sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-16 03:58:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use a regular shell file for installed config

Browse Source 
This simplifies the scripts somewhat and the autoconf system quite a bit.

To specify a non-default location for the config, export a directory
in FIREHOL_OVERRIDE_PROGRAM_DIR and ensure it has an install.config
and functions.common.
This commit is contained in:
Philip Whineray 2016-03-23 07:45:19 +00:00
parent d104473f33
commit caedbcd551
27 changed files with 434 additions and 753 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@ -1,3 +0,0 @@
sbin/*.c ident export-subst
sbin/*.in ident export-subst
packaging/packver ident export-subst

10
.gitignore vendored
View File

@ -29,16 +29,10 @@ doc/apa*.html
doc/services-?.xml doc/services-?.xml
doc/service-links doc/service-links
doc/tools/pandoc-post doc/tools/pandoc-post
sbin/commands.sed sbin/install.config
sbin/firehol sbin/install.config.in
sbin/firehol.in
sbin/fireqos
sbin/link-balancer
sbin/vnetbuild
sbin/iprange
sbin/*.o sbin/*.o
sbin/.deps sbin/.deps
sbin/update-ipsets
unittest/coverage unittest/coverage
*.xz *.xz
*.gz *.gz

2
README.md
View File

@ -80,7 +80,7 @@ Since all components will go under `/usr/local`, you may prefer something
like this: like this:
~~~~ ~~~~
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
make make
make install make install
~~~~ ~~~~

7
autogen.sh
View File

@ -1,11 +1,4 @@
#!/bin/sh #!/bin/sh
# Update autoconf scripts after a configure.ac change # Update autoconf scripts after a configure.ac change
if [ ! -f .gitignore -o ! -f sbin/firehol.in ]
then
echo "Run as ./packaging/autogen.sh from a firehol git repository"
exit 1
fi
autoreconf -ivf autoreconf -ivf

11
build/subst.inc Normal file
View File

@ -0,0 +1,11 @@
.in:
if sed \
-e 's#[@]datarootdir_POST[@]#$(datarootdir)#g' \
-e 's#[@]localstatedir_POST[@]#$(localstatedir)#g' \
-e 's#[@]sysconfdir_POST[@]#$(sysconfdir)#g' \
$< > $@.tmp; then \
mv "$@.tmp" "$@"; \
else \
rm -f "$@.tmp"; \
false; \
fi

44
configure.ac
View File

@ -18,22 +18,27 @@ AC_INIT([firehol],VERSION_NUMBER[]VERSION_SUFFIX,[firehol-devs@lists.firehol.org
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_AUX_DIR([autotool]) AC_CONFIG_AUX_DIR([autotool])
AC_CONFIG_SRCDIR([sbin/firehol.in]) AC_CONFIG_SRCDIR([sbin/firehol])
AC_CONFIG_SRCDIR([sbin/fireqos.in])
AC_CONFIG_SRCDIR([sbin/link-balancer.in])
AC_CONFIG_SRCDIR([sbin/update-ipsets.in])
AC_CONFIG_SRCDIR([sbin/vnetbuild.in])
AM_INIT_AUTOMAKE([gnu]) AM_INIT_AUTOMAKE([gnu])
AM_MAINTAINER_MODE([disable]) AM_MAINTAINER_MODE([disable])
dnl Checks for programs. dnl Checks for programs.
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
dnl Check for functioning symbolic links
AC_PROG_LN_S
AM_CONDITIONAL([GIT_TREE], [test -f README.md]) AM_CONDITIONAL([GIT_TREE], [test -f README.md])
AX_FIREHOL_AUTOSAVE() AX_FIREHOL_AUTOSAVE()
AX_FIREHOL_AUTOSAVE6() AX_FIREHOL_AUTOSAVE6()
AC_ARG_ENABLE([filename-versions],
[AS_HELP_STRING([--disable-filename-versions], [no versions on executable filenames @<:@enabled@:>@])],
,
[enable_filename_versions="yes"])
AM_CONDITIONAL([FILENAME_VERSIONS],[test "${enable_filename_versions}" = "yes"])
AC_ARG_ENABLE([doc], AC_ARG_ENABLE([doc],
[AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])], [AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])],
, ,
@ -147,6 +152,8 @@ if test x"$MAKEDIST_BUILD_ONLY" != xyes; then
AX_NEED_EGREP() AX_NEED_EGREP()
AX_NEED_GREP() AX_NEED_GREP()
AX_NEED_SED() AX_NEED_SED()
AX_NEED_PROG([READLINK], [readlink], [])
AX_NEED_PROG([DIRNAME], [dirname], [])
if test x"$enable_firehol" = xyes; then if test x"$enable_firehol" = xyes; then
AC_MSG_NOTICE([Detecting commands for firehol]) AC_MSG_NOTICE([Detecting commands for firehol])
AX_NEED_PROG([CAT], [cat], []) AX_NEED_PROG([CAT], [cat], [])
@ -154,14 +161,14 @@ AX_NEED_PROG([CHMOD], [chmod], [])
AX_NEED_PROG([CHOWN], [chown], []) AX_NEED_PROG([CHOWN], [chown], [])
AX_NEED_PROG([CP], [cp], []) AX_NEED_PROG([CP], [cp], [])
AX_NEED_PROG([CUT], [cut], []) AX_NEED_PROG([CUT], [cut], [])
AX_CHECK_PROG([DATE], [date], []) AX_NEED_PROG([DATE], [date], [])
AX_NEED_PROG([EXPR], [expr], []) AX_NEED_PROG([EXPR], [expr], [])
AX_NEED_PROG([FIND], [find], []) AX_NEED_PROG([FIND], [find], [])
AX_NEED_PROG([FLOCK], [flock], []) AX_NEED_PROG([FLOCK], [flock], [])
AX_NEED_PROG([FOLD], [fold], []) AX_NEED_PROG([FOLD], [fold], [])
AX_NEED_PROG([HEAD], [head], []) AX_NEED_PROG([HEAD], [head], [])
AX_CHECK_PROG([HOSTNAMECMD], [hostname], []) AX_NEED_PROG([HOSTNAMECMD], [hostname], [])
AX_CHECK_PROG([IP], [ip], []) AX_NEED_PROG([IP], [ip], [])
if test x"$enable_ipv6" = xyes; then if test x"$enable_ipv6" = xyes; then
AX_CHECK_PROG([IP6TABLES], [ip6tables], []) AX_CHECK_PROG([IP6TABLES], [ip6tables], [])
fi fi
@ -196,11 +203,17 @@ AX_NEED_PROG([MORE], [cat], [])
AX_NEED_PROG([MV], [mv], []) AX_NEED_PROG([MV], [mv], [])
AX_CHECK_PROG([NFACCT], [nfacct], []) AX_CHECK_PROG([NFACCT], [nfacct], [])
AX_CHECK_PROG([RENICE], [renice], []) AX_CHECK_PROG([RENICE], [renice], [])
if test x"$RENICE" = x; then
AC_SUBST([RENICE], [:])
fi
AX_NEED_PROG([RM], [rm], []) AX_NEED_PROG([RM], [rm], [])
AX_NEED_PROG([SLEEP], [sleep], []) AX_NEED_PROG([SLEEP], [sleep], [])
AX_NEED_PROG([SORT], [sort], []) AX_NEED_PROG([SORT], [sort], [])
AX_CHECK_PROG([SS], [ss], []) AX_NEED_PROG([SS], [ss], [])
AX_CHECK_PROG([STTY], [stty], []) AX_CHECK_PROG([STTY], [stty], [])
if test x"$STTY" = x; then
AC_SUBST([STTY], [:])
fi
AX_NEED_PROG([SYSCTL], [sysctl], []) AX_NEED_PROG([SYSCTL], [sysctl], [])
AX_NEED_PROG([TAIL], [tail], []) AX_NEED_PROG([TAIL], [tail], [])
AX_NEED_PROG([TOUCH], [touch], []) AX_NEED_PROG([TOUCH], [touch], [])
@ -211,7 +224,7 @@ AX_NEED_PROG([UNIQ], [uniq], [])
AX_NEED_PROG([WC], [wc], []) AX_NEED_PROG([WC], [wc], [])
AX_CHECK_PROG([ZCAT], [zcat], []) AX_CHECK_PROG([ZCAT], [zcat], [])
AX_CHECK_PROG([ZCAT], [gzcat], []) AX_CHECK_PROG([ZCAT], [gzcat], [])
AX_CHECK_PROG([ZCAT], [gzip], [-dc]) AX_NEED_PROG([ZCAT], [gzip], [-dc])
fi fi
if test x"$enable_fireqos" = xyes; then if test x"$enable_fireqos" = xyes; then
AC_MSG_NOTICE([Detecting commands for fireqos]) AC_MSG_NOTICE([Detecting commands for fireqos])
@ -220,7 +233,7 @@ AX_NEED_PROG([CUT], [cut], [])
AX_NEED_PROG([DATE], [date], []) AX_NEED_PROG([DATE], [date], [])
AX_NEED_PROG([FLOCK], [flock], []) AX_NEED_PROG([FLOCK], [flock], [])
AX_CHECK_PROG([GAWK], [gawk], []) AX_CHECK_PROG([GAWK], [gawk], [])
AX_CHECK_PROG([GAWK], [awk], []) AX_NEED_PROG([GAWK], [awk], [])
AX_NEED_PROG([IP], [ip], []) AX_NEED_PROG([IP], [ip], [])
AX_NEED_PROG([LOGGER], [logger], []) AX_NEED_PROG([LOGGER], [logger], [])
AX_NEED_PROG([LS], [ls], []) AX_NEED_PROG([LS], [ls], [])
@ -284,7 +297,6 @@ AX_NEED_PROG([CURL], [curl], [])
AX_NEED_PROG([CUT], [cut], []) AX_NEED_PROG([CUT], [cut], [])
AX_NEED_PROG([DATE], [date], []) AX_NEED_PROG([DATE], [date], [])
AX_NEED_PROG([DIFF], [diff], []) AX_NEED_PROG([DIFF], [diff], [])
AX_NEED_PROG([DIRNAME], [dirname], [])
AX_NEED_PROG([FIND], [find], []) AX_NEED_PROG([FIND], [find], [])
AX_NEED_PROG([FLOCK], [flock], []) AX_NEED_PROG([FLOCK], [flock], [])
AX_NEED_PROG([FOLD], [fold], []) AX_NEED_PROG([FOLD], [fold], [])
@ -302,6 +314,9 @@ AX_NEED_PROG([MKDIR], [mkdir], [])
AX_NEED_PROG([MKTEMP], [mktemp], []) AX_NEED_PROG([MKTEMP], [mktemp], [])
AX_NEED_PROG([MV], [mv], []) AX_NEED_PROG([MV], [mv], [])
AX_CHECK_PROG([RENICE], [renice], []) AX_CHECK_PROG([RENICE], [renice], [])
if test x"$RENICE" = x; then
AC_SUBST([RENICE], [:])
fi
AX_NEED_PROG([RM], [rm], []) AX_NEED_PROG([RM], [rm], [])
AX_NEED_PROG([SORT], [sort], []) AX_NEED_PROG([SORT], [sort], [])
AX_NEED_PROG([TAIL], [tail], []) AX_NEED_PROG([TAIL], [tail], [])
@ -343,13 +358,12 @@ AX_CHECK_MINVER([IPRANGE_VERSION], MIN_IPRANGE_VERSION, [$IPRANGE],
[], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)]) [], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)])
fi fi
AC_SUBST([AUTOCONF_RUN], [Y]) AC_SUBST([firehollibexecdir], ["\$(libexecdir)/firehol/\$(PACKAGE_VERSION)"])
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
sbin/Makefile sbin/Makefile
sbin/commands.sed sbin/install.config.in
sbin/firehol.in
m4/Makefile m4/Makefile
doc/Makefile doc/Makefile
doc/firehol/Makefile doc/firehol/Makefile

4
doc/Makefile.am
View File

@ -42,9 +42,7 @@ all-local: service-links
MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks
FIREHOLIN = $(top_srcdir)/sbin/firehol.in service-links: $(top_srcdir)/sbin/firehol services-db.data
service-links: $(FIREHOLIN) services-db.data
$(MKSERVICELINKS) service-links $+ $(MKSERVICELINKS) service-links $+
endif endif

4
doc/firehol/Makefile.am
View File

@ -151,9 +151,7 @@ FORMATTABLE = ${top_srcdir}/doc/tools/format-table
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
CHECKLINKS = ${top_srcdir}/doc/tools/check-links CHECKLINKS = ${top_srcdir}/doc/tools/check-links
FIREHOLIN = $(top_srcdir)/sbin/firehol.in firehol-services.5.md: $(top_srcdir)/sbin/firehol ../services-db.data ../service-links
firehol-services.5.md: $(FIREHOLIN) ../services-db.data ../service-links
$(MKSERVICEMAN) firehol-services.5.md $+ $(MKSERVICEMAN) firehol-services.5.md $+
contents.md: *.1.md *.5.md contents.tpl contents.md: *.1.md *.5.md contents.tpl

6
doc/firehol/introduction.md
View File

@ -46,7 +46,11 @@ To build and install taking the default options:
./configure && make && sudo make install ./configure && make && sudo make install
Alternatively, just copy the `sbin/firehol.in` file to where you want it. Since all components (including configuration files) will go
under `/usr/local`, you may prefer to configure more like this:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
All of the common SysVInit command line arguments are recognised which All of the common SysVInit command line arguments are recognised which
makes it easy to deploy the script as a startup service. makes it easy to deploy the script as a startup service.

2
doc/fireqos/Makefile.am
View File

@ -127,8 +127,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
CHECKLINKS = ${top_srcdir}/doc/tools/check-links CHECKLINKS = ${top_srcdir}/doc/tools/check-links
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
man/man1/%.1: %.1.md man/man1/%.1: %.1.md
$(MKDIR_P) man/man1 $(MKDIR_P) man/man1
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc $(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc

2
doc/vnetbuild/Makefile.am
View File

@ -62,8 +62,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
CHECKLINKS = ${top_srcdir}/doc/tools/check-links CHECKLINKS = ${top_srcdir}/doc/tools/check-links
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
man/man1/%.1: %.1.md man/man1/%.1: %.1.md
$(MKDIR_P) man/man1 $(MKDIR_P) man/man1
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc $(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc

2
packaging/firehol/detect-cmd.pl
View File

@ -12,7 +12,7 @@ use File::Basename;
if (@ARGV == 0) { if (@ARGV == 0) {
print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n"; print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n";
print "\n"; print "\n";
print "Finds usages of commands which should be converted to \$COMMAND_CMD format\n"; print "Finds usages of commands which should be converted to \@COMMAND\@ format\n";
exit 0; exit 0;
} }

84
packaging/firehol/firehol.functions
View File

@ -11,14 +11,15 @@ firehol_check_file() {
sbin/Makefile.in) sbin/Makefile.in)
: :
;; ;;
configure.ac|sbin/commands.sed.in) configure.ac|sbin/install.config.in.in)
check_commands sbin/firehol.in || status=1 check_commands sbin/firehol || status=1
check_commands sbin/fireqos.in || status=1 check_commands sbin/fireqos || status=1
check_commands sbin/link-balancer.in || status=1 check_commands sbin/link-balancer || status=1
check_commands sbin/update-ipsets.in || status=1 check_commands sbin/update-ipsets || status=1
check_commands sbin/vnetbuild.in || status=1 check_commands sbin/vnetbuild || status=1
check_detection_useful sbin/firehol sbin/fireqos sbin/link-balancer sbin/update-ipsets sbin/vnetbuild || status=1
;; ;;
sbin/*.in) sbin/firehol|sbin/fireqos|sbin/link-balancer|sbin/update-ipsets|sbin/vnetbuild)
check_commands $filename || status=1 check_commands $filename || status=1
;; ;;
doc/services-db.data) doc/services-db.data)
@ -50,8 +51,8 @@ check_commands() {
get_staged_file $1 get_staged_file $1
get_staged_file configure.ac get_staged_file configure.ac
get_staged_file sbin/commands.sed.in get_staged_file sbin/install.config.in.in
get_staged_file sbin/functions.common.sh get_staged_file sbin/functions.common
# Find commands that have been enclosed in quotes and remove anything after # Find commands that have been enclosed in quotes and remove anything after
# if nothing matched the substitution, proceed to the next line # if nothing matched the substitution, proceed to the next line
@ -98,40 +99,25 @@ check_commands() {
cat $MYTMP/errors cat $MYTMP/errors
fi fi
sed -n -e "s/^ *[YN]|//p" $MYTMP/files/$1 > $MYTMP/commands-defined sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
for cmd in $(tr " " "\n" < $MYTMP/files/$1 | for cmd in $(tr " " "\n" < $MYTMP/files/$1 |
sed -n -e 's/.*\(\<[A-Z0-9_]*\)_CMD.*/\1/p' | sort | uniq) sed -n -e 's/.*\(\<[A-Z0-9_]*_CMD\).*/\1/p' | sort | uniq)
do do
if ! grep -q "^${cmd}_CMD|" $MYTMP/commands-defined autocmd=`grep "^${cmd} " $MYTMP/commands-defined | cut -f2 -d' '`
if [ ! "$autocmd" ]
then then
status=1 status=1
echo "Missing definition of $cmd in $1 detection table." echo "sbin/install.config.in.in: missing definition of $cmd (for $1)"
fi fi
# Hostname is a special case - configure will expand it to running host, if ! grep -q "_${autocmd}(\|\[$autocmd\]" $MYTMP/files/configure.ac
# overwriting the value we wanted to use.
if [ "$cmd" = "HOSTNAME" ]; then cmd="HOSTNAMECMD"; fi
if ! grep -q "_${cmd}(\|\[$cmd\]" $MYTMP/files/configure.ac
then then
status=1 status=1
echo "Missing detection of $cmd for $1 in configure.ac" echo "configure.ac: missing detection of $autocmd (for $1)"
fi fi
done done
while IFS="|" read cmd subst defaults
do
if ! grep -q "\${*$cmd" $MYTMP/files/$1 $MYTMP/files/sbin/*.sh
then
status=1
echo "$cmd detected but never used in $1 or function libraries"
fi
if ! grep -q "#$subst#" $MYTMP/files/sbin/commands.sed.in
then
status=1
echo "$cmd detected but $subst never substituted by sbin/commands.sed.in"
fi
done < $MYTMP/commands-defined
( (
a=`pwd` a=`pwd`
cd $MYTMP/files cd $MYTMP/files
@ -141,3 +127,37 @@ check_commands() {
return $status return $status
} }
check_detection_useful() {
local status=0
touch $MYTMP/commands-checked
if grep -q -F -z "$1" $MYTMP/commands-checked
then
# Only check a file once - an edit to some files checks multiple
return 0
else
echo "$1" >> $MYTMP/commands-checked
fi
list=
for i in "$@"
do
get_staged_file $1
list="$list $MYTMP/files/$1"
done
get_staged_file configure.ac
get_staged_file sbin/install.config.in.in
get_staged_file sbin/functions.common
sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
while read cmd subst
do
if ! grep -q "\${*$cmd" $list $MYTMP/files/sbin/functions.*
then
status=1
echo "$cmd detected but never used in $1 or function libraries"
fi
done < $MYTMP/commands-defined
}

6
packaging/tar-compare
View File

@ -51,11 +51,7 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \
-e '/: tmp-anchor-links$/d' \ -e '/: tmp-anchor-links$/d' \
-e '/: tmp-manproc$/d' \ -e '/: tmp-manproc$/d' \
-e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \ -e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \
-e '/: unittest$/d' \ -e '/: unittest$/d' > $MYTMP/out
-e '/: iprange$/d' \
-e '/: .*\.o$/d' \
-e '/sbin: \(firehol\|fireqos\|link-balancer\)$/d' \
-e '/sbin: \(update-ipsets\|vnetbuild\|commands.sed\)$/d' > $MYTMP/out
cat $MYTMP/out cat $MYTMP/out
test -s $MYTMP/out && exit 1 test -s $MYTMP/out && exit 1

58
sbin/Makefile.am
View File

@ -1,38 +1,11 @@
# Process this file with automake to produce Makefile.in # Process this file with automake to produce Makefile.in
libarchinddir = $(prefix)/lib
scriptsin = \ inclibdir = @firehollibexecdir@
firehol.in \
fireqos.in \
link-balancer.in \
update-ipsets.in \
vnetbuild.in
inclibdir = $(libarchinddir)/firehol include $(top_srcdir)/build/subst.inc
SUFFIXES = .in SUFFIXES = .in
.in:
if [ "$@" = "commands.sed.in" ]; then \
true; \
elif sed \
-e '/^# Start defaults before configure/,/^# End/d' \
-e 's#[$$]prefix_POST#$(prefix)#g' \
-e 's#[$$]bindir_POST#$(bindir)#g' \
-e 's#[$$]libdir_POST#$(inclibdir)#g' \
-e 's#[$$]localstatedir_POST#$(localstatedir)#g' \
-e 's#[$$]sysconfdir_POST#$(sysconfdir)#g' \
-f commands.sed \
$< > $@.tmp; then \
mv "$@.tmp" "$@"; \
chmod 755 "$@"; \
else \
rm -f "$@.tmp"; \
false; \
fi
inclib_DATA = \
functions.common.sh
scripts = scripts =
if ENABLE_FIREHOL if ENABLE_FIREHOL
@ -55,12 +28,29 @@ if ENABLE_VNETBUILD
scripts += vnetbuild scripts += vnetbuild
endif endif
sbin_SCRIPTS = $(scripts) CLEANFILES = install.config
inclib_DATA = \
functions.common \
install.config \
$(NULL)
inclib_SCRIPTS = $(scripts)
EXTRA_DIST = \ EXTRA_DIST = \
commands.sed.in \ functions.common \
$(scriptsin) \ install.config.in \
$(inclib_DATA) $(scripts) \
$(NULL)
uninstall-local: install-exec-hook:
$(MKDIR_P) $(DESTDIR)$(sbindir)
for i in $(scripts); do \
$(RM) -f $(DESTDIR)$(sbindir)/$$i; \
$(LN_S) $(DESTDIR)$(inclibdir)/$$i $(DESTDIR)$(sbindir); done
uninstall-hook:
for i in $(scripts); do \
$(RM) -f $(DESTDIR)$(sbindir)/$$i; done
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir) @-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir)
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(sbindir)

74
sbin/commands.sed.in
View File

@ -1,74 +0,0 @@
/VERSION=/s#'[$]Id.*'#'@PACKAGE_VERSION@'#g
s#[@]BRIDGE@#@BRIDGE@#g
s#[@]CAT@#@CAT@#g
s#[@]CHMOD@#@CHMOD@#g
s#[@]CHOWN@#@CHOWN@#g
s#[@]CP@#@CP@#g
s#[@]CURL@#@CURL@#g
s#[@]CUT@#@CUT@#g
s#[@]DATE@#@DATE@#g
s#[@]DIFF@#@DIFF@#g
s#[@]DIRNAME@#@DIRNAME@#g
s#[@]EGREP@#@EGREP@#g
s#[@]ENV@#@ENV@#g
s#[@]EXPR@#@EXPR@#g
s#[@]FIND@#@FIND@#g
s#[@]FLOCK@#@FLOCK@#g
s#[@]FOLD@#@FOLD@#g
s#[@]FUNZIP@#@FUNZIP@#g
s#[@]JQ@#@JQ@#g
s#[@]GAWK@#@GAWK@#g
s#[@]GIT@#@GIT@#g
s#[@]GREP@#@GREP@#g
s#[@]HEAD@#@HEAD@#g
s#[@]HOSTNAMECMD@#@HOSTNAMECMD@#g
s#[@]IP6TABLES@#@IP6TABLES@#g
s#[@]IP6TABLES_RESTORE@#@IP6TABLES_RESTORE@#g
s#[@]IP6TABLES_SAVE@#@IP6TABLES_SAVE@#g
s#[@]IP@#@IP@#g
s#[@]IPRANGE@#@IPRANGE@#g
s#[@]IPSET@#@IPSET@#g
s#[@]IPTABLES@#@IPTABLES@#g
s#[@]IPTABLES_RESTORE@#@IPTABLES_RESTORE@#g
s#[@]IPTABLES_SAVE@#@IPTABLES_SAVE@#g
s#[@]JQ@#@JQ@#g
s#[@]LN@#@LN@#g
s#[@]LOGGER@#@LOGGER@#g
s#[@]LS@#@LS@#g
s#[@]LSMOD@#@LSMOD@#g
s#[@]MKDIR@#@MKDIR@#g
s#[@]MKTEMP@#@MKTEMP@#g
s#[@]MODPROBE@#@MODPROBE@#g
s#[@]MORE@#@MORE@#g
s#[@]MV@#@MV@#g
s#[@]NEATO@#@NEATO@#g
s#[@]NFACCT@#@NFACCT@#g
s#[@]PING6@#@PING6@#g
s#[@]PING@#@PING@#g
s#[@]RENICE@#@RENICE@#g
s#[@]RMMOD@#@RMMOD@#g
s#[@]RM@#@RM@#g
s#[@]SCREEN@#@SCREEN@#g
s#[@]SED@#@SED@#g
s#[@]SEQ@#@SEQ@#g
s#[@]SH@#@SH@#g
s#[@]SLEEP@#@SLEEP@#g
s#[@]SORT@#@SORT@#g
s#[@]SS@#@SS@#g
s#[@]STTY@#@STTY@#g
s#[@]SYSCTL@#@SYSCTL@#g
s#[@]TAIL@#@TAIL@#g
s#[@]TAR@#@TAR@#g
s#[@]TCPDUMP@#@TCPDUMP@#g
s#[@]TC@#@TC@#g
s#[@]TOUCH@#@TOUCH@#g
s#[@]TPUT@#@TPUT@#g
s#[@]TRACEROUTE@#@TRACEROUTE@#g
s#[@]TR@#@TR@#g
s#[@]UNAME@#@UNAME@#g
s#[@]UNIQ@#@UNIQ@#g
s#[@]UNZIP@#@UNZIP@#g
s#[@]WC@#@WC@#g
s#[@]WGET@#@WGET@#g
s#[@]WHOIS@#@WHOIS@#g
s#[@]ZCAT@#@ZCAT@#g

128
sbin/firehol.in.in → sbin/firehol
View File

@ -25,31 +25,28 @@
# See the file COPYING for details. # See the file COPYING for details.
# #
VERSION='$Id$' PROGRAM_FILE="$(/bin/readlink $0)"
PROGRAM_FILE="${0}" PROGRAM_FILE="${PROGRAM_FILE:-$0}"
PROGRAM_DIR="${0%/*}" if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi then
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
else
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
fi
PROGRAM_PWD="${PWD}" PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}") declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure for functions_file in install.config functions.common
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do do
if [ -r $functions_file ] if [ -r "$PROGRAM_DIR/$functions_file" ]
then then
source $functions_file source "$PROGRAM_DIR/$functions_file"
else else
1>&2 echo "Cannot access $functions_file" 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
exit 1 exit 1
fi fi
done done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit common_disable_localization || exit
common_private_umask || exit common_private_umask || exit
common_require_root || exit common_require_root || exit
@ -232,16 +229,6 @@ markdef() {
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "@AUTOCONF_RUN@" = "Y" ]
then
FIREHOL_AUTOSAVE="@FIREHOL_AUTOSAVE@"
FIREHOL_AUTOSAVE6="@FIREHOL_AUTOSAVE6@"
ENABLE_IPV4="@IPV4_ENABLED@"
ENABLE_IPV6="@IPV6_ENABLED@"
else
FIREHOL_CONFIG_DIR="/etc/firehol"
fi
# --- BEGIN OF FIREHOL DEFAULTS --- # --- BEGIN OF FIREHOL DEFAULTS ---
# These are the defaults for FireHOL. # These are the defaults for FireHOL.
@ -252,26 +239,23 @@ fi
# FireHOL config directory. # FireHOL config directory.
# EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE # EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE
# SHOULD STILL EXIST IN THE ORIGINAL $FIREHOL_CONFIG_DIR # SHOULD STILL EXIST IN THE ORIGINAL $SYSCONFDIR/firehol
FIREHOL_CONFIG_DIR="$FIREHOL_CONFIG_DIR" FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR}"
# FireHOL services directory. # FireHOL services directory.
# FireHOL will look into this directory for service # FireHOL will look into this directory for service
# definition files (*.conf). # definition files (*.conf).
# Package maintainers may install their service definitions # Package maintainers may install their service definitions
# in this directory. # in this directory.
# Default: /etc/firehol/services # Default: $SYSCONFDIR/firehol/services
FIREHOL_SERVICES_DIR="${FIREHOL_CONFIG_DIR}/services" FIREHOL_SERVICES_DIR="${FIREHOL_SERVICES_DIR}"
# Where to permanently save state information? # Where to permanently save state information?
# Default: /var/spool/firehol # Default: $LOCALSTATEDIR/spool/firehol
FIREHOL_SPOOL_DIR="/var/spool/firehol" FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR}"
# Where temporary files should go? # Where temporary files should go?
# /var/run is usualy a ram drive, so we prefer to use FIREHOL_RUN_DIR="${FIREHOL_RUN_DIR}"
# this for temporary files.
# Default: /var/run/firehol
FIREHOL_RUN_DIR="/var/run/firehol"
# show a spinner during processing that shows # show a spinner during processing that shows
# number of iptables statements generated # number of iptables statements generated
@ -780,7 +764,7 @@ IPTRAP_DEFAULT_IPSET_COUNTERS_OPTIONS="timeout 3600 counters"
# FireHOL will overwite these settings with the contents of the files with # FireHOL will overwite these settings with the contents of the files with
# the same names in ${FIREHOL_CONFIG_DIR}. # the same names in ${FIREHOL_CONFIG_DIR}.
# #
# For example, RESERVED_IPV4 will be set from /etc/firehol/RESERVED_IPV4 # For example, RESERVED_IPV4 will be set from $SYSCONFDIR/firehol/RESERVED_IPV4
# IANA reserved address space that should never appear # IANA reserved address space that should never appear
RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 " RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 "
@ -848,59 +832,6 @@ fi
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|CAT_CMD|@CAT@|cat
Y|CUT_CMD|@CUT@|cut
Y|CHOWN_CMD|@CHOWN@|chown
Y|CHMOD_CMD|@CHMOD@|chmod
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
Y|EXPR_CMD|@EXPR@|expr
Y|FIND_CMD|@FIND@|find
Y|FOLD_CMD|@FOLD@|fold
Y|GREP_CMD|@GREP@|grep
Y|HEAD_CMD|@HEAD@|head
Y|TAIL_CMD|@TAIL@|tail
Y|LS_CMD|@LS@|ls
Y|LSMOD_CMD|@LSMOD@|lsmod
Y|MKDIR_CMD|@MKDIR@|mkdir
Y|MKTEMP_CMD|@MKTEMP@|mktemp
Y|MV_CMD|@MV@|mv
Y|RM_CMD|@RM@|rm
Y|SED_CMD|@SED@|sed
Y|SORT_CMD|@SORT@|sort
Y|SYSCTL_CMD|@SYSCTL@|sysctl
Y|TOUCH_CMD|@TOUCH@|touch
Y|TR_CMD|@TR@|tr
Y|UNAME_CMD|@UNAME@|uname
Y|UNIQ_CMD|@UNIQ@|uniq
Y|LOGGER_CMD|@LOGGER@|logger
Y|FLOCK_CMD|@FLOCK@|flock
N|NFACCT_CMD|@NFACCT@|nfacct
N|IPRANGE_CMD|@IPRANGE@|iprange
N|IPSET_CMD|@IPSET@|ipset
N|IPTABLES_CMD|@IPTABLES@|iptables
N|IP6TABLES_CMD|@IP6TABLES@|ip6tables
N|IPTABLES_SAVE_CMD|@IPTABLES_SAVE@|iptables-save
N|IP6TABLES_SAVE_CMD|@IP6TABLES_SAVE@|ip6tables-save
N|IPTABLES_RESTORE_CMD|@IPTABLES_RESTORE@|iptables-restore
N|IP6TABLES_RESTORE_CMD|@IP6TABLES_RESTORE@|ip6tables-restore
Y|MORE_CMD|@MORE@|pager less more cat
Y|RENICE_CMD|@RENICE@|renice :
Y|STTY_CMD|@STTY@|stty :
N|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
N|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
N|IP_CMD|@IP@|ip
N|SS_CMD|@SS@|ss
N|DATE_CMD|@DATE@|date
N|HOSTNAME_CMD|@HOSTNAMECMD@|hostname
N|TPUT_CMD|@TPUT@|tput
Y|WC_CMD|@WC@|wc
Y|CP_CMD|@CP@|cp
Y|SLEEP_CMD|@SLEEP@|sleep
!
status=$?
test $status -eq 0 || exit $status
emit_version() { emit_version() {
${CAT_CMD} <<EOF ${CAT_CMD} <<EOF
@ -931,16 +862,16 @@ test ${RUNNING_ON_TERMINAL} -eq 0 && FIREHOL_ENABLE_SPINNER=0
FIREHOL_HAVE_IPRANGE=1 FIREHOL_HAVE_IPRANGE=1
IPRANGE_WARNING=0 IPRANGE_WARNING=0
IPRANGE_REDUCE=Y
if [ ! -z "${IPRANGE_CMD}" ] if [ ! -z "${IPRANGE_CMD}" ]
then then
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD= ${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_REDUCE=
fi fi
if [ -z "${IPRANGE_CMD}" ] if [ -z "${IPRANGE_CMD}" -o -z "$IPRANGE_REDUCE" ]
then then
FIREHOL_HAVE_IPRANGE=0 FIREHOL_HAVE_IPRANGE=0
IPRANGE_WARNING=1 IPRANGE_WARNING=1
IPRANGE_CMD=
fi fi
ENABLE_ACCOUNTING=1 ENABLE_ACCOUNTING=1
@ -1003,6 +934,15 @@ then
fi fi
fi fi
if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ]
then
if [ -z "${MODPROBE_CMD}" ]
then
echo >&2 " WARNING: no modprobe command: module loading disabled"
FIREHOL_LOAD_KERNEL_MODULES=0
fi
fi
firehol_concurrent_run_lock() { firehol_concurrent_run_lock() {
exec 200>"${FIREHOL_LOCK_FILE}" exec 200>"${FIREHOL_LOCK_FILE}"
if [ $? -ne 0 ]; then exit; fi if [ $? -ne 0 ]; then exit; fi
@ -12469,7 +12409,7 @@ then
then then
# RedHat # RedHat
FIREHOL_AUTOSAVE="/etc/sysconfig/iptables" FIREHOL_AUTOSAVE="/etc/sysconfig/iptables"
elif [ -d "/var/lib/iptables" ] elif [ -d "$LOCALSTATEDIR/lib/iptables" ]
then then
if [ -f /etc/conf.d/iptables ] if [ -f /etc/conf.d/iptables ]
then then
@ -12483,7 +12423,7 @@ then
if [ -z "${FIREHOL_AUTOSAVE}" ] if [ -z "${FIREHOL_AUTOSAVE}" ]
then then
# Debian # Debian
FIREHOL_AUTOSAVE="/var/lib/iptables/autosave" FIREHOL_AUTOSAVE="$LOCALSTATEDIR/lib/iptables/autosave"
fi fi
else else
error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE." error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE."

61
sbin/fireqos.in → sbin/fireqos
View File

@ -25,31 +25,28 @@
# See the file COPYING for details. # See the file COPYING for details.
# #
VERSION='$Id$' PROGRAM_FILE="$(/bin/readlink $0)"
PROGRAM_FILE="${0}" PROGRAM_FILE="${PROGRAM_FILE:-$0}"
PROGRAM_DIR="${0%/*}" if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi then
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
else
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
fi
PROGRAM_PWD="${PWD}" PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}") declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure for functions_file in install.config functions.common
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do do
if [ -r $functions_file ] if [ -r "$PROGRAM_DIR/$functions_file" ]
then then
source $functions_file source "$PROGRAM_DIR/$functions_file"
else else
1>&2 echo "Cannot access $functions_file" 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
exit 1 exit 1
fi fi
done done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit common_disable_localization || exit
common_public_umask || exit common_public_umask || exit
common_require_root || exit common_require_root || exit
@ -63,9 +60,9 @@ shopt -s extglob
FIREQOS_SYSLOG_FACILITY="daemon" FIREQOS_SYSLOG_FACILITY="daemon"
FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf" FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf"
FIREQOS_LOCK_FILE=/var/run/fireqos.lock FIREQOS_LOCK_FILE="$LOCALSTATEDIR/run/fireqos.lock"
FIREQOS_LOCK_FILE_TIMEOUT=600 FIREQOS_LOCK_FILE_TIMEOUT=600
FIREQOS_DIR=/var/run/fireqos FIREQOS_DIR="$LOCALSTATEDIR/run/fireqos"
FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM" FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM"
# Gets set to 1 if this system cannot handle sub-second resolution # Gets set to 1 if this system cannot handle sub-second resolution
@ -111,35 +108,6 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi fi
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
N|TPUT_CMD|@TPUT@|tput
Y|IP_CMD|@IP@|ip
Y|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
Y|RMMOD_CMD|@RMMOD@|rmmod
Y|FLOCK_CMD|@FLOCK@|flock
Y|GREP_CMD|@GREP@|grep
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
Y|CAT_CMD|@CAT@|cat
Y|CUT_CMD|@CUT@|cut
Y|SED_CMD|@SED@|sed
Y|TOUCH_CMD|@TOUCH@|touch
Y|TR_CMD|@TR@|tr
Y|MV_CMD|@MV@|mv
Y|LOGGER_CMD|@LOGGER@|logger
Y|MKDIR_CMD|@MKDIR@|mkdir
Y|SLEEP_CMD|@SLEEP@|sleep
Y|RM_CMD|@RM@|rm
Y|TC_CMD|@TC@|tc
N|GAWK_CMD|@GAWK@|gawk awk
N|TCPDUMP_CMD|@TCPDUMP@|tcpdump
Y|SEQ_CMD|@SEQ@|seq
Y|LS_CMD|@LS@|ls
Y|DATE_CMD|@DATE@|date
Y|TAIL_CMD|@TAIL@|tail
!
status=$?
test $status -eq 0 || exit $status
RUNNING_ON_TERMINAL=0 RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ] if [ "z$1" = "z-nc" ]
then then
@ -277,7 +245,6 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )' declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )' declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}"
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ] if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
then then
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1 source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1

99
sbin/functions.common Normal file
View File

@ -0,0 +1,99 @@
#
# Copyright
#
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
#
# See sbin/firehol.in for details
#
# This file contains functions used by the firehol suite.
# To keep the namespace clean, functions defined in functions.x.sh
# should be of the form x_whatever() if they are intended for general
# use or int_x_whatever() if they are intended as helpers to the other
# functions in the file.
#
common_require_cmd() {
local progname="$1" var="$2" val=
eval val=\$\{${var}\}
if [ "${val}" ]
then
return 0
fi
$CAT_CMD >&2 <<-__EOF__
ERROR: $progname feature requires $var
You have invoked the program requesting a feature which uses
a program which was not available when $progname was installed.
Please re-install $progname with a suitable command available.
__EOF__
exit 1
}
common_require_root() {
if [ "${UID}" != 0 ]
then
echo >&2
echo >&2 "ERROR:"
echo >&2 "Only user root can run ${1}"
echo >&2
return 1
fi
return 0
}
common_disable_localization() {
export LC_ALL=C
}
common_private_umask() {
# Make sure our generated files cannot be accessed by anyone else.
umask 077
}
common_public_umask() {
# let everyone read our status info
umask 022
}
common_setup_terminal() {
# Are stdout/stderr on the terminal? If not, then fail
test -t 2 || return 1
test -t 1 || return 1
if [ ! -z "$TPUT_CMD" ]
then
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
fi
return 0
}

239
sbin/functions.common.sh
View File

@ -1,239 +0,0 @@
#
# Copyright
#
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
#
# See sbin/firehol.in for details
#
# This file contains functions used by the firehol suite.
# To keep the namespace clean, functions defined in functions.x.sh
# should be of the form x_whatever() if they are intended for general
# use or int_x_whatever() if they are intended as helpers to the other
# functions in the file.
#
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=
IFS= read cmd <<-EOF
$(which $1 2> /dev/null)
EOF
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
common_require_cmd() {
local progname= var= val= block=1
progname="$1"
shift
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\} || return 2
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ "$cmd" != ":" -a ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
return 2
fi
fi
# link-balancer calls itself; export our findings so
# we do not repeat all of the lookups
eval export "$var"
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: $progname REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a $progname"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for $progname to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
return 2
}
int_common_which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
common_load_commands() {
local progname="$1"
shift
local AUTOCONF_RUN="$1"
shift
while IFS="|" read required cmd_var autoconf possibles
do
if [ "$AUTOCONF_RUN" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "$AUTOCONF_RUN" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH:$dirname" int_common_which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
common_require_cmd $progname $cmd_var $possibles || return
else
common_require_cmd $progname -n $cmd_var $possibles || return
fi
done
}
common_require_root() {
if [ "${UID}" != 0 ]
then
echo >&2
echo >&2 "ERROR:"
echo >&2 "Only user root can run ${1}"
echo >&2
return 1
fi
return 0
}
common_disable_localization() {
export LC_ALL=C
}
common_private_umask() {
# Make sure our generated files cannot be accessed by anyone else.
umask 077
}
common_public_umask() {
# let everyone read our status info
umask 022
}
common_setup_terminal() {
# Are stdout/stderr on the terminal? If not, then fail
test -t 2 || return 1
test -t 1 || return 1
if [ ! -z "$TPUT_CMD" ]
then
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
fi
return 0
}

89
sbin/install.config.in.in Normal file
View File

@ -0,0 +1,89 @@
VERSION=@PACKAGE_VERSION@
DATAROOTDIR="@datarootdir_POST@"
SYSCONFDIR="@sysconfdir_POST@"
LOCALSTATEDIR="@localstatedir_POST@"
# Default directories (file "${FIREHOL_CONFIG_DIR}/firehol.defaults" overrides)
FIREHOL_CONFIG_DIR="$SYSCONFDIR/firehol"
FIREHOL_SERVICES_DIR="$SYSCONFDIR/firehol/services"
FIREHOL_SHARE_DIR="$DATAROOTDIR/firehol"
FIREHOL_SPOOL_DIR="$LOCALSTATEDIR/spool/firehol"
FIREHOL_RUN_DIR="$LOCALSTATEDIR/run/firehol"
ENABLE_IPV4=@IPV4_ENABLED@
ENABLE_IPV6=@IPV6_ENABLED@
BRIDGE_CMD="@BRIDGE@"
CAT_CMD="@CAT@"
CHMOD_CMD="@CHMOD@"
CHOWN_CMD="@CHOWN@"
CP_CMD="@CP@"
CURL_CMD="@CURL@"
CUT_CMD="@CUT@"
DATE_CMD="@DATE@"
DIFF_CMD="@DIFF@"
DIRNAME_CMD="@DIRNAME@"
EGREP_CMD="@EGREP@"
ENV_CMD="@ENV@"
EXPR_CMD="@EXPR@"
FIND_CMD="@FIND@"
FLOCK_CMD="@FLOCK@"
FOLD_CMD="@FOLD@"
FUNZIP_CMD="@FUNZIP@"
JQ_CMD="@JQ@"
GAWK_CMD="@GAWK@"
GIT_CMD="@GIT@"
GREP_CMD="@GREP@"
HEAD_CMD="@HEAD@"
HOSTNAME_CMD="@HOSTNAMECMD@"
IP6TABLES_CMD="@IP6TABLES@"
IP6TABLES_RESTORE_CMD="@IP6TABLES_RESTORE@"
IP6TABLES_SAVE_CMD="@IP6TABLES_SAVE@"
IP_CMD="@IP@"
IPRANGE_CMD="@IPRANGE@"
IPSET_CMD="@IPSET@"
IPTABLES_CMD="@IPTABLES@"
IPTABLES_RESTORE_CMD="@IPTABLES_RESTORE@"
IPTABLES_SAVE_CMD="@IPTABLES_SAVE@"
JQ_CMD="@JQ@"
LN_CMD="@LN@"
LOGGER_CMD="@LOGGER@"
LS_CMD="@LS@"
LSMOD_CMD="@LSMOD@"
MKDIR_CMD="@MKDIR@"
MKTEMP_CMD="@MKTEMP@"
MODPROBE_CMD="@MODPROBE@"
MORE_CMD="@MORE@"
MV_CMD="@MV@"
NEATO_CMD="@NEATO@"
NFACCT_CMD="@NFACCT@"
PING6_CMD="@PING6@"
PING_CMD="@PING@"
RENICE_CMD="@RENICE@"
RMMOD_CMD="@RMMOD@"
RM_CMD="@RM@"
SCREEN_CMD="@SCREEN@"
SED_CMD="@SED@"
SEQ_CMD="@SEQ@"
SH_CMD="@SH@"
SLEEP_CMD="@SLEEP@"
SORT_CMD="@SORT@"
SS_CMD="@SS@"
STTY_CMD="@STTY@"
SYSCTL_CMD="@SYSCTL@"
TAIL_CMD="@TAIL@"
TAR_CMD="@TAR@"
TCPDUMP_CMD="@TCPDUMP@"
TC_CMD="@TC@"
TOUCH_CMD="@TOUCH@"
TPUT_CMD="@TPUT@"
TRACEROUTE_CMD="@TRACEROUTE@"
TR_CMD="@TR@"
UNAME_CMD="@UNAME@"
UNIQ_CMD="@UNIQ@"
UNZIP_CMD="@UNZIP@"
WC_CMD="@WC@"
WGET_CMD="@WGET@"
WHOIS_CMD="@WHOIS@"
ZCAT_CMD="@ZCAT@"

71
sbin/link-balancer.in → sbin/link-balancer
View File

@ -25,31 +25,28 @@
# See the file COPYING for details. # See the file COPYING for details.
# #
VERSION='$Id$' PROGRAM_FILE="$(/bin/readlink $0)"
PROGRAM_FILE="${0}" PROGRAM_FILE="${PROGRAM_FILE:-$0}"
PROGRAM_DIR="${0%/*}" if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi then
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
else
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
fi
PROGRAM_PWD="${PWD}" PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}") declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure for functions_file in install.config functions.common
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do do
if [ -r $functions_file ] if [ -r "$PROGRAM_DIR/$functions_file" ]
then then
source $functions_file source "$PROGRAM_DIR/$functions_file"
else else
1>&2 echo "Cannot access $functions_file" 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
exit 1 exit 1
fi fi
done done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit common_disable_localization || exit
common_private_umask || exit common_private_umask || exit
common_require_root || exit common_require_root || exit
@ -63,7 +60,7 @@ if [ "$LB_DEBUGGING" ]; then set -v; set -x; fi
# link-balancer temporary directory. # link-balancer temporary directory.
# every instance of link-balancer creates a random directory # every instance of link-balancer creates a random directory
# within this one. # within this one.
LB_RUN_DIR="/var/run/link-balancer" LB_RUN_DIR="$LOCALSTATEDIR/run/link-balancer"
# If this is set to 1, no checks will be made if the gateways are available. # If this is set to 1, no checks will be made if the gateways are available.
# All gateways will be assumed active, if their interfaces are found # All gateways will be assumed active, if their interfaces are found
@ -112,44 +109,6 @@ fi
# temporary variable (default LB_DEFAULT_IPV=4) # temporary variable (default LB_DEFAULT_IPV=4)
LB_IPV= LB_IPV=
# Load commands link-balancer will need.
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IP_CMD|@IP@|ip
Y|DIFF_CMD|@DIFF@|diff
Y|FLOCK_CMD|@FLOCK@|flock
Y|GREP_CMD|@GREP@|grep
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
Y|CUT_CMD|@CUT@|cut
Y|CAT_CMD|@CAT@|cat
Y|SED_CMD|@SED@|sed
Y|TR_CMD|@TR@|tr
Y|LN_CMD|@LN@|ln
Y|LS_CMD|@LS@|ls
Y|SLEEP_CMD|@SLEEP@|sleep
Y|TOUCH_CMD|@TOUCH@|touch
Y|LOGGER_CMD|@LOGGER@|logger
Y|MKDIR_CMD|@MKDIR@|mkdir
Y|CHOWN_CMD|@CHOWN@|chown
Y|CHMOD_CMD|@CHMOD@|chmod
Y|RM_CMD|@RM@|rm
Y|PING_CMD|@PING@|ping
Y|PING6_CMD|@PING6@|ping6 'ping -6'
Y|TRACEROUTE_CMD|@TRACEROUTE@|traceroute
Y|SORT_CMD|@SORT@|sort
Y|MKTEMP_CMD|@MKTEMP@|mktemp
Y|ENV_CMD|@ENV@|env
N|WHOIS_CMD|@WHOIS@|whois
N|JQ_CMD|@JQ@|jq
N|HEAD_CMD|@HEAD@|head
N|TPUT_CMD|@TPUT@|tput
N|WGET_CMD|@WGET@|wget
N|SCREEN_CMD|@SCREEN@|screen
Y|IPRANGE_CMD|@IPRANGE@|iprange
!
status=$?
test $status -eq 0 || exit $status
RUNNING_ON_TERMINAL=0 RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ] if [ "z$1" = "z-nc" ]
then then
@ -209,7 +168,7 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )' declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )' declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}" FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-$LOCALSTATEDIR/spool/firehol}"
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ] if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
then then
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1 source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
@ -1888,7 +1847,7 @@ policy
# You can also have all the IPs in separate files: # You can also have all the IPs in separate files:
# Run: # Run:
# #
# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$sysconfdir_POST/firehol/PROVIDER1_IPS # ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$SYSCONFDIR/firehol/PROVIDER1_IPS
# #
# Then: # Then:
rules dst loadfile PROVIDER1_IPS table dsl1 rules dst loadfile PROVIDER1_IPS table dsl1

86
sbin/update-ipsets.in → sbin/update-ipsets
View File

@ -56,7 +56,7 @@
# - update a kernel ipset, having the same name # - update a kernel ipset, having the same name
# #
# 5. It can commit all successfully updated files to a git repository. # 5. It can commit all successfully updated files to a git repository.
# Just do 'git init' in $sysconfdir_POST/firehol/ipsets to enable it. # Just do 'git init' in $SYSCONFDIR/firehol/ipsets to enable it.
# If it is called with -g it will also push the committed changes # If it is called with -g it will also push the committed changes
# to a remote git server (to have this done by cron, please set # to a remote git server (to have this done by cron, please set
# git to automatically push changes without human action). # git to automatically push changes without human action).
@ -80,31 +80,28 @@
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
VERSION='$Id$' PROGRAM_FILE="$(/bin/readlink $0)"
PROGRAM_FILE="${0}" PROGRAM_FILE="${PROGRAM_FILE:-$0}"
PROGRAM_DIR="${0%/*}" if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi then
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
else
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
fi
PROGRAM_PWD="${PWD}" PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}") declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure for functions_file in install.config functions.common
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do do
if [ -r $functions_file ] if [ -r "$PROGRAM_DIR/$functions_file" ]
then then
source $functions_file source "$PROGRAM_DIR/$functions_file"
else else
1>&2 echo "Cannot access $functions_file" 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
exit 1 exit 1
fi fi
done done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit common_disable_localization || exit
common_private_umask || exit common_private_umask || exit
@ -115,49 +112,6 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi fi
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IPRANGE_CMD|@IPRANGE@|iprange
Y|DIRNAME_CMD|@DIRNAME@|dirname
Y|TAIL_CMD|@TAIL@|tail
Y|RENICE_CMD|@RENICE@|renice :
Y|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
Y|DATE_CMD|@DATE@|date
Y|DIFF_CMD|@DIFF@|diff
Y|FLOCK_CMD|@FLOCK@|flock
Y|GREP_CMD|@GREP@|grep
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
Y|CUT_CMD|@CUT@|cut
Y|CAT_CMD|@CAT@|cat
Y|SED_CMD|@SED@|sed
Y|TR_CMD|@TR@|tr
Y|LN_CMD|@LN@|ln
Y|LS_CMD|@LS@|ls
Y|TOUCH_CMD|@TOUCH@|touch
Y|LOGGER_CMD|@LOGGER@|logger
Y|MKDIR_CMD|@MKDIR@|mkdir
Y|CHOWN_CMD|@CHOWN@|chown
Y|CHMOD_CMD|@CHMOD@|chmod
Y|RM_CMD|@RM@|rm
Y|SORT_CMD|@SORT@|sort
Y|GAWK_CMD|@GAWK@|gawk awk
Y|MKTEMP_CMD|@MKTEMP@|mktemp
N|TPUT_CMD|@TPUT@|tput
Y|FOLD_CMD|@FOLD@|fold
Y|CURL_CMD|@CURL@|curl
Y|FIND_CMD|@FIND@|find
Y|WC_CMD|@WC@|wc
Y|MV_CMD|@MV@|mv
Y|CP_CMD|@CP@|cp
Y|TAR_CMD|@TAR@|tar
Y|IPSET_CMD|@IPSET@|ipset
N|UNZIP_CMD|@UNZIP@|unzip
N|FUNZIP_CMD|@FUNZIP@|funzip
N|JQ_CMD|@JQ@|jq
N|GIT_CMD|@GIT@|git
!
status=$?
test $status -eq 0 || exit $status
RUNNING_ON_TERMINAL=0 RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ] if [ "z$1" = "z-nc" ]
then then
@ -311,12 +265,13 @@ ipset_verbose() {
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# find a working iprange command # find a working iprange command
HAVE_IPRANGE=${IPRANGE_CMD}
if [ ! -z "${IPRANGE_CMD}" ] if [ ! -z "${IPRANGE_CMD}" ]
then then
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD= ${IPRANGE_CMD} --has-reduce 2>/dev/null || HAVE_IPRANGE=
fi fi
if [ -z "${IPRANGE_CMD}" ] if [ -z "$HAVE_IPRANGE" ]
then then
error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed." error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed."
exit 1 exit 1
@ -325,16 +280,13 @@ fi
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# CONFIGURATION # CONFIGURATION
FIREHOL_SHARE_DIR="${FIREHOL_SHARE_DIR-/usr/share/firehol}"
FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR-$sysconfdir_POST/firehol}"
if [ "${UID}" = "0" -o -z "${UID}" ] if [ "${UID}" = "0" -o -z "${UID}" ]
then then
BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}" BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}"
CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}" CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}"
RUN_PARENT_DIR="${RUN_PARENT_DIR-/var/run}" RUN_PARENT_DIR="${RUN_PARENT_DIR-$LOCALSTATEDIR/run}"
CACHE_DIR="${CACHE_DIR-/var/cache/update-ipsets}" CACHE_DIR="${CACHE_DIR-$LOCALSTATEDIR/cache/update-ipsets}"
LIB_DIR="${LIB_DIR-/var/lib/update-ipsets}" LIB_DIR="${LIB_DIR-$LOCALSTATEDIR/lib/update-ipsets}"
IPSETS_APPLY=1 IPSETS_APPLY=1
else else
$MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1 $MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1

43
sbin/vnetbuild.in → sbin/vnetbuild
View File

@ -25,31 +25,28 @@
# See the file COPYING for details. # See the file COPYING for details.
# #
VERSION='$Id$' PROGRAM_FILE="$(/bin/readlink $0)"
PROGRAM_FILE="${0}" PROGRAM_FILE="${PROGRAM_FILE:-$0}"
PROGRAM_DIR="${0%/*}" if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi then
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
else
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
fi
PROGRAM_PWD="${PWD}" PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}") declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure for functions_file in install.config functions.common
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do do
if [ -r $functions_file ] if [ -r "$PROGRAM_DIR/$functions_file" ]
then then
source $functions_file source "$PROGRAM_DIR/$functions_file"
else else
1>&2 echo "Cannot access $functions_file" 1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
exit 1 exit 1
fi fi
done done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit common_disable_localization || exit
marksreset() { :; } marksreset() { :; }
@ -59,22 +56,6 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1 source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi fi
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IP_CMD|@IP@|ip
Y|BRIDGE_CMD|@BRIDGE@|bridge
Y|GREP_CMD|@GREP@|grep
Y|FIND_CMD|@FIND@|find
Y|SH_CMD|@SH@|sh bash ksh
Y|CUT_CMD|@CUT@|cut
Y|CAT_CMD|@CAT@|cat
Y|SED_CMD|@SED@|sed
Y|TR_CMD|@TR@|tr
Y|SLEEP_CMD|@SLEEP@|sleep
Y|MKDIR_CMD|@MKDIR@|mkdir
Y|RM_CMD|@RM@|rm
Y|MKTEMP_CMD|@MKTEMP@|mktemp
N|NEATO_CMD|@NEATO@|neato
!
status=$? status=$?
test $status -eq 0 || exit $status test $status -eq 0 || exit $status

2
unittest/firehol/not-both/ipv4-disable-defaults.pre.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Disable IPV4 # Disable IPV4
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
ENABLE_IPV4=0 ENABLE_IPV4=0
END-DEFAULTS END-DEFAULTS

2
unittest/firehol/not-both/ipv6-disable-defaults.pre.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Disable IPV6 # Disable IPV6
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
ENABLE_IPV6=0 ENABLE_IPV6=0
END-DEFAULTS END-DEFAULTS

48
unittest/unittest
View File

@ -40,6 +40,14 @@ then
haderror="Y" haderror="Y"
fi fi
if [ ! -f ../sbin/install.config.in ]
then
echo "../sbin/install.config.in missing: run configure"
echo ""
haderror="Y"
fi
if [ "$haderror" -o $# -lt 1 ] if [ "$haderror" -o $# -lt 1 ]
then then
if [ "$haderror" ] if [ "$haderror" ]
@ -54,23 +62,6 @@ then
exit 1 exit 1
fi fi
# First set up our namespace so we can write where we need to
mount -t tmpfs tmpfs /etc/firehol || exit 1
mkdir /var/run/firehol || exit 1
mkdir /var/spool/firehol || exit 1
mkdir /var/run/firehol/webdir || exit 1
# Check the files are gone
if [ -f /etc/firehol/firehol.conf \
-o -f /etc/firehol/firehol-defaults.conf \
-o -f /etc/firehol/fireqos.conf \
-o -f /etc/firehol/link-balancer.conf \
-o -d /etc/firehol/services ]
then
echo "Namespace switch failed! Aborting!"
exit 1
fi
if [ ! -r /proc/net/ip_tables_names ] if [ ! -r /proc/net/ip_tables_names ]
then then
echo "Faking /proc/net/ip_tables_names" echo "Faking /proc/net/ip_tables_names"
@ -88,8 +79,7 @@ then
echo >&2 echo >&2
exit 1 exit 1
fi fi
export MYTMP
ETCSAVE=/etc/firehol.save$$
myexit() { myexit() {
rm -f /var/run/firehol.lck rm -f /var/run/firehol.lck
@ -104,6 +94,12 @@ trap myexit 0
TESTDIR=`pwd`/ TESTDIR=`pwd`/
export TESTDIR export TESTDIR
# Force the programs to find our special configuration
export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog
mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR"
sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config"
cp ../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR"
kcov=`which kcov 2> /dev/null` kcov=`which kcov 2> /dev/null`
if [ "$kcov" ] if [ "$kcov" ]
then then
@ -256,7 +252,7 @@ do
then then
echo "Cannot determine program for $conf" echo "Cannot determine program for $conf"
else else
script=../sbin/${program}.in script=../sbin/${program}
export script export script
total=$((total + 1)) total=$((total + 1))
@ -266,8 +262,8 @@ do
fi fi
# Define our configuration directory exactly as we want it # Define our configuration directory exactly as we want it
# note: we are running in a namespace with /etc/firehol as a tmpfs rm -rf $MYTMP/firehol
rm -rf /etc/firehol/* mkdir $MYTMP/firehol
# Default special cases: # Default special cases:
# - egrep because /sbin/egrep makes use of PATH to find 'grep -E' # - egrep because /sbin/egrep makes use of PATH to find 'grep -E'
@ -276,7 +272,7 @@ do
# - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc. # - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc.
# keep within our mounts # keep within our mounts
# - PATH reset to ensure it is off (some programs reset it) # - PATH reset to ensure it is off (some programs reset it)
cat > /etc/firehol/firehol-defaults.conf <<-! cat > $MYTMP/firehol/firehol-defaults.conf <<-!
EGREP_CMD='/bin/grep -E' EGREP_CMD='/bin/grep -E'
LOGGER_CMD='/bin/echo logger:' LOGGER_CMD='/bin/echo logger:'
LB_RUN_DIR=/var/run/firehol/link-balancer LB_RUN_DIR=/var/run/firehol/link-balancer
@ -296,7 +292,7 @@ do
"$pre_sh" "$conf" "$pre_sh" "$conf"
else else
# Or just take the defaults # Or just take the defaults
mkdir -p /etc/firehol/services mkdir -p $MYTMP/firehol/services
fi fi
# Run the script # Run the script
@ -313,7 +309,7 @@ do
status=$? status=$?
;; ;;
link-balancer|update-ipsets) link-balancer|update-ipsets)
cp "$conf" /etc/firehol/${program}.conf cp "$conf" $MYTMP/firehol/${program}.conf
$kcov "$script" > "$runlog" 2>&1 < /dev/null $kcov "$script" > "$runlog" 2>&1 < /dev/null
status=$? status=$?
;; ;;
@ -332,7 +328,7 @@ do
then then
errors=$((errors + 1)) errors=$((errors + 1))
echo "Unexpected run error - check $runlog" echo "Unexpected run error - check $runlog"
elif grep -q '\.in: line [0-9]*:' "$runlog" elif grep -q ': line [0-9]*:' "$runlog"
then then
errors=$((errors + 1)) errors=$((errors + 1))
echo "Unexpected runtime errors - check $runlog" echo "Unexpected runtime errors - check $runlog"