forked from extern/shorewall_code
Fix install.sh on Debian/Ubuntu
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3811 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
17c906092e
commit
ead63852f4
@ -15,6 +15,8 @@ Changes in 3.2.0 Beta 5
|
||||
|
||||
7) Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.
|
||||
|
||||
8) Clear SUBSYSLOCK on Debian/Ubuntu installs.
|
||||
|
||||
Changes in 3.2.0 Beta 4
|
||||
|
||||
1) Fix 'routeback' with bridge ports.
|
||||
|
@ -2733,7 +2733,7 @@ setup_nat() {
|
||||
add_ip_aliases=
|
||||
;;
|
||||
*)
|
||||
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $external dev $iface
|
||||
[ -n "$RETAIN_ALIASES" ] || save_command del_ip_addr $external $iface
|
||||
;;
|
||||
esac
|
||||
else
|
||||
@ -2793,7 +2793,7 @@ delete_nat() {
|
||||
|
||||
if [ -f /var/lib/shorewall/nat ]; then
|
||||
while read external interface; do
|
||||
qt ip addr del \$external dev \$interface
|
||||
ip_addr_del \$external \$interface
|
||||
done < /var/lib/shorewall/nat
|
||||
|
||||
rm -f {/var/lib/shorewall}/nat
|
||||
@ -6946,7 +6946,7 @@ __EOF__
|
||||
if [ -n "$address" ]; then
|
||||
for addr in $(ip_range_explicit ${address%:*}) ; do
|
||||
if ! list_search $addr $ALIASES_TO_ADD; then
|
||||
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
|
||||
[ -n "$RETAIN_ALIASES" ] || save_command ip_addr_del $addr $interface
|
||||
ALIASES_TO_ADD="$ALIASES_TO_ADD $addr $fullinterface"
|
||||
case $fullinterface in
|
||||
*:*)
|
||||
@ -8308,7 +8308,7 @@ stop_firewall() {
|
||||
|
||||
if [ -f /var/lib/shorewall/nat ]; then
|
||||
while read external interface; do
|
||||
qt ip addr del \$external dev \$interface
|
||||
ip_addr_del \$external dev \$interface
|
||||
done < /var/lib/shorewall/nat
|
||||
|
||||
rm -f /var/lib/shorewall/nat
|
||||
@ -8744,8 +8744,8 @@ __EOF__
|
||||
|
||||
local version=\$(cat /usr/share/shorewall/version)
|
||||
|
||||
if [ \${LIBVERSION:-0} -lt 30105 ]; then
|
||||
fatal_error "This script requires Shorewall version 3.1.5 or later; current version is \$version"
|
||||
if [ \${LIBVERSION:-0} -lt 30200 ]; then
|
||||
fatal_error "This script requires Shorewall version 3.2.0 or later; current version is \$version"
|
||||
fi
|
||||
|
||||
__EOF__
|
||||
|
@ -2,7 +2,7 @@
|
||||
#
|
||||
# Shorewall 3.2 -- /usr/share/shorewall/functions
|
||||
|
||||
LIBVERSION=30105
|
||||
LIBVERSION=30200
|
||||
|
||||
#
|
||||
# Message to stderr
|
||||
@ -1058,6 +1058,19 @@ find_first_interface_address() # $1 = interface
|
||||
echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//'
|
||||
}
|
||||
|
||||
find_first_interface_address_if_any() # $1 = interface
|
||||
{
|
||||
#
|
||||
# get the line of output containing the first IP address
|
||||
#
|
||||
addr=$(ip -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
|
||||
#
|
||||
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
|
||||
# along with everything else on the line
|
||||
#
|
||||
[ -n "$addr" ] && echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
|
||||
}
|
||||
|
||||
#
|
||||
# Find interface addresses--returns the set of addresses assigned to the passed
|
||||
# device
|
||||
@ -1253,6 +1266,15 @@ report_capabilities() {
|
||||
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# Delete IP address
|
||||
#
|
||||
del_ip_addr() # $1 = address, $2 = interface
|
||||
{
|
||||
[ $(find_first_interface_address_if_any $2) = $1 ] || qt ip addr del $1 dev $2
|
||||
}
|
||||
|
||||
# Add IP Aliases
|
||||
#
|
||||
add_ip_aliases() # $* = List of addresses
|
||||
|
@ -609,7 +609,7 @@ if [ -z "$PREFIX" -a -n "$first_install" ]; then
|
||||
echo "shorewall will start automatically at boot"
|
||||
echo "Set startup=1 in /etc/default/shorewall to enable"
|
||||
touch /var/log/shorewall-init.log
|
||||
qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/' /etc/shorewall/shorewall.conf
|
||||
qt mywhich perl && perl -p -w -i -e 's/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;' /etc/shorewall/shorewall.conf
|
||||
else
|
||||
if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
|
||||
if insserv /etc/init.d/shorewall ; then
|
||||
|
@ -55,6 +55,10 @@ Problems Corrected in 3.2.0 Beta 5
|
||||
try to mark packets in either of them using entries in
|
||||
/etc/shorewall/tcrules, [re]start will fail.
|
||||
|
||||
6) When install.sh is used to install on a Debian or Ubuntu system, the
|
||||
SUBSYSLOCK option in shorewall.conf was not being cleared.
|
||||
It will now be cleared, provided that Perl is installed on the system.
|
||||
|
||||
Other changes in 3.2.0 Beta 5
|
||||
|
||||
1) The "shorewall refresh" command no longer refreshes traffic shaping.
|
||||
|
Loading…
Reference in New Issue
Block a user