mirror of
https://github.com/firehol/firehol.git
synced 2024-06-28 18:02:33 +00:00
Module management can now be controlled with FIREHOL_LOAD_KERNEL_MODULES.
Default value is 1, it can be set to 0 to disable module management. Also, now FireHOL automatically detects if ip_tables and ip_conntrack are build into the kernel, by looking for relative files in /proc/net.
This commit is contained in:
parent
a826bfa1c3
commit
2bc1846dae
@ -45,7 +45,7 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
|
||||
<td bgcolor="#DDDDDD"><a target="_top" href="http://freshmeat.net/projects/firehol/">FM Home</a></td>
|
||||
<td bgcolor="#A00000"><a target="content" href="http://sourceforge.net/project/showfiles.php?group_id=58425" style="color:#FFFFFF;">Downloads</a></td>
|
||||
<td bgcolor="#DDDDDD"><a target="content" href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/firehol/">WebCVS</a></td>
|
||||
<td bgcolor="#DDDDDD"><a target="content" href="support.html">Support</a></td>
|
||||
<td bgcolor="#DDDDDD"><a target="content" href="support.html?">Support</a></td>
|
||||
<td bgcolor="#A00000" NOWRAP><a target="content" href="http://freshmeat.net/subscribe/30942/" style="color:#FFFFFF;">Subscribe</a></td>
|
||||
<td bgcolor="#DDDDDD" NOWRAP><a target="content" href="http://freshmeat.net/rate/30942/">Rate Me!</a></td>
|
||||
<td bgcolor="#EEEEEE" width="50%"> </td>
|
||||
@ -54,15 +54,16 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
|
||||
<table border=0 cellpadding=5 cellspacing=3>
|
||||
<tr>
|
||||
<td bgcolor="#F5F5F5" width="50%" align="right"><small><b>Documentation</td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="overview.html">Overview</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="invoking.html">Invoking</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="language.html">Language</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="commands.html">Commands</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="services.html">Services</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="adding.html">Adding Services</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="tutorial.html">Tutorial</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="trouble.html">Troubleshooting</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="fwtest.html">Firewall Test</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="overview.html?">Overview</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="invoking.html?">Invoking</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="language.html?">Language</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="commands.html?">Commands</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="services.html?">Services</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="adding.html?">Adding Services</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="tutorial.html?">Tutorial</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="trouble.html?">Troubleshooting</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="fwtest.html?">Firewall Test</a></td>
|
||||
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="faq.html?">FAQ</a></td>
|
||||
<td bgcolor="#F5F5F5" width="50%"> </td>
|
||||
</tr>
|
||||
</table>
|
||||
|
61
firehol.sh
61
firehol.sh
@ -10,7 +10,7 @@
|
||||
#
|
||||
# config: /etc/firehol.conf
|
||||
#
|
||||
# $Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
|
||||
# $Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
|
||||
#
|
||||
FIREHOL_FILE="${0}"
|
||||
|
||||
@ -197,6 +197,10 @@ FIREHOL_EXPLAIN=0
|
||||
# It can be changed on the command line
|
||||
FIREHOL_WIZARD=0
|
||||
|
||||
# If set to 0, FireHOL will not try to load the required kernel modules.
|
||||
# It can be set in the configuration file.
|
||||
FIREHOL_LOAD_KERNEL_MODULES=1
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Keep information about the current primary command
|
||||
@ -1501,6 +1505,40 @@ set_work_function() {
|
||||
# new firewall has been activated. Here we just keep a list of the required
|
||||
# kernel modules.
|
||||
|
||||
check_kernel_module() {
|
||||
local mod="${1}"
|
||||
|
||||
case ${mod} in
|
||||
ip_tables)
|
||||
test -f /proc/net/ip_tables_name && return 0
|
||||
return 1
|
||||
;;
|
||||
|
||||
ip_conntrack)
|
||||
test -f /proc/net/ip_conntrack && return 0
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
load_kernel_module() {
|
||||
local mod="${1}"
|
||||
|
||||
if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ]
|
||||
then
|
||||
check_kernel_module ${mod}
|
||||
if [ $? -gt 0 ]
|
||||
then
|
||||
${MODPROBE_CMD} ${mod} >${FIREHOL_OUTPUT}.log 2>&1
|
||||
local r=$?
|
||||
test ! ${r} -eq 0 && runtime_error warn ${r} ${FIREHOL_LINEID} ${MODPROBE_CMD} ${mod}
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
require_kernel_module() {
|
||||
local new="${1}"
|
||||
|
||||
@ -3207,7 +3245,7 @@ case "${arg}" in
|
||||
fi
|
||||
|
||||
echo -n $"FireHOL: Blocking all communications:"
|
||||
${MODPROBE_CMD} ip_tables >/dev/null 2>&1
|
||||
load_kernel_module ip_tables
|
||||
tables=`${CAT_CMD} /proc/net/ip_tables_names`
|
||||
for t in ${tables}
|
||||
do
|
||||
@ -3276,7 +3314,7 @@ case "${arg}" in
|
||||
else
|
||||
|
||||
${CAT_CMD} <<"EOF"
|
||||
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
|
||||
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
|
||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||
FireHOL is distributed under GPL.
|
||||
|
||||
@ -3462,7 +3500,7 @@ then
|
||||
|
||||
${CAT_CMD} <<"EOF"
|
||||
|
||||
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
|
||||
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
|
||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||
FireHOL is distributed under GPL.
|
||||
Home Page: http://firehol.sourceforge.net
|
||||
@ -3756,7 +3794,7 @@ then
|
||||
|
||||
${CAT_CMD} >&2 <<"EOF"
|
||||
|
||||
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
|
||||
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
|
||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||
FireHOL is distributed under GPL.
|
||||
Home Page: http://firehol.sourceforge.net
|
||||
@ -3849,7 +3887,7 @@ EOF
|
||||
echo "# "
|
||||
|
||||
${CAT_CMD} <<"EOF"
|
||||
# $Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
|
||||
# $Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
|
||||
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||
# FireHOL is distributed under GPL.
|
||||
# Home Page: http://firehol.sourceforge.net
|
||||
@ -4233,7 +4271,7 @@ fixed_iptables_save() {
|
||||
local tmp="${FIREHOL_DIR}/iptables-save-$$"
|
||||
local err=
|
||||
|
||||
${MODPROBE_CMD} ip_tables >/dev/null 2>&1
|
||||
load_kernel_module ip_tables
|
||||
${IPTABLES_SAVE_CMD} -c >$tmp
|
||||
err=$?
|
||||
if [ ! $err -eq 0 ]
|
||||
@ -4274,11 +4312,8 @@ fi
|
||||
${CAT_CMD} >"${FIREHOL_OUTPUT}" <<"EOF"
|
||||
#!/bin/sh
|
||||
|
||||
${MODPROBE_CMD} ip_tables >${FIREHOL_OUTPUT}.log 2>&1
|
||||
r=$?; test ! ${r} -eq 0 && runtime_error warn ${r} INIT ${MODPROBE_CMD} ip_tables
|
||||
|
||||
${MODPROBE_CMD} ip_conntrack >${FIREHOL_OUTPUT}.log 2>&1
|
||||
r=$?; test ! ${r} -eq 0 && runtime_error warn ${r} INIT ${MODPROBE_CMD} ip_conntrack
|
||||
load_kernel_module ip_tables
|
||||
load_kernel_module ip_conntrack
|
||||
|
||||
# Find all tables supported
|
||||
tables=`${CAT_CMD} /proc/net/ip_tables_names`
|
||||
@ -4395,7 +4430,7 @@ echo
|
||||
|
||||
for m in ${FIREHOL_KERNEL_MODULES}
|
||||
do
|
||||
postprocess -warn ${MODPROBE_CMD} $m
|
||||
postprocess -ne load_kernel_module $m
|
||||
done
|
||||
|
||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
|
Loading…
Reference in New Issue
Block a user