sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-28 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Module management can now be controlled with FIREHOL_LOAD_KERNEL_MODULES.

Browse Source 
Default value is 1, it can be set to 0 to disable module management.

Also, now FireHOL automatically detects if ip_tables and ip_conntrack
are build into the kernel, by looking for relative files in /proc/net.
This commit is contained in:
ktsaou 2003-04-18 20:52:44 +00:00
parent a826bfa1c3
commit 2bc1846dae
2 changed files with 59 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/header.html
View File

@ -45,7 +45,7 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
<td bgcolor="#DDDDDD"><a target="_top" href="http://freshmeat.net/projects/firehol/">FM&nbsp;Home</a></td>
<td bgcolor="#A00000"><a target="content" href="http://sourceforge.net/project/showfiles.php?group_id=58425" style="color:#FFFFFF;">Downloads</a></td>
<td bgcolor="#DDDDDD"><a target="content" href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/firehol/">WebCVS</a></td>
<td bgcolor="#DDDDDD"><a target="content" href="support.html">Support</a></td>
<td bgcolor="#DDDDDD"><a target="content" href="support.html?">Support</a></td>
<td bgcolor="#A00000" NOWRAP><a target="content" href="http://freshmeat.net/subscribe/30942/" style="color:#FFFFFF;">Subscribe</a></td>
<td bgcolor="#DDDDDD" NOWRAP><a target="content" href="http://freshmeat.net/rate/30942/">Rate Me!</a></td>
<td bgcolor="#EEEEEE" width="50%">&nbsp;</td>
@ -54,15 +54,16 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
<table border=0 cellpadding=5 cellspacing=3>
<tr>
<td bgcolor="#F5F5F5" width="50%" align="right"><small><b>Documentation</td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="overview.html">Overview</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="invoking.html">Invoking</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="language.html">Language</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="commands.html">Commands</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="services.html">Services</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="adding.html">Adding Services</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="tutorial.html">Tutorial</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="trouble.html">Troubleshooting</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="fwtest.html">Firewall Test</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="overview.html?">Overview</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="invoking.html?">Invoking</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="language.html?">Language</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="commands.html?">Commands</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="services.html?">Services</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="adding.html?">Adding Services</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="tutorial.html?">Tutorial</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="trouble.html?">Troubleshooting</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="fwtest.html?">Firewall Test</a></td>
<td bgcolor="#EEEEEE" NOWRAP><small><a target="content" href="faq.html?">FAQ</a></td>
<td bgcolor="#F5F5F5" width="50%">&nbsp;</td>
</tr>
</table>

61
firehol.sh
View File

@ -10,7 +10,7 @@
#
# config: /etc/firehol.conf
#
# $Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
# $Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
#
FIREHOL_FILE="${0}"
@ -197,6 +197,10 @@ FIREHOL_EXPLAIN=0
# It can be changed on the command line
FIREHOL_WIZARD=0
# If set to 0, FireHOL will not try to load the required kernel modules.
# It can be set in the configuration file.
FIREHOL_LOAD_KERNEL_MODULES=1
# ------------------------------------------------------------------------------
# Keep information about the current primary command
@ -1501,6 +1505,40 @@ set_work_function() {
# new firewall has been activated. Here we just keep a list of the required
# kernel modules.
check_kernel_module() {
local mod="${1}"
case ${mod} in
ip_tables)
test -f /proc/net/ip_tables_name && return 0
return 1
;;
ip_conntrack)
test -f /proc/net/ip_conntrack && return 0
return 1
;;
esac
return 1
}
load_kernel_module() {
local mod="${1}"
if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ]
then
check_kernel_module ${mod}
if [ $? -gt 0 ]
then
${MODPROBE_CMD} ${mod} >${FIREHOL_OUTPUT}.log 2>&1
local r=$?
test ! ${r} -eq 0 && runtime_error warn ${r} ${FIREHOL_LINEID} ${MODPROBE_CMD} ${mod}
fi
fi
return 0
}
require_kernel_module() {
local new="${1}"
@ -3207,7 +3245,7 @@ case "${arg}" in
fi
echo -n $"FireHOL: Blocking all communications:"
${MODPROBE_CMD} ip_tables >/dev/null 2>&1
load_kernel_module ip_tables
tables=`${CAT_CMD} /proc/net/ip_tables_names`
for t in ${tables}
do
@ -3276,7 +3314,7 @@ case "${arg}" in
else
${CAT_CMD} <<"EOF"
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
@ -3462,7 +3500,7 @@ then
${CAT_CMD} <<"EOF"
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
Home Page: http://firehol.sourceforge.net
@ -3756,7 +3794,7 @@ then
${CAT_CMD} >&2 <<"EOF"
$Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
$Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under GPL.
Home Page: http://firehol.sourceforge.net
@ -3849,7 +3887,7 @@ EOF
echo "# "
${CAT_CMD} <<"EOF"
# $Id: firehol.sh,v 1.121 2003/04/08 00:12:02 ktsaou Exp $
# $Id: firehol.sh,v 1.122 2003/04/18 20:52:44 ktsaou Exp $
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
# FireHOL is distributed under GPL.
# Home Page: http://firehol.sourceforge.net
@ -4233,7 +4271,7 @@ fixed_iptables_save() {
local tmp="${FIREHOL_DIR}/iptables-save-$$"
local err=
${MODPROBE_CMD} ip_tables >/dev/null 2>&1
load_kernel_module ip_tables
${IPTABLES_SAVE_CMD} -c >$tmp
err=$?
if [ ! $err -eq 0 ]
@ -4274,11 +4312,8 @@ fi
${CAT_CMD} >"${FIREHOL_OUTPUT}" <<"EOF"
#!/bin/sh
${MODPROBE_CMD} ip_tables >${FIREHOL_OUTPUT}.log 2>&1
r=$?; test ! ${r} -eq 0 && runtime_error warn ${r} INIT ${MODPROBE_CMD} ip_tables
${MODPROBE_CMD} ip_conntrack >${FIREHOL_OUTPUT}.log 2>&1
r=$?; test ! ${r} -eq 0 && runtime_error warn ${r} INIT ${MODPROBE_CMD} ip_conntrack
load_kernel_module ip_tables
load_kernel_module ip_conntrack
# Find all tables supported
tables=`${CAT_CMD} /proc/net/ip_tables_names`
@ -4395,7 +4430,7 @@ echo
for m in ${FIREHOL_KERNEL_MODULES}
do
postprocess -warn ${MODPROBE_CMD} $m
postprocess -ne load_kernel_module $m
done
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX