Reinstate IPv6 DropSmurfs

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Allow the Shorewall-init installer to create SBINDIR
2014-10-10 09:42:23 -07:00 · 2014-10-09 12:43:40 -07:00 · 2014-10-09 07:17:54 -07:00
24 changed files with 36 additions and 170 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -195,10 +195,6 @@ elif [ -n "${options[VARDIR]}" ]; then
    fi
 fi
 if [ -z "${options[SERVICEDIR]}" ]; then
    $options[SERVICEDIR]="${options[SYSTEMD]}"
 fi
 for on in \
    HOST \
    PREFIX \
@@ -213,7 +209,7 @@ for on in \
    INITFILE \
    AUXINITSOURCE \
    AUXINITFILE \
-    SERVICEDIR \
+    SYSTEMD \
    SERVICEFILE \
    SYSCONFFILE \
    SYSCONFDIR \
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -154,8 +154,6 @@ if ( $options{VARLIB} ) {
    $options{VARDIR} = '${VARLIB}/${PRODUCT}';
 }
 $options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
 for ( qw/ HOST
 	  PREFIX
 	  SHAREDIR
@@ -169,7 +167,7 @@ for ( qw/ HOST
 	  INITFILE
 	  AUXINITSOURCE
 	  AUXINITFILE
-	  SERVICEDIR
+	  SYSTEMD
          SERVICEFILE
 	  SYSCONFFILE
 	  SYSCONFDIR
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -329,13 +329,9 @@ if [ -n "${SYSCONFDIR}" ]; then
    chmod 755 ${DESTDIR}${SYSCONFDIR}
 fi
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "${SYSTEMD}" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
-fi
+    chmod 755 ${DESTDIR}${SYSTEMD}
 if [ -n "${SERVICEDIR}" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    chmod 755 ${DESTDIR}${SERVICEDIR}
 fi
 mkdir -p ${DESTDIR}${SBINDIR}
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -367,17 +367,6 @@ resolve_arptables() {
    esac
 }
 #
 # Try to run the 'savesets' command
 #
 savesets() {
    local supported
    supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
    [ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets
 }
 #
 # Save currently running configuration
 #
@@ -439,7 +428,7 @@ do_save() {
 	    ;;
    esac
-    if ! savesets;  then
+    if ! run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets; then
 	case ${SAVE_IPSETS:=No} in
 	    [Yy]es)
 		case ${IPSET:=ipset} in
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -14,7 +14,7 @@ INITDIR=                               #Unused on OS X
 INITFILE=                              #Unused on OS X
 INITSOURCE=                            #Unused on OS X
 ANNOTATED=                             #Unused on OS X
-SYSTEMDDIR=                            #Unused on OS X
+SYSTEMD=                               #Unused on OS X
 SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -15,7 +15,7 @@ INITFILE=                              #Name of the product's installed SysV ini
 INITSOURCE=                            #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                             #If non-zero, annotated configuration files are installed
 SYSCONFDIR=                            #Directory where SysV init parameter files are installed
-SYSTEMDDIR=/usr/lib/systemd/system     #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/usr/lib/systemd/system        #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                           #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                   #Unused on Cygwin
 INITFILE=                             #Unused on Cygwin
 INITSOURCE=                           #Unused on Cygwin
 ANNOTATED=                            #Unused on Cygwin
-SYSTEMDDIR=                           #Unused on Cygwin
+SYSTEMD=                              #Unused on Cygwin
 SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
--- a/Shorewall-core/shorewallrc.debian
+++ b/Shorewall-core/shorewallrc.debian
@@ -17,7 +17,7 @@ ANNOTATED=                              #If non-zero, annotated configuration fi
 SYSCONFFILE=default.debian              #Name of the distributed file to be installed in $SYSCONFDIR
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/default                 #Directory where SysV init parameter files are installed
-SYSTEMDDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                     #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.sh                      #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSTEMDDIR=                             #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                            #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                            #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                             #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -14,7 +14,7 @@ INITDIR=/etc/rc.d/init.d                #Directory where SysV init scripts are i
 INITFILE=$PRODUCT                       #Name of the product's installed SysV init script
 INITSOURCE=init.fedora.sh               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                              #If non-zero, annotated configuration files are installed
-SYSTEMDDIR=/lib/systemd/system          #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=/lib/systemd/system             #Directory where .service files are installed (systems running systemd only)
 SYSCONFFILE=sysconfig                   #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
 SERVICEFILE=                      	#Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter files are installed
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -15,7 +15,7 @@ AUXINITSOURCE=init.slackware.firewall.sh   #Name of the distributed file to be i
 AUXINITFILE=rc.firewall                    #Name of the product's installed SysV init script
 INITSOURCE=init.slackware.$PRODUCT.sh      #Name of the distributed file to be installed as a second SysV init script
 INITFILE=rc.$PRODUCT                       #Name of the product's installed second init script
-SYSTEMDDIR=                                #Name of the directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                   #Name of the directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                               #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=                               #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=                                #Name of the directory where SysV init parameter files are installed.
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -14,7 +14,7 @@ INITDIR=/etc/init.d                                   #Directory where SysV init
 INITFILE=$PRODUCT                                     #Name of the product's SysV init script
 INITSOURCE=init.suse.sh                               #Name of the distributed file to be installed as the SysV init script
 ANNOTATED=                                            #If non-zero, annotated configuration files are installed
-SYSTEMDDIR=                                           #Directory where .service files are installed (systems running systemd only)
+SYSTEMD=                                              #Directory where .service files are installed (systems running systemd only)
 SERVICEFILE=                      		      #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
 SYSCONFFILE=sysconfig                                 #Name of the distributed file to be installed in $SYSCONFDIR
 SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init parameter files are installed
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -330,16 +330,12 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
@@ -519,7 +515,7 @@ if [ -z "$DESTDIR" ]; then
 	    # not by the installer
 	    /bin/true
 	else
-	    if [ -n "$SERVICEDIR" ]; then
+	    if [ -n "$SYSTEMD" ]; then
 		if systemctl enable shorewall-init.service; then
 		    echo "Shorewall Init will start automatically at boot"
 		fi
--- a/Shorewall-init/shorewall-init.service.214
+++ b/Shorewall-init/shorewall-init.service.214
@@ -1,21 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (bootup security)
 Before=network-pre.target
 Wants=network-pre.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-init
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-init $OPTIONS start
 ExecStop=/sbin/shorewall-init $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -392,16 +392,12 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi
 #
 # Install the config file
@@ -543,7 +539,7 @@ if [ ${SHAREDIR} != /usr/share ]; then
 fi
 if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
+    if [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
--- a/Shorewall-lite/shorewall-lite.service.214
+++ b/Shorewall-lite/shorewall-lite.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall-lite $OPTIONS start
 ExecStop=/sbin/shorewall-lite $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall/Samples/Universal/interfaces
+++ b/Shorewall/Samples/Universal/interfaces
@@ -11,4 +11,4 @@
 ###############################################################################
 #ZONE	INTERFACE	OPTIONS
 -	lo		ignore
-net	all		dhcp,physical=+,routeback
+net	all		dhcp,physical=+,routeback,optional
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -425,16 +425,12 @@ fi
 #
 # Install the .service file
 #
-if [ -z "${SERVICEDIR}" ]; then
+if [ -n "$SYSTEMD" ]; then
-    SERVICEDIR="$SYSTEMD"
+    mkdir -p ${DESTDIR}${SYSTEMD}
 fi
 if [ -n "$SERVICEDIR" ]; then
    mkdir -p ${DESTDIR}${SERVICEDIR}
    [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
-    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
+    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
-    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
+    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
 fi
 #
@@ -1180,7 +1176,7 @@ if [ -n "$SYSCONFFILE" -a -f "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PR
 fi
 if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then
-    if [ -n "$SERVICEDIR" ]; then
+    if [ -n "$SYSTEMD" ]; then
 	if systemctl enable ${PRODUCT}.service; then
 	    echo "$Product will start automatically at boot"
 	fi
--- a/Shorewall/shorewall.service
+++ b/Shorewall/shorewall.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall
-After=network-online.target
+After=network.target
 Conflicts=iptables.service firewalld.service
 [Service]
--- a/Shorewall/shorewall.service.214
+++ b/Shorewall/shorewall.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv4 firewall
 After=network-online.target
 Conflicts=iptables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall
 StandardOutput=syslog
 ExecStart=/sbin/shorewall $OPTIONS start
 ExecStop=/sbin/shorewall $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall6-lite/shorewall6-lite.service
+++ b/Shorewall6-lite/shorewall6-lite.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall (lite)
-After=network-online.target
+After=network.target
 Conflicts=ip6tables.service firewalld.service
 [Service]
--- a/Shorewall6-lite/shorewall6-lite.service.214
+++ b/Shorewall6-lite/shorewall6-lite.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv6 firewall (lite)
 After=network-online.target
 Conflicts=ip6tables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall6-lite
 StandardOutput=syslog
 ExecStart=/sbin/shorewall6-lite $OPTIONS start
 ExecStop=/sbin/shorewall6-lite $OPTIONS stop
 [Install]
 WantedBy=basic.target
--- a/Shorewall6/shorewall6.service
+++ b/Shorewall6/shorewall6.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall
-After=network-online.target
+After=network.target
 Conflicts=ip6tables.service firewalld.service
 [Service]
--- a/Shorewall6/shorewall6.service.214
+++ b/Shorewall6/shorewall6.service.214
@@ -1,20 +0,0 @@
 #
 #     The Shoreline Firewall (Shorewall) Packet Filtering Firewall
 #
 #     Copyright 2011 Jonathan Underwood <jonathan.underwood@gmail.com>
 #
 [Unit]
 Description=Shorewall IPv6 firewall
 After=network-online.target
 Conflicts=ip6tables.service firewalld.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 EnvironmentFile=-/etc/sysconfig/shorewall6
 StandardOutput=syslog
 ExecStart=/sbin/shorewall6 $OPTIONS start
 ExecStop=/sbin/shorewall6 $OPTIONS stop
 [Install]
 WantedBy=basic.target
Author	SHA1	Message	Date
Tom Eastep	478e72451a	Reinstate IPv6 DropSmurfs Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-10 09:42:23 -07:00
Tom Eastep	54da615be0	Allow the Shorewall-init installer to create SBINDIR Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-09 12:43:40 -07:00
Tom Eastep	2d948246c3	Revert "Adjust the .service files" This reverts commit `77015ebb4d`. Conflicts: Shorewall-init/shorewall-init.service Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-09 07:17:54 -07:00