Compare commits

..

16 Commits

Author SHA1 Message Date
Tom Eastep
4e19c193a1 Document chain name length restriction fix 2011-01-31 07:15:26 -08:00
Tom Eastep
5fc72fc727 Ensure that accounting and manual chains aren't too long 2011-01-31 07:06:46 -08:00
Tom Eastep
cdf78dfecf Document module loading defect corrections 2011-01-29 12:56:03 -08:00
Tom Eastep
edf614bf4b Fix a couple of defects in module loading 2011-01-29 12:51:06 -08:00
Tom Eastep
1a3794e7b0 Fix typo in the known problems
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-29 09:20:17 -08:00
Tom Eastep
cfcc59c731 Document fix for IPv6 parsing error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-29 09:17:05 -08:00
Tom Eastep
0de4208fef Fix silly bug in expand_rule() 2011-01-29 09:04:29 -08:00
Tom Eastep
3b6e7c3698 Update Shorewall-4 with info about shorewall-init 2011-01-22 07:30:58 -08:00
Tom Eastep
9ffab23f9a Add sch_prio to modules file 2011-01-21 16:28:03 -08:00
Tom Eastep
2f938a5647 Fix typo in release notes 2011-01-20 08:15:39 -08:00
Tom Eastep
7a522dd213 Document fix for empty shell variables 2011-01-20 07:35:08 -08:00
Tom Eastep
c10ea7befd Fix empty variable handling when /bin/sh is bash 2011-01-20 07:27:14 -08:00
Tom Eastep
295799d4d1 Correct 'shorewall-common' references in the quickstart guides 2011-01-18 09:33:20 -08:00
Tom Eastep
dd83a0e726 Prepare for 4.4.16.1 if/when needed 2011-01-14 08:50:57 -08:00
Tom Eastep
ce599945c7 Correct typo in the FAQ 2011-01-11 14:47:38 -08:00
Tom Eastep
7302b785fd Correct release documents 2011-01-08 08:12:28 -08:00
846 changed files with 62293 additions and 92476 deletions

1
.gitattributes vendored
View File

@ -1 +0,0 @@
*targetname export-ignore

View File

@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be author's reputation will not be affected by problems that might be
introduced by others. introduced by others.
Finally, software patents pose a constant threat to the existence of Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a effectively restrict the users of a free program by obtaining a
@ -111,7 +111,7 @@ modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The "work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must former contains code derived from the library, whereas the latter must
be combined with the library in order to run. be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does. and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's 1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an you conspicuously and appropriately publish on each copy an
@ -158,7 +158,7 @@ Library.
You may charge a fee for the physical act of transferring a copy, You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a and you may at your option offer warranty protection in exchange for a
fee. fee.
2. You may modify your copy or copies of the Library or any portion 2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1 distribute such modifications or work under the terms of Section 1
@ -216,7 +216,7 @@ instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in that version instead if you wish.) Do not make any other change in
these notices. these notices.
Once this change is made in a given copy, it is irreversible for Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy. subsequent copies and derivative works made from that copy.
@ -267,7 +267,7 @@ Library will still fall under Section 6.)
distribute the object code for the work under the terms of Section 6. distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6, Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself. whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or 6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work work containing portions of the Library, and distribute that work
@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you use both them and the Library together in an executable that you
distribute. distribute.
7. You may place library facilities that are a work based on the 7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined facilities not covered by this License, and distribute such a combined
@ -370,7 +370,7 @@ subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein. restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with You are not responsible for enforcing compliance by third parties with
this License. this License.
11. If, as a consequence of a court judgment or allegation of patent 11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or conditions are imposed on you (whether by court order, agreement or
@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by license version number, you may choose any version ever published by
the Free Software Foundation. the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free 14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these, programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is write to the author to ask for permission. For software which is
@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. DAMAGES.
END OF TERMS AND CONDITIONS END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest If you develop a new library, and you want it to be of the greatest

View File

@ -1,9 +1,9 @@
For instructions on using these sample configurations, please see For instructions on using these sample configurations, please see
https://shorewall.org/three-interface.htm http://www.shorewall.net/shorewall_quickstart_guide.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006-2015 by the following authors: Copyright (C) 2006 by the following authors:
Thomas M. Eastep Thomas M. Eastep
Paul D. Gear Paul D. Gear
Cristian Rodriguez Cristian Rodriguez

View File

@ -4,11 +4,9 @@
# For information about entries in this file, type "man shorewall-interfaces" # For information about entries in this file, type "man shorewall-interfaces"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-interfaces.html # http://www.shorewall.net/manpages/shorewall-interfaces.html
# #
############################################################################### ###############################################################################
?FORMAT 2 #ZONE INTERFACE BROADCAST OPTIONS
############################################################################### - lo - ignore
#ZONE INTERFACE OPTIONS net all - dhcp,physical=+,routeback,optional
- lo ignore
net all dhcp,physical=+,routeback

View File

@ -4,9 +4,10 @@
# For information about entries in this file, type "man shorewall-policy" # For information about entries in this file, type "man shorewall-policy"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-policy.html # http://www.shorewall.net/manpages/shorewall-policy.html
# #
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$FW net ACCEPT $FW net ACCEPT
net all DROP $LOG_LEVEL net all DROP

View File

@ -4,18 +4,14 @@
# For information on the settings in this file, type "man shorewall-rules" # For information on the settings in this file, type "man shorewall-rules"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-rules.html # http://www.shorewall.net/manpages/shorewall-rules.html
# #
###################################################################################################################################################################################################### ####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL #SECTION ESTABLISHED
?SECTION ESTABLISHED #SECTION RELATED
?SECTION RELATED SECTION NEW
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
Invalid(DROP) net $FW tcp
SSH(ACCEPT) net $FW SSH(ACCEPT) net $FW
Ping(ACCEPT) net $FW Ping(ACCEPT) net $FW

View File

@ -1,10 +1,10 @@
############################################################################### ###############################################################################
# #
# Shorewall Version 5 -- /etc/shorewall/shorewall.conf # Shorewall Version 4 -- /etc/shorewall/shorewall.conf
# #
# For information about the settings in this file, type "man shorewall.conf" # For information about the settings in this file, type "man shorewall.conf"
# #
# Manpage also online at https://shorewall.org/manpages/shorewall.conf.html # Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
############################################################################### ###############################################################################
@ -18,250 +18,181 @@ STARTUP_ENABLED=Yes
VERBOSITY=1 VERBOSITY=1
############################################################################### ###############################################################################
# P A G E R # L O G G I N G
############################################################################### ###############################################################################
PAGER= LOGFILE=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" LOG_VERBOSITY=2
UNTRACKED_LOG_LEVEL= LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=Yes
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES= IPTABLES=
IP= IP=
TC=
IPSET= IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=On
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=Yes
DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=Yes
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal TC_ENABLED=Internal
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
DISABLE_IPV6=No
DYNAMIC_ZONES=No
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=Yes
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
USE_ACTIONS=Yes
OPTIMIZE=15
EXPORTPARAMS=Yes
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=No
DELETE_THEN_ADD=Yes
MULTICAST=No
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
USE_DEFAULT_RT=No
RESTORE_DEFAULT_ROUTE=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No DYNAMIC_BLACKLIST=Yes
USE_PHYSICAL_NAMES=No OPTIMIZE_ACCOUNTING=No
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=Yes
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=Yes
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -269,32 +200,8 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -4,7 +4,7 @@
# For information about this file, type "man shorewall-zones" # For information about this file, type "man shorewall-zones"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-zones.html # http://www.shorewall.net/manpages/shorewall-zones.html
# #
############################################################################### ###############################################################################
#ZONE TYPE OPTIONS IN OUT #ZONE TYPE OPTIONS IN OUT

View File

@ -1,9 +1,9 @@
For instructions on using this sample configuration, please see For instructions on using this sample configuration, please see
https://shorewall.org/standalone.htm http://www.shorewall.net/standalone.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006-2015 by the following authors: Copyright (C) 2006 by the following authors:
Thomas M. Eastep Thomas M. Eastep
Paul D. Gear Paul D. Gear
Cristian Rodriguez Cristian Rodriguez

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Stoppedrules File for two-interface configuration. # Shorewall version 4.0 - Sample Interfaces File for one-interface configuration.
# Copyright (C) 2012-2017 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -9,9 +9,7 @@
# #
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-stoppedrules" # For information about entries in this file, type "man shorewall-interfaces"
############################################################################### ###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE #ZONE INTERFACE BROADCAST OPTIONS
# PORT(S) PORT(S) net eth0 detect dhcp,tcpflags,logmartians,nosmurfs
ACCEPT LOC_IF -
ACCEPT - LOC_IF

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Policy File for one-interface configuration. # Shorewall version 4.0 - Sample Policy File for one-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,8 +11,8 @@
#----------------------------------------------------------------------------- #-----------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-policy" # For information about entries in this file, type "man shorewall-policy"
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT $FW net ACCEPT
net all DROP $LOG_LEVEL net all DROP info
# The FOLLOWING POLICY MUST BE LAST # The FOLLOWING POLICY MUST BE LAST
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Rules File for one-interface configuration. # Shorewall version 4.0 - Sample Rules File for one-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-rules" # For information on entries in this file, type "man shorewall-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Drop packets in the INVALID state
Invalid(DROP) net $FW tcp
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

View File

@ -1,8 +1,8 @@
############################################################################### ###############################################################################
# #
# Shorewall - Sample shorewall.conf for one-interface # Shorewall version 4.0 - Sample shorewall.conf for one-interface
# configuration. # configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -13,8 +13,8 @@
# #
# For information about the settings in this file, type "man shorewall.conf" # For information about the settings in this file, type "man shorewall.conf"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall.conf.html # http://shorewall.net/manpages/shorewall.conf.html
# #
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
@ -29,250 +29,181 @@ STARTUP_ENABLED=No
VERBOSITY=1 VERBOSITY=1
############################################################################### ###############################################################################
# P A G E R # L O G G I N G
############################################################################### ###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL=info
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages LOGFILE=/var/log/messages
LOGFORMAT="%s %s " STARTUP_LOG=/var/log/shorewall-init.log
LOG_VERBOSITY=2
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No LOGTAGONLY=No
LOGLIMIT="s:1/sec:10" LOGLIMIT=
MACLIST_LOG_LEVEL="$LOG_LEVEL" LOGALLNEW=
RELATED_LOG_LEVEL= BLACKLIST_LOGLEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL" MACLIST_LOG_LEVEL=info
SFILTER_LOG_LEVEL="$LOG_LEVEL" TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL="$LOG_LEVEL" SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log LOG_MARTIANS=Yes
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES= IPTABLES=
IP= IP=
TC=
IPSET= IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=Off
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Off
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal TC_ENABLED=Internal
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
DISABLE_IPV6=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=No
DELETE_THEN_ADD=Yes
MULTICAST=No
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
USE_DEFAULT_RT=No
RESTORE_DEFAULT_ROUTE=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No DYNAMIC_BLACKLIST=Yes
USE_PHYSICAL_NAMES=No OPTIMIZE_ACCOUNTING=No
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=No
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=No
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -280,32 +211,8 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Zones File for one-interface configuration. # Shorewall version 4.0 - Sample Zones File for one-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public

View File

@ -1,6 +1,6 @@
For instructions on using these sample configurations, please see For instructions on using these sample configurations, please see
https://shorewall.org/shorewall_quickstart_guide.htm http://www.shorewall.net/three-interface.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006 by the following authors: Copyright (C) 2006 by the following authors:

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Interfaces File for two-interface configuration. # Shorewall version 4.0 - Sample Interfaces File for three-interface configuration.
# Copyright (C) 2006-2017 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,8 +11,7 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-interfaces" # For information about entries in this file, type "man shorewall-interfaces"
############################################################################### ###############################################################################
?FORMAT 2 #ZONE INTERFACE BROADCAST OPTIONS
############################################################################### net eth0 detect tcpflags,dhcp,nosmurfs,routefilter,logmartians
#ZONE INTERFACE OPTIONS loc eth1 detect tcpflags,nosmurfs,routefilter,logmartians
net NET_IF dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0 dmz eth2 detect tcpflags,nosmurfs,routefilter,logmartians
loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1

View File

@ -0,0 +1,18 @@
#
# Shorewall version 3.4 - Sample Masq file for three-interface configuration.
# Copyright (C) 2006,2007 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-masq"
##############################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Policy File for three-interface configuration. # Shorewall version 3.4 - Sample Policy File for three-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,9 +11,9 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-policy" # For information about entries in this file, type "man shorewall-policy"
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT loc net ACCEPT
net all DROP $LOG_LEVEL net all DROP info
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -0,0 +1,16 @@
#
# Shorewall version 4.0 - Sample Routestopped File for three-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-routestopped"
##############################################################################
#INTERFACE HOST(S)
eth1 -
eth2 -

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Rules File for three-interface configuration. # Shorewall version 4.0 - Sample Rules File for three-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2007 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules" # For information about entries in this file, type "man shorewall-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #

View File

@ -1,8 +1,8 @@
############################################################################### ###############################################################################
# #
# Shorewall - Sample shorewall.conf for two-interface # Shorewall version 4.0 - Sample shorewall.conf for three-interface
# configuration. # configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -13,8 +13,8 @@
# #
# For information about the settings in this file, type "man shorewall.conf" # For information about the settings in this file, type "man shorewall.conf"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall.conf.html # http://shorewall.net/manpages/shorewall.conf.html
# #
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
@ -29,250 +29,181 @@ STARTUP_ENABLED=No
VERBOSITY=1 VERBOSITY=1
############################################################################### ###############################################################################
# P A G E R # L O G G I N G
############################################################################### ###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages LOGFILE=/var/log/messages
LOGFORMAT="%s %s " STARTUP_LOG=/var/log/shorewall-init.log
LOG_VERBOSITY=2
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No LOGTAGONLY=No
LOGLIMIT="s:1/sec:10" LOGLIMIT=
MACLIST_LOG_LEVEL="$LOG_LEVEL" LOGALLNEW=
RELATED_LOG_LEVEL= BLACKLIST_LOGLEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL" MACLIST_LOG_LEVEL=info
SFILTER_LOG_LEVEL="$LOG_LEVEL" TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL="$LOG_LEVEL" SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log LOG_MARTIANS=Yes
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES= IPTABLES=
IP= IP=
TC=
IPSET= IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=On
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=Yes
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal TC_ENABLED=Internal
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=Yes
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
DISABLE_IPV6=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=No
DELETE_THEN_ADD=Yes
MULTICAST=No
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
USE_DEFAULT_RT=No
RESTORE_DEFAULT_ROUTE=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No DYNAMIC_BLACKLIST=Yes
USE_PHYSICAL_NAMES=No OPTIMIZE_ACCOUNTING=No
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=No
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=No
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -280,32 +211,8 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Zones File for three-interface configuration. # Shorewall version 4.0 - Sample Zones File for three-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public

View File

@ -1,6 +1,6 @@
For instructions on using these sample configurations, please see For instructions on using these sample configurations, please see
https://shorewall.org/shorewall_quickstart_guide.htm http://www.shorewall.net/two-interface.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006 by the following authors: Copyright (C) 2006 by the following authors:

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Interfaces File for one-interface configuration. # Shorewall version 4.0 - Sample Interfaces File for two-interface configuration.
# Copyright (C) 2006-2017 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,7 +11,6 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-interfaces" # For information about entries in this file, type "man shorewall-interfaces"
############################################################################### ###############################################################################
?FORMAT 2 #ZONE INTERFACE BROADCAST OPTIONS
############################################################################### net eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians
#ZONE INTERFACE OPTIONS loc eth1 detect tcpflags,nosmurfs,routefilter,logmartians
net NET_IF dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0,physical=eth0

View File

@ -0,0 +1,18 @@
#
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-masq"
###############################################################################
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Policy File for two-interface configuration. # Shorewall version 4.0 - Sample Policy File for two-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,10 +11,10 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-policy" # For information about entries in this file, type "man shorewall-policy"
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT loc net ACCEPT
net all DROP $LOG_LEVEL net all DROP info
# THE FOLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -0,0 +1,15 @@
#
# Shorewall version 4.0 - Sample Routestopped File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-routestopped"
##############################################################################
#INTERFACE HOST(S) OPTIONS
eth1 -

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Rules File for two-interface configuration. # Shorewall version 4.0 - Sample Rules File for two-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2007 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-rules" # For information about entries in this file, type "man shorewall-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #

View File

@ -1,8 +1,8 @@
############################################################################### ###############################################################################
# #
# Shorewall - Sample shorewall.conf for three-interface # Shorewall version 4.0 - Sample shorewall.conf for two-interface
# configuration. # configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2007 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -13,10 +13,13 @@
# #
# For information about the settings in this file, type "man shorewall.conf" # For information about the settings in this file, type "man shorewall.conf"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall.conf.html # http://shorewall.net/manpages/shorewall.conf.html
# #
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=No STARTUP_ENABLED=No
############################################################################### ###############################################################################
@ -26,250 +29,188 @@ STARTUP_ENABLED=No
VERBOSITY=1 VERBOSITY=1
############################################################################### ###############################################################################
# P A G E R # C O M P I L E R
# (setting this to 'perl' requires installation of Shorewall-perl)
############################################################################### ###############################################################################
PAGER= SHOREWALL_COMPILER=
############################################################################### ###############################################################################
# F I R E W A L L # L O G G I N G
############################################################################### ###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages LOGFILE=/var/log/messages
LOGFORMAT="%s %s " STARTUP_LOG=/var/log/shorewall-init.log
LOG_VERBOSITY=2
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No LOGTAGONLY=No
LOGLIMIT="s:1/sec:10" LOGLIMIT=
MACLIST_LOG_LEVEL="$LOG_LEVEL" LOGALLNEW=
RELATED_LOG_LEVEL= BLACKLIST_LOGLEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL" MACLIST_LOG_LEVEL=info
SFILTER_LOG_LEVEL="$LOG_LEVEL" TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL="$LOG_LEVEL" SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log LOG_MARTIANS=Yes
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES= IPTABLES=
IP= IP=
TC=
IPSET= IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=On
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=Yes
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal TC_ENABLED=Internal
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=Yes
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
DISABLE_IPV6=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
NULL_ROUTE_RFC1918=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSETS=No
MAPOLDACTIONS=No
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=No
DELETE_THEN_ADD=Yes
MULTICAST=No
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
USE_DEFAULT_RT=No
RESTORE_DEFAULT_ROUTE=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No DYNAMIC_BLACKLIST=Yes
USE_PHYSICAL_NAMES=No OPTIMIZE_ACCOUNTING=No
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=No
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=No
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -277,32 +218,8 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -1,6 +1,6 @@
# #
# Shorewall - Sample Zones File for two-interface configuration. # Shorewall version 4.0 - Sample Zones File for two-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public

View File

@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be author's reputation will not be affected by problems that might be
introduced by others. introduced by others.
Finally, software patents pose a constant threat to the existence of Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a effectively restrict the users of a free program by obtaining a
@ -111,7 +111,7 @@ modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The "work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must former contains code derived from the library, whereas the latter must
be combined with the library in order to run. be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does. and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's 1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an you conspicuously and appropriately publish on each copy an
@ -158,7 +158,7 @@ Library.
You may charge a fee for the physical act of transferring a copy, You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a and you may at your option offer warranty protection in exchange for a
fee. fee.
2. You may modify your copy or copies of the Library or any portion 2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1 distribute such modifications or work under the terms of Section 1
@ -216,7 +216,7 @@ instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in that version instead if you wish.) Do not make any other change in
these notices. these notices.
Once this change is made in a given copy, it is irreversible for Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy. subsequent copies and derivative works made from that copy.
@ -267,7 +267,7 @@ Library will still fall under Section 6.)
distribute the object code for the work under the terms of Section 6. distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6, Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself. whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or 6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work work containing portions of the Library, and distribute that work
@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you use both them and the Library together in an executable that you
distribute. distribute.
7. You may place library facilities that are a work based on the 7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined facilities not covered by this License, and distribute such a combined
@ -370,7 +370,7 @@ subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein. restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with You are not responsible for enforcing compliance by third parties with
this License. this License.
11. If, as a consequence of a court judgment or allegation of patent 11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues), infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or conditions are imposed on you (whether by court order, agreement or
@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by license version number, you may choose any version ever published by
the Free Software Foundation. the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free 14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these, programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is write to the author to ask for permission. For software which is
@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. DAMAGES.
END OF TERMS AND CONDITIONS END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest If you develop a new library, and you want it to be of the greatest

30
Samples6/README.txt Normal file
View File

@ -0,0 +1,30 @@
For instructions on using these sample configurations, please see
http://www.shorewall.net/shorewall_quickstart_guide.htm
Shorewall Samples
Copyright (C) 2006 by the following authors:
Thomas M. Eastep
Paul D. Gear
Cristian Rodriguez
Francesca Smith
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA
Sample files are licensed under the LGPL, please see the LICENSE file or
http://www.gnu.org/licenses/lgpl.html for more details.

View File

@ -4,12 +4,10 @@
# For information about entries in this file, type "man shorewall-interfaces" # For information about entries in this file, type "man shorewall-interfaces"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-interfaces.html # http://www.shorewall.net/manpages/shorewall-interfaces.html
# #
############################################################################### ###############################################################################
?FORMAT 2 #ZONE INTERFACE BROADCAST OPTIONS
############################################################################### - lo - ignore
#ZONE INTERFACE OPTIONS net all - dhcp,physical=+,routeback
- lo ignore
net all dhcp,physical=+,routeback

View File

@ -4,10 +4,11 @@
# For information about entries in this file, type "man shorewall-policy" # For information about entries in this file, type "man shorewall-policy"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-policy.html # http://www.shorewall.net/manpages/shorewall-policy.html
# #
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
fw net ACCEPT fw net ACCEPT
net all DROP $LOG_LEVEL net all DROP

View File

@ -4,17 +4,14 @@
# For information on the settings in this file, type "man shorewall-rules" # For information on the settings in this file, type "man shorewall-rules"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-rules.html # http://www.shorewall.net/manpages/shorewall-rules.html
# #
###################################################################################################################################################################################################### ####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL #SECTION ESTABLISHED
?SECTION ESTABLISHED #SECTION RELATED
?SECTION RELATED SECTION NEW
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
Invalid(DROP) net $FW tcp
SSH(ACCEPT) net $FW SSH(ACCEPT) net $FW
Ping(ACCEPT) net $FW Ping(ACCEPT) net $FW

View File

@ -1,11 +1,11 @@
############################################################################### ###############################################################################
# #
# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf # Shorewall Version 4 -- /etc/shorewall6/shorewall6.conf
# #
# For information about the settings in this file, type "man shorewall6.conf" # For information about the settings in this file, type "man shorewall6.conf"
# #
# Manpage also online at # Manpage also online at
# https://shorewall.org/manpages/shorewall.conf.html # http://www.shorewall.net/manpages6/shorewall6.conf.html
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
############################################################################### ###############################################################################
@ -18,225 +18,144 @@ STARTUP_ENABLED=Yes
VERBOSITY=1 VERBOSITY=1
###############################################################################
# P A G E R
###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE= LOGFILE=
LOGFORMAT="%s %s "
LOGLIMIT="s:1/sec:10"
LOGTAGONLY=No
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall6-init.log STARTUP_LOG=/var/log/shorewall6-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" LOG_VERBOSITY=2
UNTRACKED_LOG_LEVEL= LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IP6TABLES= IP6TABLES=
IP= IP=
TC=
IPSET= IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/usr/share/shorewall6:/usr/share/shorewall
RESTOREFILE=
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=Off
ACCOUNTING_TABLE=filter TC_ENABLED=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=No
COMPLETE=Yes
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=Yes
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MUTEX_TIMEOUT=60
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
SAVE_IPSETS=No
TC_ENABLED=Shared
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
FASTACCEPT=Yes
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=15
EXPORTPARAMS=Yes
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No OPTIMIZE_ACCOUNTING=No
USE_PHYSICAL_NAMES=No DYNAMIC_BLACKLIST=Yes
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=Yes
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=Yes
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -244,32 +163,6 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -4,7 +4,7 @@
# For information about this file, type "man shorewall-zones" # For information about this file, type "man shorewall-zones"
# #
# The manpage is also online at # The manpage is also online at
# https://shorewall.org/manpages/shorewall-zones.html # http://www.shorewall.net/manpages/shorewall-zones.html
# #
############################################################################### ###############################################################################
#ZONE TYPE OPTIONS IN OUT #ZONE TYPE OPTIONS IN OUT

View File

@ -1,9 +1,9 @@
For instructions on using this sample configuration, please see For instructions on using this sample configuration, please see
https://shorewall.org/standalone.htm http://www.shorewall.net/standalone.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006-2015 by the following authors: Copyright (C) 2006 by the following authors:
Thomas M. Eastep Thomas M. Eastep
Paul D. Gear Paul D. Gear
Cristian Rodriguez Cristian Rodriguez

View File

@ -0,0 +1,15 @@
#
# Shorewall6 version 4 - Sample Interfaces File for one-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-interfaces"
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5 - Sample Policy File for one-interface configuration. # Shorewall6 version 4 - Sample Policy File for one-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,9 +11,10 @@
#----------------------------------------------------------------------------- #-----------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-policy" # For information about entries in this file, type "man shorewall6-policy"
# #
############################################################################## ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT $FW net ACCEPT
net all DROP $LOG_LEVEL net $FW DROP info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST # The FOLLOWING POLICY MUST BE LAST
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5 - Sample Rules File for one-interface configuration. # Shorewall6 version 4 - Sample Rules File for one-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall6-rules" # For information on entries in this file, type "man shorewall6-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Drop packets in the INVALID state
Invalid(DROP) net $FW tcp
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

View File

@ -0,0 +1,170 @@
###############################################################################
#
# Shorewall6 version 4 - Sample shorewall.conf for one-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#
# For information about the settings in this file, type "man shorewall6.conf"
#
# The manpage is also online at
# http://shorewall.net/manpages6/shorewall6.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=No
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# L O G G I N G
###############################################################################
LOGFILE=/var/log/messages
STARTUP_LOG=/var/log/shorewall6-init.log
LOG_VERBOSITY=2
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
IP6TABLES=
PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=
MODULESDIR=
CONFIG_PATH=/etc/shorewall6:/usr/share/shorewall6:/usr/share/shorewall
RESTOREFILE=
LOCKFILE=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
NFQUEUE_DEFAULT="none"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
IP_FORWARDING=Off
TC_ENABLED=No
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=No
KEEP_RT_TABLES=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
ZONE2ZONE=2
ACCOUNTING=Yes
DYNAMIC_BLACKLIST=Yes
OPTIMIZE_ACCOUNTING=No
LOAD_HELPERS_ONLY=Yes
REQUIRE_INTERFACE=No
FORWARD_CLEAR_MARK=
COMPLETE=No
##############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
#LAST LINE -- DO NOT REMOVE

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5 - Sample Zones File for one-interface IPv6 configuration. # Shorewall6 version 4 - Sample Zones File for one-interface IPv6 configuration.
# Copyright (C) 2006-2015 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public

View File

@ -1,9 +1,9 @@
For instructions on using these sample configurations, please see For instructions on using these sample configurations, please see
https://shorewall.org/two-interface.htm http://www.shorewall.net/three-interface.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006-2014 by the following authors: Copyright (C) 2006 by the following authors:
Thomas M. Eastep Thomas M. Eastep
Paul D. Gear Paul D. Gear
Cristian Rodriguez Cristian Rodriguez

View File

@ -0,0 +1,17 @@
#
# Shorewall6 version 4 - Sample Interfaces File for three-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-interfaces"
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect tcpflags,forward=1
loc eth1 detect tcpflags,forward=1
dmz eth2 detect tcpflags,forward=1

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 Version 4 - Sample Policy File for three-interface configuration. # Shorewall6 Version 4 - Sample Policy File for three-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,9 +11,9 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-policy" # For information about entries in this file, type "man shorewall6-policy"
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT loc net ACCEPT
net all DROP $LOG_LEVEL net all DROP info
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -0,0 +1,20 @@
#
# Shorewall6 version 4 - Sample Routestopped File for three-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-routestopped"
#
# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
# information.
#
##############################################################################
#INTERFACE HOST(S)
eth1 -
eth2 -

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5.2 - Sample Rules File for three-interface configuration. # Shorewall6 version 4.0 - Sample Rules File for three-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006,2007,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-rules" # For information about entries in this file, type "man shorewall6-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the Internet # Accept DNS connections from the firewall to the Internet
# #

View File

@ -1,11 +1,19 @@
############################################################################### ###############################################################################
# #
# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf # Shorewall6 version 4 - Sample shorewall.conf for one-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
# #
# For information about the settings in this file, type "man shorewall6.conf" # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# #
# Manpage also online at # See the file README.txt for further details.
# https://shorewall.org/manpages/shorewall.conf.html #
# For information about the settings in this file, type "man shorewall6.conf"
#
# The manpage is also online at
# http://shorewall.net/manpages6/shorewall6.conf.html
############################################################################### ###############################################################################
# S T A R T U P E N A B L E D # S T A R T U P E N A B L E D
############################################################################### ###############################################################################
@ -18,225 +26,138 @@ STARTUP_ENABLED=No
VERBOSITY=1 VERBOSITY=1
###############################################################################
# P A G E R
###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
############################################################################### ###############################################################################
# L O G G I N G # L O G G I N G
############################################################################### ###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGLIMIT="s:1/sec:10"
LOGTAGONLY=No
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall6-init.log STARTUP_LOG=/var/log/shorewall6-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL" LOG_VERBOSITY=2
UNTRACKED_LOG_LEVEL= LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
############################################################################### ###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IP6TABLES= IP6TABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK= SUBSYSLOCK=
TC= MODULESDIR=
CONFIG_PATH=/etc/shorewall6/:/usr/share/shorewall6:/usr/share/shorewall
RESTOREFILE=
LOCKFILE=
############################################################################### ###############################################################################
# D E F A U L T A C T I O N S / M A C R O S # D E F A U L T A C T I O N S / M A C R O S
############################################################################### ###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none" ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none" QUEUE_DEFAULT="none"
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none"
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
############################################################################### ###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}' RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
############################################################################### ###############################################################################
# F I R E W A L L O P T I O N S # F I R E W A L L O P T I O N S
############################################################################### ###############################################################################
ACCOUNTING=Yes IP_FORWARDING=On
ACCOUNTING_TABLE=filter TC_ENABLED=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=No
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MUTEX_TIMEOUT=60
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
SAVE_IPSETS=No
TC_ENABLED=Shared
TC_EXPERT=No TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=Yes
KEEP_RT_TABLES=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes TRACK_PROVIDERS=Yes
TRACK_RULES=No ZONE2ZONE=2
USE_DEFAULT_RT=Yes ACCOUNTING=Yes
USE_NFLOG_SIZE=No DYNAMIC_BLACKLIST=Yes
USE_PHYSICAL_NAMES=No OPTIMIZE_ACCOUNTING=No
USE_RT_NAMES=No LOAD_HELPERS_ONLY=Yes
VERBOSE_MESSAGES=Yes REQUIRE_INTERFACE=No
WARNOLDCAPVERSION=Yes FORWARD_CLEAR_MARK=
WORKAROUNDS=No COMPLETE=No
ZERO_MARKS=No
ZONE2ZONE=-
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
@ -244,32 +165,6 @@ ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE #LAST LINE -- DO NOT REMOVE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5.2 - Sample Zones File for three-interface configuration. # Shorewall6 version 4 - Sample Zones File for three-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -15,6 +15,6 @@
#ZONE TYPE OPTIONS IN OUT #ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS # OPTIONS OPTIONS
fw firewall fw firewall
net ipv6 net ipv4
loc ipv6 loc ipv4
dmz ipv6 dmz ipv4

View File

@ -1,9 +1,9 @@
For instructions on using these sample configurations, please see For instructions on using these sample configurations, please see
https://shorewall.org/two-interface.htm http://www.shorewall.net/two-interface.htm
Shorewall Samples Shorewall Samples
Copyright (C) 2006-2015 by the following authors: Copyright (C) 2006 by the following authors:
Thomas M. Eastep Thomas M. Eastep
Paul D. Gear Paul D. Gear
Cristian Rodriguez Cristian Rodriguez

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 - Sample Interfaces File for one-interface configuration. # Shorewall6 version 4.0 - Sample Interfaces File for two-interface configuration.
# Copyright (C) 2006-2017 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,7 +11,6 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-interfaces" # For information about entries in this file, type "man shorewall6-interfaces"
############################################################################### ###############################################################################
?FORMAT 2 #ZONE INTERFACE BROADCAST OPTIONS
############################################################################### net eth0 detect tcpflags,forward=1
#ZONE INTERFACE OPTIONS loc eth1 detect tcpflags,forward=1
net NET_IF tcpflags,physical=eth0

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 4 - Sample Policy File for two-interface configuration. # Shorewall6 version 4 - Sample Policy File for two-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -11,9 +11,9 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-policy" # For information about entries in this file, type "man shorewall6-policy"
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOGLEVEL RATE CONNLIMIT #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT loc net ACCEPT
net all DROP $LOG_LEVEL net all DROP info
all all REJECT $LOG_LEVEL all all REJECT info

View File

@ -0,0 +1,19 @@
#
# Shorewall6 version 4.0 - Sample Routestopped File for two-interface configuration.
# Copyright (C) 2006,2008 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-routestopped"
#
# See http://shorewall.net/starting_and_stopping_shorewall.htm for additional
# information.
#
##############################################################################
#INTERFACE HOST(S) OPTIONS
eth1 -

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5.2 - Sample Rules File for two-interface configuration. # Shorewall6 version 4.0 - Sample Rules File for two-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006-2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public
@ -10,19 +10,9 @@
# See the file README.txt for further details. # See the file README.txt for further details.
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall6-rules" # For information about entries in this file, type "man shorewall6-rules"
###################################################################################################################################################################################################### #############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Don't allow connection pickup from the net
#
Invalid(DROP) net all tcp
# #
# Accept DNS connections from the firewall to the network # Accept DNS connections from the firewall to the network
# #

View File

@ -0,0 +1,170 @@
###############################################################################
#
# Shorewall version 4.4 - Sample shorewall.conf for one-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#
# For information about the settings in this file, type "man shorewall6.conf"
#
# The manpage is also online at
# http://shorewall.net/manpages6/shorewall6.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=No
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# L O G G I N G
###############################################################################
LOGFILE=/var/log/messages
STARTUP_LOG=/var/log/shorewall6-init.log
LOG_VERBOSITY=2
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
LOGALLNEW=
BLACKLIST_LOGLEVEL=
TCP_FLAGS_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
IP6TABLES=
PERL=/usr/bin/perl
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=
MODULESDIR=
CONFIG_PATH=/etc/shorewall6/:/usr/share/shorewall6:/usr/share/shorewall/
RESTOREFILE=
LOCKFILE=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
NFQUEUE_DEFAULT="none"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RSH_COMMAND='ssh ${root}@${system} ${command}'
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
IP_FORWARDING=On
TC_ENABLED=No
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=ko
FASTACCEPT=No
IMPLICIT_CONTINUE=No
HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=No
EXPAND_POLICIES=No
KEEP_RT_TABLES=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes
AUTOMAKE=No
WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
ZONE2ZONE=2
ACCOUNTING=Yes
DYNAMIC_BLACKLIST=Yes
OPTIMIZE_ACCOUNTING=No
LOAD_HELPERS_ONLY=Yes
REQUIRE_INTERFACE=No
FORWARD_CLEAR_MARK=
COMPLETE=No
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
#LAST LINE -- DO NOT REMOVE

View File

@ -1,6 +1,6 @@
# #
# Shorewall6 version 5.2 - Sample Zones File for two-interface configuration. # Shorewall6 version 4.0 - Sample Zones File for two-interface configuration.
# Copyright (C) 2006-2014 by the Shorewall Team # Copyright (C) 2006,2008 by the Shorewall Team
# #
# This library is free software; you can redistribute it and/or # This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public # modify it under the terms of the GNU Lesser General Public

View File

@ -1,341 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) 19yy <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

View File

@ -1,24 +0,0 @@
Shoreline Firewall (Shorewall) Version 5
----- ----
-----------------------------------------------------------------------------
This program is free software; you can redistribute it and/or modify
it under the terms of Version 2 of the GNU General Public License
as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
---------------------------------------------------------------------------
Please see https://shorewall.org/Install.htm for installation
instructions.

View File

@ -1 +0,0 @@
5.2.8-RC1

View File

@ -1,248 +0,0 @@
#!/bin/bash
#
# Shorewall Packet Filtering Firewall configuration program - V5.2
#
# (c) 2012,2014,2017 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# Usage: ./configure [ <option>=<setting> ] ...
#
#
################################################################################################
#
# Build updates this
#
VERSION=4.6.12
case "$BASH_VERSION" in
[4-9].*)
;;
*)
echo "ERROR: This program requires Bash 4.0 or later" >&2
exit 1
;;
esac
declare -A params
declare -A options
getfileparams() {
while read option; do
case $option in
\#*)
;;
*)
on=${option%=*}
ov=${option#*=}
ov=${ov%#*}
[ -n "$on" ] && options[${on}]="${ov}"
;;
esac
done
return 0
}
for p in $@; do
if [ -n "${p}" ]; then
declare -u pn
pn=${p%=*}
pn=${pn#--}
pv=${p#*=}
if [ -n "${pn}" ]; then
case ${pn} in
VENDOR)
pn=HOST
;;
SHAREDSTATEDIR)
pn=VARLIB
;;
DATADIR)
pn=SHAREDIR
;;
esac
params[${pn}]="${pv}"
else
echo "ERROR: Invalid option ($p)" >&2
exit 1
fi
fi
done
cd $(dirname $0)
vendor=${params[HOST]}
if [ -z "$vendor" ]; then
if [ -f /etc/os-release ]; then
eval $(cat /etc/os-release | grep ^ID=)
case $ID in
fedora|rhel)
vendor=redhat
;;
debian|ubuntu)
vendor=debian
;;
opensuse)
vendor=suse
;;
alt|basealt|altlinux)
vendor=alt
;;
*)
vendor="$ID"
;;
esac
params[HOST]="$vendor"
fi
fi
if [ -z "$vendor" ]; then
case `uname` in
Darwin)
params[HOST]=apple
rcfile=shorewallrc.apple
;;
cygwin*|CYGWIN*)
params[HOST]=cygwin
rcfile=shorewallrc.cygwin
;;
*)
if [ -f /etc/debian_version ]; then
params[HOST]=debian
ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
elif [ -f /etc/altlinux-release ] ; then
params[HOST]=alt
elif [ -f /etc/redhat-release ]; then
params[HOST]=redhat
rcfile=shorewallrc.redhat
elif [ -f /etc/slackware-version ] ; then
params[HOST]=slackware
rcfile=shorewallrc.slackware
elif [ -f /etc/SuSE-release ]; then
params[HOST]=suse
rcfile=shorewallrc.suse
elif [ -f /etc/arch-release ] ; then
params[HOST]=archlinux
rcfile=shorewallrc.archlinux
elif [ -f /etc/openwrt_release ]; then
params[HOST]=openwrt
rcfile=shorewallrc.openwrt
else
params[HOST]=linux
rcfile=shorewallrc.default
fi
;;
esac
vendor=${params[HOST]}
else
if [ $vendor = linux ]; then
rcfile=shorewallrc.default;
elif [ $vendor = debian -a -f /etc/debian_version ]; then
ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit
else
rcfile=shorewallrc.$vendor
fi
if [ ! -f $rcfile ]; then
echo "ERROR: $vendor is not a recognized host type" >&2
exit 1
elif [ $vendor = default ]; then
params[HOST]=linux
vendor=linux
elif [[ $vendor == debian.* ]]; then
params[HOST]=debian
vendor=debian
fi
fi
if [ $vendor = linux ]; then
echo "INFO: Creating a generic Linux installation - " `date`;
else
echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`;
fi
echo
getfileparams < $rcfile || exit 1
for p in ${!params[@]}; do
options[${p}]="${params[${p}]}"
done
echo '#' > shorewallrc
echo "# Created by Shorewall Core version $VERSION configure - " `date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}"` >> shorewallrc
echo "# rc file: $rcfile" >> shorewallrc
echo '#' >> shorewallrc
if [ $# -gt 0 ]; then
echo "# Input: $@" >> shorewallrc
echo '#' >> shorewallrc
fi
if [ -n "${options[VARLIB]}" ]; then
if [ -z "${options[VARDIR]}" ]; then
options[VARDIR]='${VARLIB}/${PRODUCT}'
fi
elif [ -n "${options[VARDIR]}" ]; then
if [ -z "{$options[VARLIB]}" ]; then
options[VARLIB]=${options[VARDIR]}
options[VARDIR]='${VARLIB}/${PRODUCT}'
fi
fi
if [ -z "${options[SERVICEDIR]}" ]; then
options[SERVICEDIR]="${options[SYSTEMD]}"
fi
for on in \
HOST \
PREFIX \
SHAREDIR \
LIBEXECDIR \
PERLLIBDIR \
CONFDIR \
SBINDIR \
MANDIR \
INITDIR \
INITSOURCE \
INITFILE \
AUXINITSOURCE \
AUXINITFILE \
SERVICEDIR \
SERVICEFILE \
SYSCONFFILE \
SYSCONFDIR \
SPARSE \
ANNOTATED \
VARLIB \
VARDIR \
DEFAULT_PAGER
do
echo "$on=${options[${on}]}"
echo "$on=${options[${on}]}" >> shorewallrc
done

View File

@ -1,233 +0,0 @@
#! /usr/bin/perl -w
#
# Shorewall Packet Filtering Firewall configuration program - V5.2
#
# (c) 2012, 2014 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# Usage: ./configure.pl <option>=<setting> ...
#
#
################################################################################################
use strict;
#
# Build updates this
#
use constant {
VERSION => '4.6.12'
};
my %params;
my %options;
my %aliases = ( VENDOR => 'HOST',
SHAREDSTATEDIR => 'VARLIB',
DATADIR => 'SHAREDIR' );
for ( @ARGV ) {
die "ERROR: Invalid option specification ( $_ )" unless /^(?:--)?(\w+)=(.*)$/;
my $pn = uc $1;
my $pv = $2 || '';
$pn = $aliases{$pn} if exists $aliases{$pn};
$params{$pn} = $pv;
}
use File::Basename;
chdir dirname($0);
my $vendor = $params{HOST};
my $rcfile;
my $rcfilename;
unless ( defined $vendor ) {
if ( -f '/etc/os-release' ) {
my $id = `cat /etc/os-release | grep ^ID=`;
chomp $id;
$id =~ s/ID=//;
if ( $id eq 'fedora' || $id eq 'rhel' ) {
$vendor = 'redhat';
} elsif ( $id eq 'opensuse' ) {
$vendor = 'suse';
} elsif ( $id eq 'ubuntu' || $id eq 'debian' ) {
my $init = `ls -l /sbin/init`;
$vendor = $init =~ /systemd/ ? 'debian.systemd' : 'debian.sysvinit';
} elsif ( $id eq 'alt' || $id eq 'basealt' || $id eq 'altlinux' ) {
$vendor = 'alt';
} else {
$vendor = $id;
}
}
$params{HOST} = $vendor;
$params{HOST} =~ s/\..*//;
}
if ( defined $vendor ) {
if ( $vendor eq 'debian' && -f '/etc/debian_version' ) {
if ( -l '/sbin/init' ) {
if ( readlink('/sbin/init') =~ /systemd/ ) {
$rcfilename = 'shorewallrc.debian.systemd';
} else {
$rcfilename = 'shorewallrc.debian.sysvinit';
}
} else {
$rcfilename = 'shorewallrc.debian.sysvinit';
}
} else {
$rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor;
}
unless ( -f $rcfilename ) {
die qq("ERROR: $vendor" is not a recognized host type);
} elsif ( $vendor eq 'default' ) {
$params{HOST} = $vendor = 'linux';
} elsif ( $vendor =~ /^debian\./ ) {
$params{HOST} = $vendor = 'debian';
}
} else {
if ( -f '/etc/debian_version' ) {
$vendor = 'debian';
if ( -l '/sbin/init' ) {
if ( readlink( '/sbin/init' ) =~ /systemd/ ) {
$rcfilename = 'shorewallrc.debian.systemd';
} else {
$rcfilename = 'shorewallrc.debian.sysvinit';
}
} else {
$rcfilename = 'shorewallrc.debian.sysvinit';
}
} elsif ( -f '/etc/altlinux-release' ){
$vendor = 'alt';
$rcfilename = 'shorewallrc.alt';
} elsif ( -f '/etc/redhat-release' ){
$vendor = 'redhat';
$rcfilename = 'shorewallrc.redhat';
} elsif ( -f '/etc/slackware-version' ) {
$vendor = 'slackware';
$rcfilename = 'shorewallrc.slackware';
} elsif ( -f '/etc/SuSE-release' ) {
$vendor = 'suse';
$rcfilename = 'shorewallrc.suse';
} elsif ( -f '/etc/arch-release' ) {
$vendor = 'archlinux';
$rcfilename = 'shorewallrc.archlinux';
} elsif ( `uname` =~ '^Darwin' ) {
$vendor = 'apple';
$rcfilename = 'shorewallrc.apple';
} elsif ( `uname` =~ /^Cygwin/i ) {
$vendor = 'cygwin';
$rcfilename = 'shorewallrc.cygwin';
} else {
$vendor = 'linux';
$rcfilename = 'shorewallrc.default';
}
$params{HOST} = $vendor;
}
my @localtime = localtime;
my @abbr = qw( Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec );
if ( $vendor eq 'linux' ) {
printf "INFO: Creating a generic Linux installation - %s %2d %04d %02d:%02d:%02d\n\n", $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
} else {
printf "INFO: Creating a %s-specific installation - %s %2d %04d %02d:%02d:%02d\n\n", $params{HOST}, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];;
}
open $rcfile, '<', $rcfilename or die "Unable to open $rcfilename for input: $!";
while ( <$rcfile> ) {
s/\s*#.*//;
unless ( /^\s*$/ ) {
chomp;
die "ERROR: Invalid entry ($_) in $rcfilename, line $." unless /\s*(\w+)=(.*)/;
$options{$1} = $2;
}
}
close $rcfile;
while ( my ( $p, $v ) = each %params ) {
$options{$p} = ${v};
}
my $outfile;
open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!";
if ( $ENV{SOURCE_DATE_EPOCH} ) {
printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s\n", VERSION, `date --utc --date=\"\@$ENV{SOURCE_DATE_EPOCH}\"`;
} else {
printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0];
}
print $outfile "# rc file: $rcfilename\n#\n";
print $outfile "# Input: @ARGV\n#\n" if @ARGV;
if ( $options{VARLIB} ) {
unless ( $options{VARDIR} ) {
$options{VARDIR} = '${VARLIB}/${PRODUCT}';
}
} elsif ( $options{VARDIR} ) {
$options{VARLIB} = $options{VARDIR};
$options{VARDIR} = '${VARLIB}/${PRODUCT}';
}
$options{SERVICEDIR}=$options{SYSTEMD} unless $options{SERVICEDIR};
for ( qw/ HOST
PREFIX
SHAREDIR
LIBEXECDIR
PERLLIBDIR
CONFDIR
SBINDIR
MANDIR
INITDIR
INITSOURCE
INITFILE
AUXINITSOURCE
AUXINITFILE
SERVICEDIR
SERVICEFILE
SYSCONFFILE
SYSCONFDIR
SPARSE
ANNOTATED
VARLIB
VARDIR
DEFAULT_PAGER / ) {
my $val = $options{$_} || '';
print "$_=$val\n";
print $outfile "$_=$val\n";
}
close $outfile;
1;

View File

@ -1,424 +0,0 @@
#!/bin/sh
#
# Script to install Shoreline Firewall Core Modules
#
# (c) 2000-2018 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
VERSION=xxx # The Build script inserts the actual version
PRODUCT=shorewall-core
Product="Shorewall Core"
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
echo "where <option> is one of"
echo " -h"
echo " -v"
exit $1
}
install_file() # $1 = source $2 = target $3 = mode
{
if cp -f $1 $2; then
if chmod $3 $2; then
if [ -n "$OWNER" ]; then
if chown $OWNER:$GROUP $2; then
return
fi
else
return 0
fi
fi
fi
echo "ERROR: Failed to install $2" >&2
exit 1
}
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
#
# Source common functions
#
. ./lib.installer || { echo "ERROR: Can not load common functions." >&2; exit 1; }
#
# Parse the run line
#
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "$Product Firewall Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
file=./shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
elif [ -f ~/.shorewallrc ]; then
file=~/.shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
elif [ -f /usr/share/shorewall/shorewallrc ]; then
file=/usr/share/shorewall/shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file || fatal_error "Can not load the RC file: $file"
else
usage 1
fi
update=0
if [ -z "${VARLIB}" ]; then
VARLIB=${VARDIR}
VARDIR="${VARLIB}/${PRODUCT}"
update=1
elif [ -z "${VARDIR}" ]; then
VARDIR="${VARLIB}/${PRODUCT}"
update=2
fi
for var in SHAREDIR LIBEXECDIR PERLLIBDIR CONFDIR SBINDIR VARLIB VARDIR; do
require $var
done
[ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR
if [ -z "$BUILD" ]; then
case $(uname) in
cygwin*|CYGWIN*)
BUILD=cygwin
;;
Darwin)
BUILD=apple
;;
*)
if [ -f /etc/os-release ]; then
eval $(cat /etc/os-release | grep ^ID)
case $ID in
fedora|rhel|centos|foobar)
BUILD=redhat
;;
debian)
BUILD=debian
;;
gentoo)
BUILD=gentoo
;;
opensuse)
BUILD=suse
;;
alt|basealt|altlinux)
BUILD=alt
;;
*)
BUILD="$ID"
;;
esac
elif [ -f /etc/debian_version ]; then
BUILD=debian
elif [ -f /etc/gentoo-release ]; then
BUILD=gentoo
elif [ -f /etc/altlinux-release ]; then
BUILD=alt
elif [ -f /etc/redhat-release ]; then
BUILD=redhat
elif [ -f /etc/slackware-version ] ; then
BUILD=slackware
elif [ -f /etc/SuSE-release ]; then
BUILD=suse
elif [ -f /etc/arch-release ] ; then
BUILD=archlinux
elif [ -f ${CONFDIR}/openwrt_release ] ; then
BUILD=openwrt
else
BUILD=linux
fi
;;
esac
fi
case $BUILD in
cygwin*)
if [ -z "$DESTDIR" ]; then
DEST=
INIT=
fi
OWNER=$(id -un)
GROUP=$(id -gn)
;;
apple)
if [ -z "$DESTDIR" ]; then
DEST=
INIT=
SPARSE=Yes
fi
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=wheel
;;
*)
if [ $(id -u) -eq 0 ]; then
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=root
fi
;;
esac
#
# Determine where to install the firewall script
#
[ -n "$HOST" ] || HOST=$BUILD
case "$HOST" in
cygwin)
echo "Installing Cygwin-specific configuration..."
;;
apple)
echo "Installing Mac-specific configuration...";
;;
debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt|alt)
;;
*)
fatal_error "Unknown HOST \"$HOST\""
;;
esac
if [ -z "$file" ]; then
if [ $HOST = linux ]; then
file=shorewallrc.default
else
file=shorewallrc.${HOST}
fi
echo "You have not specified a configuration file and ~/.shorewallrc does not exist" >&2
echo "Shorewall-core $VERSION has determined that the $file configuration is appropriate for your system" >&2
echo "Please review the settings in that file. If you wish to change them, make a copy and modify the copy" >&2
echo "Then re-run install.sh passing either $file or the name of your modified copy" >&2
echo "" >&2
echo "Example:" >&2
echo "" >&2
echo " ./install.sh $file" >&2
exit 1
fi
if [ -n "$DESTDIR" ]; then
if [ $BUILD != cygwin ]; then
if [ `id -u` != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root."
fi
fi
fi
echo "Installing $Product Version $VERSION"
#
# Create directories
#
make_parent_directory ${DESTDIR}${LIBEXECDIR}/shorewall 0755
make_parent_directory ${DESTDIR}${SHAREDIR}/shorewall 0755
make_parent_directory ${DESTDIR}${CONFDIR} 0755
[ -n "${SYSCONFDIR}" ] && make_parent_directory ${DESTDIR}${SYSCONFDIR} 0755
if [ -z "${SERVICEDIR}" ]; then
SERVICEDIR="$SYSTEMD"
fi
[ -n "${SERVICEDIR}" ] && make_parent_directory ${DESTDIR}${SERVICEDIR} 0755
make_parent_directory ${DESTDIR}${SBINDIR} 0755
[ -n "${MANDIR}" ] && make_parent_directory ${DESTDIR}${MANDIR} 0755
if [ -n "${INITFILE}" ]; then
make_parent_directory ${DESTDIR}${INITDIR} 0755
if [ -n "$AUXINITSOURCE" -a -f "$AUXINITSOURCE" ]; then
install_file $AUXINITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$AUXINITFILE
echo "SysV init script $AUXINITSOURCE installed in ${DESTDIR}${INITDIR}/$AUXINITFILE"
fi
fi
#
# Note: ${VARDIR} is created at run-time since it has always been
# a relocatable directory on a per-product basis
#
# Install the CLI
#
install_file shorewall ${DESTDIR}${SBINDIR}/shorewall 0755
[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/shorewall
echo "Shorewall CLI program installed in ${DESTDIR}${SBINDIR}/shorewall"
#
# Install wait4ifup
#
install_file wait4ifup ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup 0755
echo
echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
#
# Install stop_service
#
if [ -n "${STOPSERVICEFILE}" ]; then
install_file ${STOPSERVICEFILE} ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service 0755
echo
echo "${STOPSERVICEFILE} installed in ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service"
fi
#
# Install the libraries
#
for f in lib.* ; do
case $f in
*installer)
;;
*)
install_file $f ${DESTDIR}${SHAREDIR}/shorewall/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/shorewall/$f"
;;
esac
done
if [ $SHAREDIR != /usr/share ]; then
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.base
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/lib.cli
fi
#
# Install the Man Pages
#
if [ -n "$MANDIR" ]; then
cd manpages
[ -n "$INSTALLD" ] || make_parent_directory ${DESTDIR}${MANDIR}/man8 0755
for f in *.8; do
gzip -9c $f > $f.gz
install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 0644
echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz"
done
cd ..
echo "Man Pages Installed"
fi
#
# Symbolically link 'functions' to lib.base
#
ln -sf lib.base ${DESTDIR}${SHAREDIR}/shorewall/functions
#
# Create the version file
#
echo "$VERSION" > ${DESTDIR}${SHAREDIR}/shorewall/coreversion
chmod 0644 ${DESTDIR}${SHAREDIR}/shorewall/coreversion
if [ -z "${DESTDIR}" ]; then
if [ $update -ne 0 ]; then
echo "Updating $file - original saved in $file.bak"
cp $file $file.bak
echo '#' >> $file
echo "# Updated by Shorewall-core $VERSION -" `date` >> $file
echo '#' >> $file
[ $update -eq 1 ] && sed -i 's/VARDIR/VARLIB/' $file
echo 'VARDIR=${VARLIB}/${PRODUCT}' >> $file
fi
fi
[ $file != "${DESTDIR}${SHAREDIR}/shorewall/shorewallrc" ] && cp $file ${DESTDIR}${SHAREDIR}/shorewall/shorewallrc
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc ~/.shorewallrc
if [ ${SHAREDIR} != /usr/share ]; then
for f in lib.*; do
case $f in
*installer)
;;
*)
if [ $BUILD != apple ]; then
eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
else
eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f
fi
;;
esac
done
fi
#
# Report Success
#
echo "$Product Version $VERSION Installed"

View File

@ -1,41 +0,0 @@
#
# Shorewall 5.2 -- /usr/share/shorewall/lib.base
#
# (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# This library is a compatibility wrapper around lib.core.
#
if [ -z "$PRODUCT" ]; then
#
# This is modified by the installer when ${SHAREDIR} != /usr/share
#
. /usr/share/shorewall/shorewallrc
g_basedir=${SHAREDIR}/shorewall
if [ -z "$SHOREWALL_LIBVERSION" ]; then
. ${g_basedir}/lib.core
fi
set_default_product
setup_product_environment
fi

File diff suppressed because it is too large Load Diff

View File

@ -1,826 +0,0 @@
#
# Shorewall 5.2 -- /usr/share/shorewall/lib.common
#
# (c) 2010-2018 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# The purpose of this library is to hold those functions used by both the CLI and by the
# generated firewall scripts. To avoid versioning issues, it is copied into generated
# scripts rather than loaded at run-time.
#
#########################################################################################
#
# Wrapper around logger that sets the tag according to $SW_LOGGERTAG
#
mylogger() {
local level
level=$1
shift
if [ -n "$SW_LOGGERTAG" ]; then
logger -p $level -t "$SW_LOGGERTAG" $*
else
logger -p $level $*
fi
}
#
# Issue a message and stop
#
startup_error() # $* = Error Message
{
echo " ERROR: $@: Firewall state not changed" >&2
if [ $LOG_VERBOSITY -ge 0 ]; then
timestamp="$(date +'%b %e %T') "
echo "${timestamp} ERROR: $@" >> $STARTUP_LOG
fi
case $COMMAND in
start)
mylogger daemon.err "ERROR:$g_product start failed:Firewall state not changed"
;;
restart)
mylogger daemon.err "ERROR:$g_product restart failed:Firewall state not changed"
;;
restore)
mylogger daemon.err "ERROR:$g_product restore failed:Firewall state not changed"
;;
esac
if [ $LOG_VERBOSITY -ge 0 ]; then
timestamp="$(date +'%b %e %T') "
case $COMMAND in
start)
echo "${timestamp} ERROR:$g_product start failed:Firewall state not changed" >> $STARTUP_LOG
;;
restart)
echo "${timestamp} ERROR:$g_product restart failed:Firewall state not changed" >> $STARTUP_LOG
;;
restore)
echo "${timestamp} ERROR:$g_product restore failed:Firewall state not changed" >> $STARTUP_LOG
;;
esac
fi
mutex_off
kill $$
exit 2
}
#
# Create the required option string and run the passed script using
# $SHOREWALL_SHELL
#
run_it() {
local script
local options='-'
export VARDIR
script=$1
shift
if [ "$g_debugging" = debug ]; then
options='-D'
elif [ "$g_debugging" = trace ]; then
options='-T'
else
options='-';
fi
[ -n "$g_noroutes" ] && options=${options}n
[ -n "$g_timestamp" ] && options=${options}t
[ -n "$g_purge" ] && options=${options}p
[ -n "$g_recovering" ] && options=${options}r
[ -n "$g_counters" ] && options=${options}c
options="${options}V $VERBOSITY"
[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
$SHOREWALL_SHELL $script $options $@
}
#
# Message to stderr
#
error_message() # $* = Error Message
{
echo " $@" >&2
return 1
}
#
# Undo the effect of 'split()'
#
join()
{
local f
local o
o=
for f in $* ; do
o="${o:+$o:}$f"
done
echo $o
}
#
# Return the number of elements in a list
#
list_count() # $* = list
{
return $#
}
#
# Split a colon-separated list into a space-separated list
#
split() {
local ifs
ifs=$IFS
IFS=:
echo $*
IFS=$ifs
}
#
# Split a comma-separated list into a space-separated list
#
split_list() {
local ifs
ifs=$IFS
IFS=,
echo $*
IFS=$ifs
}
#
# Search a list looking for a match -- returns zero if a match found
# 1 otherwise
#
list_search() # $1 = element to search for , $2-$n = list
{
local e
e=$1
while [ $# -gt 1 ]; do
shift
[ "x$e" = "x$1" ] && return 0
done
return 1
}
#
# Suppress all output for a command
#
qt()
{
"$@" >/dev/null 2>&1
}
#
# Suppress all output and input - mainly for preventing leaked file descriptors
# to avoid SELinux denials
#
qtnoin()
{
"$@" </dev/null >/dev/null 2>&1
}
qt1()
{
local status
while [ 1 ]; do
"$@" </dev/null >/dev/null 2>&1
status=$?
[ $status -ne 4 ] && return $status
done
}
#
# Determine if Shorewall[6] is "running"
#
product_is_started() {
qt1 $g_tool -L shorewall -n
}
shorewall_is_started() {
qt1 $IPTABLES -L shorewall -n
}
shorewall6_is_started() {
qt1 $IP6TABLES -L shorewall -n
}
#
# Echos the fully-qualified name of the calling shell program
#
my_pathname() {
local pwd
pwd=$PWD
cd $(dirname $0)
echo $PWD/$(basename $0)
cd $pwd
}
#
# Source a user exit file if it exists
#
run_user_exit() # $1 = file name
{
local user_exit
user_exit=$(find_file $1)
if [ -f $user_exit ]; then
progress_message "Processing $user_exit ..."
. $user_exit
fi
}
#
# Load a Kernel Module -- assumes that the variable 'moduledirectories' contains
# a space-separated list of directories to search for
# the module and that 'moduleloader' contains the
# module loader command.
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename
modulename=$1
shift
local moduleoptions
moduleoptions=$*
local modulefile
local suffix
if [ -d /sys/module/ ]; then
if ! list_search $modulename $DONT_LOAD; then
if [ ! -d /sys/module/$modulename ]; then
case $moduleloader in
insmod)
for directory in $moduledirectories; do
for modulefile in $directory/${modulename}.*; do
if [ -f $modulefile ]; then
insmod $modulefile $moduleoptions
return
fi
done
done
;;
*)
modprobe -q $modulename $moduleoptions
;;
esac
fi
fi
elif ! list_search $modulename $DONT_LOAD $MODULES; then
case $moduleloader in
insmod)
for directory in $moduledirectories; do
for modulefile in $directory/${modulename}.*; do
if [ -f $modulefile ]; then
insmod $modulefile $moduleoptions
return
fi
done
done
;;
*)
modprobe -q $modulename $moduleoptions
;;
esac
fi
}
#
# Reload the Modules
#
reload_kernel_modules() {
local save_modules_dir
save_modules_dir=$MODULESDIR
local directory
local moduledirectories
moduledirectories=
local moduleloader
moduleloader=modprobe
local uname
local extras
if ! qt mywhich modprobe; then
moduleloader=insmod
fi
if [ -n "$MODULESDIR" ]; then
case "$MODULESDIR" in
+*)
extras="$MODULESDIR"
extras=${extras#+}
MODULESDIR=
;;
esac
fi
if [ -z "$MODULESDIR" ]; then
uname=$(uname -r)
MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
if [ -n "$extras" ]; then
for directory in $(split "$extras"); do
MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
done
fi
fi
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
done
[ -n "$moduledirectories" ] && while read command; do
eval $command
done
MODULESDIR=$save_modules_dir
}
#
# Load kernel modules required for Shorewall
#
load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
{
local save_modules_dir
save_modules_dir=$MODULESDIR
local directory
local moduledirectories
moduledirectories=
local moduleloader
moduleloader=modprobe
local savemoduleinfo
savemoduleinfo=${1:-Yes} # So old compiled scripts still work
local uname
local extras
if ! qt mywhich modprobe; then
moduleloader=insmod
fi
if [ -n "$MODULESDIR" ]; then
case "$MODULESDIR" in
+*)
extras="$MODULESDIR"
extras=${extras#+}
MODULESDIR=
;;
esac
fi
if [ -z "$MODULESDIR" ]; then
uname=$(uname -r)
MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
if [ -n "$extras" ]; then
for directory in $(split "$extras"); do
MODULESDIR="$MODULESDIR:/lib/modules/$uname/$directory"
done
fi
fi
for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
done
modules=$(find_file helpers)
if [ -f $modules -a -n "$moduledirectories" ]; then
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
progress_message "Loading Modules..."
. $modules
if [ $savemoduleinfo = Yes ]; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir
cp -f $modules ${VARDIR}/.modules
fi
elif [ $savemoduleinfo = Yes ]; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
> ${VARDIR}/.modulesdir
> ${VARDIR}/.modules
fi
MODULESDIR=$save_modules_dir
}
#
# Note: The following set of IP address manipulation functions have anomalous
# behavior when the shell only supports 32-bit signed arithmetic and
# the IP address is 128.0.0.0 or 128.0.0.1.
#
LEFTSHIFT='<<'
#
# Convert an IP address in dot quad format to an integer
#
decodeaddr() {
local x
local temp
temp=0
local ifs
ifs=$IFS
IFS=.
for x in $1; do
temp=$(( $(( $temp $LEFTSHIFT 8 )) | $x ))
done
echo $temp
IFS=$ifs
}
#
# convert an integer to dot quad format
#
encodeaddr() {
addr=$1
local x
local y
y=$(($addr & 255))
for x in 1 2 3 ; do
addr=$(($addr >> 8))
y=$(($addr & 255)).$y
done
echo $y
}
#
# Netmask from CIDR
#
ip_netmask() {
local vlsm
vlsm=${1#*/}
[ $vlsm -eq 0 ] && echo 0 || echo $(( -1 $LEFTSHIFT $(( 32 - $vlsm )) ))
}
#
# Network address from CIDR
#
ip_network() {
local decodedaddr
decodedaddr=$(decodeaddr ${1%/*})
local netmask
netmask=$(ip_netmask $1)
echo $(encodeaddr $(($decodedaddr & $netmask)))
}
#
# The following hack is supplied to compensate for the fact that many of
# the popular light-weight Bourne shell derivatives do not support XOR ("^").
#
ip_broadcast() {
local x
x=$(( 32 - ${1#*/} ))
[ $x -eq 32 ] && echo -1 || echo $(( $(( 1 $LEFTSHIFT $x )) - 1 ))
}
#
# Calculate broadcast address from CIDR
#
broadcastaddress() {
local decodedaddr
decodedaddr=$(decodeaddr ${1%/*})
local netmask
netmask=$(ip_netmask $1)
local broadcast
broadcast=$(ip_broadcast $1)
echo $(encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast )))
}
#
# Test for network membership
#
in_network() # $1 = IP address, $2 = CIDR network
{
local netmask
netmask=$(ip_netmask $2)
#
# Use string comparison to work around a broken BusyBox ash in OpenWRT
#
test $(( $(decodeaddr $1) & $netmask)) = $(( $(decodeaddr ${2%/*}) & $netmask ))
}
#
# Query NetFilter about the existence of a filter chain
#
chain_exists() # $1 = chain name, $2 = table name (optional)
{
qt1 $g_tool -t ${2:-filter} -L $1 -n
}
#
# Find the interface with the passed MAC address
#
find_interface_by_mac() {
local mac
mac=$1
local first
local second
local rest
local dev
$IP link list | while read first second rest; do
case $first in
*:)
dev=$second
;;
*)
if [ "$second" = $mac ]; then
echo ${dev%:}
return
fi
esac
done
}
#
# Find interface address--returns the first IP address assigned to the passed
# device
#
find_first_interface_address() # $1 = interface
{
if [ $g_family -eq 4 ]; then
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
else
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IPv6 address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
fi
}
find_first_interface_address_if_any() # $1 = interface
{
if [ $g_family -eq 4 ]; then
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
else
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | grep -F 'inet6 ' | grep -vF 'scope link' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//' || echo ::
fi
}
#
#Determines if the passed interface is a loopback interface
#
loopback_interface() { #$1 = Interface name
[ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
}
#
# Find Loopback Interfaces
#
find_loopback_interfaces() {
local interfaces
[ -x "$IP" ] && interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
[ -n "$interfaces" ] && echo $interfaces || echo lo
}
#
# Internal version of 'which'
#
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
echo $dir/$1
return 0
fi
done
return 2
}
#
# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
#
find_file()
{
local saveifs
saveifs=
local directory
case $1 in
/*)
echo $1
;;
*)
for directory in $(split $CONFIG_PATH); do
if [ -f $directory/$1 ]; then
echo $directory/$1
return
fi
done
if [ -n "$g_shorewalldir" ]; then
echo ${g_shorewalldir}/$1
else
echo ${g_confdir}/$1
fi
;;
esac
}
#
# Set the Shorewall state
#
set_state () # $1 = state
{
if [ $# -gt 1 ]; then
echo "$1 $(date) from $2" > ${VARDIR}/state
else
echo "$1 $(date)" > ${VARDIR}/state
fi
}
#
# Perform variable substitution on the passed argument and echo the result
#
expand() # $@ = contents of variable which may be the name of another variable
{
eval echo \"$@\"
}
#
# Function for including one file into another
#
INCLUDE() {
. $(find_file $(expand $@))
}
# Function to truncate a string -- It uses 'cut -b -<n>'
# rather than ${v:first:last} because light-weight shells like ash and
# dash do not support that form of expansion.
#
truncate() # $1 = length
{
cut -b -${1}
}
#
# Call this function to assert mutual exclusion with Shorewall. If you invoke the
# /sbin/shorewall program while holding mutual exclusion, you should pass -N as
# the first argument. Example "shorewall -N refresh"
#
# This function uses the lockfile utility from procmail if it exists.
# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
# behavior of lockfile.
#
mutex_on()
{
local try
try=0
local lockf
lockf=${LOCKFILE:=${VARDIR}/lock}
local lockpid
local lockd
local lockbin
local openwrt
MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
if [ -z "$g_havemutex" -a $MUTEX_TIMEOUT -gt 0 ]; then
lockd=$(dirname $LOCKFILE)
[ -d "$lockd" ] || mkdir -p "$lockd"
lockbin=$(mywhich lock)
[ -n "$lockbin" -a -h "$lockbin" ] && openwrt=Yes
if [ -f $lockf ]; then
lockpid=`cat ${lockf} 2> /dev/null`
if [ -z "$lockpid" ] || [ $lockpid = 0 ]; then
rm -f ${lockf}
error_message "WARNING: Stale lockfile ${lockf} removed"
elif [ -z "$openwrt" ]; then
if [ $lockpid -eq $$ ]; then
fatal_error "Mutex_on confusion"
elif ! qt ps --pid ${lockpid}; then
rm -f ${lockf}
error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed"
fi
fi
fi
if [ -n "$openwrt" ]; then
lock ${lockf} || fatal_error "Can't lock ${lockf}"
g_havemutex="lock -u ${lockf}"
elif qt mywhich lockfile; then
lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} || fatal_error "Can't lock ${lockf}"
g_havemutex="rm -f ${lockf}"
chmod u+w ${lockf}
echo $$ > ${lockf}
chmod u-w ${lockf}
else
while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
sleep 1
try=$((${try} + 1))
done
if [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
# Create the lockfile
echo $$ > ${lockf}
g_havemutex="rm -f ${lockf}"
else
echo "Giving up on lock file ${lockf}" >&2
fi
fi
if [ -n "$g_havemutex" ]; then
trap mutex_off EXIT
fi
fi
}
#
# Call this function to release mutual exclusion
#
mutex_off()
{
if [ -n "$g_havemutex" ]; then
eval $g_havemutex
g_havemutex=
trap '' exit
fi
}

View File

@ -1,88 +0,0 @@
#
# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
#
# (c) 2017 - Tom Eastep (teastep@shorewall.net)
# (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# The purpose of this library is to hold those functions used by the products installer.
#
#########################################################################################
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
qt()
{
"$@" >/dev/null 2>&1
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
delete_file() # $1 = file to delete
{
rm -f $1
}
require()
{
eval [ -n "\$$1" ] || fatal_error "Required option $1 not set"
}
make_directory() # $1 = directory , $2 = mode
{
mkdir $1
chmod $2 $1
[ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1
}
make_parent_directory() # $1 = directory , $2 = mode
{
mkdir -p $1
chmod $2 $1
[ -n "$OWNERSHIP" ] && chown $OWNER:$GROUP $1
}
cant_autostart()
{
echo
echo "WARNING: Unable to configure $Product to start automatically at boot" >&2
}

View File

@ -1,105 +0,0 @@
#
# Shorewall 5.2 -- /usr/share/shorewall/lib.installer
#
# (c) 2017 - Tom Eastep (teastep@shorewall.net)
# (c) 2017 - Matt Darfeuille (matdarf@gmail.com)
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# The purpose of this library is to hold those functions used by the products uninstaller.
#
#########################################################################################
fatal_error()
{
echo " ERROR: $@" >&2
exit 1
}
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
qt()
{
"$@" >/dev/null 2>&1
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
return 0
fi
done
return 2
}
remove_file() # $1 = file to remove
{
if [ -n "$1" ] ; then
if [ -f $1 -o -h $1 ] ; then
rm -f $1
echo "$1 Removed"
fi
fi
}
remove_directory() # $1 = directory to remove
{
if [ -n "$1" ] ; then
if [ -d $1 ] ; then
rm -rf $1
echo "$1 Removed"
fi
fi
}
remove_file_with_wildcard() # $1 = file with wildcard to remove
{
if [ -n "$1" ] ; then
for f in $1; do
if [ -d $f ] ; then
rm -rf $f
echo "$f Removed"
elif [ -f $f -o -h $f ] ; then
rm -f $f
echo "$f Removed"
fi
done
fi
}
restore_file() # $1 = file to restore
{
if [ -f ${1}-shorewall.bkout ]; then
if (mv -f ${1}-shorewall.bkout $1); then
echo
echo "$1 restored"
else
exit 1
fi
fi
}

File diff suppressed because it is too large Load Diff

View File

@ -1,43 +0,0 @@
#!/bin/sh
#
# Shorewall Packet Filtering Firewall Control Program - V5.2
#
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2014,2015-2017
# Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# For a list of supported commands, type 'shorewall help' or 'shorewall6 help'
#
################################################################################################
#
# Default product is Shorewall. PRODUCT will be set based on $0 and on passed -[46] and -l
# options
#
PRODUCT=shorewall
#
# This is modified by the installer when ${SHAREDIR} != /usr/share
#
. /usr/share/shorewall/shorewallrc
g_basedir=${SHAREDIR}/shorewall
. ${g_basedir}/lib.cli
shorewall_cli $@

View File

@ -1,25 +0,0 @@
#
# ALT/BaseALT/ALTLinux Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=alt
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/libexec #Directory for executable scripts.
PERLLIBDIR=${SHAREDIR}/perl5 #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man #Directory where manpages are installed.
INITDIR=${CONFDIR}/rc.d/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.alt.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE=sysconfig #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFDIR=/etc/sysconfig/ #Directory where SysV init parameter files are installed
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER=/usr/bin/less #Pager to use if none specified in shorewall[6].conf

View File

@ -1,22 +0,0 @@
#
# Apple OS X Shorewall 5.2 rc file
#
BUILD=apple
HOST=apple
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man #Directory where manpages are installed.
INITDIR= #Unused on OS X
INITFILE= #Unused on OS X
INITSOURCE= #Unused on OS X
ANNOTATED= #Unused on OS X
SERVICEDIR= #Unused on OS X
SERVICEFILE= #Unused on OS X
SYSCONFDIR= #Unused on OS X
SPARSE=Yes #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
VARLIB=/var/lib #Unused on OS X
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,23 +0,0 @@
#
# Arch Linux Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=archlinux
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/usr/bin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man #Directory where manpages are installed.
INITDIR= #Directory where SysV init scripts are installed.
INITFILE= #Name of the product's installed SysV init script
INITSOURCE= #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSCONFDIR= #Directory where SysV init parameter files are installed
SERVICEDIR=/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,22 +0,0 @@
#
# Cygwin Shorewall 5.2 rc file
#
BUILD=cygwin
HOST=cygwin
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/bin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man #Directory where manpages are installed.
INITDIR=/etc/init.d #Unused on Cygwin
INITFILE= #Unused on Cygwin
INITSOURCE= #Unused on Cygwin
ANNOTATED= #Unused on Cygwin
SERVICEDIR= #Unused on Cygwin
SERVICEFILE= #Unused on Cygwin
SYSCONFDIR= #Unused on Cygwin
SPARSE=Yes #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
VARLIB=/var/lib #Unused on Cygwin
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,25 +0,0 @@
#
# Debian Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=debian
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man #Directory where manpages are installed.
INITDIR= #Directory where SysV init scripts are installed.
INITFILE= #Name of the product's installed SysV init script
INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-empty, annotated configuration files are installed
SYSCONFFILE=default.debian.systemd #Name of the distributed file to be installed in $SYSCONFDIR
SERVICEFILE=$PRODUCT.service.debian #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER=/usr/bin/less #Pager to use if none specified in shorewall[6].conf
STOPSERVICEFILE=stop_service.debian #Name of script to stop systemd service that honours `SAFESTOP`.

View File

@ -1,24 +0,0 @@
#
# Debian Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=debian
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/share/man #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.debian.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSCONFFILE=default.debian.sysvinit #Name of the distributed file to be installed in $SYSCONFDIR
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFDIR=/etc/default #Directory where SysV init parameter files are installed
SERVICEDIR= #Directory where .service files are installed (systems running systemd only)
SPARSE=Yes #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER=/usr/bin/less #Pager to use if none specified in shorewall[6].conf

View File

@ -1,24 +0,0 @@
#
# Default Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=linux #Generic Linux
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/man #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SERVICEDIR= #Directory where .service files are installed (systems running systemd only)
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR= #Directory where SysV init parameter files are installed
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,24 +0,0 @@
#
# OpenWRT/LEDE Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=openwrt
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR= #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.openwrt.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSCONFDIR=${CONFDIR}/sysconfig #Directory where SysV init parameter files are installed
SYSCONFFILE=sysconfig #Name of the distributed file to be installed in $SYSCONFDIR
SERVICEDIR= #Directory where .service files are installed (systems running systemd only)
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,24 +0,0 @@
#
# RedHat/FedoraShorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=redhat
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/libexec #Directory for executable scripts.
PERLLIBDIR=/usr/share/perl5/vendor_perl #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man #Directory where manpages are installed.
INITDIR=/etc/rc.d/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's installed SysV init script
INITSOURCE=init.fedora.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SERVICEDIR=/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE=sysconfig #Name of the distributed file to be installed as $SYSCONFDIR/$PRODUCT
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFDIR=/etc/sysconfig/ #Directory where SysV init parameter files are installed
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,28 +0,0 @@
#
# Shorewall 5.2 rc file for installing into a Sandbox
#
BUILD= # Default is to detect the build system
HOST=linux
INSTALLDIR= # Set this to the directory where you want Shorewall installed
PREFIX=${INSTALLDIR}/usr # Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share # Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share # Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall # Directory to install Shorewall Perl module directory
CONFDIR=${INSTALLDIR}/etc # Directory where subsystem configurations are installed
SBINDIR=${INSTALLDIR}/sbin # Directory where system administration programs are installed
MANDIR= # Leave empty
INITDIR= # Leave empty
INITSOURCE= # Leave empty
INITFILE= # Leave empty
AUXINITSOURCE= # Leave empty
AUXINITFILE= # Leave empty
SERVICEDIR= # Leave empty
SERVICEFILE= # Leave empty
SYSCONFFILE= # Leave empty
SYSCONFDIR= # Leave empty
SPARSE= # Leave empty
ANNOTATED= # If non-empty, annotated configuration files are installed
VARLIB=${INSTALLDIR}/var/lib # Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT # Directory where product variable data is stored.
DEFAULT_PAGER=/usr/bin/less # Pager to use if none specified in shorewall[6].conf
SANDBOX=Yes # Indicates SANDBOX installation

View File

@ -1,25 +0,0 @@
#
# Slackware Shorewall 5.2 rc file
#
BUILD=slackware
HOST=slackware
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/share #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem configurations are installed
SBINDIR=/sbin #Directory where system administration programs are installed
MANDIR=${PREFIX}/man #Directory where manpages are installed.
INITDIR=/etc/rc.d #Directory where SysV init scripts are installed.
AUXINITSOURCE=init.slackware.firewall.sh #Name of the distributed file to be installed as the SysV init script
AUXINITFILE=rc.firewall #Name of the product's installed SysV init script
INITSOURCE=init.slackware.$PRODUCT.sh #Name of the distributed file to be installed as a second SysV init script
INITFILE=rc.$PRODUCT #Name of the product's installed second init script
SERVICEDIR= #Name of the directory where .service files are installed (systems running systemd only)
SERVICEFILE= #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR= #Name of the directory where SysV init parameter files are installed.
ANNOTATED= #If non-empty, install annotated configuration files
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,24 +0,0 @@
#
# SuSE Shorewall 5.2 rc file
#
BUILD= #Default is to detect the build system
HOST=suse
PREFIX=/usr #Top-level directory for shared files, libraries, etc.
CONFDIR=/etc #Directory where subsystem configurations are installed
SHAREDIR=${PREFIX}/share #Directory for arch-neutral files.
LIBEXECDIR=${PREFIX}/lib #Directory for executable scripts.
PERLLIBDIR=${PREFIX}/lib/perl5/site-perl #Directory to install Shorewall Perl module directory
SBINDIR=/usr/sbin #Directory where system administration programs are installed
MANDIR=${SHAREDIR}/man/ #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE= #Name of the product's SysV init script
INITSOURCE=init.suse.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SERVICEDIR=/usr/lib/systemd/system #Directory where .service files are installed (systems running systemd only)
SERVICEFILE=$PRODUCT.service #Name of the file to install in $SYSTEMD. Default is $PRODUCT.service
SYSCONFFILE=sysconfig #Name of the distributed file to be installed in $SYSCONFDIR
SYSCONFDIR=/etc/sysconfig/ #Directory where SysV init parameter files are installed
SPARSE= #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
VARLIB=/var/lib #Directory where persistent product data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER= #Pager to use if none specified in shorewall[6].conf

View File

@ -1,19 +0,0 @@
#!/bin/sh
PRODUCT=$1
. /etc/default/${PRODUCT}
if [ "$SAFESTOP" = 1 ]; then
COMMAND=stop
else
COMMAND=clear
fi
if [ "${PRODUCT}" = shorewall6 ]; then
EXEC="/sbin/shorewall -6"
else
EXEC="/sbin/${PRODUCT}"
fi
exec ${EXEC} ${OPTIONS} ${COMMAND}

View File

@ -1,142 +0,0 @@
#!/bin/sh
#
# Script to back uninstall Shoreline Firewall Core Modules
#
# (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# Usage:
#
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=xxx # The Build script inserts the actual version
PRODUCT=shorewall-core
Product="Shorewall Core"
usage() # $1 = exit status
{
ME=$(basename $0)
echo "usage: $ME [ <option> ] [ <shorewallrc file> ]"
echo "where <option> is one of"
echo " -h"
echo " -v"
exit $1
}
#
# Change to the directory containing this script
#
cd "$(dirname $0)"
#
# Source common functions
#
. ./lib.uninstaller || { echo "ERROR: Can not load common functions." >&2; exit 1; }
#
# Parse the run line
#
finished=0
while [ $finished -eq 0 ]; do
option=$1
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "$Product Firewall Uninstaller Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
. ./shorewallrc || fatal_error "Can not load the RC file: ./shorewallrc"
elif [ -f ~/.shorewallrc ]; then
. ~/.shorewallrc || fatal_error "Can not load the RC file: ~/.shorewallrc"
elif [ -f /usr/share/shorewall/shorewallrc ]; then
. /usr/share/shorewall/shorewallrc || fatal_error "Can not load the RC file: /usr/share/shorewall/shorewallrc"
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file || fatal_error "Can not load the RC file: $file"
else
usage 1
fi
if [ -f ${SHAREDIR}/shorewall/coreversion ]; then
INSTALLED_VERSION="$(cat ${SHAREDIR}/shorewall/coreversion)"
if [ "$INSTALLED_VERSION" != "$VERSION" ]; then
echo "WARNING: $Product Version $INSTALLED_VERSION is installed"
echo " and this is the $VERSION uninstaller."
VERSION="$INSTALLED_VERSION"
fi
else
echo "WARNING: $Product Version $VERSION is not installed"
VERSION=""
fi
echo "Uninstalling $Product $VERSION"
if [ -n "${MANDIR}" ]; then
remove_file_with_wildcard ${MANDIR}/man5/shorewall\*
remove_file_with_wildcard ${MANDIR}/man8/shorewall\*
fi
remove_directory ${SHAREDIR}/shorewall
remove_file ~/.shorewallrc
remove_file ${SBINDIR}/shorewall
#
# Report Success
#
echo "$Product $VERSION Uninstalled"

View File

@ -2,8 +2,7 @@
Version 2, June 1991 Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed. of this license document, but changing it is not allowed.

View File

@ -0,0 +1 @@
This is the Shorewall-init stable 4.4 branch of Git.

View File

@ -1,21 +0,0 @@
# List the Shorewall products that Shorewall-init is to
# initialize (space-separated list).
#
# Sample: PRODUCTS="shorewall shorewall6"
#
PRODUCTS=""
#
# Set this to 1 if you want Shorewall-init to react to
# ifup/ifdown and NetworkManager events
#
IFUPDOWN=0
#
# Where Up/Down events get logged
#
LOGFILE=/var/log/shorewall-ifupdown.log
# Startup options - set verbosity to 0 (minimal reporting)
OPTIONS="-V0"
# IOF

View File

@ -1,27 +0,0 @@
# List the Shorewall products that Shorewall-init is to
# initialize (space-separated list).
#
# Sample: PRODUCTS="shorewall shorewall6"
#
PRODUCTS=""
#
# Set this to 1 if you want Shorewall-init to react to
# ifup/ifdown and NetworkManager events
#
IFUPDOWN=0
#
# Set this to the name of the file that is to hold
# ipset contents. Shorewall-init will load those ipsets
# during 'start' and will save them there during 'stop'.
#
SAVE_IPSETS=""
#
# Where Up/Down events get logged
#
LOGFILE=/var/log/shorewall-ifupdown.log
# Startup options - set verbosity to 0 (minimal reporting)
OPTIONS="-V0"
# IOF

View File

@ -1,148 +0,0 @@
#!/bin/sh
#
# Debian ifupdown script for Shorewall-based products
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ ! -x $STATEDIR/firewall ]; then
if [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
fi
fi
}
Debian_ppp() {
NEWPRODUCTS=
INTERFACE="$1"
case $0 in
/etc/ppp/ip-*)
#
# IPv4
#
for product in $PRODUCTS; do
case $product in
shorewall|shorewall-lite)
NEWPRODUCTS="$NEWPRODUCTS $product";
;;
esac
done
;;
/etc/ppp/ipv6-*)
#
# IPv6
#
for product in $PRODUCTS; do
case $product in
shorewall6|shorewall6-lite)
NEWPRODUCTS="$NEWPRODUCTS $product";
;;
esac
done
;;
*)
exit 0
;;
esac
PRODUCTS="$NEWPRODUCTS"
case $0 in
*up/*)
COMMAND=up
;;
*)
COMMAND=down
;;
esac
}
IFUPDOWN=0
PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then
. /etc/sysconfig/shorewall-init
fi
[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
case $0 in
/etc/ppp*)
#
# Debian ppp
#
Debian_ppp
;;
*)
#
# Debian ifupdown system - MODE and INTERFACE inherited from the environment
#
INTERFACE="$IFACE"
if [ "$MODE" = start ]; then
COMMAND=up
elif [ "$MODE" = stop ]; then
COMMAND=down
else
exit 0
fi
;;
esac
[ -n "$LOGFILE" ] || LOGFILE=/dev/null
for PRODUCT in $PRODUCTS; do
if [ -n "$ADDRFAM" -a ${COMMAND} = up ]; then
case $PRODUCT in
*6*)
[ ${ADDRFAM} = inet6 ] || continue
;;
*)
[ ${ADDRFAM} = inet ] || continue
;;
esac
fi
setstatedir
if [ -x $VARLIB/$PRODUCT/firewall ]; then
( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
fi
done
exit 0

View File

@ -1,120 +0,0 @@
#!/bin/sh
#
# Redhat/Fedora/Centos/Foobar ifupdown script for Shorewall-based products
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2010,2013 - Tom Eastep (teastep@shorewall.net)
#
# Shorewall documentation is available at https://shorewall.org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Get startup options (override default)
OPTIONS=
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ ! -x $STATEDIR/firewall ]; then
if [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
fi
fi
}
IFUPDOWN=0
PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then
. /etc/sysconfig/shorewall-init
fi
[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
PHASE=''
case $0 in
/etc/ppp*)
INTERFACE="$1"
case $0 in
*ip-up.local)
COMMAND=up
;;
*ip-down.local)
COMMAND=down
;;
*)
exit 0
;;
esac
;;
*)
#
# RedHat ifup/down system
#
INTERFACE="$1"
case $0 in
*ifup*)
COMMAND=up
;;
*ifdown*)
COMMAND=down
;;
*dispatcher.d*)
case "$2" in
up|down)
COMMAND="$2"
;;
*)
exit 0
;;
esac
;;
*)
exit 0
;;
esac
;;
esac
[ -n "$LOGFILE" ] || LOGFILE=/dev/null
for PRODUCT in $PRODUCTS; do
setstatedir
if [ -x "$STATEDIR/firewall" ]; then
echo "`date --rfc-3339=seconds` $0: Executing $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE" >> $LOGFILE 2>&1
( $STATEDIR/firewall $OPTIONS $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true
fi
done
exit 0

View File

@ -1,12 +1,12 @@
#!/bin/sh #!/bin/sh
# #
# SuSE ifupdown script for Shorewall-based products # ifupdown script for Shorewall-based products
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2010,2013 - Tom Eastep (teastep@shorewall.net) # (c) 2010 - Tom Eastep (teastep@shorewall.net)
# #
# Shorewall documentation is available at https://shorewall.org # Shorewall documentation is available at http://shorewall.net
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License # it under the terms of Version 2 of the GNU General Public License
@ -22,24 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
setstatedir() { Debian_SuSE_ppp() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ ! -x $STATEDIR/firewall ]; then
if [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
fi
fi
}
SuSE_ppp() {
NEWPRODUCTS= NEWPRODUCTS=
INTERFACE="$1" INTERFACE="$1"
@ -88,11 +71,6 @@ SuSE_ppp() {
IFUPDOWN=0 IFUPDOWN=0
PRODUCTS= PRODUCTS=
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
if [ -f /etc/default/shorewall-init ]; then if [ -f /etc/default/shorewall-init ]; then
. /etc/default/shorewall-init . /etc/default/shorewall-init
elif [ -f /etc/sysconfig/shorewall-init ]; then elif [ -f /etc/sysconfig/shorewall-init ]; then
@ -101,54 +79,117 @@ fi
[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0 [ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
PHASE='' if [ -f /etc/debian_version ]; then
case $0 in
case $0 in /etc/ppp*)
/etc/ppp*) #
# # Debian ppp
# SUSE ppp #
# Debian_SuSE_ppp
SuSE_ppp ;;
;;
*) *)
# #
# SuSE ifupdown system # Debian ifupdown system
# #
INTERFACE="$2" INTERFACE="$IFACE"
case $0 in if [ "$MODE" = start ]; then
*dispatcher.d*)
INTERFACE="$1"
case "$2" in
up|down)
COMMAND="$2"
;;
*)
exit 0
;;
esac
;;
*if-up.d*)
COMMAND=up COMMAND=up
;; elif [ "$MODE" = stop ]; then
*if-down.d*)
COMMAND=down COMMAND=down
;; else
*)
exit 0 exit 0
;; fi
esac
;;
esac
[ -n "$LOGFILE" ] || LOGFILE=/dev/null case "$PHASE" in
pre-*)
exit 0
;;
esac
;;
esac
elif [ -f /etc/SuSE-release ]; then
case $0 in
/etc/ppp*)
#
# SUSE ppp
#
Debian_SuSE_ppp
;;
*)
#
# SuSE ifupdown system
#
INTERFACE="$2"
case $0 in
*if-up.d*)
COMMAND=up
;;
*if-down.d*)
COMMAND=down
;;
*)
exit 0
;;
esac
;;
esac
else
#
# Assume RedHat/Fedora/CentOS/Foobar/...
#
case $0 in
/etc/ppp*)
INTERFACE="$1"
case $0 in
*ip-up.local)
COMMAND=up
;;
*ip-down.local)
COMMAND=down
;;
*)
exit 0
;;
esac
;;
*)
#
# RedHat ifup/down system
#
INTERFACE="$1"
case $0 in
*ifup*)
COMMAND=up
;;
*ifdown*)
COMMAND=down
;;
*dispatcher.d*)
COMMAND="$2"
;;
*)
exit 0
;;
esac
;;
esac
fi
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
setstatedir VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x $VARLIB/$PRODUCT/firewall ]; then if [ -x $VARDIR/firewall ]; then
( ${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE >> $LOGFILE 2>&1 ) || true ( . /usr/share/$PRODUCT/lib.base
mutex_on
${VARDIR}/firewall -V0 $COMMAND $INTERFACE || echo_notdone
mutex_off
)
fi fi
done done

View File

@ -1,150 +0,0 @@
#!/bin/sh
#
# Shorewall init script
#
# chkconfig: - 09 91
# description: Initialize the shorewall firewall at boot time
#
### BEGIN INIT INFO
# Provides: shorewall-init
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: Initialize the shorewall firewall at boot time
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1
# Source function library.
. /etc/init.d/functions
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
NAME="Shorewall-init firewall"
PROG="shorewall-init"
SHOREWALL="$SBINDIR/$PROG"
LOGGER="logger -i -t $PROG"
# Get startup options (override default)
OPTIONS=
LOCKFILE=/var/lock/subsys/shorewall-init
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init
if [ -z "$PRODUCTS" ]; then
echo "No PRODUCTS configured"
exit 6
fi
else
echo "/etc/sysconfig/shorewall-init not found"
exit 6
fi
RETVAL=0
# set the STATEDIR variable
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
else
return 1
fi
}
start() {
local PRODUCT
local STATEDIR
printf "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
$STATEDIR/$PRODUCT/firewall ${OPTIONS} stop 2>&1 | "$LOGGER"
RETVAL=$?
else
RETVAL=6
break
fi
done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
[ $RETVAL -eq 0 ] && touch "$LOCKFILE"
return $RETVAL
}
stop() {
local PRODUCT
local STATEDIR
printf "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | "$LOGGER"
RETVAL=$?
else
RETVAL=6
break
fi
done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
[ $RETVAL -eq 0 ] && rm -f "$LOCKFILE"
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload|condrestart|condreload)
# "Not implemented"
;;
condstop)
if [ -e "$LOCKFILE" ]; then
stop
fi
;;
status)
status "$PROG"
RETVAL=$?
;;
*)
echo $"Usage: ${0##*/} {start|stop|restart|reload|condrestart|condstop|status}"
RETVAL=1
esac
exit $RETVAL

View File

@ -1,14 +1,14 @@
#!/bin/sh #!/bin/sh
# #
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2 # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
# #
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
# #
# (c) 2010,2012 - Tom Eastep (teastep@shorewall.net) # (c) 2010 - Tom Eastep (teastep@shorewall.net)
# #
# On most distributions, this file should be called /etc/init.d/shorewall. # On most distributions, this file should be called /etc/init.d/shorewall.
# #
# Complete documentation is available at https://shorewall.org # Complete documentation is available at http://shorewall.net
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License # it under the terms of Version 2 of the GNU General Public License
@ -30,14 +30,12 @@
# Required-Stop: $local_fs # Required-Stop: $local_fs
# X-Stop-After: $network # X-Stop-After: $network
# Default-Start: S # Default-Start: S
# Default-Stop: 0 1 6 # Default-Stop: 0 6
# Short-Description: Initialize the firewall at boot time # Short-Description: Initialize the firewall at boot time
# Description: Place the firewall in a safe state at boot time prior to # Description: Place the firewall in a safe state at boot time prior to
# bringing up the network # bringing up the network
### END INIT INFO ### END INIT INFO
. /lib/lsb/init-functions
export VERBOSITY=0 export VERBOSITY=0
if [ "$(id -u)" != "0" ] if [ "$(id -u)" != "0" ]
@ -52,122 +50,82 @@ echo_notdone () {
} }
not_configured () { not_configured () {
echo "#### WARNING ####" echo "#### WARNING ####"
echo "the firewall won't be initialized unless it is configured" echo "the firewall won't be initialized unless it is configured"
if [ "$1" != "stop" ] if [ "$1" != "stop" ]
then then
echo "" echo ""
echo "Please read about Debian specific customization in" echo "Please read about Debian specific customization in"
echo "/usr/share/doc/shorewall-init/README.Debian.gz." echo "/usr/share/doc/shorewall-init/README.Debian.gz."
fi fi
echo "#################" echo "#################"
exit 0 exit 0
} }
# set the STATEDIR variable
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
else
if [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
else
return 1
fi
fi
}
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not # check if shorewall-init is configured or not
if [ -f "$SYSCONFDIR/shorewall-init" ] if [ -f "/etc/default/shorewall-init" ]
then then
. $SYSCONFDIR/shorewall-init . /etc/default/shorewall-init
if [ -z "$PRODUCTS" ] if [ -z "$PRODUCTS" ]
then then
not_configured not_configured
fi fi
else else
not_configured not_configured
fi fi
# Initialize the firewall # Initialize the firewall
shorewall_start () { shorewall_start () {
local PRODUCT local product
local STATEDIR local VARDIR
printf "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
for PRODUCT in $PRODUCTS; do VARDIR=/var/lib/$product
if setstatedir; then [ -f /etc/$product/vardir ] && . /etc/$product/vardir
# if [ -x ${VARDIR}/firewall ]; then
#
# Run in a sub-shell to avoid name collisions # Run in a sub-shell to avoid name collisions
# #
( (
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then . /usr/share/$product/lib.base
${STATEDIR}/firewall ${OPTIONS} stop #
# Get mutex so the firewall state is stable
#
mutex_on
if ! ${VARDIR}/firewall status > /dev/null 2>&1; then
${VARDIR}/firewall stop || echo_notdone
fi fi
mutex_off
) )
fi fi
done done
echo "done." echo "done."
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
printf "Restoring ipsets: "
if ! ipset -R < "$SAVE_IPSETS"; then
echo_notdone
fi
echo "done."
fi
return 0 return 0
} }
# Clear the firewall # Clear the firewall
shorewall_stop () { shorewall_stop () {
local PRODUCT local product
local STATEDIR local VARDIR
printf "Clearing \"Shorewall-based firewalls\": " echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for product in $PRODUCTS; do
if setstatedir; then VARDIR=/var/lib/$product
${STATEDIR}/firewall ${OPTIONS} clear [ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${VARDIR}/firewall ]; then
( . /usr/share/$product/lib.base
mutex_on
${VARDIR}/firewall clear || echo_notdone
mutex_off
)
fi fi
done done
echo "done." echo "done."
if [ -n "$SAVE_IPSETS" ]; then
echo "Saving ipsets: "
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
echo_notdone
fi
echo "done."
fi
return 0 return 0
} }
@ -181,7 +139,7 @@ case "$1" in
reload|force-reload) reload|force-reload)
;; ;;
*) *)
echo "Usage: $0 {start|stop|reload|force-reload}" echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
exit 1 exit 1
esac esac

View File

@ -1,164 +0,0 @@
#! /bin/bash
#
# chkconfig: - 09 91
# description: Initialize the shorewall firewall at boot time
#
### BEGIN INIT INFO
# Provides: shorewall-init
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: Initialize the shorewall firewall at boot time
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
#determine where the files were installed
. /usr/share/shorewall/shorewallrc
prog="shorewall-init"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/shorewall-init"
# Source function library.
. /etc/rc.d/init.d/functions
# Get startup options (override default)
OPTIONS=
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]; then
. /etc/sysconfig/shorewall-init
else
echo "/etc/sysconfig/shorewall-init not found"
exit 6
fi
# set the STATEDIR variable
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
else
return 1
fi
}
# Initialize the firewall
start () {
local PRODUCT
local STATEDIR
if [ -z "$PRODUCTS" ]; then
echo "No firewalls configured for shorewall-init"
failure
return 6 #Not configured
fi
printf "Initializing \"Shorewall-based firewalls\": "
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
for PRODUCT in $PRODUCTS; do
setstatedir
retval=$?
if [ $retval -eq 0 ]; then
${STATEDIR}/firewall ${OPTIONS} stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ $retval -ne 0 ] && break
else
retval=6 #Product not configured
break
fi
done
if [ $retval -eq 0 ]; then
touch $lockfile
success
else
failure
fi
echo
return $retval
}
# Clear the firewall
stop () {
local PRODUCT
local STATEDIR
printf "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
setstatedir
retval=$?
if [ $retval -eq 0 ]; then
${STATEDIR}/firewall ${OPTIONS} clear 2>&1 | $logger
retval=${PIPESTATUS[0]}
[ $retval -ne 0 ] && break
else
retval=6 #Product not configured
break
fi
done
if [ $retval -eq 0 ]; then
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
rm -f $lockfile
success
else
failure
fi
echo
return $retval
}
status_q() {
status > /dev/null 2>&1
}
case "$1" in
start)
status_q && exit 0
$1
;;
stop)
status_q || exit 0
$1
;;
restart|reload|force-reload|condrestart|try-restart)
echo "Not implemented"
exit 3
;;
status)
status $prog
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0

View File

@ -1,137 +0,0 @@
#!/bin/sh /etc/rc.common
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
#
# (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net)
# (c) 2016 - Matt Darfeuille (matdarf@gmail.com)
#
# On most distributions, this file should be called /etc/init.d/shorewall-init.
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#
# arg1 of init script is arg2 when rc.common is sourced
case "$action" in
start|stop|boot)
if [ "$(id -u)" != "0" ]
then
echo "You must be root to start, stop or restart \"Shorewall \"."
exit 1
fi
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]
then
. /etc/sysconfig/shorewall-init
if [ -z "$PRODUCTS" ]
then
exit 0
fi
else
exit 0
fi
;;
enable|disable|enabled)
# Openwrt related
# start and stop runlevel variable
START=19
STOP=91
;;
*)
echo "Usage: /etc/init.d/shorewall-init {start|stop}"
exit 1
esac
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# Locate the current PRODUCT's statedir
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . ${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
else
return 1
fi
}
# Initialize the firewall
start () {
local PRODUCT
local STATEDIR
printf "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop
fi
fi
done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
return 0
}
boot () {
start
}
# Clear the firewall
stop () {
local PRODUCT
local STATEDIR
printf "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
${STATEDIR}/firewall ${OPTIONS} clear
fi
done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
return 0
}

View File

@ -1,24 +1,22 @@
#! /bin/bash #! /bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2 # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.4
# #
# (c) 2010,2012-2014 - Tom Eastep (teastep@shorewall.net) # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2010 - Tom Eastep (teastep@shorewall.net)
# #
# On most distributions, this file should be called /etc/init.d/shorewall. # On most distributions, this file should be called /etc/init.d/shorewall.
# #
# This program is part of Shorewall. # Complete documentation is available at http://shorewall.net
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the # it under the terms of Version 2 of the GNU General Public License
# Free Software Foundation, either version 2 of the license or, at your # as published by the Free Software Foundation.
# option, any later version.
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
@ -31,7 +29,7 @@
# Required-start: $local_fs # Required-start: $local_fs
# Required-stop: $local_fs # Required-stop: $local_fs
# Default-Start: 2 3 5 # Default-Start: 2 3 5
# Default-Stop: 6 # Default-Stop:
# Short-Description: Initialize the firewall at boot time # Short-Description: Initialize the firewall at boot time
# Description: Place the firewall in a safe state at boot time # Description: Place the firewall in a safe state at boot time
# prior to bringing up the network. # prior to bringing up the network.
@ -55,71 +53,39 @@ else
exit 0 exit 0
fi fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# Locate the current PRODUCT's statedir
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
${SBINDIR}/$PRODUCT ${OPTIONS} compile $STATEDIR/firewall
else
return 1
fi
}
# Initialize the firewall # Initialize the firewall
shorewall_start () { shorewall_start () {
local PRODUCT local PRODUCT
local STATEDIR local VARDIR
printf "Initializing \"Shorewall-based firewalls\": " echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
if setstatedir; then VARDIR=/var/lib/$PRODUCT
if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
${STATEDIR}/firewall ${OPTIONS} stop if [ -x ${VARDIR}/firewall ]; then
if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
${VARDIR}/firewall stop || echo_notdone
fi fi
fi fi
done done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
return 0 return 0
} }
# Clear the firewall # Clear the firewall
shorewall_stop () { shorewall_stop () {
local PRODUCT local PRODUCT
local STATEDIR local VARDIR
printf "Clearing \"Shorewall-based firewalls\": " echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
if setstatedir; then VARDIR=/var/lib/$PRODUCT
${STATEDIR}/firewall ${OPTIONS} clear [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall clear || exit 1
fi fi
done done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
return 0 return 0
} }

View File

@ -1,149 +0,0 @@
#! /bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
#
# On most distributions, this file should be called /etc/init.d/shorewall.
#
# Complete documentation is available at https://shorewall.org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#
### BEGIN INIT INFO
# Provides: shorewall-init
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Short-Description: Initialize the firewall at boot time
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
### END INIT INFO
#Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
if [ "$(id -u)" != "0" ]
then
echo "You must be root to start, stop or restart \"Shorewall \"."
exit 4
fi
# check if shorewall-init is configured or not
if [ -f "/etc/sysconfig/shorewall-init" ]
then
. /etc/sysconfig/shorewall-init
if [ -z "$PRODUCTS" ]
then
echo "No PRODUCTS configured"
exit 6
fi
else
echo "/etc/sysconfig/shorewall-init not found"
exit 6
fi
#
# The installer may alter this
#
. /usr/share/shorewall/shorewallrc
# set the STATEDIR variable
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
else
return 6
fi
}
# Initialize the firewall
shorewall_start () {
local PRODUCT
local STATEDIR
printf "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
$STATEDIR/$PRODUCT/firewall ${OPTIONS} stop
fi
fi
done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
}
# Clear the firewall
shorewall_stop () {
local PRODUCT
local STATEDIR
printf "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
${STATEDIR}/firewall ${OPTIONS} clear
fi
done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
}
case "$1" in
start)
shorewall_start
;;
stop)
shorewall_stop
;;
reload|forced-reload)
;;
*)
echo "Usage: /etc/init.d/shorewall-init {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -2,586 +2,359 @@
# #
# Script to install Shoreline Firewall Init # Script to install Shoreline Firewall Init
# #
# (c) 2000-2016 - Tom Eastep (teastep@shorewall.net) # This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 - Tom Eastep (teastep@shorewall.net)
# (c) 2010 - Roberto C. Sanchez (roberto@connexer.com) # (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
# #
# Shorewall documentation is available at https://shorewall.org # Shorewall documentation is available at http://shorewall.net
# #
# This program is part of Shorewall. # This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
# #
# This program is free software; you can redistribute it and/or modify # This program is distributed in the hope that it will be useful,
# it under the terms of the GNU General Public License as published by the # but WITHOUT ANY WARRANTY; without even the implied warranty of
# Free Software Foundation, either version 2 of the license or, at your # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# option, any later version. # GNU General Public License for more details.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software # along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=xxx # The Build script inserts the actual version VERSION=4.4.16.1
PRODUCT=shorewall-init
Product="Shorewall Init"
usage() # $1 = exit status usage() # $1 = exit status
{ {
ME=$(basename $0) ME=$(basename $0)
echo "usage: $ME [ <option> ] [ <shorewallrc file> ]" echo "usage: $ME"
echo "where <option> is one of" echo " $ME -v"
echo " -h" echo " $ME -h"
echo " -v"
echo " -n"
exit $1 exit $1
} }
split() {
local ifs
ifs=$IFS
IFS=:
set -- $1
echo $*
IFS=$ifs
}
qt()
{
"$@" >/dev/null 2>&1
}
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
echo $dir/$1
return 0
fi
done
return 2
}
run_install()
{
if ! install $*; then
echo
echo "ERROR: Failed to install $*" >&2
exit 1
fi
}
cant_autostart()
{
echo
echo "WARNING: Unable to configure shorewall init to start automatically at boot" >&2
}
delete_file() # $1 = file to delete
{
rm -f $1
}
install_file() # $1 = source $2 = target $3 = mode install_file() # $1 = source $2 = target $3 = mode
{ {
if cp -f $1 $2; then run_install $T $OWNERSHIP -m $3 $1 ${2}
if chmod $3 $2; then
if [ -n "$OWNER" ]; then
if chown $OWNER:$GROUP $2; then
return
fi
else
return 0
fi
fi
fi
echo "ERROR: Failed to install $2" >&2
exit 1
} }
[ -n "$DESTDIR" ] || DESTDIR="$PREFIX"
#
# Parse the run line
#
# DEST is the SysVInit script directory
# INIT is the name of the script in the $DEST directory
# ARGS is "yes" if we've already parsed an argument
#
ARGS=""
if [ -z "$DEST" ] ; then
DEST="/etc/init.d"
fi
if [ -z "$INIT" ] ; then
INIT="shorewall-init"
fi
while [ $# -gt 0 ] ; do
case "$1" in
-h|help|?)
usage 0
;;
-v)
echo "Shorewall Init Installer Version $VERSION"
exit 0
;;
*)
usage 1
;;
esac
shift
ARGS="yes"
done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
#
# Determine where to install the firewall script
#
case $(uname) in
Darwin)
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=wheel
T=
;;
*)
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=root
;;
esac
OWNERSHIP="-o $OWNER -g $GROUP"
if [ -n "$DESTDIR" ]; then
if [ `id -u` != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root."
OWNERSHIP=""
fi
install -d $OWNERSHIP -m 755 ${DESTDIR}${DEST}
elif [ -f /etc/debian_version ]; then
DEBIAN=yes
elif [ -f /etc/SuSE-release ]; then
SUSE=Yes
elif [ -f /etc/slackware-version ] ; then
echo "Shorewall-init is currently not supported on Slackware" >&2
exit 1
# DEST="/etc/rc.d"
# INIT="rc.firewall"
elif [ -f /etc/arch-release ] ; then
echo "Shorewall-init is currently not supported on Arch Linux" >&2
exit 1
# DEST="/etc/rc.d"
# INIT="shorewall-init"
# ARCHLINUX=yes
elif [ -d /etc/sysconfig/network-scripts/ ]; then
#
# Assume RedHat-based
#
REDHAT=Yes
else
echo "Unknown distribution: Shorewall-init support is not available" >&2
exit 1
fi
# #
# Change to the directory containing this script # Change to the directory containing this script
# #
cd "$(dirname $0)" cd "$(dirname $0)"
# echo "Installing Shorewall Init Version $VERSION"
# Source common functions
#
. ./lib.installer || { echo "ERROR: Can not load common functions." >&2; exit 1; }
#
# Parse the run line
#
finished=0
configure=1
while [ $finished -eq 0 ] ; do
option="$1"
case "$option" in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
h)
usage 0
;;
v)
echo "$Product Firewall Installer Version $VERSION"
exit 0
;;
n*)
configure=0
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
#
# Read the RC file
#
if [ $# -eq 0 ]; then
if [ -f ./shorewallrc ]; then
file=./shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
elif [ -f ~/.shorewallrc ]; then
file=~/.shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
elif [ -f /usr/share/shorewall/shorewallrc ]; then
file=/usr/share/shorewall/shorewallrc
. $file || fatal_error "Can not load the RC file: $file"
else
fatal_error "No configuration file specified and /usr/share/shorewall/shorewallrc not found"
fi
elif [ $# -eq 1 ]; then
file=$1
case $file in
/*|.*)
;;
*)
file=./$file || exit 1
;;
esac
. $file || fatal_error "Can not load the RC file: $file"
else
usage 1
fi
if [ -z "${VARLIB}" ]; then
VARLIB=${VARDIR}
VARDIR=${VARLIB}/${PRODUCT}
elif [ -z "${VARDIR}" ]; then
VARDIR=${VARLIB}/${PRODUCT}
fi
for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do
require $var
done
[ -n "$SANDBOX" ] && configure=0
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ $configure -eq 1 ] && ETC=/etc || ETC="${CONFDIR}"
if [ -z "$BUILD" ]; then
case $(uname) in
cygwin*)
BUILD=cygwin
;;
Darwin)
BUILD=apple
;;
*)
if [ -f /etc/os-release ]; then
ID=$(grep '^ID=' /etc/os-release | sed 's/ID=//; s/"//g;')
case $ID in
fedora|rhel|centos|foobar)
BUILD=redhat
;;
debian|ubuntu)
BUILD=debian
;;
opensuse)
BUILD=suse
;;
alt|basealt|altlinux)
BUILD=alt
;;
*)
BUILD="$ID"
;;
esac
elif [ -f /etc/debian_version ]; then
BUILD=debian
elif [ -f /etc/ubuntu_version ]; then
BUILD=debian
elif [ -f /etc/gentoo-release ]; then
BUILD=gentoo
elif [ -f /etc/altlinux-release ]; then
BUILD=alt
elif [ -f /etc/redhat-release ]; then
BUILD=redhat
elif [ -f /etc/SuSE-release ]; then
BUILD=suse
elif [ -f /etc/slackware-version ] ; then
BUILD=slackware
elif [ -f /etc/arch-release ] ; then
BUILD=archlinux
elif [ -f ${CONFDIR}/openwrt_release ]; then
BUILD=openwrt
else
BUILD=linux
fi
;;
esac
fi
case $BUILD in
apple)
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=wheel
;;
cygwin*|CYGWIN*)
OWNER=$(id -un)
GROUP=$(id -gn)
;;
*)
if [ $(id -u) -eq 0 ]; then
[ -z "$OWNER" ] && OWNER=root
[ -z "$GROUP" ] && GROUP=root
fi
;;
esac
[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP"
[ -n "$HOST" ] || HOST=$BUILD
case "$HOST" in
debian)
echo "Installing Debian-specific configuration..."
;;
gentoo)
echo "Installing Gentoo-specific configuration..."
;;
redhat)
echo "Installing Redhat/Fedora-specific configuration..."
;;
slackware)
echo "Shorewall-init is currently not supported on Slackware" >&2
exit 1
;;
archlinux)
echo "Shorewall-init is currently not supported on Arch Linux" >&2
exit 1
;;
suse)
echo "Installing SuSE-specific configuration..."
;;
openwrt)
echo "Installing Openwrt-specific configuration..."
;;
alt)
echo "Installing ALT-specific configuration...";
;;
linux)
fatal_error "Shorewall-init is not supported on this system"
;;
*)
fatal_error "Unsupported HOST distribution: \"$HOST\""
;;
esac
[ -z "$TARGET" ] && TARGET=$HOST
if [ -n "$DESTDIR" ]; then
if [ $(id -u) != 0 ] ; then
echo "Not setting file owner/group permissions, not running as root."
OWNERSHIP=""
fi
make_parent_directory ${DESTDIR}${INITDIR} 0755
fi
echo "Installing $Product Version $VERSION"
# #
# Check for /usr/share/shorewall-init/version # Check for /usr/share/shorewall-init/version
# #
if [ -f ${DESTDIR}${SHAREDIR}/$PRODUCT/version ]; then if [ -f ${DESTDIR}/usr/share/shorewall-init/version ]; then
first_install="" first_install=""
else else
first_install="Yes" first_install="Yes"
fi fi
[ -n "$DESTDIR" ] && make_parent_directory ${DESTDIR}${CONFDIR}/logrotate.d 0755
# #
# Install the Firewall Script # Install the Init Script
# #
if [ -n "$INITFILE" ]; then if [ -n "$DEBIAN" ]; then
make_parent_directory ${DESTDIR}${INITDIR} 0755 install_file init.debian.sh ${DESTDIR}/etc/init.d/shorewall-init 0544
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$INITFILE 0544 #elif [ -n "$ARCHLINUX" ]; then
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${INITDIR}/$INITFILE # install_file init.archlinux.sh ${DESTDIR}${DEST}/$INIT 0544
else
if [ -n "${AUXINITSOURCE}" ]; then install_file init.sh ${DESTDIR}${DEST}/$INIT 0544
install_file $INITSOURCE ${DESTDIR}${INITDIR}/$AUXINITFILE 0544
fi
echo "SysV init script $INITSOURCE installed in ${DESTDIR}${INITDIR}/$INITFILE"
fi fi
# echo "Shorewall Init script installed in ${DESTDIR}${DEST}/$INIT"
# Install the .service file
#
if [ -z "${SERVICEDIR}" ]; then
SERVICEDIR="$SYSTEMD"
fi
if [ -n "$SERVICEDIR" ]; then
make_parent_directory ${DESTDIR}${SERVICEDIR} 0755
[ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service
install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 0644
[ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service
echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service"
[ -n "$DESTDIR" -o $configure -eq 0 ] && make_parent_directory ${DESTDIR}${SBINDIR} 0755
install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0700
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT
echo "CLI installed as ${DESTDIR}${SBINDIR}/$PRODUCT"
fi
# #
# Create /usr/share/shorewall-init if needed # Create /usr/share/shorewall-init if needed
# #
make_parent_directory ${DESTDIR}${SHAREDIR}/$PRODUCT 0755 mkdir -p ${DESTDIR}/usr/share/shorewall-init
chmod 755 ${DESTDIR}/usr/share/shorewall-init
#
# Install logrotate file
#
if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 0644
echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT"
fi
# #
# Create the version file # Create the version file
# #
echo "$VERSION" > ${DESTDIR}/${SHAREDIR}/$PRODUCT/version echo "$VERSION" > ${DESTDIR}/usr/share/shorewall-init/version
chmod 0644 ${DESTDIR}${SHAREDIR}/$PRODUCT/version chmod 644 ${DESTDIR}/usr/share/shorewall-init/version
# #
# Remove and create the symbolic link to the init script # Remove and create the symbolic link to the init script
# #
if [ -z "$DESTDIR" ]; then if [ -z "$DESTDIR" ]; then
rm -f ${SHAREDIR}/$PRODUCT/init rm -f /usr/share/shorewall-init/init
ln -s ${INITDIR}/${INITFILE} ${SHAREDIR}/$PRODUCT/init ln -s ${DEST}/${INIT} /usr/share/shorewall-init/init
fi fi
if [ $HOST = debian ]; then if [ -n "$DEBIAN" ]; then
if [ -n "${DESTDIR}" ]; then if [ -n "${DESTDIR}" ]; then
make_parent_directory ${DESTDIR}${ETC}/network/if-up.d 0755 mkdir -p ${DESTDIR}/etc/network/if-up.d/
make_parent_directory ${DESTDIR}${ETC}/network/if-post-down.d 0755 mkdir -p ${DESTDIR}/etc/network/if-post-down.d/
elif [ $configure -eq 0 ]; then
make_parent_directory ${CONFDIR}/network/if-up.d 0755
make_parent_directory ${CONFDIR}/network/if-post-down.d 0755
rm -f ${CONFDIR}/network/if-down.d/shorewall
fi fi
if [ ! -f ${DESTDIR}${CONFDIR}/default/$PRODUCT ]; then if [ ! -f ${DESTDIR}/etc/default/shorewall-init ]; then
[ -n "${DESTDIR}" ] && make_parent_directory ${DESTDIR}${ETC}/default 0755 if [ -n "${DESTDIR}" ]; then
mkdir ${DESTDIR}/etc/default
fi
[ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/default 0755 install_file sysconfig ${DESTDIR}/etc/default/shorewall-init 0644
install_file ${SYSCONFFILE} ${DESTDIR}${ETC}/default/$PRODUCT 0644
echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}"
fi fi
IFUPDOWN=ifupdown.debian.sh
else else
if [ -n "$DESTDIR" ]; then if [ -n "$DESTDIR" ]; then
make_parent_directory ${DESTDIR}${SYSCONFDIR} 0755 mkdir -p ${DESTDIR}/etc/sysconfig
if [ -z "$RPM" ]; then if [ -z "$RPM" ]; then
if [ $HOST = suse ]; then if [ -n "$SUSE" ]; then
make_parent_directory ${DESTDIR}${ETC}/sysconfig/network/if-up.d 0755 mkdir -p ${DESTDIR}/etc/sysconfig/network/if-up.d
make_parent_directory ${DESTDIR}${ETC}/sysconfig/network/if-down.d 0755 mkdir -p ${DESTDIR}/etc/sysconfig/network/if-down.d
elif [ $HOST = gentoo ]; then else
# Gentoo does not support if-{up,down}.d mkdir -p ${DESTDIR}/etc/NetworkManager/dispatcher.d
/bin/true
elif [ $HOST = openwrt ]; then
# Not implemented on OpenWRT
/bin/true
elif [ "$HOST" != debian ]; then
make_parent_directory ${DESTDIR}/${ETC}/NetworkManager/dispatcher.d 0755
fi fi
fi fi
fi fi
if [ -n "$SYSCONFFILE" -a ! -f ${DESTDIR}${SYSCONFDIR}/${PRODUCT} ]; then if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then
install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/$PRODUCT 0644 install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
echo "${SYSCONFFILE} file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" fi
fi
[ $HOST = suse ] && IFUPDOWN=ifupdown.suse.sh || IFUPDOWN=ifupdown.fedora.sh
fi fi
# #
# Install the ifupdown script # Install the ifupdown script
# #
if [ $HOST != openwrt ]; then mkdir -p ${DESTDIR}/usr/share/shorewall-init
cp $IFUPDOWN ifupdown
[ "${SHAREDIR}" = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ifupdown install_file ifupdown.sh ${DESTDIR}/usr/share/shorewall-init/ifupdown 0544
make_parent_directory ${DESTDIR}${LIBEXECDIR}/$PRODUCT 0755
install_file ifupdown ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown 0544
fi
if [ -d ${DESTDIR}/etc/NetworkManager ]; then if [ -d ${DESTDIR}/etc/NetworkManager ]; then
if [ "$HOST" = debian ]; then install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
rm -f ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall fi
if [ -n "$DEBIAN" ]; then
install_file ifupdown.sh ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
elif [ -n "$SUSE" ]; then
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-up.d/shorewall 0544
install_file ifupdown.sh ${DESTDIR}/etc/sysconfig/network/if-down.d/shorewall 0544
elif [ -n "$REDHAT" ]; then
if [ -f ${DESTDIR}/sbin/ifup-local -o -f ${DESTDIR}/sbin/ifdown-local ]; then
echo "WARNING: /sbin/ifup-local and/or /sbin/ifdown-local already exist; up/down events will not be handled"
else else
[ $configure -eq 1 ] || make_parent_directory ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d 0755 install_file ifupdown.sh ${DESTDIR}/sbin/ifup-local 0544
install_file ifupdown ${DESTDIR}${ETC}/NetworkManager/dispatcher.d/01-shorewall 0544 install_file ifupdown.sh ${DESTDIR}/sbin/ifdown-local 0544
fi fi
fi fi
case $HOST in
debian)
if [ $configure -eq 1 ]; then
install_file ifupdown ${DESTDIR}/etc/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}/etc/network/if-post-down.d/shorewall 0544
rm -f ${DESTDIR}/etc/network/if-down.d/shorewall
else
install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}${CONFDIR}/network/if-post-down.d/shorewall 0544
fi
;;
suse)
if [ -z "$RPM" ]; then
if [ $configure -eq 0 ]; then
make_parent_directory ${DESTDIR}${SYSCONFDIR}/network/if-up.d 0755
make_parent_directory ${DESTDIR}${SYSCONFDIR}/network/if-down.d 0755
fi
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-up.d/shorewall 0544
install_file ifupdown ${DESTDIR}${SYSCONFDIR}/network/if-down.d/shorewall 0544
fi
;;
redhat)
if [ -z "$DESTDIR" ]; then
install_local=
if [ -f ${SBINDIR}/ifup-local -o -f ${SBINDIR}/ifdown-local ]; then
if ! grep -qF Shorewall-based ${SBINDIR}/ifup-local || ! grep -qF Shorewall-based ${SBINDIR}/ifdown-local; then
echo "WARNING: ${SBINDIR}/ifup-local and/or ${SBINDIR}/ifdown-local already exist; up/down events will not be handled"
else
install_local=Yes
fi
else
install_local=Yes
fi
if [ -n "$install_local" ]; then
install_file ifupdown ${DESTDIR}${SBINDIR}/ifup-local 0544
install_file ifupdown ${DESTDIR}${SBINDIR}/ifdown-local 0544
fi
fi
;;
esac
if [ -z "$DESTDIR" ]; then if [ -z "$DESTDIR" ]; then
if [ $configure -eq 1 -a -n "first_install" ]; then if [ -n "$first_install" ]; then
if [ $HOST = debian ]; then if [ -n "$DEBIAN" ]; then
if [ -n "$SERVICEDIR" ]; then
if systemctl enable ${PRODUCT}.service; then update-rc.d shorewall-init defaults
echo "$Product will start automatically at boot"
fi echo "Shorewall Init will start automatically at boot"
elif mywhich insserv; then
if insserv ${INITDIR}/$PRODUCT; then
echo "$Product will start automatically at boot"
else
cant_autostart
fi
elif mywhich update-rc.d ; then
if update-rc.d $PRODUCT enable; then
echo "$Product will start automatically at boot"
echo "Set startup=1 in ${CONFDIR}/default/$PRODUCT to enable"
else
cant_autostart
fi
else
cant_autostart
fi
elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then
/etc/init.d/$PRODUCT enable
if /etc/init.d/$PRODUCT enabled; then
echo "$Product will start automatically at boot"
else
cant_autostart
fi
elif [ $HOST = gentoo ]; then
# On Gentoo, a service must be enabled manually by the user,
# not by the installer
/bin/true
else else
if [ -n "$SERVICEDIR" ]; then if [ -x /sbin/insserv -o -x /usr/sbin/insserv ]; then
if systemctl enable ${PRODUCT}.service; then if insserv /etc/init.d/shorewall-init ; then
echo "$Product will start automatically at boot" echo "Shorewall Init will start automatically at boot"
fi
elif [ -x ${SBINDIR}/insserv -o -x /usr${SBINDIR}/insserv ]; then
if insserv ${INITDIR}/$PRODUCT ; then
echo "$Product will start automatically at boot"
else else
cant_autostart cant_autostart
fi fi
elif [ -x ${SBINDIR}/chkconfig -o -x /usr${SBINDIR}/chkconfig ]; then elif [ -x /sbin/chkconfig -o -x /usr/sbin/chkconfig ]; then
if chkconfig --add $PRODUCT ; then if chkconfig --add shorewall-init ; then
echo "$Product will start automatically at boot" echo "Shorewall Init will start automatically in run levels as follows:"
chkconfig --list $PRODUCT chkconfig --list shorewall-init
else else
cant_autostart cant_autostart
fi fi
elif [ -x ${SBINDIR}/rc-update ]; then elif [ -x /sbin/rc-update ]; then
if rc-update add $PRODUCT default; then if rc-update add shorewall-init default; then
echo "$Product will start automatically at boot" echo "Shorewall Init will start automatically at boot"
else else
cant_autostart cant_autostart
fi fi
elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then elif [ "$INIT" != rc.firewall ]; then #Slackware starts this automatically
/etc/init.d/$PRODUCT enable
if /etc/init.d/$PRODUCT enabled; then
echo "$Product will start automatically at boot"
else
cant_autostart
fi
else
cant_autostart cant_autostart
fi fi
fi fi
fi fi
else else
if [ $configure -eq 1 -a -n "$first_install" ]; then if [ -n "$first_install" ]; then
if [ $HOST = debian -a -z "$SERVICEDIR" ]; then if [ -n "$DEBIAN" ]; then
if [ -n "${DESTDIR}" ]; then if [ -n "${DESTDIR}" ]; then
make_parent_directory ${DESTDIR}/etc/rcS.d 0755 mkdir -p ${DESTDIR}/etc/rcS.d
fi fi
ln -sf ../init.d/$PRODUCT ${DESTDIR}${CONFDIR}/rcS.d/S38${PRODUCT} ln -sf ../init.d/shorewall-init ${DESTDIR}/etc/rcS.d/S38shorewall-init
echo "$Product will start automatically at boot" echo "Shorewall Init will start automatically at boot"
fi fi
fi fi
fi fi
[ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc . if [ -f ${DESTDIR}/etc/ppp ]; then
if [ -n "$DEBIAN" ] -o -n "$SUSE" ]; then
if [ -d ${DESTDIR}/etc/ppp ]; then for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
case $HOST in mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
debian|suse) cp -fp ${DESTDIR}/usr/share/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do done
make_parent_directory ${DESTDIR}/etc/ppp/$directory 0755 #SuSE doesn't create the IPv6 directories elif [ -n "$REDHAT" ]; then
cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown ${DESTDIR}${CONFDIR}/ppp/$directory/shorewall #
done # Must use the dreaded ip_xxx.local file
;; #
redhat) for file in ip-up.local ip-down.local; do
# FILE=${DESTDIR}/etc/ppp/$file
# Must use the dreaded ip_xxx.local file if [ -f $FILE ]; then
# if fgrep -q Shorewall-based $FILE ; then
for file in ip-up.local ip-down.local; do cp -fp ${DESTDIR}/usr/share/shorewall-init/ifupdown $FILE
FILE=${DESTDIR}/etc/ppp/$file
if [ -f $FILE ]; then
if grep -qF Shorewall-based $FILE ; then
cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown $FILE
else
echo "$FILE already exists -- ppp devices will not be handled"
break
fi
else else
cp -fp ${DESTDIR}${LIBEXECDIR}/$PRODUCT/ifupdown $FILE echo "$FILE already exists -- ppp devices will not be handled"
break
fi fi
done else
;; cp -fp ${DESTDIR}/usr/share/shorewall-init/ifupdown $FILE
esac fi
done
fi
fi fi
# #
# Report Success # Report Success
# #
echo "shorewall Init Version $VERSION Installed" echo "shorewall Init Version $VERSION Installed"

View File

@ -1,5 +0,0 @@
/var/log/shorewall-ifupdown.log {
missingok
notifempty
create 0600 root root
}

View File

@ -1,136 +0,0 @@
#!/bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V5.2
#
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
#
# On most distributions, this file should be called
# /etc/init.d/shorewall.
#
# Complete documentation is available at https://shorewall.org
#
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the license or,
# at your option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
###############################################################################
# set the STATEDIR variable
setstatedir() {
local statedir
if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then
statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR )
fi
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ -x ${STATEDIR}/firewall ]; then
return 0
elif [ $PRODUCT = shorewall ]; then
${SBINDIR}/shorewall compile
elif [ $PRODUCT = shorewall6 ]; then
${SBINDIR}/shorewall -6 compile
fi
}
# Initialize the firewalls
shorewall_init_start () {
local PRODUCT
local STATEDIR
printf "Initializing \"Shorewall-based firewalls\": "
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
for PRODUCT in $PRODUCTS; do
if setstatedir; then
#
# Run in a sub-shell to avoid name collisions
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop
fi
)
fi
done
return 0
}
# Clear the firewalls
shorewall_init_stop () {
local PRODUCT
local STATEDIR
printf "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
#
# Run in sub-shell to avoid name collisions
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} clear
fi
)
fi
done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" || rm -f "${SAVE_IPSETS}.tmp"
else
rm -f "${SAVE_IPSETS}.tmp"
fi
fi
return 0
}
#
# This is modified by the installer when ${SHAREDIR} <> /usr/share
#
. /usr/share/shorewall/shorewallrc
# check if shorewall-init is configured or not
if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2
exit 1
fi
else
echo "ERROR: ${SYSCONFDIR}/shorewall-init not found" >&2
exit 1
fi
case "$1" in
start)
shorewall_init_start
;;
stop)
shorewall_init_stop
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0

Some files were not shown because too many files have changed in this diff Show More