Remove debugging code from Shorewall-init installer

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Load xt_LOG in both helpers files
2014-10-19 08:16:02 -07:00 · 2014-10-19 07:44:01 -07:00 · 2014-10-18 08:01:51 -07:00 · 2014-10-17 08:05:47 -07:00 · 2014-10-16 07:45:20 -07:00 · 2014-10-16 07:44:09 -07:00
11 changed files with 31 additions and 14 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -367,6 +367,17 @@ resolve_arptables() {
    esac
 }

+#
+# Try to run the 'savesets' command
+#
+savesets() {
+    local supported
+
+    supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
+
+    [ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets
+}
+
 #
 # Save currently running configuration
 #
@@ -428,7 +439,7 @@ do_save() {
 	    ;;
    esac

-    if ! run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets; then
+    if ! savesets;  then
 	case ${SAVE_IPSETS:=No} in
 	    [Yy]es)
 		case ${IPSET:=ipset} in
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -336,7 +336,7 @@ if [ -n "$SYSTEMD" ]; then
    run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SYSTEMD}/$PRODUCT.service
    [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SYSTEMD}/$PRODUCT.service
    echo "Service file $SERVICEFILE installed as ${DESTDIR}${SYSTEMD}/$PRODUCT.service"
-    if [ -n "$DESTDIR" ]; then
+    if [ -n "$DESTDIR" -o $configure -eq 0 ]; then
 	mkdir -p ${DESTDIR}${SBINDIR}
        chmod 755 ${DESTDIR}${SBINDIR}
    fi
@@ -368,8 +368,6 @@ chmod 644 ${DESTDIR}${SHAREDIR}/shorewall-init/version
 #
 # Remove and create the symbolic link to the init script
 #
-echo CONFDIR is $CONFDIR
-
 if [ -z "$DESTDIR" ]; then
    rm -f ${SHAREDIR}/shorewall-init/init
    ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/shorewall-init/init
--- a/Shorewall-init/shorewall-init.service
+++ b/Shorewall-init/shorewall-init.service
@@ -5,8 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall (bootup security)
-Before=network-pre.target
-Wants=network-pre.target
+Before=network.target
 Conflicts=iptables.service firewalld.service

 [Service]
--- a/Shorewall-lite/shorewall-lite.service
+++ b/Shorewall-lite/shorewall-lite.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall (lite)
-After=network-online.target
+After=network.target
 Conflicts=iptables.service firewalld.service

 [Service]
--- a/Shorewall/Samples/Universal/interfaces
+++ b/Shorewall/Samples/Universal/interfaces
@@ -11,4 +11,4 @@
 ###############################################################################
 #ZONE	INTERFACE	OPTIONS
 -	lo		ignore
-net	all		dhcp,physical=+,routeback,optional
+net	all		dhcp,physical=+,routeback
--- a/Shorewall/helpers
+++ b/Shorewall/helpers
@@ -58,8 +58,12 @@ loadmodule nf_nat_sip
 loadmodule nf_nat_snmp_basic
 loadmodule nf_nat_tftp
 #
-# While not actually helpers, these are handy to have
+# While not actually helpers, these are handy to have. Not
+# all of these will be found on any given system, since
+# some are aliases on later kernels.
 #
+loadmodule ipt_LOG
+loadmodule xt_LOG
 loadmodule xt_NFLOG
-loadmodule xt_ULOG
+loadmodule ipt_ULOG
 loadmodule nfnetlink_log
--- a/Shorewall/shorewall.service
+++ b/Shorewall/shorewall.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv4 firewall
-After=network-online.target
+After=network.target
 Conflicts=iptables.service firewalld.service

 [Service]
--- a/Shorewall6-lite/shorewall6-lite.service
+++ b/Shorewall6-lite/shorewall6-lite.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall (lite)
-After=network-online.target
+After=network.target
 Conflicts=ip6tables.service firewalld.service

 [Service]
--- a/Shorewall6/actions.std
+++ b/Shorewall6/actions.std
@@ -25,6 +25,7 @@ AutoBLL      noinline           # Helper for AutoBL
 Broadcast    noinline      	# Handles Broadcast/Multicast/Anycast
 Drop		        	# Default Action for DROP policy
 dropInvalid  inline		# Drops packets in the INVALID conntrack state
+DropSmurfs   noinline     	# Handles packets with a broadcast source address
 Established  inline		# Handles packets in the ESTABLISHED state
 IfEvent      noinline           # Perform an action based on an event
 Invalid	     inline		# Handles packets in the INVALID conntrack state
--- a/Shorewall6/helpers
+++ b/Shorewall6/helpers
@@ -35,7 +35,11 @@ loadmodule nf_conntrack_sip
 loadmodule nf_conntrack_tftp
 loadmodule nf_conntrack_sane
 #
-# While not actually helpers, these are handy to have
+# While not actually helpers, these are handy to have. Not
+# all of these will be found on any given system, since
+# some are aliases on later kernels.
 #
+loadmodule ip6t_LOG
+loadmodule xt_LOG
 loadmodule xt_NFLOG
 loadmodule nfnetlink_log
--- a/Shorewall6/shorewall6.service
+++ b/Shorewall6/shorewall6.service
@@ -5,7 +5,7 @@
 #
 [Unit]
 Description=Shorewall IPv6 firewall
-After=network-online.target
+After=network.target
 Conflicts=ip6tables.service firewalld.service

 [Service]
Author	SHA1	Message	Date
Tom Eastep	8e761c2111	Remove debugging code from Shorewall-init installer Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-19 08:16:02 -07:00
Tom Eastep	cc44880467	Load xt_LOG in both helpers files Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-19 07:44:01 -07:00
Tom Eastep	b5b0785440	Correct IPv4 Helpers file - Change xt_ULOG to ipt_ULOG Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-18 08:01:51 -07:00
Tom Eastep	299fd15984	Correct Shorewall6 helpers file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-17 08:05:47 -07:00
Tom Eastep	a67debafb3	Revert "Correct last patch" This reverts commit `b528625329`.	2014-10-16 07:45:20 -07:00
Tom Eastep	b528625329	Correct last patch Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-16 07:44:09 -07:00
Tom Eastep	49d1c64c00	ipt_LOG in helpers file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-15 18:06:15 -07:00
Tom Eastep	f4e36a9ecf	Remove 'optional' from the Universal interfaces file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-11 07:34:44 -07:00
Tom Eastep	74c4980c91	Merge branch '4.6.4' of ssh://git.code.sf.net/p/shorewall/code into 4.6.4	2014-10-10 16:00:34 -07:00
Tom Eastep	56afdb6419	Avoid confusing output when 4.6.4 CLI executes a 'save' - If a down-rev firewall is running, the savesets command produces confusing usage output Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-10 15:57:48 -07:00
Tom Eastep	478e72451a	Reinstate IPv6 DropSmurfs Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-10 09:42:23 -07:00
Tom Eastep	54da615be0	Allow the Shorewall-init installer to create SBINDIR Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-09 12:43:40 -07:00
Tom Eastep	2d948246c3	Revert "Adjust the .service files" This reverts commit `77015ebb4d`. Conflicts: Shorewall-init/shorewall-init.service Signed-off-by: Tom Eastep <teastep@shorewall.net>	2014-10-09 07:17:54 -07:00