forked from extern/shorewall_code
b66929a65e
1) Elimination of the "shorewall monitor" command. 2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into a single /etc/shorewall/zones file. This is done in an upwardly-compatible way so that current users can continue to use their existing files. 3) Support has been added for the arp_ignore interface option. 4) DROPINVALID has been removed from shorewall.conf. Behavior is as if DROPINVALID=No was specified. 5) The 'nobogons' option and BOGON_LOG_LEVEL are removed. 6) Error and warning messages have been made easier to spot by using capitalization (e.g., ERROR: and WARNING:). 7) The /etc/shorewall/policy file now contains a new connection policy and a policy for ESTABLISHED packets. Useful for users of snort-inline who want to pass all packets to the QUEUE target. 8) A new 'critical' option has been added to /etc/shorewall/routestopped. Shorewall insures communication between the firewall and 'critical' hosts throughout start, restart, stop and clear. Useful for diskless firewall's with NFS-mounted file systems, LDAP servers, Crossbow, etc. 9) Macros. Macros are very similar to actions but are easier to use, allow parameter substitution and are more efficient. Almost all of the standard actions have been converted to macros in the EXPERIMENTAL branch. 10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No. 11) If you have 'make' installed on your firewall, then when you use the '-f' option to 'shorewall start' (as happens when you reboot), if your /etc/shorewall/ directory contains files that were modified after Shorewall was last restarted then Shorewall is started using the config files rather than using the saved configuration. git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
154 lines
3.7 KiB
Bash
Executable File
154 lines
3.7 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Script to back out the installation of Shoreline Firewall and to restore the previous version of
|
|
# the program
|
|
#
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
#
|
|
# (c) 2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
|
|
#
|
|
# Shorewall documentation is available at http://shorewall.net
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of Version 2 of the GNU General Public License
|
|
# as published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
|
#
|
|
# Usage:
|
|
#
|
|
# You may only use this script to back out the installation of the version
|
|
# shown below. Simply run this script to revert to your prior version of
|
|
# Shoreline Firewall.
|
|
|
|
VERSION=2.5.0
|
|
|
|
usage() # $1 = exit status
|
|
{
|
|
echo "usage: $(basename $0)"
|
|
exit $1
|
|
}
|
|
|
|
restore_file() # $1 = file to restore
|
|
{
|
|
if [ -f ${1}-${VERSION}.bkout -o -L ${1}-${VERSION}.bkout ]; then
|
|
if (mv -f ${1}-${VERSION}.bkout $1); then
|
|
echo
|
|
echo "$1 restored"
|
|
else
|
|
echo "ERROR: Could not restore $1"
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
if [ ! -f /usr/share/shorewall/version-${VERSION}.bkout ]; then
|
|
echo "Shorewall Version $VERSION is not installed"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Backing Out Installation of Shorewall $VERSION"
|
|
|
|
if [ -L /usr/share/shorewall/init ]; then
|
|
FIREWALL=$(ls -l /usr/share/shorewall/firewall | sed 's/^.*> //')
|
|
restore_file $FIREWALL
|
|
else
|
|
restore_file /etc/init.d/shorewall
|
|
fi
|
|
|
|
restore_file /usr/share/shorewall/firewall
|
|
|
|
restore_file /sbin/shorewall
|
|
|
|
restore_file /etc/shorewall/shorewall.conf
|
|
|
|
restore_file /etc/shorewall/functions
|
|
restore_file /usr/lib/shorewall/functions
|
|
restore_file /var/lib/shorewall/functions
|
|
restore_file /usr/lib/shorewall/firewall
|
|
restore_file /usr/lib/shorewall/help
|
|
|
|
restore_file /etc/shorewall/common.def
|
|
|
|
restore_file /etc/shorewall/icmp.def
|
|
|
|
restore_file /etc/shorewall/zones
|
|
|
|
restore_file /etc/shorewall/policy
|
|
|
|
restore_file /etc/shorewall/interfaces
|
|
|
|
restore_file /etc/shorewall/ipsec
|
|
|
|
restore_file /etc/shorewall/hosts
|
|
|
|
restore_file /etc/shorewall/rules
|
|
|
|
restore_file /etc/shorewall/nat
|
|
|
|
restore_file /etc/shorewall/netmap
|
|
|
|
restore_file /etc/shorewall/params
|
|
|
|
restore_file /etc/shorewall/proxyarp
|
|
|
|
restore_file /etc/shorewall/routestopped
|
|
|
|
restore_file /etc/shorewall/maclist
|
|
|
|
restore_file /etc/shorewall/masq
|
|
|
|
restore_file /etc/shorewall/modules
|
|
|
|
restore_file /etc/shorewall/tcrules
|
|
|
|
restore_file /etc/shorewall/tos
|
|
|
|
restore_file /etc/shorewall/tunnels
|
|
|
|
restore_file /etc/shorewall/blacklist
|
|
|
|
restore_file /etc/shorewall/whitelist
|
|
|
|
restore_file /etc/shorewall/rfc1918
|
|
restore_file /usr/share/shorewall/rfc1918
|
|
|
|
restore_file /usr/share/shorewall/bogons
|
|
|
|
restore_file /usr/share/shorewall/configpath
|
|
|
|
restore_file /etc/shorewall/init
|
|
|
|
restore_file /etc/shorewall/initdone
|
|
|
|
restore_file /etc/shorewall/start
|
|
|
|
restore_file /etc/shorewall/stop
|
|
|
|
restore_file /etc/shorewall/stopped
|
|
|
|
restore_file /etc/shorewall/ecn
|
|
|
|
restore_file /etc/shorewall/accounting
|
|
|
|
restore_file /etc/shorewall/actions.std
|
|
|
|
restore_file /etc/shorewall/actions
|
|
|
|
for f in /usr/share/shorewall/action.*-${VERSION}.bkout; do
|
|
restore_file $(echo $f | sed "s/-${VERSION}.bkout//")
|
|
done
|
|
|
|
restore_file /usr/share/shorewall/version
|
|
|
|
echo "Shorewall Restored to Version $oldversion"
|
|
|
|
|