sysconfig/network/if-down.d/shorewall
if [ -d /etc/ppp ]; then
[ -n "$SYSTEMD" ] && remove_file ${SYSTEMD}/shorewall.service
if [ -d ${CONFDIR}/ppp ]; then
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
remove_file /etc/ppp/$directory/shorewall
remove_file ${CONFDIR}/ppp/$directory/shorewall
done
for file in if-up.local if-down.local; do
if fgrep -q Shorewall-based /etc/ppp/$FILE; then
remove_file /etc/ppp/$FILE
if fgrep -q Shorewall-based ${CONFDIR}/ppp/$FILE; then
remove_file ${CONFDIR}/ppp/$FILE
fi
done
fi
rm -rf /usr/share/shorewall-init
rm -rf ${SHAREDIR}/shorewall-init
rm -rf ${LIBEXEC}/shorewall-init
echo "Shorewall Init Uninstalled"

14
Shorewall-lite/init.debian.sh
View File

@ -57,17 +57,23 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# parse the shorewall params file in order to use params in
# /etc/default/shorewall
if [ -f "/etc/shorewall-lite/params" ]
if [ -f "$CONFDIR/shorewall-lite/params" ]
then
. /etc/shorewall-lite/params
. $CONFDIR/shorewall-lite/params
fi
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall-lite" ]
if [ -f "$SYSCONFDIR/shorewall-lite" ]
then
. /etc/default/shorewall-lite
. $SYSCONFDIR/shorewall-lite
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall-lite"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

18
Shorewall-lite/init.sh
View File

@ -61,10 +61,14 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS=
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall
elif [ -f /etc/default/shorewall ] ; then
. /etc/default/shorewall
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
. ${SYSCONFDIR}/shorewall-lite
fi
SHOREWALL_INIT_SCRIPT=1
@ -76,13 +80,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall-lite $OPTIONS $command $@
exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
;;
*)
usage

318
Shorewall-lite/install.sh
View File

@ -27,12 +27,18 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <configuration-file> ]"
echo " $ME -v"
echo " $ME -h"
exit $1
}
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
@ -85,16 +91,16 @@ install_file() # $1 = source $2 = target $3 = mode
run_install $T $OWNERSHIP -m $3 $1 ${2}
}
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
#
# Load packager's settings if any
#
[ -f ../shorewall-pkg.config ] && . ../shorewall-pkg.config
if [ -f shorewall-lite ]; then
PRODUCT=shorewall-lite
Product="Shorewall Lite"
@ -103,39 +109,73 @@ else
Product="Shorewall6 Lite"
fi
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
while [ $# -gt 0 ] ; do
finished=0
while [ $finished -eq 0 ] ; do
case "$1" in
-h|help|?)
usage 0
;;
-v)
echo "$Product Firewall Installer Version $VERSION"
exit 0
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "$Product Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
usage 1
finished=1
;;
esac
shift
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc || exit 1
file=./shorewallrc
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file
;;
esac
[ -n "${LIBEXEC:=/usr/share}" ]
. $file
else
usage 1
fi
case "$LIBEXEC" in
/*)
;;
*)
echo "The LIBEXEC setting must be an absolute path name" >&2
exit 1
;;
esac
for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARDIR; do
require $var
done
PATH=${SBINDIR}:/bin:/usr${SBINDIR}:/usr/bin:/usr/local/bin:/usr/local${SBINDIR}
#
# Determine where to install the firewall script
@ -154,15 +194,15 @@ if [ -z "$BUILD" ]; then
BUILD=apple
;;
*)
if [ -f /etc/debian_version ]; then
if [ -f ${CONFDIR}/debian_version ]; then
BUILD=debian
elif [ -f /etc/redhat-release ]; then
elif [ -f ${CONFDIR}/redhat-release ]; then
BUILD=redhat
elif [ -f /etc/SuSE-release ]; then
elif [ -f ${CONFDIR}/SuSE-release ]; then
BUILD=suse
elif [ -f /etc/slackware-version ] ; then
elif [ -f ${CONFDIR}/slackware-version ] ; then
BUILD=slackware
elif [ -f /etc/arch-release ] ; then
elif [ -f ${CONFDIR}/arch-release ] ; then
BUILD=archlinux
else
BUILD=linux
@ -203,21 +243,15 @@ case "$HOST" in
;;
debian)
echo "Installing Debian-specific configuration..."
SPARSE=yes
;;
redhat)
echo "Installing Redhat/Fedora-specific configuration..."
[ -n "$INITDIR" ] || INITDIR=/etc/rc.d/init.d
;;
slackware)
echo "Installing Slackware-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
[ -n "$INITFILE" ] || INITFILE="rc.firewall"
[ -n "$MANDIR=" ] || MANDIR=/usr/man
;;
archlinux)
echo "Installing ArchLinux-specific configuration..."
[ -n "$INITDIR" ] || INITDIR="/etc/rc.d"
;;
linux|suse)
;;
@ -227,7 +261,7 @@ case "$HOST" in
;;
esac
[ -z "$INITDIR" ] && INITDIR="/etc/init.d"
[ -z "$INITDIR" ] && INITDIR="${CONFDIR}/init.d"
if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then
@ -235,8 +269,8 @@ if [ -n "$DESTDIR" ]; then
OWNERSHIP=""
fi
install -d $OWNERSHIP -m 755 ${DESTDIR}/sbin
install -d $OWNERSHIP -m 755 ${DESTDIR}${DESTFILE}
install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR}
install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR}
if [ -n "$SYSTEMD" ]; then
mkdir -p ${DESTDIR}/lib/systemd/system
@ -257,27 +291,27 @@ fi
echo "Installing $Product Version $VERSION"
#
# Check for /etc/$PRODUCT
# Check for ${CONFDIR}/$PRODUCT
#
if [ -z "$DESTDIR" -a -d /etc/$PRODUCT ]; then
if [ -z "$DESTDIR" -a -d ${CONFDIR}/$PRODUCT ]; then
if [ ! -f /usr/share/shorewall/coreversion ]; then
echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2
exit 1
fi
[ -f /etc/$PRODUCT/shorewall.conf ] && \
mv -f /etc/$PRODUCT/shorewall.conf /etc/$PRODUCT/$PRODUCT.conf
[ -f ${CONFDIR}/$PRODUCT/shorewall.conf ] && \
mv -f ${CONFDIR}/$PRODUCT/shorewall.conf ${CONFDIR}/$PRODUCT/$PRODUCT.conf
else
rm -rf ${DESTDIR}/etc/$PRODUCT
rm -rf ${DESTDIR}${CONFDIR}/$PRODUCT
rm -rf ${DESTDIR}/usr/share/$PRODUCT
rm -rf ${DESTDIR}/var/lib/$PRODUCT
[ "$LIBEXEC" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
[ "$LIBEXECDIR" = /usr/share ] || rm -rf ${DESTDIR}/usr/share/$PRODUCT/wait4ifup ${DESTDIR}/usr/share/$PRODUCT/shorecap
fi
#
# Check for /sbin/$PRODUCT
# Check for ${SBINDIR}/$PRODUCT
#
if [ -f ${DESTDIR}/sbin/$PRODUCT ]; then
if [ -f ${DESTDIR}${SBINDIR}/$PRODUCT ]; then
first_install=""
else
first_install="Yes"
@ -285,118 +319,123 @@ fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules
install_file $PRODUCT ${DESTDIR}/sbin/$PRODUCT 0544
install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544
echo "$Product control program installed in ${DESTDIR}/sbin/$PRODUCT"
echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT"
#
# Create /etc/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
# Create ${CONFDIR}/$PRODUCT, /usr/share/$PRODUCT and /var/lib/$PRODUCT if needed
#
mkdir -p ${DESTDIR}/etc/$PRODUCT
mkdir -p ${DESTDIR}${CONFDIR}/$PRODUCT
mkdir -p ${DESTDIR}/usr/share/$PRODUCT
mkdir -p ${DESTDIR}${LIBEXEC}/$PRODUCT
mkdir -p ${DESTDIR}${LIBEXECDIR}/$PRODUCT
mkdir -p ${DESTDIR}/var/lib/$PRODUCT
chmod 755 ${DESTDIR}/etc/$PRODUCT
chmod 755 ${DESTDIR}${CONFDIR}/$PRODUCT
chmod 755 ${DESTDIR}/usr/share/$PRODUCT
if [ -n "$DESTDIR" ]; then
mkdir -p ${DESTDIR}/etc/logrotate.d
chmod 755 ${DESTDIR}/etc/logrotate.d
mkdir -p ${DESTDIR}${CONFDIR}/logrotate.d
chmod 755 ${DESTDIR}${CONFDIR}/logrotate.d
mkdir -p ${DESTDIR}${INITDIR}
chmod 755 ${DESTDIR}${INITDIR}
fi
if [ -n "$INITFILE" ]; then
initfile="${DESTDIR}/${INITDIR}/${INITFILE}"
case $TARGET in
debian)
install_file init.debian.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.debian.sh "$initfile" 0544
;;
redhat)
install_file init.fedora.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.fedora.sh "$initfile" 0544
;;
archlinux)
install_file init.archlinux.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.archlinux.sh "$initfile" 0544
;;
*)
install_file init.sh ${DESTDIR}${INITDIR}/${INITFILE} 0544
install_file init.sh "$initfile" 0544
;;
esac
echo "$Product init script installed in ${DESTDIR}${INITDIR}/${INITFILE}"
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' "$initfile"
echo "$Product init script installed in $initfile"
fi
#
# Install the .service file
#
if [ -n "$SYSTEMD" ]; then
run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/lib/systemd/system/$PRODUCT.service
run_install $OWNERSHIP -m 600 $PRODUCT.service ${DESTDIR}/${SYSTEMD}/$PRODUCT.service
echo "Service file installed as ${DESTDIR}/lib/systemd/system/$PRODUCT.service"
fi
#
# Install the config file
#
if [ ! -f ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf ]; then
install_file $PRODUCT.conf ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf 0744
echo "Config file installed as ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf"
if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then
install_file $PRODUCT.conf ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf 0744
echo "Config file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf"
fi
if [ $HOST = archlinux ] ; then
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/$PRODUCT/$PRODUCT.conf
sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf
fi
#
# Install the Makefile
#
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}/etc/$PRODUCT
echo "Makefile installed as ${DESTDIR}/etc/$PRODUCT/Makefile"
run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT
echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile"
#
# Install the default config path file
#
install_file configpath ${DESTDIR}/usr/share/$PRODUCT/configpath 0644
echo "Default config path file installed as ${DESTDIR}/usr/share/$PRODUCT/configpath"
install_file configpath ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath 0644
echo "Default config path file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/configpath"
#
# Install the libraries
#
for f in lib.* ; do
if [ -f $f ]; then
install_file $f ${DESTDIR}/usr/share/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f"
fi
done
ln -sf lib.base ${DESTDIR}/usr/share/$PRODUCT/functions
ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions
echo "Common functions linked through ${DESTDIR}/usr/share/$PRODUCT/functions"
echo "Common functions linked through ${DESTDIR}${SHAREDIR}/$PRODUCT/functions"
#
# Install Shorecap
#
install_file shorecap ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap 0755
install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755
echo
echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/$PRODUCT/shorecap"
echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap"
#
# Install the Modules files
#
if [ -f modules ]; then
run_install $OWNERSHIP -m 0600 modules ${DESTDIR}/usr/share/$PRODUCT
echo "Modules file installed as ${DESTDIR}/usr/share/$PRODUCT/modules"
run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
fi
if [ -f helpers ]; then
run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}/usr/share/$PRODUCT
echo "Helper modules file installed as ${DESTDIR}/usr/share/$PRODUCT/helpers"
run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT
echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
fi
for f in modules.*; do
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/$PRODUCT/$f
echo "Module file $f installed as ${DESTDIR}/usr/share/$PRODUCT/$f"
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f
echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
done
#
@ -406,18 +445,18 @@ done
if [ -d manpages ]; then
cd manpages
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}/usr/share/man/man5/ ${DESTDIR}/usr/share/man/man8/
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${SHAREDIR}/man/man5/ ${DESTDIR}${SHAREDIR}/man/man8/
for f in *.5; do
gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man5/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man5/$f.gz"
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man5/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man5/$f.gz"
done
for f in *.8; do
gzip -c $f > $f.gz
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}/usr/share/man/man8/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}/usr/share/man/man8/$f.gz"
run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${SHAREDIR}/man/man8/$f.gz
echo "Man page $f.gz installed to ${DESTDIR}${SHAREDIR}/man/man8/$f.gz"
done
cd ..
@ -425,73 +464,78 @@ if [ -d manpages ]; then
echo "Man Pages Installed"
fi
if [ -d ${DESTDIR}/etc/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}/etc/logrotate.d/$PRODUCT
echo "Logrotate file installed as ${DESTDIR}/etc/logrotate.d/$PRODUCT"
if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
fi
#
# Create the version file
#
echo "$VERSION" > ${DESTDIR}/usr/share/$PRODUCT/version
chmod 644 ${DESTDIR}/usr/share/$PRODUCT/version
echo "$VERSION" > ${DESTDIR}${SHAREDIR}/$PRODUCT/version
chmod 644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version
#
# Remove and create the symbolic link to the init script
#
if [ -z "$DESTDIR" ]; then
rm -f /usr/share/$PRODUCT/init
ln -s ${INITDIR}/${INITFILE} /usr/share/$PRODUCT/init
rm -f ${SHAREDIR}/$PRODUCT/init
ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init
fi
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.common
delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.cli
delete_file ${DESTDIR}/usr/share/$PRODUCT/wait4ifup
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.common
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/lib.cli
delete_file ${DESTDIR}${SHAREDIR}/$PRODUCT/wait4ifup
if [ -z "$DESTDIR" ]; then
touch /var/log/$PRODUCT-init.log
if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then
if [ ${DESTDIR} ]; then
mkdir -p ${DESTDIR}${SYSCONFDIR}
chmod 755 ${DESTDIR}${SYSCONFDIR}
fi
if [ -n "$first_install" ]; then
if [ $HOST = debian ]; then
run_install $OWNERSHIP -m 0644 default.debian /etc/default/$PRODUCT
run_install $OWNERSHIP -m 0644 default.debian ${DESTDIR}${SYSCONFDIR}/${PRODUCT}
echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
fi
update-rc.d $PRODUCT defaults
if [ -x /sbin/insserv ]; then
insserv /etc/init.d/$PRODUCT
else
ln -s ../init.d/$PRODUCT /etc/rcS.d/S40$PRODUCT
fi
if [ ${SHAREDIR} != /usr/share ]; then
[ $PRODUCT = shorewall ] && eval sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SHAREDIR}/lib.base
sed -i \'s\|/usr/share/|${SHAREDIR}/|\' ${DESTDIR}/${SBINDIR}/$PRODUCT
fi
if [ -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
if mywhich update-rc.d ; then
echo "$PRODUCT will start automatically at boot"
echo "Set startup=1 in ${SYSCONFDIR}/$PRODUCT to enable"
touch /var/log/$PRODUCT-init.log
perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' ${CONFDIR}/${PRODUCT}/${PRODUCT}.conf
elif [ -n "$SYSTEMD" ]; then
if systemctl enable $PRODUCT; then
echo "$Product will start automatically at boot"
else
if [ -n "$SYSTEMD" ]; then
if systemctl enable $PRODUCT; then
echo "$Product will start automatically at boot"
fi
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
if insserv /etc/init.d/$PRODUCT ; then
echo "$Product will start automatically at boot"
else
cant_autostart
fi
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
if chkconfig --add $PRODUCT ; then
echo "$Product will start automatically in run levels as follows:"
chkconfig --list $PRODUCT
else
cant_autostart
fi
elif [ -x /sbin/rc-update ]; then
if rc-update add $PRODUCT default; then
echo "$Product will start automatically at boot"
else
cant_autostart
fi
elif [ "$INITFILE" != rc.firewall ]; then #Slackware starts this automatically
cant_autostart
fi
fi
elif mywhich insserv; then
if insserv ${INITDIR}/${INITFILE} ; then
echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
else
cant_autostart
fi
elif mywhich chkconfig; then
if chkconfig --add $PRODUCT ; then
echo "$PRODUCT will start automatically in run levels as follows:"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/${PRODUCT}.conf to enable"
chkconfig --list $PRODUCT
else
cant_autostart
fi
elif mywhich rc-update ; then
if rc-update add $PRODUCT default; then
echo "$PRODUCT will start automatically at boot"
echo "Set STARTUP_ENABLED=Yes in ${CONFDIR}/$PRODUCT/$PRODUCT.conf to enable"
else
cant_autostart
fi
elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically
cant_autostart
fi
fi

12
Shorewall-lite/shorewall-lite
View File

@ -27,6 +27,16 @@
################################################################################################
g_program=shorewall-lite
. /usr/share/shorewall/lib.cli
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

93
Shorewall-lite/uninstall.sh
View File

@ -31,7 +31,7 @@ VERSION=xxx #The Build script inserts the actual version
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME"
echo "usage: $ME [ <shorewallrc file> ]"
exit $1
}
@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall-lite.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,8 +69,23 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall-lite/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall-lite/version)"
if [ $# -eq 0 ]; then
file=/usr/share/shorewall/shorewallrc
elif [ $# -eq 1 ]; then
file=$1
else
usage 1
fi
if [ -f "$file" ]; then
. "$file"
else
echo "File $file not found" >&2
exit 1
fi
if [ -f ${SHAREDIR}/shorewall-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,49 +96,40 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall ]; then
/sbin/shorewall-lite clear
if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall ]; then
shorewall-lite clear
fi
if [ -L /usr/share/shorewall-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall-lite/init)
else
FIREWALL=/etc/init.d/shorewall-lite
if [ -L ${SHAREDIR}/shorewall-lite/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init)
elIF [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif if mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif [ mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall-lite
rm -f /sbin/shorewall-lite-*.bkout
rm -f ${SBINDIR}/shorewall-lite
rm -rf /etc/shorewall-lite
rm -rf /etc/shorewall-lite-*.bkout
rm -rf /var/lib/shorewall-lite
rm -rf /var/lib/shorewall-lite-*.bkout
rm -rf /usr/share/shorewall-lite
rm -rf ${SBINDIR}/shorewall-lite
rm -rf ${VARDIR}/shorewall-lite
rm -rf ${SHAREDIR}/shorewall-lite
rm -rf ${LIBEXEC}/shorewall-lite
rm -rf /usr/share/shorewall-lite-*.bkout
rm -f /etc/logrotate.d/shorewall-lite
rm -f /lib/systemd/system/shorewall-lite.service
rm -f ${CONFDIR}/logrotate.d/shorewall-lite
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall-lite.service
echo "Shorewall Lite Uninstalled"

16
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -160,15 +160,17 @@ sub generate_script_2() {
emit( 'g_family=4' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall-lite',
'CONFDIR=/etc/shorewall-lite',
emit ( 'SHAREDIR=$SHAREDIR/shorewall-lite',
'CONFDIR=$CONFDIR/shorewall-lite',
'VARDIR=$VARDIR/shorewall-lite',
'g_product="Shorewall Lite"',
'g_program=shorewall-lite',
'g_basedir=/usr/share/shorewall-lite',
);
} else {
emit ( 'SHAREDIR=/usr/share/shorewall',
'CONFDIR=/etc/shorewall',
emit ( 'SHAREDIR=$SHAREDIR/shorewall',
'CONFDIR=$CONFDIR/shorewall',
'VARDIR=$VARDIR/shorewall',
'g_product=Shorewall',
'g_program=shorewall',
'g_basedir=/usr/share/shorewall',
@ -178,8 +180,9 @@ sub generate_script_2() {
emit( 'g_family=6' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall6-lite',
'CONFDIR=/etc/shorewall6-lite',
emit ( 'SHAREDIR=/$SHAREDIR/shorewall6-lite',
'CONFDIR=$CONFDIR/shorewall6-lite',
'VARDIR=$VARDIR/shorewall6-lite',
'g_product="Shorewall6 Lite"',
'g_program=shorewall6-lite',
'g_basedir=/usr/share/shorewall6',
@ -187,6 +190,7 @@ sub generate_script_2() {
} else {
emit ( 'SHAREDIR=/usr/share/shorewall6',
'CONFDIR=/etc/shorewall6',
'VARDIR=$VARDIR/shorewall6',
'g_product=Shorewall6',
'g_program=shorewall6',
'g_basedir=/usr/share/shorewall'

54
Shorewall/Perl/Shorewall/Config.pm
View File

@ -141,6 +141,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
%config
%globals
%config_files
%shorewallrc
@auditoptions
@ -433,7 +434,12 @@ my %converted = ( WIDE_TC_MARKS => 1,
my $omitting;
my @ifstack;
my $ifstack;
#
# From .shorewallrc
#
our %shorewallrc;
sub process_shorewallrc();
#
# Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons:
@ -474,9 +480,9 @@ sub initialize( $ ) {
#
# Misc Globals
#
%globals = ( SHAREDIRPL => '/usr/share/shorewall/' ,
CONFDIR => '/etc/shorewall', # Run-time configuration directory
CONFIGDIR => '', # Compile-time configuration directory (location of $product.conf)
%globals = ( SHAREDIRPL => '' ,
CONFDIR => '', # Run-time configuration directory
CONFIGDIR => '', # Compile-time configuration directory (location of $product.conf)
LOGPARMS => '',
TC_SCRIPT => '',
EXPORT => 0,
@ -748,15 +754,24 @@ sub initialize( $ ) {
@actparms = ();
%shorewallrc = (
SHAREDIR => '/usr/share/',
CONFDIR => '/etc/',
);
process_shorewallrc;
$globals{SHAREDIRPL} = "$shorewallrc{SHAREDIR}/shorewall/";
if ( $family == F_IPV4 ) {
$globals{SHAREDIR} = '/usr/share/shorewall';
$globals{CONFDIR} = '/etc/shorewall';
$globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall";
$globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall";
$globals{PRODUCT} = 'shorewall';
$config{IPTABLES} = undef;
$validlevels{ULOG} = 'ULOG';
} else {
$globals{SHAREDIR} = '/usr/share/shorewall6';
$globals{CONFDIR} = '/etc/shorewall6';
$globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall6";
$globals{CONFDIR} = "$shorewallrc{CONFDIR}/shorewall6";
$globals{PRODUCT} = 'shorewall6';
$config{IP6TABLES} = undef;
}
@ -2084,7 +2099,7 @@ sub set_action_param( $$ ) {
#
# Expand Shell Variables in the passed buffer using %params and @actparms
#
sub expand_variables( \$ ) {
sub expand_variables( \$;$ ) {
my ( $lineref, $count ) = ( $_[0], 0 );
# $1 $2 $3 - $4
while ( $$lineref =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
@ -2098,6 +2113,8 @@ sub expand_variables( \$ ) {
$val = $actparms[$var];
} elsif ( exists $params{$var} ) {
$val = $params{$var};
} elsif ( $_[1] && exists $shorewallrc{$var} ) {
$val = $shorewallrc{$var}
} else {
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
$val = $config{$var};
@ -2259,6 +2276,25 @@ sub read_a_line1() {
}
}
sub process_shorewallrc() {
my $home = $ENV{HOME} || `echo ~`;
$shorewallrc{PRODUCT} = $family == F_IPV4 ? 'shorewall' : 'shorewall6';
if ( $home && open_file "$home/.shorewallrc" ) {
while ( read_a_line1 ) {
if ( $currentline =~ /^([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2);
$val = $1 if $val =~ /^\"([^\"]*)\"$/;
expand_variables($val, 1 ) if supplied $val;
$shorewallrc{$var} = $val;
} else {
fatal_error "Unrecognized shorewallrc entry";
}
}
}
}
#
# Provide the passed default value for the passed configuration variable
#
@ -3195,7 +3231,7 @@ sub ensure_config_path() {
my $f = "$globals{SHAREDIR}/configpath";
$globals{CONFDIR} = "/usr/share/$product/configfiles/" if $> != 0;
$globals{CONFDIR} = "$shorewallrc{SHAREDIR}/$product/configfiles/" if $> != 0;
unless ( $config{CONFIG_PATH} ) {
fatal_error "$f does not exist" unless -f $f;

2
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1039,7 +1039,7 @@ sub validate_tc_class( ) {
fatal_error "Unknown Parent class ($parentnum)" unless $parentref && $parentref->{occurs} == 1;
fatal_error "The class ($parentnum) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
fatal_error "The class ($parentnum) specifies flow; it cannot serve as a parent" if $parentref->{flow};
fatal_error "The default class ($parentnum) may not have sub-classes" if $devref->{default} == $parentclass;
fatal_error "The default class ($parentnum) may not have sub-classes" if ( $devref->{default} || 0 ) == $parentclass;
$parentref->{leaf} = 0;
$ratemax = $parentref->{rate};
$ratename = q(the parent class's RATE);

17
Shorewall/Perl/getparams
View File

@ -33,7 +33,22 @@ else
g_program=shorewall
fi
. /usr/share/shorewall/lib.cli
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=${CONFDIR}
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
CONFIG_PATH="$2"

11
Shorewall/Perl/macro.BLACKLIST Normal file
View File

@ -0,0 +1,11 @@
#
# Shorewall version 4 - blacklist Macro
#
# /usr/share/shorewall/macro.blacklist
#
# This macro handles blacklisting using BLACKLIST_DISPOSITION and BLACKLIST_LOGLEVEL
#
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/
# PORT(S) PORT(S) LIMIT GROUP
$BLACKLIST_DISPOSITION:$BLACKLIST_LOGLEVEL

21
Shorewall/Perl/prog.footer
View File

@ -85,6 +85,27 @@ g_noroutes=$NOROUTES
g_timestamp=$TIMESTAMP
g_recovering=$RECOVERING
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREAWLLRC_HOME}/.shorewallrc || exit 1
else
CONFDIR=/etc
SHAREDIR=/usr/share
VARDIR=/var/lib
fi
if [ -n "$TEMPDIR" ]; then
TMPDIR="$TEMPDIR"
export TMPDIR
fi
initialize
if [ -n "$STARTUP_LOG" ]; then

10
Shorewall/init.debian.sh
View File

@ -11,7 +11,6 @@
### END INIT INFO
SRWL=/sbin/shorewall
SRWL_OPTS="-tvv"
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
@ -54,10 +53,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall" ]
if [ -f "${SYSCONFDIR}/shorewall" ]
then
. /etc/default/shorewall
. ${SYSCONFDIR}/shorewall
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

20
Shorewall/init.sh
View File

@ -54,7 +54,7 @@ RCDLINKS="2,S41 3,S41 6,K41"
# Give Usage Information #
################################################################################
usage() {
echo "Usage: $0 start|stop|reload|restart|status"
echo "Usage: $0 start|stop|reload|restart|status" >&2
exit 1
}
@ -62,10 +62,14 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall ]; then
. /etc/sysconfig/shorewall
elif [ -f /etc/default/shorewall ] ; then
. /etc/default/shorewall
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f ${SYSCONFDIR}/shorewall ]; then
. ${SYSCONFDIR}/shorewall
fi
export SHOREWALL_INIT_SCRIPT=1
@ -78,13 +82,13 @@ shift
case "$command" in
start)
exec /sbin/shorewall $OPTIONS start $STARTOPTIONS
exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall $OPTIONS restart $RESTARTOPTIONS
exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall $OPTIONS $command
exec $SBINDIR/shorewall $OPTIONS $command
;;
*)
usage

906
Shorewall/install.sh
View File

File diff suppressed because it is too large Load Diff

20
Shorewall/lib.cli-std
View File

@ -1353,11 +1353,13 @@ reload_command() # $* = original arguments less the command.
;;
esac
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
config=$(rsh_command ${g_program}-lite show config 2> /dev/null)
temp=$(echo $config | grep ^LITEDIR | sed 's/LITEDIR is //')
[ -n "$temp" ] && litedir="$temp"
temp=$(rsh_command /sbin/${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
temp=$(echo $config | grep ^LIBEXEC | sed 's/LIBEXEC is //')
if [ -n "$temp" ]; then
case $temp in
@ -1370,6 +1372,14 @@ reload_command() # $* = original arguments less the command.
esac
fi
temp=$(echo $config | grep ^SBINDIR | sed 's/SBINDIR is //')
if [ -n "$temp" ]; then
sbindir="$temp"
else
sbindir=/sbin
fi
if [ -z "$getcaps" ]; then
g_shorewalldir=$(resolve_file $directory)
ensure_config_path
@ -1414,15 +1424,15 @@ reload_command() # $* = original arguments less the command.
progress_message3 "Copy complete"
if [ $COMMAND = reload ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp restart" && \
progress_message3 "System $system reloaded" || saveit=
else
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp start" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp start" && \
progress_message3 "System $system loaded" || saveit=
fi
if [ -n "$saveit" ]; then
rsh_command "/sbin/${g_program}-lite $g_debugging $verbose $timestamp save" && \
rsh_command "${sbin}/${g_program}-lite $g_debugging $verbose $timestamp save" && \
progress_message3 "Configuration on system $system saved"
fi
fi

13
Shorewall/shorewall
View File

@ -27,6 +27,17 @@
################################################################################################
g_program=shorewall
. /usr/share/shorewall/lib.cli
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

134
Shorewall/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,8 +69,39 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall/version)"
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -72,62 +112,54 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
echo "Uninstalling shorewall $VERSION"
if qt iptables -L shorewall -n && [ ! -f /sbin/shorewall-lite ]; then
/sbin/shorewall clear
if qt iptables -L shorewall -n && [ ! -f ${SBINDIR}/shorewall-lite ]; then
shorewall clear
fi
if [ -L /usr/share/shorewall/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall/init)
else
FIREWALL=/etc/init.d/shorewall
if [ -L ${SHAREDIR}/shorewall/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=/${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d; then
updaterc.d shorewall remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv; then
insserv -r $FIREWALL
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl; then
systemctl disable shorewall
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig; then
chkconfig --del $(basename $FIREWALL)
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
[ -f "$AUXINITFILE" ] && remove_file ${INITDIR}/{$AUXINITFILE}
fi
rm -f /sbin/shorewall
rm -f /sbin/shorewall-*.bkout
rm -f ${SBINDIR}/shorewall
rm -rf /usr/share/shorewall/version
rm -rf /etc/shorewall
rm -rf /etc/shorewall-*.bkout
rm -rf /var/lib/shorewall
rm -rf /var/lib/shorewall-*.bkout
rm -rf ${SHAREDIR}/shorewall/version
rm -rf ${CONFDIR}/shorewall
rm -rf ${VARDIR}/shorewall
rm -rf ${PERLLIB}/Shorewall/*
rm -rf ${LIBEXEC}/shorewall
rm -rf /usr/share/shorewall/configfiles/
rm -rf /usr/share/shorewall/Samples/
rm -rf /usr/share/shorewall/Shorewall/
rm -f /usr/share/shorewall/lib.cli-std
rm -f /usr/share/shorewall/lib.core
rm -f /usr/share/shorewall/compiler.pl
rm -f /usr/share/shorewall/prog.*
rm -f /usr/share/shorewall/module*
rm -f /usr/share/shorewall/helpers
rm -f /usr/share/shorewall/action*
rm -f /usr/share/shorewall/init
rm -rf /usr/share/shorewall-*.bkout
rm -rf ${SHAREDIR}/shorewall/configfiles/
rm -rf ${SHAREDIR}/shorewall/Samples/
rm -rf ${SHAREDIR}/shorewall/Shorewall/
rm -f ${SHAREDIR}/shorewall/lib.cli-std
rm -f ${SHAREDIR}/shorewall/lib.core
rm -f ${SHAREDIR}/shorewall/compiler.pl
rm -f ${SHAREDIR}/shorewall/prog.*
rm -f ${SHAREDIR}/shorewall/module*
rm -f ${SHAREDIR}/shorewall/helpers
rm -f ${SHAREDIR}/shorewall/action*
rm -f ${SHAREDIR}/shorewall/init
for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
for f in ${MANDIR}/man5/shorewall* ${MANDIR}/man8/shorewall*; do
case $f in
shorewall6*|shorewall-lite*)
;;
@ -137,8 +169,10 @@ for f in /usr/share/man/man5/shorewall* /usr/share/man/man8/shorewall*; do
esac
done
rm -f /etc/logrotate.d/shorewall
rm -f /lib/systemd/system/shorewall.service
rm -f ${CONFDIR}/logrotate.d/shorewall
if [ -n "$SYSTEMD" ]; THEN
rm -f ${SYSTEMD}/shorewall.service
echo "Shorewall Uninstalled"

5
Shorewall6-lite/init.debian.sh
View File

@ -78,6 +78,11 @@ else
not_configured
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# start the firewall
shorewall6_start () {
echo -n "Starting \"Shorewall6 Lite firewall\": "

11
Shorewall6-lite/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6-lite"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

16
Shorewall6-lite/init.sh
View File

@ -61,11 +61,11 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS=
if [ -f /etc/sysconfig/shorewall6-lite ]; then
. /etc/sysconfig/shorewall6-lite
elif [ -f /etc/default/shorewall6-lite ] ; then
. /etc/default/shorewall6-lite
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1
@ -76,13 +76,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall6-lite $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall6-lite $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall6-lite $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall6-lite $OPTIONS $command $@
exec ${SBINDIR}/shorewall6-lite $OPTIONS $command $@
;;
*)
usage

28
Shorewall6-lite/shorewall6-lite
View File

@ -27,6 +27,32 @@
################################################################################################
g_program=shorewall6-lite
. /usr/share/shorewall/lib.cli
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREWALLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

100
Shorewall6-lite/uninstall.sh
View File

@ -40,6 +40,27 @@ qt()
"$@" >/dev/null 2>&1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
{
if [ -f $1 -o -L $1 ] ; then
@ -48,8 +69,39 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall6-lite/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6-lite/version)"
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall6-lite/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall Lite Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
@ -60,49 +112,39 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling Shorewall Lite $VERSION"
if qt ip6tables -L shorewall -n && [ ! -f /sbin/shorewall6 ]; then
/sbin/shorewall6-lite clear
if qt ip6tables -L shorewall -n && [ ! -f ${SBINDIR)/shorewall6 ]; then
${SBINDIR}/shorewall6-lite clear
fi
if [ -L /usr/share/shorewall6-lite/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6-lite/init)
else
FIREWALL=/etc/init.d/shorewall6-lite
if [ -l ${SHAREDIR}/shorewall6-lite/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6-lite/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall6-lite remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall6-lite
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall6-lite
rm -f /sbin/shorewall6-lite-*.bkout
rm -rf /etc/shorewall6-lite
rm -rf /etc/shorewall6-lite-*.bkout
rm -rf /var/lib/shorewall6-lite
rm -rf /var/lib/shorewall6-lite-*.bkout
rm -rf /usr/share/shorewall6-lite
rm -f ${SBINDIR}/shorewall6-lite
rm -rf ${CONFDIR}/shorewall6-lite
rm -rf ${VARDIR}/shorewall6-lite
rm -rf ${SHAREDIR}/shorewall6-lite
rm -rf ${LIBEXEC}/shorewall6-lite
rm -rf /usr/share/shorewall6-lite-*.bkout
rm -f /etc/logrotate.d/shorewall6-lite
rm -f /lib/systemd/system/shorewall6-lite.service
rm -f ${CONFDIR}/logrotate.d/shorewall6-lite
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6-lite.service
echo "Shorewall6 Lite Uninstalled"

9
Shorewall6/init.debian.sh
View File

@ -54,10 +54,15 @@ not_configured () {
exit 0
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall6" ]
if [ -f "${SYSCONFDIR}/shorewall6" ]
then
. /etc/default/shorewall6
. ${SYSCONFDIR}/shorewall6
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then

11
Shorewall6/init.fedora.sh
View File

@ -20,16 +20,21 @@
# Source function library.
. /etc/rc.d/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
prog="shorewall6"
shorewall="/sbin/$prog"
shorewall="${SBINDIR}/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
if [ -f ${SYSCONFDIR}/$prog ]; then
. ${SYSCONFDIR}/$prog
fi
start() {

16
Shorewall6/init.sh
View File

@ -62,11 +62,11 @@ usage() {
# Get startup options (override default)
################################################################################
OPTIONS="-v0"
if [ -f /etc/sysconfig/shorewall6 ]; then
. /etc/sysconfig/shorewall6
elif [ -f /etc/default/shorewall6 ] ; then
. /etc/default/shorewall6
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
export SHOREWALL_INIT_SCRIPT=1
@ -77,13 +77,13 @@ command="$1"
case "$command" in
start)
exec /sbin/shorewall6 $OPTIONS start $STARTOPTIONS
exec ${SBINDIR}/shorewall6 $OPTIONS start $STARTOPTIONS
;;
restart|reload)
exec /sbin/shorewall6 $OPTIONS restart $RESTARTOPTIONS
exec ${SBINDIR}/shorewall6 $OPTIONS restart $RESTARTOPTIONS
;;
status|stop)
exec /sbin/shorewall6 $OPTIONS $command $@
exec ${SBINDIR}/shorewall6 $OPTIONS $command $@
;;
*)
usage

20
Shorewall6/shorewall6
View File

@ -27,6 +27,24 @@
################################################################################################
g_program=shorewall6
. /usr/share/shorewall/lib.cli
if [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
else
SHAREDIR=/usr/share
CONFDIR=/etc
SBINDIR=/sbin
VARDIR=/var/lib
LIBEXECDIR=/usr/share
PERLLIBDIR=/usr/share/shorewall
fi
g_libexec="$LIBEXECDIR"
g_sharedir="$SHAREDIR"
g_sbindir="$SBINDIR"
g_perllib="$PERLLIBDIR"
g_readrc=1
. $g_sharedir/shorewall/lib.cli
shorewall_cli $@

108
Shorewall6/uninstall.sh
View File

@ -40,16 +40,25 @@ qt()
"$@" >/dev/null 2>&1
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
fi
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to restore
@ -60,7 +69,38 @@ remove_file() # $1 = file to restore
fi
}
if [ -f /usr/share/shorewall6/version ]; then
if [ -f ./.shorewallrc ]; then
. ./.shorewallrc || exit 1
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || exit 1
elif [ -r /root/.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif [ -r /.shorewallrc ]; then
. /root/.shorewallrc || exit 1
elif - -f ${SHOREAWLLRC_HOME}/.shorewallrc; then
. ${SHOREWALLRC_HOME}/.shorewallrc || exit 1
else
[ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=/usr/share/shorewall}" ]
[ -n "${CONFDIR:=/etc}" ]
if [ -z "$SYSCONFDIR" ]; then
if [ -d /etc/default ]; then
SYSCONFDIR=/etc/default
else
SYSCONFDIR=/etc/sysconfig
fi
fi
[ -n "${SBINDIR:=/sbin}" ]
[ -n "${SHAREDIR:=/usr/share}" ]
[ -n "${VARDIR:=/var/lib}" ]
[ -n "${INITFILE:=shorewall}" ]
[ -n "${INITDIR:=/etc/init.d}" ]
[ -n "${MANDIR:=/usr/share/man}" ]
fi
if [ -f ${SHARDIR}/shorewall6/version ]; then
INSTALLED_VERSION="$(cat /usr/share/shorewall6/version)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: Shorewall6 Version $INSTALLED_VERSION is installed"
@ -72,49 +112,39 @@ else
VERSION=""
fi
[ -n "${LIBEXEC:=/usr/share}" ]
echo "Uninstalling shorewall6 $VERSION"
if qt ip6tables -L shorewall6 -n && [ ! -f /sbin/shorewall6-lite ]; then
/sbin/shorewall6 clear
if qt ip6tables -L shorewall6 -n && [ ! -f ${SBINDIR}/shorewall6-lite ]; then
${SBINDIR}/shorewall6 clear
fi
if [ -L /usr/share/shorewall6/init ]; then
FIREWALL=$(readlink -m -q /usr/share/shorewall6/init)
else
FIREWALL=/etc/init.d/shorewall6
if [ -L ${SHAREDIR}/shorewall6/init ]; then
FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init)
elif [ -n "$INITFILE" ]; then
FIREWALL=${INITDIR}/${INITFILE}
fi
if [ -n "$FIREWALL" ]; then
if [ -x /usr/sbin/updaterc.d ]; then
if [ -f "$FIREWALL" ]; then
if mywhich updaterc.d ; then
updaterc.d shorewall6 remove
elif [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
elif mywhich insserv ; then
insserv -r $FIREWALL
elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
elif mywhich chkconfig ; then
chkconfig --del $(basename $FIREWALL)
elif [ -x /sbin/systemctl ]; then
elif mywhich systemctl ; then
systemctl disable shorewall6
else
rm -f /etc/rc*.d/*$(basename $FIREWALL)
fi
remove_file $FIREWALL
rm -f ${FIREWALL}-*.bkout
fi
rm -f /sbin/shorewall6
rm -f /sbin/shorewall6-*.bkout
rm -rf /etc/shorewall6
rm -rf /etc/shorewall6-*.bkout
rm -rf /var/lib/shorewall6
rm -rf /var/lib/shorewall6-*.bkout
rm -f ${SBINDIR}/shorewall6
rm -rf ${CONFDIR}/shorewall6
rm -rf ${VARDIR}/shorewall6
rm -rf ${LIBEXEC}/shorewall6
rm -rf /usr/share/shorewall6
rm -rf /usr/share/shorewall6-*.bkout
rm -rf ${SHAREDIR}/shorewall6
for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
for f in ${MANDIR}/man5/shorewall6* ${SHAREDIR}/man/man8/shorewall6*; do
case $f in
shorewall6-lite*)
;;
@ -123,8 +153,8 @@ for f in /usr/share/man/man5/shorewall6* /usr/share/man/man8/shorewall6*; do
esac
done
rm -f /etc/logrotate.d/shorewall6
rm -f /lib/systemd/system/shorewall6.service
rm -f ${CONFDIR}/logrotate.d/shorewall6
[ -n "$SYSTEMD" ] && rm -f ${SYSTEMD}/shorewall6.service
echo "Shorewall6 Uninstalled"

1189
docs/Install.xml
View File

File diff suppressed because it is too large Load Diff