holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Unify prog.footer and prog.footer6

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-01-07 13:53:41 -08:00
parent aab9fb1d8e
commit ce73bb3d22
3 changed files with 107 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -859,13 +859,7 @@ sub compiler {
# #
# Copy the footer to the script # Copy the footer to the script
# #
unless ( $test ) { copy $globals{SHAREDIRPL} . 'prog.footer' unless $test;
if ( $family == F_IPV4 ) {
copy $globals{SHAREDIRPL} . 'prog.footer';
} else {
copy $globals{SHAREDIRPL} . 'prog.footer6';
}
}
disable_script; disable_script;
# #

76
Shorewall/Perl/prog.footer
View File

@ -31,6 +31,31 @@ usage() {
echo " -R <file> Override RESTOREFILE setting" echo " -R <file> Override RESTOREFILE setting"
exit $1 exit $1
} }
checkkernelversion() {
local kernel
if [ $g_family -eq 6 ]; then
kernel=$(uname -r 2> /dev/null | sed -e 's/-.*//')
case "$kernel" in
*.*.*)
kernel=$(printf "%d%02d%02d" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
;;
*)
kernel=$(printf "%d%02d00" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2/g'))
;;
esac
if [ $kernel -lt 20624 ]; then
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
return 1
fi
fi
return 0
}
################################################################################ ################################################################################
# E X E C U T I O N B E G I N S H E R E # # E X E C U T I O N B E G I N S H E R E #
################################################################################ ################################################################################
@ -47,7 +72,7 @@ if [ $# -gt 1 ]; then
fi fi
fi fi
# #
# Map VERBOSE to VERBOSITY for compatibility with old Shorewall-lite installations # Map VERBOSE to VERBOSITY for compatibility with old Shorewall[6]-lite installations
# #
[ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE [ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
# #
@ -175,11 +200,12 @@ COMMAND="$1"
case "$COMMAND" in case "$COMMAND" in
start) start)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if shorewall_is_started; then if product_is_started; then
error_message "$g_product is already Running" error_message "$g_product is already Running"
status=0 status=0
else else
progress_message3 "Starting $g_product...." progress_message3 "Starting $g_product...."
if checkkernelversion; then
detect_configuration detect_configuration
define_firewall define_firewall
status=$? status=$?
@ -188,24 +214,27 @@ case "$COMMAND" in
progress_message3 "done." progress_message3 "done."
fi fi
fi fi
fi
;; ;;
stop) stop)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if checkkernelversion; then
progress_message3 "Stopping $g_product...." progress_message3 "Stopping $g_product...."
detect_configuration detect_configuration
stop_firewall stop_firewall
status=0 status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
progress_message3 "done." progress_message3 "done."
fi
;; ;;
reset) reset)
if ! shorewall_is_started ; then if ! product_is_started ; then
error_message "$g_product is not running" error_message "$g_product is not running"
status=2 status=2
elif [ $# -eq 1 ]; then elif checkkernelversion; then
$IPTABLES -Z if [ $# -eq 1 ]; then
$IPTABLES -t nat -Z $IP6TABLES -Z
$IPTABLES -t mangle -Z $IP6TABLES -t mangle -Z
date > ${VARDIR}/restarted date > ${VARDIR}/restarted
status=0 status=0
progress_message3 "$g_product Counters Reset" progress_message3 "$g_product Counters Reset"
@ -214,7 +243,7 @@ case "$COMMAND" in
status=0 status=0
for chain in $@; do for chain in $@; do
if chain_exists $chain; then if chain_exists $chain; then
if qt $IPTABLES -Z $chain; then if qt $IP6TABLES -Z $chain; then
progress_message3 "Filter $chain Counters Reset" progress_message3 "Filter $chain Counters Reset"
else else
error_message "ERROR: Reset of chain $chain failed" error_message "ERROR: Reset of chain $chain failed"
@ -226,10 +255,11 @@ case "$COMMAND" in
fi fi
done done
fi fi
fi
;; ;;
restart) restart)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if shorewall_is_started; then if product_is_started; then
progress_message3 "Restarting $g_product...." progress_message3 "Restarting $g_product...."
else else
error_message "$g_product is not running" error_message "$g_product is not running"
@ -237,22 +267,27 @@ case "$COMMAND" in
COMMAND=start COMMAND=start
fi fi
if checkkernelversion; then
detect_configuration detect_configuration
define_firewall define_firewall
status=$? status=$?
if [ -n "$SUBSYSLOCK" ]; then if [ -n "$SUBSYSLOCK" ]; then
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
fi fi
[ $status -eq 0 ] && progress_message3 "done." [ $status -eq 0 ] && progress_message3 "done."
fi
;; ;;
refresh) refresh)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if shorewall_is_started; then if product_is_started; then
progress_message3 "Refreshing $g_product...." progress_message3 "Refreshing $g_product...."
if checkkernelversion; then
detect_configuration detect_configuration
define_firewall define_firewall
status=$? status=$?
[ $status -eq 0 ] && progress_message3 "done." [ $status -eq 0 ] && progress_message3 "done."
fi
else else
echo "$g_product is not running" >&2 echo "$g_product is not running" >&2
status=2 status=2
@ -260,20 +295,25 @@ case "$COMMAND" in
;; ;;
restore) restore)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if checkkernelversion; then
detect_configuration detect_configuration
define_firewall define_firewall
status=$? status=$?
if [ -n "$SUBSYSLOCK" ]; then if [ -n "$SUBSYSLOCK" ]; then
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
fi fi
[ $status -eq 0 ] && progress_message3 "done."
fi
;; ;;
clear) clear)
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
progress_message3 "Clearing $g_product...." progress_message3 "Clearing $g_product...."
if checkkernelversion; then
clear_firewall clear_firewall
status=0 status=0
if [ $status -eq 0 ]; then if [ -n "$SUBSYSLOCK" ]; then
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK rm -f $SUBSYSLOCK
fi
progress_message3 "done." progress_message3 "done."
fi fi
;; ;;
@ -281,7 +321,7 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)" echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)"
echo echo
if shorewall_is_started; then if product_is_started; then
echo "$g_product is running" echo "$g_product is running"
status=0 status=0
else else
@ -292,7 +332,7 @@ case "$COMMAND" in
if [ -f ${VARDIR}/state ]; then if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)" state="$(cat ${VARDIR}/state)"
case $state in case $state in
Stopped*|lClear*) Stopped*|Clear*)
status=3 status=3
;; ;;
esac esac
@ -306,14 +346,14 @@ case "$COMMAND" in
[ $# -eq 1 ] && exit 0 [ $# -eq 1 ] && exit 0
shift shift
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
updown $@ updown $1
status=0; status=0
;; ;;
enable) enable)
[ $# -eq 1 ] && exit 0 [ $# -eq 1 ] && exit 0
shift shift
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if shorewall_is_started; then if product_is_started; then
detect_configuration detect_configuration
enable_provider $1 enable_provider $1
fi fi
@ -323,7 +363,7 @@ case "$COMMAND" in
[ $# -eq 1 ] && exit 0 [ $# -eq 1 ] && exit 0
shift shift
[ $# -ne 1 ] && usage 2 [ $# -ne 1 ] && usage 2
if shorewall_is_started; then if product_is_started; then
detect_configuration detect_configuration
disable_provider $1 disable_provider $1
fi fi

381
Shorewall/Perl/prog.footer6
View File

@ -1,381 +0,0 @@
###############################################################################
# Code imported from /usr/share/shorewall/prog.footer6
###############################################################################
#
# Give Usage Information
#
usage() {
echo "Usage: $0 [ options ] <command>"
echo
echo "<command> is one of:"
echo " start"
echo " stop"
echo " clear"
echo " disable <interface>"
echo " down <interface>"
echo " enable <interface>"
echo " reset"
echo " refresh"
echo " restart"
echo " status"
echo " up <interface>"
echo " version"
echo
echo "Options are:"
echo
echo " -v and -q Standard Shorewall verbosity controls"
echo " -n Don't unpdate routing configuration"
echo " -p Purge Conntrack Table"
echo " -t Timestamp progress Messages"
echo " -V <verbosity> Set verbosity explicitly"
echo " -R <file> Override RESTOREFILE setting"
exit $1
}
checkkernelversion() {
local kernel
kernel=$(uname -r 2> /dev/null | sed -e 's/-.*//')
case "$kernel" in
*.*.*)
kernel=$(printf "%d%02d%02d" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
;;
*)
kernel=$(printf "%d%02d00" $(echo $kernel | sed -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2/g'))
;;
esac
if [ $kernel -lt 20624 ]; then
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
return 1
else
return 0
fi
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
#
# Start trace if first arg is "debug" or "trace"
#
if [ $# -gt 1 ]; then
if [ "x$1" = "xtrace" ]; then
set -x
shift
elif [ "x$1" = "xdebug" ]; then
DEBUG=Yes
shift
fi
fi
#
# Map VERBOSE to VERBOSITY for compatibility with old Shorewall6-lite installations
#
[ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
#
# Map other old exported variables
#
g_purge=$PURGE
g_noroutes=$NOROUTES
g_timestamp=$TIMESTAMP
g_recovering=$RECOVERING
initialize
if [ -n "$STARTUP_LOG" ]; then
touch $STARTUP_LOG
chmod 0600 $STARTUP_LOG
if [ ${SHOREWALL_INIT_SCRIPT:-0} -eq 1 ]; then
#
# We're being run by a startup script that isn't redirecting STDOUT
# Redirect it to the log
#
exec 2>>$STARTUP_LOG
fi
fi
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
[ -z "$option" ] && usage 1
while [ -n "$option" ]; do
case $option in
v*)
[ $VERBOSITY -lt 2 ] && VERBOSITY=$(($VERBOSITY + 1 ))
option=${option#v}
;;
q*)
[ $VERBOSITY -gt -1 ] && VERBOSITY=$(($VERBOSITY - 1 ))
option=${option#q}
;;
n*)
g_noroutes=Yes
option=${option#n}
;;
t*)
g_timestamp=Yes
option=${option#t}
;;
p*)
g_purge=Yes
option=${option#p}
;;
r*)
g_recovering=Yes
option=${option#r}
;;
V*)
option=${option#V}
if [ -z "$option" -a $# -gt 0 ]; then
shift
option=$1
fi
if [ -n "$option" ]; then
case $option in
-1|0|1|2)
VERBOSITY=$option
option=
;;
*)
startup_error "Invalid -V option value ($option)"
;;
esac
else
startup_error "Missing -V option value"
fi
;;
R*)
option=${option#R}
if [ -z "$option" -a $# -gt 0 ]; then
shift
option=$1
fi
if [ -n "$option" ]; then
case $option in
*/*)
startup_error "-R must specify a simple file name: $option"
;;
.safe|.try|NONE)
;;
.*)
error_message "ERROR: Reserved File Name: $RESTOREFILE"
exit 2
;;
esac
else
startup_error "Missing -R option value"
fi
RESTOREFILE=$option
option=
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
COMMAND="$1"
case "$COMMAND" in
start)
[ $# -ne 1 ] && usage 2
if shorewall6_is_started; then
error_message "$g_product is already Running"
status=0
else
progress_message3 "Starting $g_product...."
if checkkernelversion; then
detect_configuration
define_firewall
status=$?
if [ $status -eq 0 ]; then
[ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
progress_message3 "done."
fi
fi
fi
;;
stop)
[ $# -ne 1 ] && usage 2
if checkkernelversion; then
progress_message3 "Stopping $g_product...."
detect_configuration
stop_firewall
status=0
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
progress_message3 "done."
fi
;;
reset)
if ! shorewall6_is_started ; then
error_message "$g_product is not running"
status=2
elif checkkernelversion; then
if [ $# -eq 1 ]; then
$IP6TABLES -Z
$IP6TABLES -t mangle -Z
date > ${VARDIR}/restarted
status=0
progress_message3 "$g_product Counters Reset"
else
shift
status=0
for chain in $@; do
if chain_exists $chain; then
if qt $IP6TABLES -Z $chain; then
progress_message3 "Filter $chain Counters Reset"
else
error_message "ERROR: Reset of chain $chain failed"
status=2
break
fi
else
error_message "WARNING: Filter Chain $chain does not exist"
fi
done
fi
fi
;;
restart)
[ $# -ne 1 ] && usage 2
if shorewall6_is_started; then
progress_message3 "Restarting $g_product...."
else
error_message "$g_product is not running"
progress_message3 "Starting $g_product...."
COMMAND=start
fi
if checkkernelversion; then
detect_configuration
define_firewall
status=$?
if [ -n "$SUBSYSLOCK" ]; then
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
fi
[ $status -eq 0 ] && progress_message3 "done."
fi
;;
refresh)
[ $# -ne 1 ] && usage 2
if shorewall6_is_started; then
progress_message3 "Refreshing $g_product...."
if checkkernelversion; then
detect_configuration
define_firewall
status=$?
[ $status -eq 0 ] && progress_message3 "done."
fi
else
echo "$g_product is not running" >&2
status=2
fi
;;
restore)
[ $# -ne 1 ] && usage 2
if checkkernelversion; then
detect_configuration
define_firewall
status=$?
if [ -n "$SUBSYSLOCK" ]; then
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
fi
[ $status -eq 0 ] && progress_message3 "done."
fi
;;
clear)
[ $# -ne 1 ] && usage 2
progress_message3 "Clearing $g_product...."
if checkkernelversion; then
clear_firewall
status=0
if [ -n "$SUBSYSLOCK" ]; then
rm -f $SUBSYSLOCK
fi
progress_message3 "done."
fi
;;
status)
[ $# -ne 1 ] && usage 2
echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)"
echo
if shorewall6_is_started; then
echo "$g_product is running"
status=0
else
echo "$g_product is stopped"
status=4
fi
if [ -f ${VARDIR}/state ]; then
state="$(cat ${VARDIR}/state)"
case $state in
Stopped*|Clear*)
status=3
;;
esac
else
state=Unknown
fi
echo "State:$state"
echo
;;
up|down)
[ $# -eq 1 ] && exit 0
shift
[ $# -ne 1 ] && usage 2
updown $1
status=0
;;
enable)
[ $# -eq 1 ] && exit 0
shift
[ $# -ne 1 ] && usage 2
if shorewall6_is_started; then
detect_configuration
enable_provider $1
fi
status=0
;;
disable)
[ $# -eq 1 ] && exit 0
shift
[ $# -ne 1 ] && usage 2
if shorewall6_is_started; then
detect_configuration
disable_provider $1
fi
status=0
;;
version)
[ $# -ne 1 ] && usage 2
echo $SHOREWALL_VERSION
status=0
;;
help)
[ $# -ne 1 ] && usage 2
usage 0
;;
*)
usage 2
;;
esac
exit $status