mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Changed kernel module management to read kernel configuration and detect
if a module is compiled in the kernel or needs to be loaded separately. (note: this is not finished yet)
This commit is contained in:
parent
45c47aae7d
commit
6f7646972c
@ -70,6 +70,9 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
|
|||||||
</table>
|
</table>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td align=right colspan=3><small><a target="content" href="http://www.google.com.gr/advanced_search?q=site:firehol.sourceforge.net">Search this site with Google</a></small></td>
|
||||||
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
</BODY>
|
</BODY>
|
||||||
|
@ -17,7 +17,7 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
|
|||||||
<meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
|
<meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
|
||||||
<meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
|
<meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
|
||||||
</HEAD>
|
</HEAD>
|
||||||
<FRAMESET rows="175, *" frameborder="0" marginwidth="0" marginheight="0">
|
<FRAMESET rows="185, *" frameborder="0" marginwidth="0" marginheight="0">
|
||||||
<FRAME name="header" src="header.html">
|
<FRAME name="header" src="header.html">
|
||||||
<FRAME name="content" src="overview.html">
|
<FRAME name="content" src="overview.html">
|
||||||
<NOFRAMES>
|
<NOFRAMES>
|
||||||
|
110
firehol.sh
110
firehol.sh
@ -10,10 +10,61 @@
|
|||||||
#
|
#
|
||||||
# config: /etc/firehol/firehol.conf
|
# config: /etc/firehol/firehol.conf
|
||||||
#
|
#
|
||||||
# $Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
|
# $Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# Remember who you are.
|
||||||
FIREHOL_FILE="${0}"
|
FIREHOL_FILE="${0}"
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# KERNEL MODULE MANAGEMENT
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
KERNEL_CONFIG=
|
||||||
|
if [ -f "/proc/config" ]
|
||||||
|
then
|
||||||
|
KERNEL_CONFIG="/proc/config"
|
||||||
|
cat /proc/config >/tmp/kcfg.$$
|
||||||
|
. /tmp/kcfg.$$
|
||||||
|
rm -f /tmp/kcfg.$$
|
||||||
|
|
||||||
|
elif [ -f "/usr/src/linux/.config" ]
|
||||||
|
then
|
||||||
|
KERNEL_CONFIG="/usr/src/linux/.config"
|
||||||
|
. "${KERNEL_CONFIG}"
|
||||||
|
else
|
||||||
|
echo >&2 " "
|
||||||
|
echo >&2 " IMPORTANT WARNING:"
|
||||||
|
echo >&2 " ------------------"
|
||||||
|
echo >&2 " FireHOL cannot find your current kernel configuration."
|
||||||
|
echo >&2 " Please, either compile your kernel with /proc/config,"
|
||||||
|
echo >&2 " or make sure there is a valid kernel config in:"
|
||||||
|
echo >&2 " /usr/src/linux/.config"
|
||||||
|
echo >&2 " "
|
||||||
|
echo >&2 " Because of this, FireHOL will simply attempt to load"
|
||||||
|
echo >&2 " all kernel modules for the services used, without"
|
||||||
|
echo >&2 " being able to detect failures."
|
||||||
|
echo >&2 " "
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
#
|
||||||
|
# EXTERNAL/SYSTEM COMMANDS MANAGEMENT
|
||||||
|
#
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin"
|
PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin"
|
||||||
|
|
||||||
# External commands FireHOL will need.
|
# External commands FireHOL will need.
|
||||||
@ -390,6 +441,14 @@ client_lpd_ports="721:731 default"
|
|||||||
server_microsoft_ds_ports="tcp/microsoft-ds"
|
server_microsoft_ds_ports="tcp/microsoft-ds"
|
||||||
client_microsoft_ds_ports="default"
|
client_microsoft_ds_ports="default"
|
||||||
|
|
||||||
|
server_mms_ports="tcp/1755 udp/1755"
|
||||||
|
client_mms_ports="default"
|
||||||
|
require_mms_modules="ip_conntrack_mms"
|
||||||
|
require_mms_nat_modules="ip_nat_mms"
|
||||||
|
# this will produce warnings on most distribution
|
||||||
|
# because the mms module is not there:
|
||||||
|
# ALL_SHOULD_ALSO_RUN="${ALL_SHOULD_ALSO_RUN} mms"
|
||||||
|
|
||||||
server_msn_ports="tcp/6891"
|
server_msn_ports="tcp/6891"
|
||||||
client_msn_ports="default"
|
client_msn_ports="default"
|
||||||
|
|
||||||
@ -1797,22 +1856,57 @@ set_work_function() {
|
|||||||
# new firewall has been activated. Here we just keep a list of the required
|
# new firewall has been activated. Here we just keep a list of the required
|
||||||
# kernel modules.
|
# kernel modules.
|
||||||
|
|
||||||
|
check_kernel_config() {
|
||||||
|
eval local kcfg="\$${1}"
|
||||||
|
|
||||||
|
case ${kcfg} in
|
||||||
|
y) return 0
|
||||||
|
;;
|
||||||
|
|
||||||
|
m) return 1
|
||||||
|
;;
|
||||||
|
|
||||||
|
*) return 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
return 2
|
||||||
|
}
|
||||||
|
|
||||||
check_kernel_module() {
|
check_kernel_module() {
|
||||||
local mod="${1}"
|
local mod="${1}"
|
||||||
|
|
||||||
case ${mod} in
|
case ${mod} in
|
||||||
ip_tables)
|
ip_tables)
|
||||||
test -f /proc/net/ip_tables_names && return 0
|
test -f /proc/net/ip_tables_names && return 0
|
||||||
return 1
|
check_kernel_config CONFIG_IP_NF_IPTABLES
|
||||||
|
return $?
|
||||||
;;
|
;;
|
||||||
|
|
||||||
ip_conntrack)
|
ip_conntrack)
|
||||||
test -f /proc/net/ip_conntrack && return 0
|
test -f /proc/net/ip_conntrack && return 0
|
||||||
return 1
|
check_kernel_config CONFIG_IP_NF_CONNTRACK
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
|
||||||
|
ip_conntrack_*)
|
||||||
|
local mnam="CONFIG_IP_NF_`echo ${mod} | ${CUT_CMD} -d '_' -f 3- | ${TR_CMD} [a-z] [A-Z]`"
|
||||||
|
check_kernel_config ${mnam}
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
|
||||||
|
ip_nat_*)
|
||||||
|
local mnam="CONFIG_IP_NF_NAT_`echo ${mod} | ${CUT_CMD} -d '_' -f 3- | ${TR_CMD} [a-z] [A-Z]`"
|
||||||
|
check_kernel_config ${mnam}
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
return 2
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
return 1
|
return 2
|
||||||
}
|
}
|
||||||
|
|
||||||
load_kernel_module() {
|
load_kernel_module() {
|
||||||
@ -3828,7 +3922,7 @@ case "${arg}" in
|
|||||||
else
|
else
|
||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
|
$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
|
|
||||||
@ -4014,7 +4108,7 @@ then
|
|||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
|
$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -4309,7 +4403,7 @@ then
|
|||||||
|
|
||||||
${CAT_CMD} >&2 <<EOF
|
${CAT_CMD} >&2 <<EOF
|
||||||
|
|
||||||
$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
|
$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
|
||||||
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
(C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
FireHOL is distributed under GPL.
|
FireHOL is distributed under GPL.
|
||||||
Home Page: http://firehol.sourceforge.net
|
Home Page: http://firehol.sourceforge.net
|
||||||
@ -4392,7 +4486,7 @@ EOF
|
|||||||
echo "# "
|
echo "# "
|
||||||
|
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
# $Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
|
# $Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
|
||||||
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
# (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
|
||||||
# FireHOL is distributed under GPL.
|
# FireHOL is distributed under GPL.
|
||||||
# Home Page: http://firehol.sourceforge.net
|
# Home Page: http://firehol.sourceforge.net
|
||||||
|
Loading…
Reference in New Issue
Block a user