mirror of https://github.com/firehol/firehol.git
Use a regular shell file for installed config
This simplifies the scripts somewhat and the autoconf system quite a bit. To specify a non-default location for the config, export a directory in FIREHOL_OVERRIDE_PROGRAM_DIR and ensure it has an install.config and functions.common.
This commit is contained in:
parent
d104473f33
commit
caedbcd551
|
@ -1,3 +0,0 @@
|
|||
sbin/*.c ident export-subst
|
||||
sbin/*.in ident export-subst
|
||||
packaging/packver ident export-subst
|
|
@ -29,16 +29,10 @@ doc/apa*.html
|
|||
doc/services-?.xml
|
||||
doc/service-links
|
||||
doc/tools/pandoc-post
|
||||
sbin/commands.sed
|
||||
sbin/firehol
|
||||
sbin/firehol.in
|
||||
sbin/fireqos
|
||||
sbin/link-balancer
|
||||
sbin/vnetbuild
|
||||
sbin/iprange
|
||||
sbin/install.config
|
||||
sbin/install.config.in
|
||||
sbin/*.o
|
||||
sbin/.deps
|
||||
sbin/update-ipsets
|
||||
unittest/coverage
|
||||
*.xz
|
||||
*.gz
|
||||
|
|
|
@ -80,7 +80,7 @@ Since all components will go under `/usr/local`, you may prefer something
|
|||
like this:
|
||||
|
||||
~~~~
|
||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
|
||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
|
||||
make
|
||||
make install
|
||||
~~~~
|
||||
|
|
|
@ -1,11 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Update autoconf scripts after a configure.ac change
|
||||
|
||||
if [ ! -f .gitignore -o ! -f sbin/firehol.in ]
|
||||
then
|
||||
echo "Run as ./packaging/autogen.sh from a firehol git repository"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
autoreconf -ivf
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
.in:
|
||||
if sed \
|
||||
-e 's#[@]datarootdir_POST[@]#$(datarootdir)#g' \
|
||||
-e 's#[@]localstatedir_POST[@]#$(localstatedir)#g' \
|
||||
-e 's#[@]sysconfdir_POST[@]#$(sysconfdir)#g' \
|
||||
$< > $@.tmp; then \
|
||||
mv "$@.tmp" "$@"; \
|
||||
else \
|
||||
rm -f "$@.tmp"; \
|
||||
false; \
|
||||
fi
|
44
configure.ac
44
configure.ac
|
@ -18,22 +18,27 @@ AC_INIT([firehol],VERSION_NUMBER[]VERSION_SUFFIX,[firehol-devs@lists.firehol.org
|
|||
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AC_CONFIG_AUX_DIR([autotool])
|
||||
AC_CONFIG_SRCDIR([sbin/firehol.in])
|
||||
AC_CONFIG_SRCDIR([sbin/fireqos.in])
|
||||
AC_CONFIG_SRCDIR([sbin/link-balancer.in])
|
||||
AC_CONFIG_SRCDIR([sbin/update-ipsets.in])
|
||||
AC_CONFIG_SRCDIR([sbin/vnetbuild.in])
|
||||
AC_CONFIG_SRCDIR([sbin/firehol])
|
||||
AM_INIT_AUTOMAKE([gnu])
|
||||
AM_MAINTAINER_MODE([disable])
|
||||
|
||||
dnl Checks for programs.
|
||||
AC_PROG_MAKE_SET
|
||||
|
||||
dnl Check for functioning symbolic links
|
||||
AC_PROG_LN_S
|
||||
|
||||
AM_CONDITIONAL([GIT_TREE], [test -f README.md])
|
||||
|
||||
AX_FIREHOL_AUTOSAVE()
|
||||
AX_FIREHOL_AUTOSAVE6()
|
||||
|
||||
AC_ARG_ENABLE([filename-versions],
|
||||
[AS_HELP_STRING([--disable-filename-versions], [no versions on executable filenames @<:@enabled@:>@])],
|
||||
,
|
||||
[enable_filename_versions="yes"])
|
||||
AM_CONDITIONAL([FILENAME_VERSIONS],[test "${enable_filename_versions}" = "yes"])
|
||||
|
||||
AC_ARG_ENABLE([doc],
|
||||
[AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])],
|
||||
,
|
||||
|
@ -147,6 +152,8 @@ if test x"$MAKEDIST_BUILD_ONLY" != xyes; then
|
|||
AX_NEED_EGREP()
|
||||
AX_NEED_GREP()
|
||||
AX_NEED_SED()
|
||||
AX_NEED_PROG([READLINK], [readlink], [])
|
||||
AX_NEED_PROG([DIRNAME], [dirname], [])
|
||||
if test x"$enable_firehol" = xyes; then
|
||||
AC_MSG_NOTICE([Detecting commands for firehol])
|
||||
AX_NEED_PROG([CAT], [cat], [])
|
||||
|
@ -154,14 +161,14 @@ AX_NEED_PROG([CHMOD], [chmod], [])
|
|||
AX_NEED_PROG([CHOWN], [chown], [])
|
||||
AX_NEED_PROG([CP], [cp], [])
|
||||
AX_NEED_PROG([CUT], [cut], [])
|
||||
AX_CHECK_PROG([DATE], [date], [])
|
||||
AX_NEED_PROG([DATE], [date], [])
|
||||
AX_NEED_PROG([EXPR], [expr], [])
|
||||
AX_NEED_PROG([FIND], [find], [])
|
||||
AX_NEED_PROG([FLOCK], [flock], [])
|
||||
AX_NEED_PROG([FOLD], [fold], [])
|
||||
AX_NEED_PROG([HEAD], [head], [])
|
||||
AX_CHECK_PROG([HOSTNAMECMD], [hostname], [])
|
||||
AX_CHECK_PROG([IP], [ip], [])
|
||||
AX_NEED_PROG([HOSTNAMECMD], [hostname], [])
|
||||
AX_NEED_PROG([IP], [ip], [])
|
||||
if test x"$enable_ipv6" = xyes; then
|
||||
AX_CHECK_PROG([IP6TABLES], [ip6tables], [])
|
||||
fi
|
||||
|
@ -196,11 +203,17 @@ AX_NEED_PROG([MORE], [cat], [])
|
|||
AX_NEED_PROG([MV], [mv], [])
|
||||
AX_CHECK_PROG([NFACCT], [nfacct], [])
|
||||
AX_CHECK_PROG([RENICE], [renice], [])
|
||||
if test x"$RENICE" = x; then
|
||||
AC_SUBST([RENICE], [:])
|
||||
fi
|
||||
AX_NEED_PROG([RM], [rm], [])
|
||||
AX_NEED_PROG([SLEEP], [sleep], [])
|
||||
AX_NEED_PROG([SORT], [sort], [])
|
||||
AX_CHECK_PROG([SS], [ss], [])
|
||||
AX_NEED_PROG([SS], [ss], [])
|
||||
AX_CHECK_PROG([STTY], [stty], [])
|
||||
if test x"$STTY" = x; then
|
||||
AC_SUBST([STTY], [:])
|
||||
fi
|
||||
AX_NEED_PROG([SYSCTL], [sysctl], [])
|
||||
AX_NEED_PROG([TAIL], [tail], [])
|
||||
AX_NEED_PROG([TOUCH], [touch], [])
|
||||
|
@ -211,7 +224,7 @@ AX_NEED_PROG([UNIQ], [uniq], [])
|
|||
AX_NEED_PROG([WC], [wc], [])
|
||||
AX_CHECK_PROG([ZCAT], [zcat], [])
|
||||
AX_CHECK_PROG([ZCAT], [gzcat], [])
|
||||
AX_CHECK_PROG([ZCAT], [gzip], [-dc])
|
||||
AX_NEED_PROG([ZCAT], [gzip], [-dc])
|
||||
fi
|
||||
if test x"$enable_fireqos" = xyes; then
|
||||
AC_MSG_NOTICE([Detecting commands for fireqos])
|
||||
|
@ -220,7 +233,7 @@ AX_NEED_PROG([CUT], [cut], [])
|
|||
AX_NEED_PROG([DATE], [date], [])
|
||||
AX_NEED_PROG([FLOCK], [flock], [])
|
||||
AX_CHECK_PROG([GAWK], [gawk], [])
|
||||
AX_CHECK_PROG([GAWK], [awk], [])
|
||||
AX_NEED_PROG([GAWK], [awk], [])
|
||||
AX_NEED_PROG([IP], [ip], [])
|
||||
AX_NEED_PROG([LOGGER], [logger], [])
|
||||
AX_NEED_PROG([LS], [ls], [])
|
||||
|
@ -284,7 +297,6 @@ AX_NEED_PROG([CURL], [curl], [])
|
|||
AX_NEED_PROG([CUT], [cut], [])
|
||||
AX_NEED_PROG([DATE], [date], [])
|
||||
AX_NEED_PROG([DIFF], [diff], [])
|
||||
AX_NEED_PROG([DIRNAME], [dirname], [])
|
||||
AX_NEED_PROG([FIND], [find], [])
|
||||
AX_NEED_PROG([FLOCK], [flock], [])
|
||||
AX_NEED_PROG([FOLD], [fold], [])
|
||||
|
@ -302,6 +314,9 @@ AX_NEED_PROG([MKDIR], [mkdir], [])
|
|||
AX_NEED_PROG([MKTEMP], [mktemp], [])
|
||||
AX_NEED_PROG([MV], [mv], [])
|
||||
AX_CHECK_PROG([RENICE], [renice], [])
|
||||
if test x"$RENICE" = x; then
|
||||
AC_SUBST([RENICE], [:])
|
||||
fi
|
||||
AX_NEED_PROG([RM], [rm], [])
|
||||
AX_NEED_PROG([SORT], [sort], [])
|
||||
AX_NEED_PROG([TAIL], [tail], [])
|
||||
|
@ -343,13 +358,12 @@ AX_CHECK_MINVER([IPRANGE_VERSION], MIN_IPRANGE_VERSION, [$IPRANGE],
|
|||
[], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)])
|
||||
fi
|
||||
|
||||
AC_SUBST([AUTOCONF_RUN], [Y])
|
||||
AC_SUBST([firehollibexecdir], ["\$(libexecdir)/firehol/\$(PACKAGE_VERSION)"])
|
||||
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
sbin/Makefile
|
||||
sbin/commands.sed
|
||||
sbin/firehol.in
|
||||
sbin/install.config.in
|
||||
m4/Makefile
|
||||
doc/Makefile
|
||||
doc/firehol/Makefile
|
||||
|
|
|
@ -42,9 +42,7 @@ all-local: service-links
|
|||
|
||||
MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks
|
||||
|
||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
||||
|
||||
service-links: $(FIREHOLIN) services-db.data
|
||||
service-links: $(top_srcdir)/sbin/firehol services-db.data
|
||||
$(MKSERVICELINKS) service-links $+
|
||||
|
||||
endif
|
||||
|
|
|
@ -151,9 +151,7 @@ FORMATTABLE = ${top_srcdir}/doc/tools/format-table
|
|||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||
|
||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
||||
|
||||
firehol-services.5.md: $(FIREHOLIN) ../services-db.data ../service-links
|
||||
firehol-services.5.md: $(top_srcdir)/sbin/firehol ../services-db.data ../service-links
|
||||
$(MKSERVICEMAN) firehol-services.5.md $+
|
||||
|
||||
contents.md: *.1.md *.5.md contents.tpl
|
||||
|
|
|
@ -46,7 +46,11 @@ To build and install taking the default options:
|
|||
./configure && make && sudo make install
|
||||
|
||||
|
||||
Alternatively, just copy the `sbin/firehol.in` file to where you want it.
|
||||
Since all components (including configuration files) will go
|
||||
under `/usr/local`, you may prefer to configure more like this:
|
||||
|
||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
|
||||
|
||||
All of the common SysVInit command line arguments are recognised which
|
||||
makes it easy to deploy the script as a startup service.
|
||||
|
||||
|
|
|
@ -127,8 +127,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
|
|||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||
|
||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
||||
|
||||
man/man1/%.1: %.1.md
|
||||
$(MKDIR_P) man/man1
|
||||
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
||||
|
|
|
@ -62,8 +62,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
|
|||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||
|
||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
||||
|
||||
man/man1/%.1: %.1.md
|
||||
$(MKDIR_P) man/man1
|
||||
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
||||
|
|
|
@ -12,7 +12,7 @@ use File::Basename;
|
|||
if (@ARGV == 0) {
|
||||
print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n";
|
||||
print "\n";
|
||||
print "Finds usages of commands which should be converted to \$COMMAND_CMD format\n";
|
||||
print "Finds usages of commands which should be converted to \@COMMAND\@ format\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -11,14 +11,15 @@ firehol_check_file() {
|
|||
sbin/Makefile.in)
|
||||
:
|
||||
;;
|
||||
configure.ac|sbin/commands.sed.in)
|
||||
check_commands sbin/firehol.in || status=1
|
||||
check_commands sbin/fireqos.in || status=1
|
||||
check_commands sbin/link-balancer.in || status=1
|
||||
check_commands sbin/update-ipsets.in || status=1
|
||||
check_commands sbin/vnetbuild.in || status=1
|
||||
configure.ac|sbin/install.config.in.in)
|
||||
check_commands sbin/firehol || status=1
|
||||
check_commands sbin/fireqos || status=1
|
||||
check_commands sbin/link-balancer || status=1
|
||||
check_commands sbin/update-ipsets || status=1
|
||||
check_commands sbin/vnetbuild || status=1
|
||||
check_detection_useful sbin/firehol sbin/fireqos sbin/link-balancer sbin/update-ipsets sbin/vnetbuild || status=1
|
||||
;;
|
||||
sbin/*.in)
|
||||
sbin/firehol|sbin/fireqos|sbin/link-balancer|sbin/update-ipsets|sbin/vnetbuild)
|
||||
check_commands $filename || status=1
|
||||
;;
|
||||
doc/services-db.data)
|
||||
|
@ -50,8 +51,8 @@ check_commands() {
|
|||
|
||||
get_staged_file $1
|
||||
get_staged_file configure.ac
|
||||
get_staged_file sbin/commands.sed.in
|
||||
get_staged_file sbin/functions.common.sh
|
||||
get_staged_file sbin/install.config.in.in
|
||||
get_staged_file sbin/functions.common
|
||||
|
||||
# Find commands that have been enclosed in quotes and remove anything after
|
||||
# if nothing matched the substitution, proceed to the next line
|
||||
|
@ -98,40 +99,25 @@ check_commands() {
|
|||
cat $MYTMP/errors
|
||||
fi
|
||||
|
||||
sed -n -e "s/^ *[YN]|//p" $MYTMP/files/$1 > $MYTMP/commands-defined
|
||||
sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
|
||||
|
||||
for cmd in $(tr " " "\n" < $MYTMP/files/$1 |
|
||||
sed -n -e 's/.*\(\<[A-Z0-9_]*\)_CMD.*/\1/p' | sort | uniq)
|
||||
sed -n -e 's/.*\(\<[A-Z0-9_]*_CMD\).*/\1/p' | sort | uniq)
|
||||
do
|
||||
if ! grep -q "^${cmd}_CMD|" $MYTMP/commands-defined
|
||||
autocmd=`grep "^${cmd} " $MYTMP/commands-defined | cut -f2 -d' '`
|
||||
if [ ! "$autocmd" ]
|
||||
then
|
||||
status=1
|
||||
echo "Missing definition of $cmd in $1 detection table."
|
||||
echo "sbin/install.config.in.in: missing definition of $cmd (for $1)"
|
||||
fi
|
||||
|
||||
# Hostname is a special case - configure will expand it to running host,
|
||||
# overwriting the value we wanted to use.
|
||||
if [ "$cmd" = "HOSTNAME" ]; then cmd="HOSTNAMECMD"; fi
|
||||
if ! grep -q "_${cmd}(\|\[$cmd\]" $MYTMP/files/configure.ac
|
||||
if ! grep -q "_${autocmd}(\|\[$autocmd\]" $MYTMP/files/configure.ac
|
||||
then
|
||||
status=1
|
||||
echo "Missing detection of $cmd for $1 in configure.ac"
|
||||
echo "configure.ac: missing detection of $autocmd (for $1)"
|
||||
fi
|
||||
done
|
||||
|
||||
while IFS="|" read cmd subst defaults
|
||||
do
|
||||
if ! grep -q "\${*$cmd" $MYTMP/files/$1 $MYTMP/files/sbin/*.sh
|
||||
then
|
||||
status=1
|
||||
echo "$cmd detected but never used in $1 or function libraries"
|
||||
fi
|
||||
if ! grep -q "#$subst#" $MYTMP/files/sbin/commands.sed.in
|
||||
then
|
||||
status=1
|
||||
echo "$cmd detected but $subst never substituted by sbin/commands.sed.in"
|
||||
fi
|
||||
done < $MYTMP/commands-defined
|
||||
|
||||
(
|
||||
a=`pwd`
|
||||
cd $MYTMP/files
|
||||
|
@ -141,3 +127,37 @@ check_commands() {
|
|||
|
||||
return $status
|
||||
}
|
||||
|
||||
check_detection_useful() {
|
||||
local status=0
|
||||
|
||||
touch $MYTMP/commands-checked
|
||||
if grep -q -F -z "$1" $MYTMP/commands-checked
|
||||
then
|
||||
# Only check a file once - an edit to some files checks multiple
|
||||
return 0
|
||||
else
|
||||
echo "$1" >> $MYTMP/commands-checked
|
||||
fi
|
||||
|
||||
list=
|
||||
for i in "$@"
|
||||
do
|
||||
get_staged_file $1
|
||||
list="$list $MYTMP/files/$1"
|
||||
done
|
||||
get_staged_file configure.ac
|
||||
get_staged_file sbin/install.config.in.in
|
||||
get_staged_file sbin/functions.common
|
||||
|
||||
sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
|
||||
|
||||
while read cmd subst
|
||||
do
|
||||
if ! grep -q "\${*$cmd" $list $MYTMP/files/sbin/functions.*
|
||||
then
|
||||
status=1
|
||||
echo "$cmd detected but never used in $1 or function libraries"
|
||||
fi
|
||||
done < $MYTMP/commands-defined
|
||||
}
|
||||
|
|
|
@ -51,11 +51,7 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \
|
|||
-e '/: tmp-anchor-links$/d' \
|
||||
-e '/: tmp-manproc$/d' \
|
||||
-e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \
|
||||
-e '/: unittest$/d' \
|
||||
-e '/: iprange$/d' \
|
||||
-e '/: .*\.o$/d' \
|
||||
-e '/sbin: \(firehol\|fireqos\|link-balancer\)$/d' \
|
||||
-e '/sbin: \(update-ipsets\|vnetbuild\|commands.sed\)$/d' > $MYTMP/out
|
||||
-e '/: unittest$/d' > $MYTMP/out
|
||||
|
||||
cat $MYTMP/out
|
||||
test -s $MYTMP/out && exit 1
|
||||
|
|
|
@ -1,38 +1,11 @@
|
|||
# Process this file with automake to produce Makefile.in
|
||||
|
||||
libarchinddir = $(prefix)/lib
|
||||
|
||||
scriptsin = \
|
||||
firehol.in \
|
||||
fireqos.in \
|
||||
link-balancer.in \
|
||||
update-ipsets.in \
|
||||
vnetbuild.in
|
||||
inclibdir = @firehollibexecdir@
|
||||
|
||||
inclibdir = $(libarchinddir)/firehol
|
||||
include $(top_srcdir)/build/subst.inc
|
||||
|
||||
SUFFIXES = .in
|
||||
.in:
|
||||
if [ "$@" = "commands.sed.in" ]; then \
|
||||
true; \
|
||||
elif sed \
|
||||
-e '/^# Start defaults before configure/,/^# End/d' \
|
||||
-e 's#[$$]prefix_POST#$(prefix)#g' \
|
||||
-e 's#[$$]bindir_POST#$(bindir)#g' \
|
||||
-e 's#[$$]libdir_POST#$(inclibdir)#g' \
|
||||
-e 's#[$$]localstatedir_POST#$(localstatedir)#g' \
|
||||
-e 's#[$$]sysconfdir_POST#$(sysconfdir)#g' \
|
||||
-f commands.sed \
|
||||
$< > $@.tmp; then \
|
||||
mv "$@.tmp" "$@"; \
|
||||
chmod 755 "$@"; \
|
||||
else \
|
||||
rm -f "$@.tmp"; \
|
||||
false; \
|
||||
fi
|
||||
|
||||
inclib_DATA = \
|
||||
functions.common.sh
|
||||
|
||||
scripts =
|
||||
if ENABLE_FIREHOL
|
||||
|
@ -55,12 +28,29 @@ if ENABLE_VNETBUILD
|
|||
scripts += vnetbuild
|
||||
endif
|
||||
|
||||
sbin_SCRIPTS = $(scripts)
|
||||
CLEANFILES = install.config
|
||||
|
||||
inclib_DATA = \
|
||||
functions.common \
|
||||
install.config \
|
||||
$(NULL)
|
||||
|
||||
inclib_SCRIPTS = $(scripts)
|
||||
|
||||
EXTRA_DIST = \
|
||||
commands.sed.in \
|
||||
$(scriptsin) \
|
||||
$(inclib_DATA)
|
||||
functions.common \
|
||||
install.config.in \
|
||||
$(scripts) \
|
||||
$(NULL)
|
||||
|
||||
uninstall-local:
|
||||
install-exec-hook:
|
||||
$(MKDIR_P) $(DESTDIR)$(sbindir)
|
||||
for i in $(scripts); do \
|
||||
$(RM) -f $(DESTDIR)$(sbindir)/$$i; \
|
||||
$(LN_S) $(DESTDIR)$(inclibdir)/$$i $(DESTDIR)$(sbindir); done
|
||||
|
||||
uninstall-hook:
|
||||
for i in $(scripts); do \
|
||||
$(RM) -f $(DESTDIR)$(sbindir)/$$i; done
|
||||
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir)
|
||||
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(sbindir)
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
/VERSION=/s#'[$]Id.*'#'@PACKAGE_VERSION@'#g
|
||||
s#[@]BRIDGE@#@BRIDGE@#g
|
||||
s#[@]CAT@#@CAT@#g
|
||||
s#[@]CHMOD@#@CHMOD@#g
|
||||
s#[@]CHOWN@#@CHOWN@#g
|
||||
s#[@]CP@#@CP@#g
|
||||
s#[@]CURL@#@CURL@#g
|
||||
s#[@]CUT@#@CUT@#g
|
||||
s#[@]DATE@#@DATE@#g
|
||||
s#[@]DIFF@#@DIFF@#g
|
||||
s#[@]DIRNAME@#@DIRNAME@#g
|
||||
s#[@]EGREP@#@EGREP@#g
|
||||
s#[@]ENV@#@ENV@#g
|
||||
s#[@]EXPR@#@EXPR@#g
|
||||
s#[@]FIND@#@FIND@#g
|
||||
s#[@]FLOCK@#@FLOCK@#g
|
||||
s#[@]FOLD@#@FOLD@#g
|
||||
s#[@]FUNZIP@#@FUNZIP@#g
|
||||
s#[@]JQ@#@JQ@#g
|
||||
s#[@]GAWK@#@GAWK@#g
|
||||
s#[@]GIT@#@GIT@#g
|
||||
s#[@]GREP@#@GREP@#g
|
||||
s#[@]HEAD@#@HEAD@#g
|
||||
s#[@]HOSTNAMECMD@#@HOSTNAMECMD@#g
|
||||
s#[@]IP6TABLES@#@IP6TABLES@#g
|
||||
s#[@]IP6TABLES_RESTORE@#@IP6TABLES_RESTORE@#g
|
||||
s#[@]IP6TABLES_SAVE@#@IP6TABLES_SAVE@#g
|
||||
s#[@]IP@#@IP@#g
|
||||
s#[@]IPRANGE@#@IPRANGE@#g
|
||||
s#[@]IPSET@#@IPSET@#g
|
||||
s#[@]IPTABLES@#@IPTABLES@#g
|
||||
s#[@]IPTABLES_RESTORE@#@IPTABLES_RESTORE@#g
|
||||
s#[@]IPTABLES_SAVE@#@IPTABLES_SAVE@#g
|
||||
s#[@]JQ@#@JQ@#g
|
||||
s#[@]LN@#@LN@#g
|
||||
s#[@]LOGGER@#@LOGGER@#g
|
||||
s#[@]LS@#@LS@#g
|
||||
s#[@]LSMOD@#@LSMOD@#g
|
||||
s#[@]MKDIR@#@MKDIR@#g
|
||||
s#[@]MKTEMP@#@MKTEMP@#g
|
||||
s#[@]MODPROBE@#@MODPROBE@#g
|
||||
s#[@]MORE@#@MORE@#g
|
||||
s#[@]MV@#@MV@#g
|
||||
s#[@]NEATO@#@NEATO@#g
|
||||
s#[@]NFACCT@#@NFACCT@#g
|
||||
s#[@]PING6@#@PING6@#g
|
||||
s#[@]PING@#@PING@#g
|
||||
s#[@]RENICE@#@RENICE@#g
|
||||
s#[@]RMMOD@#@RMMOD@#g
|
||||
s#[@]RM@#@RM@#g
|
||||
s#[@]SCREEN@#@SCREEN@#g
|
||||
s#[@]SED@#@SED@#g
|
||||
s#[@]SEQ@#@SEQ@#g
|
||||
s#[@]SH@#@SH@#g
|
||||
s#[@]SLEEP@#@SLEEP@#g
|
||||
s#[@]SORT@#@SORT@#g
|
||||
s#[@]SS@#@SS@#g
|
||||
s#[@]STTY@#@STTY@#g
|
||||
s#[@]SYSCTL@#@SYSCTL@#g
|
||||
s#[@]TAIL@#@TAIL@#g
|
||||
s#[@]TAR@#@TAR@#g
|
||||
s#[@]TCPDUMP@#@TCPDUMP@#g
|
||||
s#[@]TC@#@TC@#g
|
||||
s#[@]TOUCH@#@TOUCH@#g
|
||||
s#[@]TPUT@#@TPUT@#g
|
||||
s#[@]TRACEROUTE@#@TRACEROUTE@#g
|
||||
s#[@]TR@#@TR@#g
|
||||
s#[@]UNAME@#@UNAME@#g
|
||||
s#[@]UNIQ@#@UNIQ@#g
|
||||
s#[@]UNZIP@#@UNZIP@#g
|
||||
s#[@]WC@#@WC@#g
|
||||
s#[@]WGET@#@WGET@#g
|
||||
s#[@]WHOIS@#@WHOIS@#g
|
||||
s#[@]ZCAT@#@ZCAT@#g
|
|
@ -25,31 +25,28 @@
|
|||
# See the file COPYING for details.
|
||||
#
|
||||
|
||||
VERSION='$Id$'
|
||||
PROGRAM_FILE="${0}"
|
||||
PROGRAM_DIR="${0%/*}"
|
||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
||||
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||
then
|
||||
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||
else
|
||||
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||
fi
|
||||
PROGRAM_PWD="${PWD}"
|
||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||
|
||||
# Start defaults before configure
|
||||
prefix_POST=/usr
|
||||
sysconfdir_POST=/etc
|
||||
localstatedir_POST=/var
|
||||
libdir_POST=$PROGRAM_DIR
|
||||
# End defaults before configure
|
||||
for functions_file in $libdir_POST/functions.common.sh
|
||||
for functions_file in install.config functions.common
|
||||
do
|
||||
if [ -r $functions_file ]
|
||||
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||
then
|
||||
source $functions_file
|
||||
source "$PROGRAM_DIR/$functions_file"
|
||||
else
|
||||
1>&2 echo "Cannot access $functions_file"
|
||||
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
||||
common_disable_localization || exit
|
||||
common_private_umask || exit
|
||||
common_require_root || exit
|
||||
|
@ -232,16 +229,6 @@ markdef() {
|
|||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
if [ "@AUTOCONF_RUN@" = "Y" ]
|
||||
then
|
||||
FIREHOL_AUTOSAVE="@FIREHOL_AUTOSAVE@"
|
||||
FIREHOL_AUTOSAVE6="@FIREHOL_AUTOSAVE6@"
|
||||
ENABLE_IPV4="@IPV4_ENABLED@"
|
||||
ENABLE_IPV6="@IPV6_ENABLED@"
|
||||
else
|
||||
FIREHOL_CONFIG_DIR="/etc/firehol"
|
||||
fi
|
||||
|
||||
# --- BEGIN OF FIREHOL DEFAULTS ---
|
||||
|
||||
# These are the defaults for FireHOL.
|
||||
|
@ -252,26 +239,23 @@ fi
|
|||
|
||||
# FireHOL config directory.
|
||||
# EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE
|
||||
# SHOULD STILL EXIST IN THE ORIGINAL $FIREHOL_CONFIG_DIR
|
||||
FIREHOL_CONFIG_DIR="$FIREHOL_CONFIG_DIR"
|
||||
# SHOULD STILL EXIST IN THE ORIGINAL $SYSCONFDIR/firehol
|
||||
FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR}"
|
||||
|
||||
# FireHOL services directory.
|
||||
# FireHOL will look into this directory for service
|
||||
# definition files (*.conf).
|
||||
# Package maintainers may install their service definitions
|
||||
# in this directory.
|
||||
# Default: /etc/firehol/services
|
||||
FIREHOL_SERVICES_DIR="${FIREHOL_CONFIG_DIR}/services"
|
||||
# Default: $SYSCONFDIR/firehol/services
|
||||
FIREHOL_SERVICES_DIR="${FIREHOL_SERVICES_DIR}"
|
||||
|
||||
# Where to permanently save state information?
|
||||
# Default: /var/spool/firehol
|
||||
FIREHOL_SPOOL_DIR="/var/spool/firehol"
|
||||
# Default: $LOCALSTATEDIR/spool/firehol
|
||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR}"
|
||||
|
||||
# Where temporary files should go?
|
||||
# /var/run is usualy a ram drive, so we prefer to use
|
||||
# this for temporary files.
|
||||
# Default: /var/run/firehol
|
||||
FIREHOL_RUN_DIR="/var/run/firehol"
|
||||
FIREHOL_RUN_DIR="${FIREHOL_RUN_DIR}"
|
||||
|
||||
# show a spinner during processing that shows
|
||||
# number of iptables statements generated
|
||||
|
@ -780,7 +764,7 @@ IPTRAP_DEFAULT_IPSET_COUNTERS_OPTIONS="timeout 3600 counters"
|
|||
# FireHOL will overwite these settings with the contents of the files with
|
||||
# the same names in ${FIREHOL_CONFIG_DIR}.
|
||||
#
|
||||
# For example, RESERVED_IPV4 will be set from /etc/firehol/RESERVED_IPV4
|
||||
# For example, RESERVED_IPV4 will be set from $SYSCONFDIR/firehol/RESERVED_IPV4
|
||||
|
||||
# IANA reserved address space that should never appear
|
||||
RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 "
|
||||
|
@ -848,59 +832,6 @@ fi
|
|||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
||||
Y|CAT_CMD|@CAT@|cat
|
||||
Y|CUT_CMD|@CUT@|cut
|
||||
Y|CHOWN_CMD|@CHOWN@|chown
|
||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
||||
Y|EXPR_CMD|@EXPR@|expr
|
||||
Y|FIND_CMD|@FIND@|find
|
||||
Y|FOLD_CMD|@FOLD@|fold
|
||||
Y|GREP_CMD|@GREP@|grep
|
||||
Y|HEAD_CMD|@HEAD@|head
|
||||
Y|TAIL_CMD|@TAIL@|tail
|
||||
Y|LS_CMD|@LS@|ls
|
||||
Y|LSMOD_CMD|@LSMOD@|lsmod
|
||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
||||
Y|MV_CMD|@MV@|mv
|
||||
Y|RM_CMD|@RM@|rm
|
||||
Y|SED_CMD|@SED@|sed
|
||||
Y|SORT_CMD|@SORT@|sort
|
||||
Y|SYSCTL_CMD|@SYSCTL@|sysctl
|
||||
Y|TOUCH_CMD|@TOUCH@|touch
|
||||
Y|TR_CMD|@TR@|tr
|
||||
Y|UNAME_CMD|@UNAME@|uname
|
||||
Y|UNIQ_CMD|@UNIQ@|uniq
|
||||
Y|LOGGER_CMD|@LOGGER@|logger
|
||||
Y|FLOCK_CMD|@FLOCK@|flock
|
||||
N|NFACCT_CMD|@NFACCT@|nfacct
|
||||
N|IPRANGE_CMD|@IPRANGE@|iprange
|
||||
N|IPSET_CMD|@IPSET@|ipset
|
||||
N|IPTABLES_CMD|@IPTABLES@|iptables
|
||||
N|IP6TABLES_CMD|@IP6TABLES@|ip6tables
|
||||
N|IPTABLES_SAVE_CMD|@IPTABLES_SAVE@|iptables-save
|
||||
N|IP6TABLES_SAVE_CMD|@IP6TABLES_SAVE@|ip6tables-save
|
||||
N|IPTABLES_RESTORE_CMD|@IPTABLES_RESTORE@|iptables-restore
|
||||
N|IP6TABLES_RESTORE_CMD|@IP6TABLES_RESTORE@|ip6tables-restore
|
||||
Y|MORE_CMD|@MORE@|pager less more cat
|
||||
Y|RENICE_CMD|@RENICE@|renice :
|
||||
Y|STTY_CMD|@STTY@|stty :
|
||||
N|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
|
||||
N|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
|
||||
N|IP_CMD|@IP@|ip
|
||||
N|SS_CMD|@SS@|ss
|
||||
N|DATE_CMD|@DATE@|date
|
||||
N|HOSTNAME_CMD|@HOSTNAMECMD@|hostname
|
||||
N|TPUT_CMD|@TPUT@|tput
|
||||
Y|WC_CMD|@WC@|wc
|
||||
Y|CP_CMD|@CP@|cp
|
||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
||||
!
|
||||
status=$?
|
||||
test $status -eq 0 || exit $status
|
||||
|
||||
emit_version() {
|
||||
${CAT_CMD} <<EOF
|
||||
|
||||
|
@ -931,16 +862,16 @@ test ${RUNNING_ON_TERMINAL} -eq 0 && FIREHOL_ENABLE_SPINNER=0
|
|||
|
||||
FIREHOL_HAVE_IPRANGE=1
|
||||
IPRANGE_WARNING=0
|
||||
IPRANGE_REDUCE=Y
|
||||
if [ ! -z "${IPRANGE_CMD}" ]
|
||||
then
|
||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD=
|
||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_REDUCE=
|
||||
fi
|
||||
|
||||
if [ -z "${IPRANGE_CMD}" ]
|
||||
if [ -z "${IPRANGE_CMD}" -o -z "$IPRANGE_REDUCE" ]
|
||||
then
|
||||
FIREHOL_HAVE_IPRANGE=0
|
||||
IPRANGE_WARNING=1
|
||||
IPRANGE_CMD=
|
||||
fi
|
||||
|
||||
ENABLE_ACCOUNTING=1
|
||||
|
@ -1003,6 +934,15 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ]
|
||||
then
|
||||
if [ -z "${MODPROBE_CMD}" ]
|
||||
then
|
||||
echo >&2 " WARNING: no modprobe command: module loading disabled"
|
||||
FIREHOL_LOAD_KERNEL_MODULES=0
|
||||
fi
|
||||
fi
|
||||
|
||||
firehol_concurrent_run_lock() {
|
||||
exec 200>"${FIREHOL_LOCK_FILE}"
|
||||
if [ $? -ne 0 ]; then exit; fi
|
||||
|
@ -12469,7 +12409,7 @@ then
|
|||
then
|
||||
# RedHat
|
||||
FIREHOL_AUTOSAVE="/etc/sysconfig/iptables"
|
||||
elif [ -d "/var/lib/iptables" ]
|
||||
elif [ -d "$LOCALSTATEDIR/lib/iptables" ]
|
||||
then
|
||||
if [ -f /etc/conf.d/iptables ]
|
||||
then
|
||||
|
@ -12483,7 +12423,7 @@ then
|
|||
if [ -z "${FIREHOL_AUTOSAVE}" ]
|
||||
then
|
||||
# Debian
|
||||
FIREHOL_AUTOSAVE="/var/lib/iptables/autosave"
|
||||
FIREHOL_AUTOSAVE="$LOCALSTATEDIR/lib/iptables/autosave"
|
||||
fi
|
||||
else
|
||||
error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE."
|
|
@ -25,31 +25,28 @@
|
|||
# See the file COPYING for details.
|
||||
#
|
||||
|
||||
VERSION='$Id$'
|
||||
PROGRAM_FILE="${0}"
|
||||
PROGRAM_DIR="${0%/*}"
|
||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
||||
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||
then
|
||||
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||
else
|
||||
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||
fi
|
||||
PROGRAM_PWD="${PWD}"
|
||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||
|
||||
# Start defaults before configure
|
||||
prefix_POST=/usr
|
||||
sysconfdir_POST=/etc
|
||||
localstatedir_POST=/var
|
||||
libdir_POST=$PROGRAM_DIR
|
||||
# End defaults before configure
|
||||
for functions_file in $libdir_POST/functions.common.sh
|
||||
for functions_file in install.config functions.common
|
||||
do
|
||||
if [ -r $functions_file ]
|
||||
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||
then
|
||||
source $functions_file
|
||||
source "$PROGRAM_DIR/$functions_file"
|
||||
else
|
||||
1>&2 echo "Cannot access $functions_file"
|
||||
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
||||
common_disable_localization || exit
|
||||
common_public_umask || exit
|
||||
common_require_root || exit
|
||||
|
@ -63,9 +60,9 @@ shopt -s extglob
|
|||
|
||||
FIREQOS_SYSLOG_FACILITY="daemon"
|
||||
FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf"
|
||||
FIREQOS_LOCK_FILE=/var/run/fireqos.lock
|
||||
FIREQOS_LOCK_FILE="$LOCALSTATEDIR/run/fireqos.lock"
|
||||
FIREQOS_LOCK_FILE_TIMEOUT=600
|
||||
FIREQOS_DIR=/var/run/fireqos
|
||||
FIREQOS_DIR="$LOCALSTATEDIR/run/fireqos"
|
||||
FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM"
|
||||
|
||||
# Gets set to 1 if this system cannot handle sub-second resolution
|
||||
|
@ -111,35 +108,6 @@ then
|
|||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||
fi
|
||||
|
||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
||||
N|TPUT_CMD|@TPUT@|tput
|
||||
Y|IP_CMD|@IP@|ip
|
||||
Y|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
|
||||
Y|RMMOD_CMD|@RMMOD@|rmmod
|
||||
Y|FLOCK_CMD|@FLOCK@|flock
|
||||
Y|GREP_CMD|@GREP@|grep
|
||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
||||
Y|CAT_CMD|@CAT@|cat
|
||||
Y|CUT_CMD|@CUT@|cut
|
||||
Y|SED_CMD|@SED@|sed
|
||||
Y|TOUCH_CMD|@TOUCH@|touch
|
||||
Y|TR_CMD|@TR@|tr
|
||||
Y|MV_CMD|@MV@|mv
|
||||
Y|LOGGER_CMD|@LOGGER@|logger
|
||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
||||
Y|RM_CMD|@RM@|rm
|
||||
Y|TC_CMD|@TC@|tc
|
||||
N|GAWK_CMD|@GAWK@|gawk awk
|
||||
N|TCPDUMP_CMD|@TCPDUMP@|tcpdump
|
||||
Y|SEQ_CMD|@SEQ@|seq
|
||||
Y|LS_CMD|@LS@|ls
|
||||
Y|DATE_CMD|@DATE@|date
|
||||
Y|TAIL_CMD|@TAIL@|tail
|
||||
!
|
||||
status=$?
|
||||
test $status -eq 0 || exit $status
|
||||
|
||||
RUNNING_ON_TERMINAL=0
|
||||
if [ "z$1" = "z-nc" ]
|
||||
then
|
||||
|
@ -277,7 +245,6 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
|
|||
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
||||
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
||||
|
||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}"
|
||||
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
||||
then
|
||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
|
@ -0,0 +1,99 @@
|
|||
#
|
||||
# Copyright
|
||||
#
|
||||
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
|
||||
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
|
||||
#
|
||||
# See sbin/firehol.in for details
|
||||
#
|
||||
# This file contains functions used by the firehol suite.
|
||||
# To keep the namespace clean, functions defined in functions.x.sh
|
||||
# should be of the form x_whatever() if they are intended for general
|
||||
# use or int_x_whatever() if they are intended as helpers to the other
|
||||
# functions in the file.
|
||||
#
|
||||
|
||||
common_require_cmd() {
|
||||
local progname="$1" var="$2" val=
|
||||
|
||||
eval val=\$\{${var}\}
|
||||
if [ "${val}" ]
|
||||
then
|
||||
return 0
|
||||
fi
|
||||
|
||||
$CAT_CMD >&2 <<-__EOF__
|
||||
ERROR: $progname feature requires $var
|
||||
|
||||
You have invoked the program requesting a feature which uses
|
||||
a program which was not available when $progname was installed.
|
||||
|
||||
Please re-install $progname with a suitable command available.
|
||||
__EOF__
|
||||
|
||||
exit 1
|
||||
}
|
||||
|
||||
common_require_root() {
|
||||
if [ "${UID}" != 0 ]
|
||||
then
|
||||
echo >&2
|
||||
echo >&2 "ERROR:"
|
||||
echo >&2 "Only user root can run ${1}"
|
||||
echo >&2
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
common_disable_localization() {
|
||||
export LC_ALL=C
|
||||
}
|
||||
|
||||
common_private_umask() {
|
||||
# Make sure our generated files cannot be accessed by anyone else.
|
||||
umask 077
|
||||
}
|
||||
|
||||
common_public_umask() {
|
||||
# let everyone read our status info
|
||||
umask 022
|
||||
}
|
||||
|
||||
common_setup_terminal() {
|
||||
# Are stdout/stderr on the terminal? If not, then fail
|
||||
test -t 2 || return 1
|
||||
test -t 1 || return 1
|
||||
|
||||
if [ ! -z "$TPUT_CMD" ]
|
||||
then
|
||||
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
|
||||
then
|
||||
# Enable colors
|
||||
COLOR_RESET="\e[0m"
|
||||
COLOR_BLACK="\e[30m"
|
||||
COLOR_RED="\e[31m"
|
||||
COLOR_GREEN="\e[32m"
|
||||
COLOR_YELLOW="\e[33m"
|
||||
COLOR_BLUE="\e[34m"
|
||||
COLOR_PURPLE="\e[35m"
|
||||
COLOR_CYAN="\e[36m"
|
||||
COLOR_WHITE="\e[37m"
|
||||
COLOR_BGBLACK="\e[40m"
|
||||
COLOR_BGRED="\e[41m"
|
||||
COLOR_BGGREEN="\e[42m"
|
||||
COLOR_BGYELLOW="\e[43m"
|
||||
COLOR_BGBLUE="\e[44m"
|
||||
COLOR_BGPURPLE="\e[45m"
|
||||
COLOR_BGCYAN="\e[46m"
|
||||
COLOR_BGWHITE="\e[47m"
|
||||
COLOR_BOLD="\e[1m"
|
||||
COLOR_DIM="\e[2m"
|
||||
COLOR_UNDERLINED="\e[4m"
|
||||
COLOR_BLINK="\e[5m"
|
||||
COLOR_INVERTED="\e[7m"
|
||||
fi
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
|
@ -1,239 +0,0 @@
|
|||
#
|
||||
# Copyright
|
||||
#
|
||||
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
|
||||
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
|
||||
#
|
||||
# See sbin/firehol.in for details
|
||||
#
|
||||
# This file contains functions used by the firehol suite.
|
||||
# To keep the namespace clean, functions defined in functions.x.sh
|
||||
# should be of the form x_whatever() if they are intended for general
|
||||
# use or int_x_whatever() if they are intended as helpers to the other
|
||||
# functions in the file.
|
||||
#
|
||||
|
||||
which_cmd() {
|
||||
local name="$1"
|
||||
shift
|
||||
|
||||
if [ "$1" = ":" ]
|
||||
then
|
||||
eval $name=":"
|
||||
return 0
|
||||
fi
|
||||
|
||||
unalias $1 >/dev/null 2>&1
|
||||
local cmd=
|
||||
IFS= read cmd <<-EOF
|
||||
$(which $1 2> /dev/null)
|
||||
EOF
|
||||
|
||||
if [ $? -gt 0 -o ! -x "${cmd}" ]
|
||||
then
|
||||
return 1
|
||||
fi
|
||||
shift
|
||||
|
||||
if [ $# -eq 0 ]
|
||||
then
|
||||
eval $name="'${cmd}'"
|
||||
else
|
||||
eval $name="'${cmd} ${@}'"
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
common_require_cmd() {
|
||||
local progname= var= val= block=1
|
||||
|
||||
progname="$1"
|
||||
shift
|
||||
|
||||
if [ "$1" = "-n" ]
|
||||
then
|
||||
block=0
|
||||
shift
|
||||
fi
|
||||
|
||||
var="$1"
|
||||
shift
|
||||
|
||||
eval val=\$\{${var}\} || return 2
|
||||
if [ "${val}" ]
|
||||
then
|
||||
local cmd="${val/ */}"
|
||||
if [ "$cmd" != ":" -a ! -x "$cmd" ]
|
||||
then
|
||||
echo >&2
|
||||
if [ $block -eq 0 ]
|
||||
then
|
||||
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
|
||||
echo >&2 "please add or correct $var in firehol-defaults.conf"
|
||||
val=""
|
||||
else
|
||||
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
|
||||
echo >&2 "please add or correct $var in firehol-defaults.conf"
|
||||
return 2
|
||||
fi
|
||||
fi
|
||||
|
||||
# link-balancer calls itself; export our findings so
|
||||
# we do not repeat all of the lookups
|
||||
eval export "$var"
|
||||
return 0
|
||||
elif [ $block -eq 0 ]
|
||||
then
|
||||
eval set -- "$@"
|
||||
for cmd in "$@"
|
||||
do
|
||||
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
|
||||
done
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [ $# -eq 0 ]
|
||||
then
|
||||
eval set -- "\$NEED_${var}"
|
||||
fi
|
||||
|
||||
echo >&2
|
||||
echo >&2 "ERROR: $progname REQUIRES ONE OF THESE COMMANDS:"
|
||||
echo >&2
|
||||
echo >&2 " ${@}"
|
||||
echo >&2
|
||||
echo >&2 " You have requested the use of a $progname"
|
||||
echo >&2 " feature that requires certain external programs"
|
||||
echo >&2 " to be installed in the running system."
|
||||
echo >&2
|
||||
echo >&2 " Please consult your Linux distribution manual to"
|
||||
echo >&2 " install the package(s) that provide these external"
|
||||
echo >&2 " programs and retry."
|
||||
echo >&2
|
||||
echo >&2 " Note that you need an operational 'which' command"
|
||||
echo >&2 " for $progname to find all the external programs it"
|
||||
echo >&2 " needs. Check it yourself. Run:"
|
||||
echo >&2
|
||||
for x in "${@}"
|
||||
do
|
||||
echo >&2 " which $x"
|
||||
done
|
||||
|
||||
return 2
|
||||
}
|
||||
|
||||
int_common_which_all() {
|
||||
local cmd_var="$1"
|
||||
|
||||
eval set -- "$2"
|
||||
for cmd in "$@"
|
||||
do
|
||||
which_cmd $cmd_var $cmd && break
|
||||
done
|
||||
}
|
||||
|
||||
# Where required = Y, if a command is not found, FireHOL will refuse to run.
|
||||
# Where required = N, the command only required when it is actually used
|
||||
#
|
||||
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
|
||||
# be used. Otherwise, if the script has been configured with ./configure
|
||||
# the detected versions will be used. If the script has not been configured
|
||||
# then the list of possible commands is autodetected.
|
||||
common_load_commands() {
|
||||
local progname="$1"
|
||||
shift
|
||||
local AUTOCONF_RUN="$1"
|
||||
shift
|
||||
|
||||
while IFS="|" read required cmd_var autoconf possibles
|
||||
do
|
||||
if [ "$AUTOCONF_RUN" = "Y" ]
|
||||
then
|
||||
case "$autoconf" in
|
||||
"@"*) autoconf=""; ;;
|
||||
esac
|
||||
fi
|
||||
eval set_in_defaults=\"\$$cmd_var\"
|
||||
if [ "$set_in_defaults" ]
|
||||
then
|
||||
:
|
||||
elif [ "$AUTOCONF_RUN" = "Y" -a ! -z "$autoconf" ]
|
||||
then
|
||||
eval $cmd_var=\"$autoconf\"
|
||||
else
|
||||
dirname="${0%/*}"
|
||||
if [ "$dirname" = "$0" ]; then dirname="."; fi
|
||||
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH:$dirname" int_common_which_all $cmd_var "$possibles"
|
||||
fi
|
||||
if [ "$required" = "Y" ]
|
||||
then
|
||||
common_require_cmd $progname $cmd_var $possibles || return
|
||||
else
|
||||
common_require_cmd $progname -n $cmd_var $possibles || return
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
common_require_root() {
|
||||
if [ "${UID}" != 0 ]
|
||||
then
|
||||
echo >&2
|
||||
echo >&2 "ERROR:"
|
||||
echo >&2 "Only user root can run ${1}"
|
||||
echo >&2
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
common_disable_localization() {
|
||||
export LC_ALL=C
|
||||
}
|
||||
|
||||
common_private_umask() {
|
||||
# Make sure our generated files cannot be accessed by anyone else.
|
||||
umask 077
|
||||
}
|
||||
|
||||
common_public_umask() {
|
||||
# let everyone read our status info
|
||||
umask 022
|
||||
}
|
||||
|
||||
common_setup_terminal() {
|
||||
# Are stdout/stderr on the terminal? If not, then fail
|
||||
test -t 2 || return 1
|
||||
test -t 1 || return 1
|
||||
|
||||
if [ ! -z "$TPUT_CMD" ]
|
||||
then
|
||||
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
|
||||
then
|
||||
# Enable colors
|
||||
COLOR_RESET="\e[0m"
|
||||
COLOR_BLACK="\e[30m"
|
||||
COLOR_RED="\e[31m"
|
||||
COLOR_GREEN="\e[32m"
|
||||
COLOR_YELLOW="\e[33m"
|
||||
COLOR_BLUE="\e[34m"
|
||||
COLOR_PURPLE="\e[35m"
|
||||
COLOR_CYAN="\e[36m"
|
||||
COLOR_WHITE="\e[37m"
|
||||
COLOR_BGBLACK="\e[40m"
|
||||
COLOR_BGRED="\e[41m"
|
||||
COLOR_BGGREEN="\e[42m"
|
||||
COLOR_BGYELLOW="\e[43m"
|
||||
COLOR_BGBLUE="\e[44m"
|
||||
COLOR_BGPURPLE="\e[45m"
|
||||
COLOR_BGCYAN="\e[46m"
|
||||
COLOR_BGWHITE="\e[47m"
|
||||
COLOR_BOLD="\e[1m"
|
||||
COLOR_DIM="\e[2m"
|
||||
COLOR_UNDERLINED="\e[4m"
|
||||
COLOR_BLINK="\e[5m"
|
||||
COLOR_INVERTED="\e[7m"
|
||||
fi
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
|
@ -0,0 +1,89 @@
|
|||
VERSION=@PACKAGE_VERSION@
|
||||
|
||||
DATAROOTDIR="@datarootdir_POST@"
|
||||
SYSCONFDIR="@sysconfdir_POST@"
|
||||
LOCALSTATEDIR="@localstatedir_POST@"
|
||||
|
||||
# Default directories (file "${FIREHOL_CONFIG_DIR}/firehol.defaults" overrides)
|
||||
FIREHOL_CONFIG_DIR="$SYSCONFDIR/firehol"
|
||||
FIREHOL_SERVICES_DIR="$SYSCONFDIR/firehol/services"
|
||||
FIREHOL_SHARE_DIR="$DATAROOTDIR/firehol"
|
||||
FIREHOL_SPOOL_DIR="$LOCALSTATEDIR/spool/firehol"
|
||||
FIREHOL_RUN_DIR="$LOCALSTATEDIR/run/firehol"
|
||||
|
||||
ENABLE_IPV4=@IPV4_ENABLED@
|
||||
ENABLE_IPV6=@IPV6_ENABLED@
|
||||
|
||||
BRIDGE_CMD="@BRIDGE@"
|
||||
CAT_CMD="@CAT@"
|
||||
CHMOD_CMD="@CHMOD@"
|
||||
CHOWN_CMD="@CHOWN@"
|
||||
CP_CMD="@CP@"
|
||||
CURL_CMD="@CURL@"
|
||||
CUT_CMD="@CUT@"
|
||||
DATE_CMD="@DATE@"
|
||||
DIFF_CMD="@DIFF@"
|
||||
DIRNAME_CMD="@DIRNAME@"
|
||||
EGREP_CMD="@EGREP@"
|
||||
ENV_CMD="@ENV@"
|
||||
EXPR_CMD="@EXPR@"
|
||||
FIND_CMD="@FIND@"
|
||||
FLOCK_CMD="@FLOCK@"
|
||||
FOLD_CMD="@FOLD@"
|
||||
FUNZIP_CMD="@FUNZIP@"
|
||||
JQ_CMD="@JQ@"
|
||||
GAWK_CMD="@GAWK@"
|
||||
GIT_CMD="@GIT@"
|
||||
GREP_CMD="@GREP@"
|
||||
HEAD_CMD="@HEAD@"
|
||||
HOSTNAME_CMD="@HOSTNAMECMD@"
|
||||
IP6TABLES_CMD="@IP6TABLES@"
|
||||
IP6TABLES_RESTORE_CMD="@IP6TABLES_RESTORE@"
|
||||
IP6TABLES_SAVE_CMD="@IP6TABLES_SAVE@"
|
||||
IP_CMD="@IP@"
|
||||
IPRANGE_CMD="@IPRANGE@"
|
||||
IPSET_CMD="@IPSET@"
|
||||
IPTABLES_CMD="@IPTABLES@"
|
||||
IPTABLES_RESTORE_CMD="@IPTABLES_RESTORE@"
|
||||
IPTABLES_SAVE_CMD="@IPTABLES_SAVE@"
|
||||
JQ_CMD="@JQ@"
|
||||
LN_CMD="@LN@"
|
||||
LOGGER_CMD="@LOGGER@"
|
||||
LS_CMD="@LS@"
|
||||
LSMOD_CMD="@LSMOD@"
|
||||
MKDIR_CMD="@MKDIR@"
|
||||
MKTEMP_CMD="@MKTEMP@"
|
||||
MODPROBE_CMD="@MODPROBE@"
|
||||
MORE_CMD="@MORE@"
|
||||
MV_CMD="@MV@"
|
||||
NEATO_CMD="@NEATO@"
|
||||
NFACCT_CMD="@NFACCT@"
|
||||
PING6_CMD="@PING6@"
|
||||
PING_CMD="@PING@"
|
||||
RENICE_CMD="@RENICE@"
|
||||
RMMOD_CMD="@RMMOD@"
|
||||
RM_CMD="@RM@"
|
||||
SCREEN_CMD="@SCREEN@"
|
||||
SED_CMD="@SED@"
|
||||
SEQ_CMD="@SEQ@"
|
||||
SH_CMD="@SH@"
|
||||
SLEEP_CMD="@SLEEP@"
|
||||
SORT_CMD="@SORT@"
|
||||
SS_CMD="@SS@"
|
||||
STTY_CMD="@STTY@"
|
||||
SYSCTL_CMD="@SYSCTL@"
|
||||
TAIL_CMD="@TAIL@"
|
||||
TAR_CMD="@TAR@"
|
||||
TCPDUMP_CMD="@TCPDUMP@"
|
||||
TC_CMD="@TC@"
|
||||
TOUCH_CMD="@TOUCH@"
|
||||
TPUT_CMD="@TPUT@"
|
||||
TRACEROUTE_CMD="@TRACEROUTE@"
|
||||
TR_CMD="@TR@"
|
||||
UNAME_CMD="@UNAME@"
|
||||
UNIQ_CMD="@UNIQ@"
|
||||
UNZIP_CMD="@UNZIP@"
|
||||
WC_CMD="@WC@"
|
||||
WGET_CMD="@WGET@"
|
||||
WHOIS_CMD="@WHOIS@"
|
||||
ZCAT_CMD="@ZCAT@"
|
|
@ -25,31 +25,28 @@
|
|||
# See the file COPYING for details.
|
||||
#
|
||||
|
||||
VERSION='$Id$'
|
||||
PROGRAM_FILE="${0}"
|
||||
PROGRAM_DIR="${0%/*}"
|
||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
||||
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||
then
|
||||
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||
else
|
||||
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||
fi
|
||||
PROGRAM_PWD="${PWD}"
|
||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||
|
||||
# Start defaults before configure
|
||||
prefix_POST=/usr
|
||||
sysconfdir_POST=/etc
|
||||
localstatedir_POST=/var
|
||||
libdir_POST=$PROGRAM_DIR
|
||||
# End defaults before configure
|
||||
for functions_file in $libdir_POST/functions.common.sh
|
||||
for functions_file in install.config functions.common
|
||||
do
|
||||
if [ -r $functions_file ]
|
||||
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||
then
|
||||
source $functions_file
|
||||
source "$PROGRAM_DIR/$functions_file"
|
||||
else
|
||||
1>&2 echo "Cannot access $functions_file"
|
||||
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
||||
common_disable_localization || exit
|
||||
common_private_umask || exit
|
||||
common_require_root || exit
|
||||
|
@ -63,7 +60,7 @@ if [ "$LB_DEBUGGING" ]; then set -v; set -x; fi
|
|||
# link-balancer temporary directory.
|
||||
# every instance of link-balancer creates a random directory
|
||||
# within this one.
|
||||
LB_RUN_DIR="/var/run/link-balancer"
|
||||
LB_RUN_DIR="$LOCALSTATEDIR/run/link-balancer"
|
||||
|
||||
# If this is set to 1, no checks will be made if the gateways are available.
|
||||
# All gateways will be assumed active, if their interfaces are found
|
||||
|
@ -112,44 +109,6 @@ fi
|
|||
# temporary variable (default LB_DEFAULT_IPV=4)
|
||||
LB_IPV=
|
||||
|
||||
# Load commands link-balancer will need.
|
||||
|
||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
||||
Y|IP_CMD|@IP@|ip
|
||||
Y|DIFF_CMD|@DIFF@|diff
|
||||
Y|FLOCK_CMD|@FLOCK@|flock
|
||||
Y|GREP_CMD|@GREP@|grep
|
||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
||||
Y|CUT_CMD|@CUT@|cut
|
||||
Y|CAT_CMD|@CAT@|cat
|
||||
Y|SED_CMD|@SED@|sed
|
||||
Y|TR_CMD|@TR@|tr
|
||||
Y|LN_CMD|@LN@|ln
|
||||
Y|LS_CMD|@LS@|ls
|
||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
||||
Y|TOUCH_CMD|@TOUCH@|touch
|
||||
Y|LOGGER_CMD|@LOGGER@|logger
|
||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
||||
Y|CHOWN_CMD|@CHOWN@|chown
|
||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
||||
Y|RM_CMD|@RM@|rm
|
||||
Y|PING_CMD|@PING@|ping
|
||||
Y|PING6_CMD|@PING6@|ping6 'ping -6'
|
||||
Y|TRACEROUTE_CMD|@TRACEROUTE@|traceroute
|
||||
Y|SORT_CMD|@SORT@|sort
|
||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
||||
Y|ENV_CMD|@ENV@|env
|
||||
N|WHOIS_CMD|@WHOIS@|whois
|
||||
N|JQ_CMD|@JQ@|jq
|
||||
N|HEAD_CMD|@HEAD@|head
|
||||
N|TPUT_CMD|@TPUT@|tput
|
||||
N|WGET_CMD|@WGET@|wget
|
||||
N|SCREEN_CMD|@SCREEN@|screen
|
||||
Y|IPRANGE_CMD|@IPRANGE@|iprange
|
||||
!
|
||||
status=$?
|
||||
test $status -eq 0 || exit $status
|
||||
|
||||
RUNNING_ON_TERMINAL=0
|
||||
if [ "z$1" = "z-nc" ]
|
||||
then
|
||||
|
@ -209,7 +168,7 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
|
|||
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
||||
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
||||
|
||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}"
|
||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-$LOCALSTATEDIR/spool/firehol}"
|
||||
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
||||
then
|
||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
||||
|
@ -1888,7 +1847,7 @@ policy
|
|||
# You can also have all the IPs in separate files:
|
||||
# Run:
|
||||
#
|
||||
# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$sysconfdir_POST/firehol/PROVIDER1_IPS
|
||||
# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$SYSCONFDIR/firehol/PROVIDER1_IPS
|
||||
#
|
||||
# Then:
|
||||
rules dst loadfile PROVIDER1_IPS table dsl1
|
|
@ -56,7 +56,7 @@
|
|||
# - update a kernel ipset, having the same name
|
||||
#
|
||||
# 5. It can commit all successfully updated files to a git repository.
|
||||
# Just do 'git init' in $sysconfdir_POST/firehol/ipsets to enable it.
|
||||
# Just do 'git init' in $SYSCONFDIR/firehol/ipsets to enable it.
|
||||
# If it is called with -g it will also push the committed changes
|
||||
# to a remote git server (to have this done by cron, please set
|
||||
# git to automatically push changes without human action).
|
||||
|
@ -80,31 +80,28 @@
|
|||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
VERSION='$Id$'
|
||||
PROGRAM_FILE="${0}"
|
||||
PROGRAM_DIR="${0%/*}"
|
||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
||||
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||
then
|
||||
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||
else
|
||||
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||
fi
|
||||
PROGRAM_PWD="${PWD}"
|
||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||
|
||||
# Start defaults before configure
|
||||
prefix_POST=/usr
|
||||
sysconfdir_POST=/etc
|
||||
localstatedir_POST=/var
|
||||
libdir_POST=$PROGRAM_DIR
|
||||
# End defaults before configure
|
||||
for functions_file in $libdir_POST/functions.common.sh
|
||||
for functions_file in install.config functions.common
|
||||
do
|
||||
if [ -r $functions_file ]
|
||||
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||
then
|
||||
source $functions_file
|
||||
source "$PROGRAM_DIR/$functions_file"
|
||||
else
|
||||
1>&2 echo "Cannot access $functions_file"
|
||||
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
||||
common_disable_localization || exit
|
||||
common_private_umask || exit
|
||||
|
||||
|
@ -115,49 +112,6 @@ then
|
|||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||
fi
|
||||
|
||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
||||
Y|IPRANGE_CMD|@IPRANGE@|iprange
|
||||
Y|DIRNAME_CMD|@DIRNAME@|dirname
|
||||
Y|TAIL_CMD|@TAIL@|tail
|
||||
Y|RENICE_CMD|@RENICE@|renice :
|
||||
Y|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
|
||||
Y|DATE_CMD|@DATE@|date
|
||||
Y|DIFF_CMD|@DIFF@|diff
|
||||
Y|FLOCK_CMD|@FLOCK@|flock
|
||||
Y|GREP_CMD|@GREP@|grep
|
||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
||||
Y|CUT_CMD|@CUT@|cut
|
||||
Y|CAT_CMD|@CAT@|cat
|
||||
Y|SED_CMD|@SED@|sed
|
||||
Y|TR_CMD|@TR@|tr
|
||||
Y|LN_CMD|@LN@|ln
|
||||
Y|LS_CMD|@LS@|ls
|
||||
Y|TOUCH_CMD|@TOUCH@|touch
|
||||
Y|LOGGER_CMD|@LOGGER@|logger
|
||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
||||
Y|CHOWN_CMD|@CHOWN@|chown
|
||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
||||
Y|RM_CMD|@RM@|rm
|
||||
Y|SORT_CMD|@SORT@|sort
|
||||
Y|GAWK_CMD|@GAWK@|gawk awk
|
||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
||||
N|TPUT_CMD|@TPUT@|tput
|
||||
Y|FOLD_CMD|@FOLD@|fold
|
||||
Y|CURL_CMD|@CURL@|curl
|
||||
Y|FIND_CMD|@FIND@|find
|
||||
Y|WC_CMD|@WC@|wc
|
||||
Y|MV_CMD|@MV@|mv
|
||||
Y|CP_CMD|@CP@|cp
|
||||
Y|TAR_CMD|@TAR@|tar
|
||||
Y|IPSET_CMD|@IPSET@|ipset
|
||||
N|UNZIP_CMD|@UNZIP@|unzip
|
||||
N|FUNZIP_CMD|@FUNZIP@|funzip
|
||||
N|JQ_CMD|@JQ@|jq
|
||||
N|GIT_CMD|@GIT@|git
|
||||
!
|
||||
status=$?
|
||||
test $status -eq 0 || exit $status
|
||||
|
||||
RUNNING_ON_TERMINAL=0
|
||||
if [ "z$1" = "z-nc" ]
|
||||
then
|
||||
|
@ -311,12 +265,13 @@ ipset_verbose() {
|
|||
# -----------------------------------------------------------------------------
|
||||
# find a working iprange command
|
||||
|
||||
HAVE_IPRANGE=${IPRANGE_CMD}
|
||||
if [ ! -z "${IPRANGE_CMD}" ]
|
||||
then
|
||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD=
|
||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || HAVE_IPRANGE=
|
||||
fi
|
||||
|
||||
if [ -z "${IPRANGE_CMD}" ]
|
||||
if [ -z "$HAVE_IPRANGE" ]
|
||||
then
|
||||
error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed."
|
||||
exit 1
|
||||
|
@ -325,16 +280,13 @@ fi
|
|||
# -----------------------------------------------------------------------------
|
||||
# CONFIGURATION
|
||||
|
||||
FIREHOL_SHARE_DIR="${FIREHOL_SHARE_DIR-/usr/share/firehol}"
|
||||
FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR-$sysconfdir_POST/firehol}"
|
||||
|
||||
if [ "${UID}" = "0" -o -z "${UID}" ]
|
||||
then
|
||||
BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}"
|
||||
CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}"
|
||||
RUN_PARENT_DIR="${RUN_PARENT_DIR-/var/run}"
|
||||
CACHE_DIR="${CACHE_DIR-/var/cache/update-ipsets}"
|
||||
LIB_DIR="${LIB_DIR-/var/lib/update-ipsets}"
|
||||
RUN_PARENT_DIR="${RUN_PARENT_DIR-$LOCALSTATEDIR/run}"
|
||||
CACHE_DIR="${CACHE_DIR-$LOCALSTATEDIR/cache/update-ipsets}"
|
||||
LIB_DIR="${LIB_DIR-$LOCALSTATEDIR/lib/update-ipsets}"
|
||||
IPSETS_APPLY=1
|
||||
else
|
||||
$MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1
|
|
@ -25,31 +25,28 @@
|
|||
# See the file COPYING for details.
|
||||
#
|
||||
|
||||
VERSION='$Id$'
|
||||
PROGRAM_FILE="${0}"
|
||||
PROGRAM_DIR="${0%/*}"
|
||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
||||
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||
then
|
||||
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||
else
|
||||
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||
fi
|
||||
PROGRAM_PWD="${PWD}"
|
||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||
|
||||
# Start defaults before configure
|
||||
prefix_POST=/usr
|
||||
sysconfdir_POST=/etc
|
||||
localstatedir_POST=/var
|
||||
libdir_POST=$PROGRAM_DIR
|
||||
# End defaults before configure
|
||||
for functions_file in $libdir_POST/functions.common.sh
|
||||
for functions_file in install.config functions.common
|
||||
do
|
||||
if [ -r $functions_file ]
|
||||
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||
then
|
||||
source $functions_file
|
||||
source "$PROGRAM_DIR/$functions_file"
|
||||
else
|
||||
1>&2 echo "Cannot access $functions_file"
|
||||
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
||||
common_disable_localization || exit
|
||||
|
||||
marksreset() { :; }
|
||||
|
@ -59,22 +56,6 @@ then
|
|||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||
fi
|
||||
|
||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
||||
Y|IP_CMD|@IP@|ip
|
||||
Y|BRIDGE_CMD|@BRIDGE@|bridge
|
||||
Y|GREP_CMD|@GREP@|grep
|
||||
Y|FIND_CMD|@FIND@|find
|
||||
Y|SH_CMD|@SH@|sh bash ksh
|
||||
Y|CUT_CMD|@CUT@|cut
|
||||
Y|CAT_CMD|@CAT@|cat
|
||||
Y|SED_CMD|@SED@|sed
|
||||
Y|TR_CMD|@TR@|tr
|
||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
||||
Y|RM_CMD|@RM@|rm
|
||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
||||
N|NEATO_CMD|@NEATO@|neato
|
||||
!
|
||||
status=$?
|
||||
test $status -eq 0 || exit $status
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Disable IPV4
|
||||
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||
cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||
ENABLE_IPV4=0
|
||||
END-DEFAULTS
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Disable IPV6
|
||||
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||
cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||
ENABLE_IPV6=0
|
||||
END-DEFAULTS
|
||||
|
|
|
@ -40,6 +40,14 @@ then
|
|||
haderror="Y"
|
||||
fi
|
||||
|
||||
if [ ! -f ../sbin/install.config.in ]
|
||||
then
|
||||
echo "../sbin/install.config.in missing: run configure"
|
||||
echo ""
|
||||
haderror="Y"
|
||||
fi
|
||||
|
||||
|
||||
if [ "$haderror" -o $# -lt 1 ]
|
||||
then
|
||||
if [ "$haderror" ]
|
||||
|
@ -54,23 +62,6 @@ then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# First set up our namespace so we can write where we need to
|
||||
mount -t tmpfs tmpfs /etc/firehol || exit 1
|
||||
mkdir /var/run/firehol || exit 1
|
||||
mkdir /var/spool/firehol || exit 1
|
||||
mkdir /var/run/firehol/webdir || exit 1
|
||||
|
||||
# Check the files are gone
|
||||
if [ -f /etc/firehol/firehol.conf \
|
||||
-o -f /etc/firehol/firehol-defaults.conf \
|
||||
-o -f /etc/firehol/fireqos.conf \
|
||||
-o -f /etc/firehol/link-balancer.conf \
|
||||
-o -d /etc/firehol/services ]
|
||||
then
|
||||
echo "Namespace switch failed! Aborting!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -r /proc/net/ip_tables_names ]
|
||||
then
|
||||
echo "Faking /proc/net/ip_tables_names"
|
||||
|
@ -88,8 +79,7 @@ then
|
|||
echo >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ETCSAVE=/etc/firehol.save$$
|
||||
export MYTMP
|
||||
|
||||
myexit() {
|
||||
rm -f /var/run/firehol.lck
|
||||
|
@ -104,6 +94,12 @@ trap myexit 0
|
|||
TESTDIR=`pwd`/
|
||||
export TESTDIR
|
||||
|
||||
# Force the programs to find our special configuration
|
||||
export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog
|
||||
mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||
sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config"
|
||||
cp ../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||
|
||||
kcov=`which kcov 2> /dev/null`
|
||||
if [ "$kcov" ]
|
||||
then
|
||||
|
@ -256,7 +252,7 @@ do
|
|||
then
|
||||
echo "Cannot determine program for $conf"
|
||||
else
|
||||
script=../sbin/${program}.in
|
||||
script=../sbin/${program}
|
||||
export script
|
||||
total=$((total + 1))
|
||||
|
||||
|
@ -266,8 +262,8 @@ do
|
|||
fi
|
||||
|
||||
# Define our configuration directory exactly as we want it
|
||||
# note: we are running in a namespace with /etc/firehol as a tmpfs
|
||||
rm -rf /etc/firehol/*
|
||||
rm -rf $MYTMP/firehol
|
||||
mkdir $MYTMP/firehol
|
||||
|
||||
# Default special cases:
|
||||
# - egrep because /sbin/egrep makes use of PATH to find 'grep -E'
|
||||
|
@ -276,7 +272,7 @@ do
|
|||
# - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc.
|
||||
# keep within our mounts
|
||||
# - PATH reset to ensure it is off (some programs reset it)
|
||||
cat > /etc/firehol/firehol-defaults.conf <<-!
|
||||
cat > $MYTMP/firehol/firehol-defaults.conf <<-!
|
||||
EGREP_CMD='/bin/grep -E'
|
||||
LOGGER_CMD='/bin/echo logger:'
|
||||
LB_RUN_DIR=/var/run/firehol/link-balancer
|
||||
|
@ -296,7 +292,7 @@ do
|
|||
"$pre_sh" "$conf"
|
||||
else
|
||||
# Or just take the defaults
|
||||
mkdir -p /etc/firehol/services
|
||||
mkdir -p $MYTMP/firehol/services
|
||||
fi
|
||||
|
||||
# Run the script
|
||||
|
@ -313,7 +309,7 @@ do
|
|||
status=$?
|
||||
;;
|
||||
link-balancer|update-ipsets)
|
||||
cp "$conf" /etc/firehol/${program}.conf
|
||||
cp "$conf" $MYTMP/firehol/${program}.conf
|
||||
$kcov "$script" > "$runlog" 2>&1 < /dev/null
|
||||
status=$?
|
||||
;;
|
||||
|
@ -332,7 +328,7 @@ do
|
|||
then
|
||||
errors=$((errors + 1))
|
||||
echo "Unexpected run error - check $runlog"
|
||||
elif grep -q '\.in: line [0-9]*:' "$runlog"
|
||||
elif grep -q ': line [0-9]*:' "$runlog"
|
||||
then
|
||||
errors=$((errors + 1))
|
||||
echo "Unexpected runtime errors - check $runlog"
|
||||
|
|
Loading…
Reference in New Issue