holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
2c93a90724
shorewall_code/Shorewall-perl/diff-4.0-lib.base
teastep 767fea403a Eliminate trailing whitespace 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6968 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-07-26 18:36:18 +00:00

789 lines
20 KiB
Plaintext
Raw Blame History

--- ../Shorewall-common/lib.base 2007-07-22 06:29:50.000000000 -0700
+++ prog.header 2007-07-22 06:29:50.000000000 -0700
@@ -1,48 +1,27 @@
-#!/bin/sh
-#
-# Shorewall 4.0 -- /usr/share/shorewall/lib.base
-#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
#
-# Complete documentation is available at http://shorewall.net
+# Options are:
#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of Version 2 of the GNU General Public License
-# as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
-#
-# This library contains the code common to all Shorewall components.
-#
-# - It is copied into the compiled script with the -e compiler flag is specified to
-# shorewall-shell.
-# - It is loaded by /sbin/shorewall.
-# - It is loaded by /usr/share/shorewall/firewall.
-# - It is loaded by /usr/share/shorewall-shell/compiler.
-# - It is released as part of Shorewall Lite where it is used by /sbin/shorewall-lite
-# and /usr/share/shorewall-lite/shorecap.
-# - It is released as part of Shorewall Perl where it is copied into the compiled script
-# by the compiler.
-#
-
-SHOREWALL_LIBVERSION=40000
-SHOREWALL_CAPVERSION=30405
-
-[ -n "${VARDIR:=/var/lib/shorewall}" ]
-[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
-[ -n "${CONFDIR:=/etc/shorewall}" ]
-SHELLSHAREDIR=/usr/share/shorewall-shell
-PERLSHAREDIR=/usr/share/shorewall-perl
-
+# -n Don't alter Routing
+# -v and -q Standard Shorewall Verbosity control
+#
+# Commands are:
+#
+# start Starts the firewall
+# refresh Refresh the firewall
+# restart Restarts the firewall
+# reload Reload the firewall
+# clear Removes all firewall rules
+# stop Stops the firewall
+# status Displays firewall status
+# version Displays the version of Shorewall that
+# generated this program
+#
+################################################################################
+# Functions imported from /usr/share/shorewall/lib.base
+################################################################################
#
# Message to stderr
#
@@ -111,20 +90,6 @@
}
#
-# Undo the effect of 'separate_list()'
-#
-combine_list()
-{
- local f o=
-
- for f in $* ; do
- o="${o:+$o,}$f"
- done
-
- echo $o
-}
-
-#
# Suppress all output for a command
#
qt()
@@ -310,83 +275,6 @@
}
#
-# Call this function to assert mutual exclusion with Shorewall. If you invoke the
-# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
-# the first argument. Example "shorewall nolock refresh"
-#
-# This function uses the lockfile utility from procmail if it exists.
-# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
-# behavior of lockfile.
-#
-mutex_on()
-{
- local try=0
- local lockf=${LOCKFILE:=${VARDIR}/lock}
-
- MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
-
- if [ $MUTEX_TIMEOUT -gt 0 ]; then
-
- [ -d ${VARDIR} ] || mkdir -p ${VARDIR}
-
- if qt mywhich lockfile; then
- lockfile -${MUTEX_TIMEOUT} -r1 ${lockf}
- else
- while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do
- sleep 1
- try=$((${try} + 1))
- done
-
- if [ ${try} -lt ${MUTEX_TIMEOUT} ] ; then
- # Create the lockfile
- echo $$ > ${lockf}
- else
- echo "Giving up on lock file ${lockf}" >&2
- fi
- fi
- fi
-}
-
-#
-# Call this function to release mutual exclusion
-#
-mutex_off()
-{
- rm -f ${LOCKFILE:=${VARDIR}/lock}
-}
-
-#
-# Load an optional library
-#
-lib_load() # $1 = Name of the Library, $2 = Error Message heading if the library cannot be found
-{
- local lib=${SHAREDIR}/lib.$1
- local loaded
-
- eval loaded=\$LIB_${1}_LOADED
-
- if [ -z "$loaded" ]; then
- [ -f $lib ] || lib=${SHELLSHAREDIR}/lib.$1
-
- if [ -f $lib ]; then
- progress_message "Loading library $lib..."
- . $lib
- eval LIB_${1}_LOADED=Yes
- else
- startup_error "$2 requires the Shorewall library $1 ($lib) which is not installed"
- fi
- fi
-}
-
-#
-# Determine if an optional library is available
-#
-lib_avail() # $1 = Name of the Library
-{
- [ -f ${SHAREDIR}/lib.$1 ]
-}
-
-#
# Note: The following set of IP address manipulation functions have anomalous
# behavior when the shell only supports 32-bit signed arithmetic and
# the IP address is 128.0.0.0 or 128.0.0.1.
@@ -395,32 +283,6 @@
LEFTSHIFT='<<'
#
-# Validate an IP address
-#
-valid_address() {
- local x y
- local ifs=$IFS
-
- IFS=.
-
- for x in $1; do
- case $x in
- [0-9]|[0-9][0-9]|[1-2][0-9][0-9])
- [ $x -lt 256 ] || { IFS=$ifs; return 2; }
- ;;
- *)
- IFS=$ifs
- return 2
- ;;
- esac
- done
-
- IFS=$ifs
-
- return 0
-}
-
-#
# Convert an IP address in dot quad format to an integer
#
decodeaddr() {
@@ -456,88 +318,6 @@
}
#
-# Enumerate the members of an IP range -- When using a shell supporting only
-# 32-bit signed arithmetic, the range cannot span 128.0.0.0.
-#
-# Comes in two flavors:
-#
-# ip_range() - produces a mimimal list of network/host addresses that spans
-# the range.
-#
-# ip_range_explicit() - explicitly enumerates the range.
-#
-ip_range() {
- local first last l x y z vlsm
-
- case $1 in
- !*)
- #
- # Let iptables complain if it's a range
- #
- echo $1
- return
- ;;
- [0-9]*.*.*.*-*.*.*.*)
- ;;
- *)
- echo $1
- return
- ;;
- esac
-
- first=$(decodeaddr ${1%-*})
- last=$(decodeaddr ${1#*-})
-
- if [ $first -gt $last ]; then
- fatal_error "Invalid IP address range: $1"
- fi
-
- l=$(( $last + 1 ))
-
- while [ $first -le $last ]; do
- vlsm=
- x=31
- y=2
- z=1
-
- while [ $(( $first % $y )) -eq 0 -a $(( $first + $y )) -le $l ]; do
- vlsm=/$x
- x=$(( $x - 1 ))
- z=$y
- y=$(( $y * 2 ))
- done
-
- echo $(encodeaddr $first)$vlsm
- first=$(($first + $z))
- done
-}
-
-ip_range_explicit() {
- local first last
-
- case $1 in
- [0-9]*.*.*.*-*.*.*.*)
- ;;
- *)
- echo $1
- return
- ;;
- esac
-
- first=$(decodeaddr ${1%-*})
- last=$(decodeaddr ${1#*-})
-
- if [ $first -gt $last ]; then
- fatal_error "Invalid IP address range: $1"
- fi
-
- while [ $first -le $last ]; do
- echo $(encodeaddr $first)
- first=$(($first + 1))
- done
-}
-
-#
# Netmask from CIDR
#
ip_netmask() {
@@ -588,60 +368,6 @@
}
#
-# Netmask to VLSM
-#
-ip_vlsm() {
- local mask=$(decodeaddr $1)
- local vlsm=0
- local x=$(( 128 << 24 )) # 0x80000000
-
- while [ $(( $x & $mask )) -ne 0 ]; do
- [ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Not all shells shift 0x80000000 left properly.
- vlsm=$(($vlsm + 1))
- done
-
- if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff
- echo "Invalid net mask: $1" >&2
- else
- echo $vlsm
- fi
-}
-
-
-#
-# Chain name base for an interface -- replace all periods with underscores in the passed name.
-# The result is echoed (less trailing "+").
-#
-chain_base() #$1 = interface
-{
- local c=${1%%+}
-
- while true; do
- case $c in
- @*)
- c=at_${c#@}
- ;;
- *.*)
- c="${c%.*}_${c##*.}"
- ;;
- *-*)
- c="${c%-*}_${c##*-}"
- ;;
- *%*)
- c="${c%\%*}_${c##*%}"
- ;;
- *@*)
- c="${c%@*}_${c##*@}"
- ;;
- *)
- echo ${c:=common}
- return
- ;;
- esac
- done
-}
-
-#
# Query NetFilter about the existence of a filter chain
#
chain_exists() # $1 = chain name
@@ -879,21 +605,6 @@
}
#
-# Set default config path
-#
-ensure_config_path() {
- local F=${SHAREDIR}/configpath
- if [ -z "$CONFIG_PATH" ]; then
- [ -f $F ] || { echo " ERROR: $F does not exist"; exit 2; }
- . $F
- fi
-
- if [ -n "$SHOREWALL_DIR" ]; then
- [ "${CONFIG_PATH%%:*}" = "$SHOREWALL_DIR" ] || CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
- fi
-}
-
-#
# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
#
find_file()
@@ -918,54 +629,6 @@
}
#
-# Get fully-qualified name of file
-#
-resolve_file() # $1 = file name
-{
- local pwd=$PWD
-
- case $1 in
- /*)
- echo $1
- ;;
- .)
- echo $pwd
- ;;
- ./*)
- echo ${pwd}${1#.}
- ;;
- ..)
- cd ..
- echo $PWD
- cd $pwd
- ;;
- ../*)
- cd ..
- resolve_file ${1#../}
- cd $pwd
- ;;
- *)
- echo $pwd/$1
- ;;
- esac
-}
-
-#
-# Perform variable substitution on the passed argument and echo the result
-#
-expand() # $@ = contents of variable which may be the name of another variable
-{
- eval echo \"$@\"
-}
-
-#
-# Function for including one file into another
-#
-INCLUDE() {
- . $(find_file $(expand $@))
-}
-
-#
# Set the Shorewall state
#
set_state () # $1 = state
@@ -974,200 +637,6 @@
}
#
-# Determine which optional facilities are supported by iptables/netfilter
-#
-determine_capabilities() {
- qt $IPTABLES -t nat -L -n && NAT_ENABLED=Yes || NAT_ENABLED=
- qt $IPTABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
-
- CONNTRACK_MATCH=
- MULTIPORT=
- XMULTIPORT=
- POLICY_MATCH=
- PHYSDEV_MATCH=
- IPRANGE_MATCH=
- RECENT_MATCH=
- OWNER_MATCH=
- IPSET_MATCH=
- CONNMARK=
- XCONNMARK=
- CONNMARK_MATCH=
- XCONNMARK_MATCH=
- RAW_TABLE=
- IPP2P_MATCH=
- LENGTH_MATCH=
- CLASSIFY_TARGET=
- ENHANCED_REJECT=
- USEPKTTYPE=
- KLUDGEFREE=
- MARK=
- XMARK=
- MANGLE_FORWARD=
- COMMENTS=
- ADDRTYPE=
- TCPMSS_MATCH=
-
- qt $IPTABLES -N fooX1234
- qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
- qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
- qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21:22 -j ACCEPT && XMULTIPORT=Yes
- qt $IPTABLES -A fooX1234 -m policy --pol ipsec --mode tunnel --dir in -j ACCEPT && POLICY_MATCH=Yes
-
- if qt $IPTABLES -A fooX1234 -m physdev --physdev-out eth0 -j ACCEPT; then
- PHYSDEV_MATCH=Yes
- fi
-
- if qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT; then
- IPRANGE_MATCH=Yes
- if [ -z "${KLUDGEFREE}" ]; then
- qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -m iprange --dst-range 192.168.1.5-192.168.1.124 -j ACCEPT && KLUDGEFREE=Yes
- fi
- fi
-
- qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT && RECENT_MATCH=Yes
- qt $IPTABLES -A fooX1234 -m owner --uid-owner 0 -j ACCEPT && OWNER_MATCH=Yes
-
- if qt $IPTABLES -A fooX1234 -m connmark --mark 2 -j ACCEPT; then
- CONNMARK_MATCH=Yes
- qt $IPTABLES -A fooX1234 -m connmark --mark 2/0xFF -j ACCEPT && XCONNMARK_MATCH=Yes
- fi
-
- qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT && IPP2P_MATCH=Yes
- qt $IPTABLES -A fooX1234 -m length --length 10:20 -j ACCEPT && LENGTH_MATCH=Yes
- qt $IPTABLES -A fooX1234 -j REJECT --reject-with icmp-host-prohibited && ENHANCED_REJECT=Yes
-
- qt $IPTABLES -A fooX1234 -j ACCEPT -m comment --comment "This is a comment" && COMMENTS=Yes
-
- if [ -n "$MANGLE_ENABLED" ]; then
- qt $IPTABLES -t mangle -N fooX1234
-
- if qt $IPTABLES -t mangle -A fooX1234 -j MARK --set-mark 1; then
- MARK=Yes
- qt $IPTABLES -t mangle -A fooX1234 -j MARK --and-mark 0xFF && XMARK=Yes
- fi
-
- if qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark; then
- CONNMARK=Yes
- qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark --mask 0xFF && XCONNMARK=Yes
- fi
-
- qt $IPTABLES -t mangle -A fooX1234 -j CLASSIFY --set-class 1:1 && CLASSIFY_TARGET=Yes
- qt $IPTABLES -t mangle -F fooX1234
- qt $IPTABLES -t mangle -X fooX1234
- qt $IPTABLES -t mangle -L FORWARD -n && MANGLE_FORWARD=Yes
- fi
-
- qt $IPTABLES -t raw -L -n && RAW_TABLE=Yes
-
- if qt mywhich ipset; then
- qt ipset -X fooX1234 # Just in case something went wrong the last time
-
- if qt ipset -N fooX1234 iphash ; then
- if qt $IPTABLES -A fooX1234 -m set --set fooX1234 src -j ACCEPT; then
- qt $IPTABLES -D fooX1234 -m set --set fooX1234 src -j ACCEPT
- IPSET_MATCH=Yes
- fi
- qt ipset -X fooX1234
- fi
- fi
-
- qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT && USEPKTTYPE=Yes
- qt $IPTABLES -A fooX1234 -m addrtype --src-type BROADCAST -j ACCEPT && ADDRTYPE=Yes
- qt $IPTABLES -A fooX1234 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT && TCPMSS_MATCH=Yes
-
- qt $IPTABLES -F fooX1234
- qt $IPTABLES -X fooX1234
-
- CAPVERSION=$SHOREWALL_CAPVERSION
-}
-
-report_capabilities() {
- report_capability() # $1 = Capability Description , $2 Capability Setting (if any)
- {
- local setting=
-
- [ "x$2" = "xYes" ] && setting="Available" || setting="Not available"
-
- echo " " $1: $setting
- }
-
- if [ $VERBOSE -gt 1 ]; then
- echo "Shorewall has detected the following iptables/netfilter capabilities:"
- report_capability "NAT" $NAT_ENABLED
- report_capability "Packet Mangling" $MANGLE_ENABLED
- report_capability "Multi-port Match" $MULTIPORT
- [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
- report_capability "Connection Tracking Match" $CONNTRACK_MATCH
- report_capability "Packet Type Match" $USEPKTTYPE
- report_capability "Policy Match" $POLICY_MATCH
- report_capability "Physdev Match" $PHYSDEV_MATCH
- report_capability "Packet length Match" $LENGTH_MATCH
- report_capability "IP range Match" $IPRANGE_MATCH
- report_capability "Recent Match" $RECENT_MATCH
- report_capability "Owner Match" $OWNER_MATCH
- report_capability "Ipset Match" $IPSET_MATCH
- report_capability "CONNMARK Target" $CONNMARK
- [ -n "$CONNMARK" ] && report_capability "Extended CONNMARK Target" $XCONNMARK
- report_capability "Connmark Match" $CONNMARK_MATCH
- [ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
- report_capability "Raw Table" $RAW_TABLE
- report_capability "IPP2P Match" $IPP2P_MATCH
- report_capability "CLASSIFY Target" $CLASSIFY_TARGET
- report_capability "Extended REJECT" $ENHANCED_REJECT
- report_capability "Repeat match" $KLUDGEFREE
- report_capability "MARK Target" $MARK
- [ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK
- report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD
- report_capability "Comments" $COMMENTS
- report_capability "Address Type Match" $ADDRTYPE
- report_capability "TCPMSS Match" $TCPMSS_MATCH
- fi
-
- [ -n "$PKTTYPE" ] || USEPKTTYPE=
-
-}
-
-report_capabilities1() {
- report_capability1() # $1 = Capability
- {
- eval echo $1=\$$1
- }
-
- echo "#"
- echo "# Shorewall $VERSION detected the following iptables/netfilter capabilities - $(date)"
- echo "#"
- report_capability1 NAT_ENABLED
- report_capability1 MANGLE_ENABLED
- report_capability1 MULTIPORT
- report_capability1 XMULTIPORT
- report_capability1 CONNTRACK_MATCH
- report_capability1 USEPKTTYPE
- report_capability1 POLICY_MATCH
- report_capability1 PHYSDEV_MATCH
- report_capability1 LENGTH_MATCH
- report_capability1 IPRANGE_MATCH
- report_capability1 RECENT_MATCH
- report_capability1 OWNER_MATCH
- report_capability1 IPSET_MATCH
- report_capability1 CONNMARK
- report_capability1 XCONNMARK
- report_capability1 CONNMARK_MATCH
- report_capability1 XCONNMARK_MATCH
- report_capability1 RAW_TABLE
- report_capability1 IPP2P_MATCH
- report_capability1 CLASSIFY_TARGET
- report_capability1 ENHANCED_REJECT
- report_capability1 KLUDGEFREE
- report_capability1 MARK
- report_capability1 XMARK
- report_capability1 MANGLE_FORWARD
- report_capability1 COMMENTS
- report_capability1 ADDRTYPE
-
- echo CAPVERSION=$SHOREWALL_CAPVERSION
-}
-
-#
# Delete IP address
#
del_ip_addr() # $1 = address, $2 = interface
@@ -1286,82 +755,6 @@
cut -b -${1}
}
-#
-# Add a logging rule.
-#
-do_log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule
-{
- local level=$1
- local chain=$2
- local displayChain=$3
- local disposition=$4
- local rulenum=
- local limit=
- local tag=
- local command=
- local prefix
- local base=$(chain_base $displayChain)
- local pf
-
- limit="${5:-$LOGLIMIT}" # Do this here rather than in the declaration above to appease /bin/ash.
- tag=${6:+$6 }
- command=${7:--A}
-
- shift 7
-
- if [ -n "$tag" -a -n "$LOGTAGONLY" ]; then
- displayChain=$tag
- tag=
- fi
-
- if [ -n "$LOGRULENUMBERS" ]; then
- #
- # Hack for broken printf on some lightweight shells
- #
- [ $(printf "%d" 1) = "1" ] && pf=printf || pf=$(mywhich printf)
-
- eval rulenum=\$${base}_logrules
-
- rulenum=${rulenum:-1}
-
- prefix="$($pf "$LOGFORMAT" $displayChain $rulenum $disposition)${tag}"
-
- rulenum=$(($rulenum + 1))
- eval ${base}_logrules=$rulenum
- else
- prefix="$(printf "$LOGFORMAT" $displayChain $disposition)${tag}"
- fi
-
- if [ ${#prefix} -gt 29 ]; then
- prefix=`echo "$prefix" | truncate 29`
- error_message "WARNING: Log Prefix shortened to \"$prefix\""
- fi
-
- case $level in
- ULOG)
- $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix"
- ;;
- *)
- $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"
- ;;
- esac
-
- if [ $? -ne 0 ] ; then
- [ -z "$STOPPING" ] && { stop_firewall; exit 2; }
- fi
-}
-
-do_log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule
-{
- local level=$1
- local chain=$2
- local disposition=$3
-
- shift 3
-
- do_log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@
-}
-
delete_tc1()
{
clear_one_tc() {
@@ -1496,65 +889,6 @@
echo echo
}
-
-# Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
-#
-# None - No mktemp
-# BSD - BSD mktemp (Mandrake)
-# STD - mktemp.org mktemp
-#
-find_mktemp() {
- local mktemp=`mywhich mktemp 2> /dev/null`
-
- if [ -n "$mktemp" ]; then
- if qt mktemp -V ; then
- MKTEMP=STD
- else
- MKTEMP=BSD
- fi
- else
- MKTEMP=None
- fi
-}
-
-#
-# create a temporary file. If a directory name is passed, the file will be created in
-# that directory. Otherwise, it will be created in a temporary directory.
-#
-mktempfile() {
-
- [ -z "$MKTEMP" ] && find_mktemp
-
- if [ $# -gt 0 ]; then
- case "$MKTEMP" in
- BSD)
- mktemp $1/shorewall.XXXXXX
- ;;
- STD)
- mktemp -p $1 shorewall.XXXXXX
- ;;
- None)
- > $1/shorewall-$$ && echo $1/shorewall-$$
- ;;
- *)
- error_message "ERROR:Internal error in mktempfile"
- ;;
- esac
- else
- case "$MKTEMP" in
- BSD)
- mktemp /tmp/shorewall.XXXXXX
- ;;
- STD)
- mktemp -t shorewall.XXXXXX
- ;;
- None)
- rm -f /tmp/shorewall-$$
- > /tmp/shorewall-$$ && echo /tmp/shorewall-$$
- ;;
- *)
- error_message "ERROR:Internal error in mktempfile"
- ;;
- esac
- fi
-}
+################################################################################
+# End of functions imported from /usr/share/shorewall/lib.base
+################################################################################
View Git Blame Copy Permalink