mirror of
https://github.com/firehol/firehol.git
synced 2024-06-16 03:58:22 +00:00
Use a regular shell file for installed config
This simplifies the scripts somewhat and the autoconf system quite a bit. To specify a non-default location for the config, export a directory in FIREHOL_OVERRIDE_PROGRAM_DIR and ensure it has an install.config and functions.common.
This commit is contained in:
parent
d104473f33
commit
caedbcd551
3
.gitattributes
vendored
3
.gitattributes
vendored
@ -1,3 +0,0 @@
|
|||||||
sbin/*.c ident export-subst
|
|
||||||
sbin/*.in ident export-subst
|
|
||||||
packaging/packver ident export-subst
|
|
10
.gitignore
vendored
10
.gitignore
vendored
@ -29,16 +29,10 @@ doc/apa*.html
|
|||||||
doc/services-?.xml
|
doc/services-?.xml
|
||||||
doc/service-links
|
doc/service-links
|
||||||
doc/tools/pandoc-post
|
doc/tools/pandoc-post
|
||||||
sbin/commands.sed
|
sbin/install.config
|
||||||
sbin/firehol
|
sbin/install.config.in
|
||||||
sbin/firehol.in
|
|
||||||
sbin/fireqos
|
|
||||||
sbin/link-balancer
|
|
||||||
sbin/vnetbuild
|
|
||||||
sbin/iprange
|
|
||||||
sbin/*.o
|
sbin/*.o
|
||||||
sbin/.deps
|
sbin/.deps
|
||||||
sbin/update-ipsets
|
|
||||||
unittest/coverage
|
unittest/coverage
|
||||||
*.xz
|
*.xz
|
||||||
*.gz
|
*.gz
|
||||||
|
@ -80,7 +80,7 @@ Since all components will go under `/usr/local`, you may prefer something
|
|||||||
like this:
|
like this:
|
||||||
|
|
||||||
~~~~
|
~~~~
|
||||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
|
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
|
||||||
make
|
make
|
||||||
make install
|
make install
|
||||||
~~~~
|
~~~~
|
||||||
|
@ -1,11 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Update autoconf scripts after a configure.ac change
|
# Update autoconf scripts after a configure.ac change
|
||||||
|
|
||||||
if [ ! -f .gitignore -o ! -f sbin/firehol.in ]
|
|
||||||
then
|
|
||||||
echo "Run as ./packaging/autogen.sh from a firehol git repository"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
|
11
build/subst.inc
Normal file
11
build/subst.inc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
.in:
|
||||||
|
if sed \
|
||||||
|
-e 's#[@]datarootdir_POST[@]#$(datarootdir)#g' \
|
||||||
|
-e 's#[@]localstatedir_POST[@]#$(localstatedir)#g' \
|
||||||
|
-e 's#[@]sysconfdir_POST[@]#$(sysconfdir)#g' \
|
||||||
|
$< > $@.tmp; then \
|
||||||
|
mv "$@.tmp" "$@"; \
|
||||||
|
else \
|
||||||
|
rm -f "$@.tmp"; \
|
||||||
|
false; \
|
||||||
|
fi
|
44
configure.ac
44
configure.ac
@ -18,22 +18,27 @@ AC_INIT([firehol],VERSION_NUMBER[]VERSION_SUFFIX,[firehol-devs@lists.firehol.org
|
|||||||
|
|
||||||
AC_CONFIG_MACRO_DIR([m4])
|
AC_CONFIG_MACRO_DIR([m4])
|
||||||
AC_CONFIG_AUX_DIR([autotool])
|
AC_CONFIG_AUX_DIR([autotool])
|
||||||
AC_CONFIG_SRCDIR([sbin/firehol.in])
|
AC_CONFIG_SRCDIR([sbin/firehol])
|
||||||
AC_CONFIG_SRCDIR([sbin/fireqos.in])
|
|
||||||
AC_CONFIG_SRCDIR([sbin/link-balancer.in])
|
|
||||||
AC_CONFIG_SRCDIR([sbin/update-ipsets.in])
|
|
||||||
AC_CONFIG_SRCDIR([sbin/vnetbuild.in])
|
|
||||||
AM_INIT_AUTOMAKE([gnu])
|
AM_INIT_AUTOMAKE([gnu])
|
||||||
AM_MAINTAINER_MODE([disable])
|
AM_MAINTAINER_MODE([disable])
|
||||||
|
|
||||||
dnl Checks for programs.
|
dnl Checks for programs.
|
||||||
AC_PROG_MAKE_SET
|
AC_PROG_MAKE_SET
|
||||||
|
|
||||||
|
dnl Check for functioning symbolic links
|
||||||
|
AC_PROG_LN_S
|
||||||
|
|
||||||
AM_CONDITIONAL([GIT_TREE], [test -f README.md])
|
AM_CONDITIONAL([GIT_TREE], [test -f README.md])
|
||||||
|
|
||||||
AX_FIREHOL_AUTOSAVE()
|
AX_FIREHOL_AUTOSAVE()
|
||||||
AX_FIREHOL_AUTOSAVE6()
|
AX_FIREHOL_AUTOSAVE6()
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([filename-versions],
|
||||||
|
[AS_HELP_STRING([--disable-filename-versions], [no versions on executable filenames @<:@enabled@:>@])],
|
||||||
|
,
|
||||||
|
[enable_filename_versions="yes"])
|
||||||
|
AM_CONDITIONAL([FILENAME_VERSIONS],[test "${enable_filename_versions}" = "yes"])
|
||||||
|
|
||||||
AC_ARG_ENABLE([doc],
|
AC_ARG_ENABLE([doc],
|
||||||
[AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])],
|
[AS_HELP_STRING([--disable-doc], [disable doc installation @<:@enabled@:>@])],
|
||||||
,
|
,
|
||||||
@ -147,6 +152,8 @@ if test x"$MAKEDIST_BUILD_ONLY" != xyes; then
|
|||||||
AX_NEED_EGREP()
|
AX_NEED_EGREP()
|
||||||
AX_NEED_GREP()
|
AX_NEED_GREP()
|
||||||
AX_NEED_SED()
|
AX_NEED_SED()
|
||||||
|
AX_NEED_PROG([READLINK], [readlink], [])
|
||||||
|
AX_NEED_PROG([DIRNAME], [dirname], [])
|
||||||
if test x"$enable_firehol" = xyes; then
|
if test x"$enable_firehol" = xyes; then
|
||||||
AC_MSG_NOTICE([Detecting commands for firehol])
|
AC_MSG_NOTICE([Detecting commands for firehol])
|
||||||
AX_NEED_PROG([CAT], [cat], [])
|
AX_NEED_PROG([CAT], [cat], [])
|
||||||
@ -154,14 +161,14 @@ AX_NEED_PROG([CHMOD], [chmod], [])
|
|||||||
AX_NEED_PROG([CHOWN], [chown], [])
|
AX_NEED_PROG([CHOWN], [chown], [])
|
||||||
AX_NEED_PROG([CP], [cp], [])
|
AX_NEED_PROG([CP], [cp], [])
|
||||||
AX_NEED_PROG([CUT], [cut], [])
|
AX_NEED_PROG([CUT], [cut], [])
|
||||||
AX_CHECK_PROG([DATE], [date], [])
|
AX_NEED_PROG([DATE], [date], [])
|
||||||
AX_NEED_PROG([EXPR], [expr], [])
|
AX_NEED_PROG([EXPR], [expr], [])
|
||||||
AX_NEED_PROG([FIND], [find], [])
|
AX_NEED_PROG([FIND], [find], [])
|
||||||
AX_NEED_PROG([FLOCK], [flock], [])
|
AX_NEED_PROG([FLOCK], [flock], [])
|
||||||
AX_NEED_PROG([FOLD], [fold], [])
|
AX_NEED_PROG([FOLD], [fold], [])
|
||||||
AX_NEED_PROG([HEAD], [head], [])
|
AX_NEED_PROG([HEAD], [head], [])
|
||||||
AX_CHECK_PROG([HOSTNAMECMD], [hostname], [])
|
AX_NEED_PROG([HOSTNAMECMD], [hostname], [])
|
||||||
AX_CHECK_PROG([IP], [ip], [])
|
AX_NEED_PROG([IP], [ip], [])
|
||||||
if test x"$enable_ipv6" = xyes; then
|
if test x"$enable_ipv6" = xyes; then
|
||||||
AX_CHECK_PROG([IP6TABLES], [ip6tables], [])
|
AX_CHECK_PROG([IP6TABLES], [ip6tables], [])
|
||||||
fi
|
fi
|
||||||
@ -196,11 +203,17 @@ AX_NEED_PROG([MORE], [cat], [])
|
|||||||
AX_NEED_PROG([MV], [mv], [])
|
AX_NEED_PROG([MV], [mv], [])
|
||||||
AX_CHECK_PROG([NFACCT], [nfacct], [])
|
AX_CHECK_PROG([NFACCT], [nfacct], [])
|
||||||
AX_CHECK_PROG([RENICE], [renice], [])
|
AX_CHECK_PROG([RENICE], [renice], [])
|
||||||
|
if test x"$RENICE" = x; then
|
||||||
|
AC_SUBST([RENICE], [:])
|
||||||
|
fi
|
||||||
AX_NEED_PROG([RM], [rm], [])
|
AX_NEED_PROG([RM], [rm], [])
|
||||||
AX_NEED_PROG([SLEEP], [sleep], [])
|
AX_NEED_PROG([SLEEP], [sleep], [])
|
||||||
AX_NEED_PROG([SORT], [sort], [])
|
AX_NEED_PROG([SORT], [sort], [])
|
||||||
AX_CHECK_PROG([SS], [ss], [])
|
AX_NEED_PROG([SS], [ss], [])
|
||||||
AX_CHECK_PROG([STTY], [stty], [])
|
AX_CHECK_PROG([STTY], [stty], [])
|
||||||
|
if test x"$STTY" = x; then
|
||||||
|
AC_SUBST([STTY], [:])
|
||||||
|
fi
|
||||||
AX_NEED_PROG([SYSCTL], [sysctl], [])
|
AX_NEED_PROG([SYSCTL], [sysctl], [])
|
||||||
AX_NEED_PROG([TAIL], [tail], [])
|
AX_NEED_PROG([TAIL], [tail], [])
|
||||||
AX_NEED_PROG([TOUCH], [touch], [])
|
AX_NEED_PROG([TOUCH], [touch], [])
|
||||||
@ -211,7 +224,7 @@ AX_NEED_PROG([UNIQ], [uniq], [])
|
|||||||
AX_NEED_PROG([WC], [wc], [])
|
AX_NEED_PROG([WC], [wc], [])
|
||||||
AX_CHECK_PROG([ZCAT], [zcat], [])
|
AX_CHECK_PROG([ZCAT], [zcat], [])
|
||||||
AX_CHECK_PROG([ZCAT], [gzcat], [])
|
AX_CHECK_PROG([ZCAT], [gzcat], [])
|
||||||
AX_CHECK_PROG([ZCAT], [gzip], [-dc])
|
AX_NEED_PROG([ZCAT], [gzip], [-dc])
|
||||||
fi
|
fi
|
||||||
if test x"$enable_fireqos" = xyes; then
|
if test x"$enable_fireqos" = xyes; then
|
||||||
AC_MSG_NOTICE([Detecting commands for fireqos])
|
AC_MSG_NOTICE([Detecting commands for fireqos])
|
||||||
@ -220,7 +233,7 @@ AX_NEED_PROG([CUT], [cut], [])
|
|||||||
AX_NEED_PROG([DATE], [date], [])
|
AX_NEED_PROG([DATE], [date], [])
|
||||||
AX_NEED_PROG([FLOCK], [flock], [])
|
AX_NEED_PROG([FLOCK], [flock], [])
|
||||||
AX_CHECK_PROG([GAWK], [gawk], [])
|
AX_CHECK_PROG([GAWK], [gawk], [])
|
||||||
AX_CHECK_PROG([GAWK], [awk], [])
|
AX_NEED_PROG([GAWK], [awk], [])
|
||||||
AX_NEED_PROG([IP], [ip], [])
|
AX_NEED_PROG([IP], [ip], [])
|
||||||
AX_NEED_PROG([LOGGER], [logger], [])
|
AX_NEED_PROG([LOGGER], [logger], [])
|
||||||
AX_NEED_PROG([LS], [ls], [])
|
AX_NEED_PROG([LS], [ls], [])
|
||||||
@ -284,7 +297,6 @@ AX_NEED_PROG([CURL], [curl], [])
|
|||||||
AX_NEED_PROG([CUT], [cut], [])
|
AX_NEED_PROG([CUT], [cut], [])
|
||||||
AX_NEED_PROG([DATE], [date], [])
|
AX_NEED_PROG([DATE], [date], [])
|
||||||
AX_NEED_PROG([DIFF], [diff], [])
|
AX_NEED_PROG([DIFF], [diff], [])
|
||||||
AX_NEED_PROG([DIRNAME], [dirname], [])
|
|
||||||
AX_NEED_PROG([FIND], [find], [])
|
AX_NEED_PROG([FIND], [find], [])
|
||||||
AX_NEED_PROG([FLOCK], [flock], [])
|
AX_NEED_PROG([FLOCK], [flock], [])
|
||||||
AX_NEED_PROG([FOLD], [fold], [])
|
AX_NEED_PROG([FOLD], [fold], [])
|
||||||
@ -302,6 +314,9 @@ AX_NEED_PROG([MKDIR], [mkdir], [])
|
|||||||
AX_NEED_PROG([MKTEMP], [mktemp], [])
|
AX_NEED_PROG([MKTEMP], [mktemp], [])
|
||||||
AX_NEED_PROG([MV], [mv], [])
|
AX_NEED_PROG([MV], [mv], [])
|
||||||
AX_CHECK_PROG([RENICE], [renice], [])
|
AX_CHECK_PROG([RENICE], [renice], [])
|
||||||
|
if test x"$RENICE" = x; then
|
||||||
|
AC_SUBST([RENICE], [:])
|
||||||
|
fi
|
||||||
AX_NEED_PROG([RM], [rm], [])
|
AX_NEED_PROG([RM], [rm], [])
|
||||||
AX_NEED_PROG([SORT], [sort], [])
|
AX_NEED_PROG([SORT], [sort], [])
|
||||||
AX_NEED_PROG([TAIL], [tail], [])
|
AX_NEED_PROG([TAIL], [tail], [])
|
||||||
@ -343,13 +358,12 @@ AX_CHECK_MINVER([IPRANGE_VERSION], MIN_IPRANGE_VERSION, [$IPRANGE],
|
|||||||
[], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)])
|
[], [AC_MSG_ERROR(could not find required version of iprange - check http://firehol.org/download/iprange/)])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AC_SUBST([AUTOCONF_RUN], [Y])
|
AC_SUBST([firehollibexecdir], ["\$(libexecdir)/firehol/\$(PACKAGE_VERSION)"])
|
||||||
|
|
||||||
AC_CONFIG_FILES([
|
AC_CONFIG_FILES([
|
||||||
Makefile
|
Makefile
|
||||||
sbin/Makefile
|
sbin/Makefile
|
||||||
sbin/commands.sed
|
sbin/install.config.in
|
||||||
sbin/firehol.in
|
|
||||||
m4/Makefile
|
m4/Makefile
|
||||||
doc/Makefile
|
doc/Makefile
|
||||||
doc/firehol/Makefile
|
doc/firehol/Makefile
|
||||||
|
@ -42,9 +42,7 @@ all-local: service-links
|
|||||||
|
|
||||||
MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks
|
MKSERVICELINKS = ${top_srcdir}/doc/tools/mkservicelinks
|
||||||
|
|
||||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
service-links: $(top_srcdir)/sbin/firehol services-db.data
|
||||||
|
|
||||||
service-links: $(FIREHOLIN) services-db.data
|
|
||||||
$(MKSERVICELINKS) service-links $+
|
$(MKSERVICELINKS) service-links $+
|
||||||
|
|
||||||
endif
|
endif
|
||||||
|
@ -151,9 +151,7 @@ FORMATTABLE = ${top_srcdir}/doc/tools/format-table
|
|||||||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||||
|
|
||||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
firehol-services.5.md: $(top_srcdir)/sbin/firehol ../services-db.data ../service-links
|
||||||
|
|
||||||
firehol-services.5.md: $(FIREHOLIN) ../services-db.data ../service-links
|
|
||||||
$(MKSERVICEMAN) firehol-services.5.md $+
|
$(MKSERVICEMAN) firehol-services.5.md $+
|
||||||
|
|
||||||
contents.md: *.1.md *.5.md contents.tpl
|
contents.md: *.1.md *.5.md contents.tpl
|
||||||
|
@ -46,7 +46,11 @@ To build and install taking the default options:
|
|||||||
./configure && make && sudo make install
|
./configure && make && sudo make install
|
||||||
|
|
||||||
|
|
||||||
Alternatively, just copy the `sbin/firehol.in` file to where you want it.
|
Since all components (including configuration files) will go
|
||||||
|
under `/usr/local`, you may prefer to configure more like this:
|
||||||
|
|
||||||
|
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib
|
||||||
|
|
||||||
All of the common SysVInit command line arguments are recognised which
|
All of the common SysVInit command line arguments are recognised which
|
||||||
makes it easy to deploy the script as a startup service.
|
makes it easy to deploy the script as a startup service.
|
||||||
|
|
||||||
|
@ -127,8 +127,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
|
|||||||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||||
|
|
||||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
|
||||||
|
|
||||||
man/man1/%.1: %.1.md
|
man/man1/%.1: %.1.md
|
||||||
$(MKDIR_P) man/man1
|
$(MKDIR_P) man/man1
|
||||||
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
||||||
|
@ -62,8 +62,6 @@ COMBINEPANDOC = ${top_srcdir}/doc/tools/combine-pandoc
|
|||||||
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
PANDOCPOST = ${top_srcdir}/doc/tools/pandoc-post
|
||||||
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
CHECKLINKS = ${top_srcdir}/doc/tools/check-links
|
||||||
|
|
||||||
FIREHOLIN = $(top_srcdir)/sbin/firehol.in
|
|
||||||
|
|
||||||
man/man1/%.1: %.1.md
|
man/man1/%.1: %.1.md
|
||||||
$(MKDIR_P) man/man1
|
$(MKDIR_P) man/man1
|
||||||
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
$(SED) -e '/^%/s/DATE/@PACKAGE_BUILT_DATE@/' -e '/^%/s/VERSION/@PACKAGE_VERSION@/' $< > tmp-manproc
|
||||||
|
@ -12,7 +12,7 @@ use File::Basename;
|
|||||||
if (@ARGV == 0) {
|
if (@ARGV == 0) {
|
||||||
print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n";
|
print "Usage: ./packaging/firehol/detect-cmd.pl configure.ac sbin/file.in ...\n";
|
||||||
print "\n";
|
print "\n";
|
||||||
print "Finds usages of commands which should be converted to \$COMMAND_CMD format\n";
|
print "Finds usages of commands which should be converted to \@COMMAND\@ format\n";
|
||||||
exit 0;
|
exit 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11,14 +11,15 @@ firehol_check_file() {
|
|||||||
sbin/Makefile.in)
|
sbin/Makefile.in)
|
||||||
:
|
:
|
||||||
;;
|
;;
|
||||||
configure.ac|sbin/commands.sed.in)
|
configure.ac|sbin/install.config.in.in)
|
||||||
check_commands sbin/firehol.in || status=1
|
check_commands sbin/firehol || status=1
|
||||||
check_commands sbin/fireqos.in || status=1
|
check_commands sbin/fireqos || status=1
|
||||||
check_commands sbin/link-balancer.in || status=1
|
check_commands sbin/link-balancer || status=1
|
||||||
check_commands sbin/update-ipsets.in || status=1
|
check_commands sbin/update-ipsets || status=1
|
||||||
check_commands sbin/vnetbuild.in || status=1
|
check_commands sbin/vnetbuild || status=1
|
||||||
|
check_detection_useful sbin/firehol sbin/fireqos sbin/link-balancer sbin/update-ipsets sbin/vnetbuild || status=1
|
||||||
;;
|
;;
|
||||||
sbin/*.in)
|
sbin/firehol|sbin/fireqos|sbin/link-balancer|sbin/update-ipsets|sbin/vnetbuild)
|
||||||
check_commands $filename || status=1
|
check_commands $filename || status=1
|
||||||
;;
|
;;
|
||||||
doc/services-db.data)
|
doc/services-db.data)
|
||||||
@ -50,8 +51,8 @@ check_commands() {
|
|||||||
|
|
||||||
get_staged_file $1
|
get_staged_file $1
|
||||||
get_staged_file configure.ac
|
get_staged_file configure.ac
|
||||||
get_staged_file sbin/commands.sed.in
|
get_staged_file sbin/install.config.in.in
|
||||||
get_staged_file sbin/functions.common.sh
|
get_staged_file sbin/functions.common
|
||||||
|
|
||||||
# Find commands that have been enclosed in quotes and remove anything after
|
# Find commands that have been enclosed in quotes and remove anything after
|
||||||
# if nothing matched the substitution, proceed to the next line
|
# if nothing matched the substitution, proceed to the next line
|
||||||
@ -98,40 +99,25 @@ check_commands() {
|
|||||||
cat $MYTMP/errors
|
cat $MYTMP/errors
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sed -n -e "s/^ *[YN]|//p" $MYTMP/files/$1 > $MYTMP/commands-defined
|
sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
|
||||||
|
|
||||||
for cmd in $(tr " " "\n" < $MYTMP/files/$1 |
|
for cmd in $(tr " " "\n" < $MYTMP/files/$1 |
|
||||||
sed -n -e 's/.*\(\<[A-Z0-9_]*\)_CMD.*/\1/p' | sort | uniq)
|
sed -n -e 's/.*\(\<[A-Z0-9_]*_CMD\).*/\1/p' | sort | uniq)
|
||||||
do
|
do
|
||||||
if ! grep -q "^${cmd}_CMD|" $MYTMP/commands-defined
|
autocmd=`grep "^${cmd} " $MYTMP/commands-defined | cut -f2 -d' '`
|
||||||
|
if [ ! "$autocmd" ]
|
||||||
then
|
then
|
||||||
status=1
|
status=1
|
||||||
echo "Missing definition of $cmd in $1 detection table."
|
echo "sbin/install.config.in.in: missing definition of $cmd (for $1)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Hostname is a special case - configure will expand it to running host,
|
if ! grep -q "_${autocmd}(\|\[$autocmd\]" $MYTMP/files/configure.ac
|
||||||
# overwriting the value we wanted to use.
|
|
||||||
if [ "$cmd" = "HOSTNAME" ]; then cmd="HOSTNAMECMD"; fi
|
|
||||||
if ! grep -q "_${cmd}(\|\[$cmd\]" $MYTMP/files/configure.ac
|
|
||||||
then
|
then
|
||||||
status=1
|
status=1
|
||||||
echo "Missing detection of $cmd for $1 in configure.ac"
|
echo "configure.ac: missing detection of $autocmd (for $1)"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
while IFS="|" read cmd subst defaults
|
|
||||||
do
|
|
||||||
if ! grep -q "\${*$cmd" $MYTMP/files/$1 $MYTMP/files/sbin/*.sh
|
|
||||||
then
|
|
||||||
status=1
|
|
||||||
echo "$cmd detected but never used in $1 or function libraries"
|
|
||||||
fi
|
|
||||||
if ! grep -q "#$subst#" $MYTMP/files/sbin/commands.sed.in
|
|
||||||
then
|
|
||||||
status=1
|
|
||||||
echo "$cmd detected but $subst never substituted by sbin/commands.sed.in"
|
|
||||||
fi
|
|
||||||
done < $MYTMP/commands-defined
|
|
||||||
|
|
||||||
(
|
(
|
||||||
a=`pwd`
|
a=`pwd`
|
||||||
cd $MYTMP/files
|
cd $MYTMP/files
|
||||||
@ -141,3 +127,37 @@ check_commands() {
|
|||||||
|
|
||||||
return $status
|
return $status
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_detection_useful() {
|
||||||
|
local status=0
|
||||||
|
|
||||||
|
touch $MYTMP/commands-checked
|
||||||
|
if grep -q -F -z "$1" $MYTMP/commands-checked
|
||||||
|
then
|
||||||
|
# Only check a file once - an edit to some files checks multiple
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
echo "$1" >> $MYTMP/commands-checked
|
||||||
|
fi
|
||||||
|
|
||||||
|
list=
|
||||||
|
for i in "$@"
|
||||||
|
do
|
||||||
|
get_staged_file $1
|
||||||
|
list="$list $MYTMP/files/$1"
|
||||||
|
done
|
||||||
|
get_staged_file configure.ac
|
||||||
|
get_staged_file sbin/install.config.in.in
|
||||||
|
get_staged_file sbin/functions.common
|
||||||
|
|
||||||
|
sed -n -e 's/\(.*_CMD\)="[@]\(.*\)[@]"/\1 \2/p' $MYTMP/files/sbin/install.config.in.in > $MYTMP/commands-defined
|
||||||
|
|
||||||
|
while read cmd subst
|
||||||
|
do
|
||||||
|
if ! grep -q "\${*$cmd" $list $MYTMP/files/sbin/functions.*
|
||||||
|
then
|
||||||
|
status=1
|
||||||
|
echo "$cmd detected but never used in $1 or function libraries"
|
||||||
|
fi
|
||||||
|
done < $MYTMP/commands-defined
|
||||||
|
}
|
||||||
|
@ -51,11 +51,7 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \
|
|||||||
-e '/: tmp-anchor-links$/d' \
|
-e '/: tmp-anchor-links$/d' \
|
||||||
-e '/: tmp-manproc$/d' \
|
-e '/: tmp-manproc$/d' \
|
||||||
-e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \
|
-e '/: .*\.tar\.\(gz\|bz2\|xz\)$/d' \
|
||||||
-e '/: unittest$/d' \
|
-e '/: unittest$/d' > $MYTMP/out
|
||||||
-e '/: iprange$/d' \
|
|
||||||
-e '/: .*\.o$/d' \
|
|
||||||
-e '/sbin: \(firehol\|fireqos\|link-balancer\)$/d' \
|
|
||||||
-e '/sbin: \(update-ipsets\|vnetbuild\|commands.sed\)$/d' > $MYTMP/out
|
|
||||||
|
|
||||||
cat $MYTMP/out
|
cat $MYTMP/out
|
||||||
test -s $MYTMP/out && exit 1
|
test -s $MYTMP/out && exit 1
|
||||||
|
@ -1,38 +1,11 @@
|
|||||||
# Process this file with automake to produce Makefile.in
|
# Process this file with automake to produce Makefile.in
|
||||||
|
|
||||||
libarchinddir = $(prefix)/lib
|
|
||||||
|
|
||||||
scriptsin = \
|
inclibdir = @firehollibexecdir@
|
||||||
firehol.in \
|
|
||||||
fireqos.in \
|
|
||||||
link-balancer.in \
|
|
||||||
update-ipsets.in \
|
|
||||||
vnetbuild.in
|
|
||||||
|
|
||||||
inclibdir = $(libarchinddir)/firehol
|
include $(top_srcdir)/build/subst.inc
|
||||||
|
|
||||||
SUFFIXES = .in
|
SUFFIXES = .in
|
||||||
.in:
|
|
||||||
if [ "$@" = "commands.sed.in" ]; then \
|
|
||||||
true; \
|
|
||||||
elif sed \
|
|
||||||
-e '/^# Start defaults before configure/,/^# End/d' \
|
|
||||||
-e 's#[$$]prefix_POST#$(prefix)#g' \
|
|
||||||
-e 's#[$$]bindir_POST#$(bindir)#g' \
|
|
||||||
-e 's#[$$]libdir_POST#$(inclibdir)#g' \
|
|
||||||
-e 's#[$$]localstatedir_POST#$(localstatedir)#g' \
|
|
||||||
-e 's#[$$]sysconfdir_POST#$(sysconfdir)#g' \
|
|
||||||
-f commands.sed \
|
|
||||||
$< > $@.tmp; then \
|
|
||||||
mv "$@.tmp" "$@"; \
|
|
||||||
chmod 755 "$@"; \
|
|
||||||
else \
|
|
||||||
rm -f "$@.tmp"; \
|
|
||||||
false; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
inclib_DATA = \
|
|
||||||
functions.common.sh
|
|
||||||
|
|
||||||
scripts =
|
scripts =
|
||||||
if ENABLE_FIREHOL
|
if ENABLE_FIREHOL
|
||||||
@ -55,12 +28,29 @@ if ENABLE_VNETBUILD
|
|||||||
scripts += vnetbuild
|
scripts += vnetbuild
|
||||||
endif
|
endif
|
||||||
|
|
||||||
sbin_SCRIPTS = $(scripts)
|
CLEANFILES = install.config
|
||||||
|
|
||||||
|
inclib_DATA = \
|
||||||
|
functions.common \
|
||||||
|
install.config \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
inclib_SCRIPTS = $(scripts)
|
||||||
|
|
||||||
EXTRA_DIST = \
|
EXTRA_DIST = \
|
||||||
commands.sed.in \
|
functions.common \
|
||||||
$(scriptsin) \
|
install.config.in \
|
||||||
$(inclib_DATA)
|
$(scripts) \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
uninstall-local:
|
install-exec-hook:
|
||||||
|
$(MKDIR_P) $(DESTDIR)$(sbindir)
|
||||||
|
for i in $(scripts); do \
|
||||||
|
$(RM) -f $(DESTDIR)$(sbindir)/$$i; \
|
||||||
|
$(LN_S) $(DESTDIR)$(inclibdir)/$$i $(DESTDIR)$(sbindir); done
|
||||||
|
|
||||||
|
uninstall-hook:
|
||||||
|
for i in $(scripts); do \
|
||||||
|
$(RM) -f $(DESTDIR)$(sbindir)/$$i; done
|
||||||
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir)
|
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir)
|
||||||
|
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(sbindir)
|
||||||
|
@ -1,74 +0,0 @@
|
|||||||
/VERSION=/s#'[$]Id.*'#'@PACKAGE_VERSION@'#g
|
|
||||||
s#[@]BRIDGE@#@BRIDGE@#g
|
|
||||||
s#[@]CAT@#@CAT@#g
|
|
||||||
s#[@]CHMOD@#@CHMOD@#g
|
|
||||||
s#[@]CHOWN@#@CHOWN@#g
|
|
||||||
s#[@]CP@#@CP@#g
|
|
||||||
s#[@]CURL@#@CURL@#g
|
|
||||||
s#[@]CUT@#@CUT@#g
|
|
||||||
s#[@]DATE@#@DATE@#g
|
|
||||||
s#[@]DIFF@#@DIFF@#g
|
|
||||||
s#[@]DIRNAME@#@DIRNAME@#g
|
|
||||||
s#[@]EGREP@#@EGREP@#g
|
|
||||||
s#[@]ENV@#@ENV@#g
|
|
||||||
s#[@]EXPR@#@EXPR@#g
|
|
||||||
s#[@]FIND@#@FIND@#g
|
|
||||||
s#[@]FLOCK@#@FLOCK@#g
|
|
||||||
s#[@]FOLD@#@FOLD@#g
|
|
||||||
s#[@]FUNZIP@#@FUNZIP@#g
|
|
||||||
s#[@]JQ@#@JQ@#g
|
|
||||||
s#[@]GAWK@#@GAWK@#g
|
|
||||||
s#[@]GIT@#@GIT@#g
|
|
||||||
s#[@]GREP@#@GREP@#g
|
|
||||||
s#[@]HEAD@#@HEAD@#g
|
|
||||||
s#[@]HOSTNAMECMD@#@HOSTNAMECMD@#g
|
|
||||||
s#[@]IP6TABLES@#@IP6TABLES@#g
|
|
||||||
s#[@]IP6TABLES_RESTORE@#@IP6TABLES_RESTORE@#g
|
|
||||||
s#[@]IP6TABLES_SAVE@#@IP6TABLES_SAVE@#g
|
|
||||||
s#[@]IP@#@IP@#g
|
|
||||||
s#[@]IPRANGE@#@IPRANGE@#g
|
|
||||||
s#[@]IPSET@#@IPSET@#g
|
|
||||||
s#[@]IPTABLES@#@IPTABLES@#g
|
|
||||||
s#[@]IPTABLES_RESTORE@#@IPTABLES_RESTORE@#g
|
|
||||||
s#[@]IPTABLES_SAVE@#@IPTABLES_SAVE@#g
|
|
||||||
s#[@]JQ@#@JQ@#g
|
|
||||||
s#[@]LN@#@LN@#g
|
|
||||||
s#[@]LOGGER@#@LOGGER@#g
|
|
||||||
s#[@]LS@#@LS@#g
|
|
||||||
s#[@]LSMOD@#@LSMOD@#g
|
|
||||||
s#[@]MKDIR@#@MKDIR@#g
|
|
||||||
s#[@]MKTEMP@#@MKTEMP@#g
|
|
||||||
s#[@]MODPROBE@#@MODPROBE@#g
|
|
||||||
s#[@]MORE@#@MORE@#g
|
|
||||||
s#[@]MV@#@MV@#g
|
|
||||||
s#[@]NEATO@#@NEATO@#g
|
|
||||||
s#[@]NFACCT@#@NFACCT@#g
|
|
||||||
s#[@]PING6@#@PING6@#g
|
|
||||||
s#[@]PING@#@PING@#g
|
|
||||||
s#[@]RENICE@#@RENICE@#g
|
|
||||||
s#[@]RMMOD@#@RMMOD@#g
|
|
||||||
s#[@]RM@#@RM@#g
|
|
||||||
s#[@]SCREEN@#@SCREEN@#g
|
|
||||||
s#[@]SED@#@SED@#g
|
|
||||||
s#[@]SEQ@#@SEQ@#g
|
|
||||||
s#[@]SH@#@SH@#g
|
|
||||||
s#[@]SLEEP@#@SLEEP@#g
|
|
||||||
s#[@]SORT@#@SORT@#g
|
|
||||||
s#[@]SS@#@SS@#g
|
|
||||||
s#[@]STTY@#@STTY@#g
|
|
||||||
s#[@]SYSCTL@#@SYSCTL@#g
|
|
||||||
s#[@]TAIL@#@TAIL@#g
|
|
||||||
s#[@]TAR@#@TAR@#g
|
|
||||||
s#[@]TCPDUMP@#@TCPDUMP@#g
|
|
||||||
s#[@]TC@#@TC@#g
|
|
||||||
s#[@]TOUCH@#@TOUCH@#g
|
|
||||||
s#[@]TPUT@#@TPUT@#g
|
|
||||||
s#[@]TRACEROUTE@#@TRACEROUTE@#g
|
|
||||||
s#[@]TR@#@TR@#g
|
|
||||||
s#[@]UNAME@#@UNAME@#g
|
|
||||||
s#[@]UNIQ@#@UNIQ@#g
|
|
||||||
s#[@]UNZIP@#@UNZIP@#g
|
|
||||||
s#[@]WC@#@WC@#g
|
|
||||||
s#[@]WGET@#@WGET@#g
|
|
||||||
s#[@]WHOIS@#@WHOIS@#g
|
|
||||||
s#[@]ZCAT@#@ZCAT@#g
|
|
@ -25,31 +25,28 @@
|
|||||||
# See the file COPYING for details.
|
# See the file COPYING for details.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION='$Id$'
|
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||||
PROGRAM_FILE="${0}"
|
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||||
PROGRAM_DIR="${0%/*}"
|
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
then
|
||||||
|
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||||
|
else
|
||||||
|
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||||
|
fi
|
||||||
PROGRAM_PWD="${PWD}"
|
PROGRAM_PWD="${PWD}"
|
||||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||||
|
|
||||||
# Start defaults before configure
|
for functions_file in install.config functions.common
|
||||||
prefix_POST=/usr
|
|
||||||
sysconfdir_POST=/etc
|
|
||||||
localstatedir_POST=/var
|
|
||||||
libdir_POST=$PROGRAM_DIR
|
|
||||||
# End defaults before configure
|
|
||||||
for functions_file in $libdir_POST/functions.common.sh
|
|
||||||
do
|
do
|
||||||
if [ -r $functions_file ]
|
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||||
then
|
then
|
||||||
source $functions_file
|
source "$PROGRAM_DIR/$functions_file"
|
||||||
else
|
else
|
||||||
1>&2 echo "Cannot access $functions_file"
|
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
|
||||||
common_disable_localization || exit
|
common_disable_localization || exit
|
||||||
common_private_umask || exit
|
common_private_umask || exit
|
||||||
common_require_root || exit
|
common_require_root || exit
|
||||||
@ -232,16 +229,6 @@ markdef() {
|
|||||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
if [ "@AUTOCONF_RUN@" = "Y" ]
|
|
||||||
then
|
|
||||||
FIREHOL_AUTOSAVE="@FIREHOL_AUTOSAVE@"
|
|
||||||
FIREHOL_AUTOSAVE6="@FIREHOL_AUTOSAVE6@"
|
|
||||||
ENABLE_IPV4="@IPV4_ENABLED@"
|
|
||||||
ENABLE_IPV6="@IPV6_ENABLED@"
|
|
||||||
else
|
|
||||||
FIREHOL_CONFIG_DIR="/etc/firehol"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# --- BEGIN OF FIREHOL DEFAULTS ---
|
# --- BEGIN OF FIREHOL DEFAULTS ---
|
||||||
|
|
||||||
# These are the defaults for FireHOL.
|
# These are the defaults for FireHOL.
|
||||||
@ -252,26 +239,23 @@ fi
|
|||||||
|
|
||||||
# FireHOL config directory.
|
# FireHOL config directory.
|
||||||
# EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE
|
# EVEN IF YOU CHANGE THIS, THE firehol-defaults.conf FILE
|
||||||
# SHOULD STILL EXIST IN THE ORIGINAL $FIREHOL_CONFIG_DIR
|
# SHOULD STILL EXIST IN THE ORIGINAL $SYSCONFDIR/firehol
|
||||||
FIREHOL_CONFIG_DIR="$FIREHOL_CONFIG_DIR"
|
FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR}"
|
||||||
|
|
||||||
# FireHOL services directory.
|
# FireHOL services directory.
|
||||||
# FireHOL will look into this directory for service
|
# FireHOL will look into this directory for service
|
||||||
# definition files (*.conf).
|
# definition files (*.conf).
|
||||||
# Package maintainers may install their service definitions
|
# Package maintainers may install their service definitions
|
||||||
# in this directory.
|
# in this directory.
|
||||||
# Default: /etc/firehol/services
|
# Default: $SYSCONFDIR/firehol/services
|
||||||
FIREHOL_SERVICES_DIR="${FIREHOL_CONFIG_DIR}/services"
|
FIREHOL_SERVICES_DIR="${FIREHOL_SERVICES_DIR}"
|
||||||
|
|
||||||
# Where to permanently save state information?
|
# Where to permanently save state information?
|
||||||
# Default: /var/spool/firehol
|
# Default: $LOCALSTATEDIR/spool/firehol
|
||||||
FIREHOL_SPOOL_DIR="/var/spool/firehol"
|
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR}"
|
||||||
|
|
||||||
# Where temporary files should go?
|
# Where temporary files should go?
|
||||||
# /var/run is usualy a ram drive, so we prefer to use
|
FIREHOL_RUN_DIR="${FIREHOL_RUN_DIR}"
|
||||||
# this for temporary files.
|
|
||||||
# Default: /var/run/firehol
|
|
||||||
FIREHOL_RUN_DIR="/var/run/firehol"
|
|
||||||
|
|
||||||
# show a spinner during processing that shows
|
# show a spinner during processing that shows
|
||||||
# number of iptables statements generated
|
# number of iptables statements generated
|
||||||
@ -780,7 +764,7 @@ IPTRAP_DEFAULT_IPSET_COUNTERS_OPTIONS="timeout 3600 counters"
|
|||||||
# FireHOL will overwite these settings with the contents of the files with
|
# FireHOL will overwite these settings with the contents of the files with
|
||||||
# the same names in ${FIREHOL_CONFIG_DIR}.
|
# the same names in ${FIREHOL_CONFIG_DIR}.
|
||||||
#
|
#
|
||||||
# For example, RESERVED_IPV4 will be set from /etc/firehol/RESERVED_IPV4
|
# For example, RESERVED_IPV4 will be set from $SYSCONFDIR/firehol/RESERVED_IPV4
|
||||||
|
|
||||||
# IANA reserved address space that should never appear
|
# IANA reserved address space that should never appear
|
||||||
RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 "
|
RESERVED_IPV4="0.0.0.0/8 127.0.0.0/8 240.0.0.0/4 "
|
||||||
@ -848,59 +832,6 @@ fi
|
|||||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
|
||||||
Y|CAT_CMD|@CAT@|cat
|
|
||||||
Y|CUT_CMD|@CUT@|cut
|
|
||||||
Y|CHOWN_CMD|@CHOWN@|chown
|
|
||||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
|
||||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
|
||||||
Y|EXPR_CMD|@EXPR@|expr
|
|
||||||
Y|FIND_CMD|@FIND@|find
|
|
||||||
Y|FOLD_CMD|@FOLD@|fold
|
|
||||||
Y|GREP_CMD|@GREP@|grep
|
|
||||||
Y|HEAD_CMD|@HEAD@|head
|
|
||||||
Y|TAIL_CMD|@TAIL@|tail
|
|
||||||
Y|LS_CMD|@LS@|ls
|
|
||||||
Y|LSMOD_CMD|@LSMOD@|lsmod
|
|
||||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
|
||||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
|
||||||
Y|MV_CMD|@MV@|mv
|
|
||||||
Y|RM_CMD|@RM@|rm
|
|
||||||
Y|SED_CMD|@SED@|sed
|
|
||||||
Y|SORT_CMD|@SORT@|sort
|
|
||||||
Y|SYSCTL_CMD|@SYSCTL@|sysctl
|
|
||||||
Y|TOUCH_CMD|@TOUCH@|touch
|
|
||||||
Y|TR_CMD|@TR@|tr
|
|
||||||
Y|UNAME_CMD|@UNAME@|uname
|
|
||||||
Y|UNIQ_CMD|@UNIQ@|uniq
|
|
||||||
Y|LOGGER_CMD|@LOGGER@|logger
|
|
||||||
Y|FLOCK_CMD|@FLOCK@|flock
|
|
||||||
N|NFACCT_CMD|@NFACCT@|nfacct
|
|
||||||
N|IPRANGE_CMD|@IPRANGE@|iprange
|
|
||||||
N|IPSET_CMD|@IPSET@|ipset
|
|
||||||
N|IPTABLES_CMD|@IPTABLES@|iptables
|
|
||||||
N|IP6TABLES_CMD|@IP6TABLES@|ip6tables
|
|
||||||
N|IPTABLES_SAVE_CMD|@IPTABLES_SAVE@|iptables-save
|
|
||||||
N|IP6TABLES_SAVE_CMD|@IP6TABLES_SAVE@|ip6tables-save
|
|
||||||
N|IPTABLES_RESTORE_CMD|@IPTABLES_RESTORE@|iptables-restore
|
|
||||||
N|IP6TABLES_RESTORE_CMD|@IP6TABLES_RESTORE@|ip6tables-restore
|
|
||||||
Y|MORE_CMD|@MORE@|pager less more cat
|
|
||||||
Y|RENICE_CMD|@RENICE@|renice :
|
|
||||||
Y|STTY_CMD|@STTY@|stty :
|
|
||||||
N|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
|
|
||||||
N|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
|
|
||||||
N|IP_CMD|@IP@|ip
|
|
||||||
N|SS_CMD|@SS@|ss
|
|
||||||
N|DATE_CMD|@DATE@|date
|
|
||||||
N|HOSTNAME_CMD|@HOSTNAMECMD@|hostname
|
|
||||||
N|TPUT_CMD|@TPUT@|tput
|
|
||||||
Y|WC_CMD|@WC@|wc
|
|
||||||
Y|CP_CMD|@CP@|cp
|
|
||||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
|
||||||
!
|
|
||||||
status=$?
|
|
||||||
test $status -eq 0 || exit $status
|
|
||||||
|
|
||||||
emit_version() {
|
emit_version() {
|
||||||
${CAT_CMD} <<EOF
|
${CAT_CMD} <<EOF
|
||||||
|
|
||||||
@ -931,16 +862,16 @@ test ${RUNNING_ON_TERMINAL} -eq 0 && FIREHOL_ENABLE_SPINNER=0
|
|||||||
|
|
||||||
FIREHOL_HAVE_IPRANGE=1
|
FIREHOL_HAVE_IPRANGE=1
|
||||||
IPRANGE_WARNING=0
|
IPRANGE_WARNING=0
|
||||||
|
IPRANGE_REDUCE=Y
|
||||||
if [ ! -z "${IPRANGE_CMD}" ]
|
if [ ! -z "${IPRANGE_CMD}" ]
|
||||||
then
|
then
|
||||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD=
|
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_REDUCE=
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${IPRANGE_CMD}" ]
|
if [ -z "${IPRANGE_CMD}" -o -z "$IPRANGE_REDUCE" ]
|
||||||
then
|
then
|
||||||
FIREHOL_HAVE_IPRANGE=0
|
FIREHOL_HAVE_IPRANGE=0
|
||||||
IPRANGE_WARNING=1
|
IPRANGE_WARNING=1
|
||||||
IPRANGE_CMD=
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ENABLE_ACCOUNTING=1
|
ENABLE_ACCOUNTING=1
|
||||||
@ -1003,6 +934,15 @@ then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! ${FIREHOL_LOAD_KERNEL_MODULES} -eq 0 ]
|
||||||
|
then
|
||||||
|
if [ -z "${MODPROBE_CMD}" ]
|
||||||
|
then
|
||||||
|
echo >&2 " WARNING: no modprobe command: module loading disabled"
|
||||||
|
FIREHOL_LOAD_KERNEL_MODULES=0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
firehol_concurrent_run_lock() {
|
firehol_concurrent_run_lock() {
|
||||||
exec 200>"${FIREHOL_LOCK_FILE}"
|
exec 200>"${FIREHOL_LOCK_FILE}"
|
||||||
if [ $? -ne 0 ]; then exit; fi
|
if [ $? -ne 0 ]; then exit; fi
|
||||||
@ -12469,7 +12409,7 @@ then
|
|||||||
then
|
then
|
||||||
# RedHat
|
# RedHat
|
||||||
FIREHOL_AUTOSAVE="/etc/sysconfig/iptables"
|
FIREHOL_AUTOSAVE="/etc/sysconfig/iptables"
|
||||||
elif [ -d "/var/lib/iptables" ]
|
elif [ -d "$LOCALSTATEDIR/lib/iptables" ]
|
||||||
then
|
then
|
||||||
if [ -f /etc/conf.d/iptables ]
|
if [ -f /etc/conf.d/iptables ]
|
||||||
then
|
then
|
||||||
@ -12483,7 +12423,7 @@ then
|
|||||||
if [ -z "${FIREHOL_AUTOSAVE}" ]
|
if [ -z "${FIREHOL_AUTOSAVE}" ]
|
||||||
then
|
then
|
||||||
# Debian
|
# Debian
|
||||||
FIREHOL_AUTOSAVE="/var/lib/iptables/autosave"
|
FIREHOL_AUTOSAVE="$LOCALSTATEDIR/lib/iptables/autosave"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE."
|
error "Cannot find where to save iptables file. Please set FIREHOL_AUTOSAVE."
|
@ -25,31 +25,28 @@
|
|||||||
# See the file COPYING for details.
|
# See the file COPYING for details.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION='$Id$'
|
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||||
PROGRAM_FILE="${0}"
|
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||||
PROGRAM_DIR="${0%/*}"
|
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
then
|
||||||
|
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||||
|
else
|
||||||
|
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||||
|
fi
|
||||||
PROGRAM_PWD="${PWD}"
|
PROGRAM_PWD="${PWD}"
|
||||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||||
|
|
||||||
# Start defaults before configure
|
for functions_file in install.config functions.common
|
||||||
prefix_POST=/usr
|
|
||||||
sysconfdir_POST=/etc
|
|
||||||
localstatedir_POST=/var
|
|
||||||
libdir_POST=$PROGRAM_DIR
|
|
||||||
# End defaults before configure
|
|
||||||
for functions_file in $libdir_POST/functions.common.sh
|
|
||||||
do
|
do
|
||||||
if [ -r $functions_file ]
|
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||||
then
|
then
|
||||||
source $functions_file
|
source "$PROGRAM_DIR/$functions_file"
|
||||||
else
|
else
|
||||||
1>&2 echo "Cannot access $functions_file"
|
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
|
||||||
common_disable_localization || exit
|
common_disable_localization || exit
|
||||||
common_public_umask || exit
|
common_public_umask || exit
|
||||||
common_require_root || exit
|
common_require_root || exit
|
||||||
@ -63,9 +60,9 @@ shopt -s extglob
|
|||||||
|
|
||||||
FIREQOS_SYSLOG_FACILITY="daemon"
|
FIREQOS_SYSLOG_FACILITY="daemon"
|
||||||
FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf"
|
FIREQOS_CONFIG="${FIREHOL_CONFIG_DIR}/fireqos.conf"
|
||||||
FIREQOS_LOCK_FILE=/var/run/fireqos.lock
|
FIREQOS_LOCK_FILE="$LOCALSTATEDIR/run/fireqos.lock"
|
||||||
FIREQOS_LOCK_FILE_TIMEOUT=600
|
FIREQOS_LOCK_FILE_TIMEOUT=600
|
||||||
FIREQOS_DIR=/var/run/fireqos
|
FIREQOS_DIR="$LOCALSTATEDIR/run/fireqos"
|
||||||
FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM"
|
FIREQOS_SAVE="${FIREQOS_DIR}/.tmp.save.$$.$RANDOM"
|
||||||
|
|
||||||
# Gets set to 1 if this system cannot handle sub-second resolution
|
# Gets set to 1 if this system cannot handle sub-second resolution
|
||||||
@ -111,35 +108,6 @@ then
|
|||||||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
|
||||||
N|TPUT_CMD|@TPUT@|tput
|
|
||||||
Y|IP_CMD|@IP@|ip
|
|
||||||
Y|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
|
|
||||||
Y|RMMOD_CMD|@RMMOD@|rmmod
|
|
||||||
Y|FLOCK_CMD|@FLOCK@|flock
|
|
||||||
Y|GREP_CMD|@GREP@|grep
|
|
||||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
|
||||||
Y|CAT_CMD|@CAT@|cat
|
|
||||||
Y|CUT_CMD|@CUT@|cut
|
|
||||||
Y|SED_CMD|@SED@|sed
|
|
||||||
Y|TOUCH_CMD|@TOUCH@|touch
|
|
||||||
Y|TR_CMD|@TR@|tr
|
|
||||||
Y|MV_CMD|@MV@|mv
|
|
||||||
Y|LOGGER_CMD|@LOGGER@|logger
|
|
||||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
|
||||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
|
||||||
Y|RM_CMD|@RM@|rm
|
|
||||||
Y|TC_CMD|@TC@|tc
|
|
||||||
N|GAWK_CMD|@GAWK@|gawk awk
|
|
||||||
N|TCPDUMP_CMD|@TCPDUMP@|tcpdump
|
|
||||||
Y|SEQ_CMD|@SEQ@|seq
|
|
||||||
Y|LS_CMD|@LS@|ls
|
|
||||||
Y|DATE_CMD|@DATE@|date
|
|
||||||
Y|TAIL_CMD|@TAIL@|tail
|
|
||||||
!
|
|
||||||
status=$?
|
|
||||||
test $status -eq 0 || exit $status
|
|
||||||
|
|
||||||
RUNNING_ON_TERMINAL=0
|
RUNNING_ON_TERMINAL=0
|
||||||
if [ "z$1" = "z-nc" ]
|
if [ "z$1" = "z-nc" ]
|
||||||
then
|
then
|
||||||
@ -277,7 +245,6 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
|
|||||||
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
||||||
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
||||||
|
|
||||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}"
|
|
||||||
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
||||||
then
|
then
|
||||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
99
sbin/functions.common
Normal file
99
sbin/functions.common
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
#
|
||||||
|
# Copyright
|
||||||
|
#
|
||||||
|
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
|
||||||
|
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
|
||||||
|
#
|
||||||
|
# See sbin/firehol.in for details
|
||||||
|
#
|
||||||
|
# This file contains functions used by the firehol suite.
|
||||||
|
# To keep the namespace clean, functions defined in functions.x.sh
|
||||||
|
# should be of the form x_whatever() if they are intended for general
|
||||||
|
# use or int_x_whatever() if they are intended as helpers to the other
|
||||||
|
# functions in the file.
|
||||||
|
#
|
||||||
|
|
||||||
|
common_require_cmd() {
|
||||||
|
local progname="$1" var="$2" val=
|
||||||
|
|
||||||
|
eval val=\$\{${var}\}
|
||||||
|
if [ "${val}" ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
$CAT_CMD >&2 <<-__EOF__
|
||||||
|
ERROR: $progname feature requires $var
|
||||||
|
|
||||||
|
You have invoked the program requesting a feature which uses
|
||||||
|
a program which was not available when $progname was installed.
|
||||||
|
|
||||||
|
Please re-install $progname with a suitable command available.
|
||||||
|
__EOF__
|
||||||
|
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
common_require_root() {
|
||||||
|
if [ "${UID}" != 0 ]
|
||||||
|
then
|
||||||
|
echo >&2
|
||||||
|
echo >&2 "ERROR:"
|
||||||
|
echo >&2 "Only user root can run ${1}"
|
||||||
|
echo >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
common_disable_localization() {
|
||||||
|
export LC_ALL=C
|
||||||
|
}
|
||||||
|
|
||||||
|
common_private_umask() {
|
||||||
|
# Make sure our generated files cannot be accessed by anyone else.
|
||||||
|
umask 077
|
||||||
|
}
|
||||||
|
|
||||||
|
common_public_umask() {
|
||||||
|
# let everyone read our status info
|
||||||
|
umask 022
|
||||||
|
}
|
||||||
|
|
||||||
|
common_setup_terminal() {
|
||||||
|
# Are stdout/stderr on the terminal? If not, then fail
|
||||||
|
test -t 2 || return 1
|
||||||
|
test -t 1 || return 1
|
||||||
|
|
||||||
|
if [ ! -z "$TPUT_CMD" ]
|
||||||
|
then
|
||||||
|
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
|
||||||
|
then
|
||||||
|
# Enable colors
|
||||||
|
COLOR_RESET="\e[0m"
|
||||||
|
COLOR_BLACK="\e[30m"
|
||||||
|
COLOR_RED="\e[31m"
|
||||||
|
COLOR_GREEN="\e[32m"
|
||||||
|
COLOR_YELLOW="\e[33m"
|
||||||
|
COLOR_BLUE="\e[34m"
|
||||||
|
COLOR_PURPLE="\e[35m"
|
||||||
|
COLOR_CYAN="\e[36m"
|
||||||
|
COLOR_WHITE="\e[37m"
|
||||||
|
COLOR_BGBLACK="\e[40m"
|
||||||
|
COLOR_BGRED="\e[41m"
|
||||||
|
COLOR_BGGREEN="\e[42m"
|
||||||
|
COLOR_BGYELLOW="\e[43m"
|
||||||
|
COLOR_BGBLUE="\e[44m"
|
||||||
|
COLOR_BGPURPLE="\e[45m"
|
||||||
|
COLOR_BGCYAN="\e[46m"
|
||||||
|
COLOR_BGWHITE="\e[47m"
|
||||||
|
COLOR_BOLD="\e[1m"
|
||||||
|
COLOR_DIM="\e[2m"
|
||||||
|
COLOR_UNDERLINED="\e[4m"
|
||||||
|
COLOR_BLINK="\e[5m"
|
||||||
|
COLOR_INVERTED="\e[7m"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
@ -1,239 +0,0 @@
|
|||||||
#
|
|
||||||
# Copyright
|
|
||||||
#
|
|
||||||
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
|
|
||||||
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
|
|
||||||
#
|
|
||||||
# See sbin/firehol.in for details
|
|
||||||
#
|
|
||||||
# This file contains functions used by the firehol suite.
|
|
||||||
# To keep the namespace clean, functions defined in functions.x.sh
|
|
||||||
# should be of the form x_whatever() if they are intended for general
|
|
||||||
# use or int_x_whatever() if they are intended as helpers to the other
|
|
||||||
# functions in the file.
|
|
||||||
#
|
|
||||||
|
|
||||||
which_cmd() {
|
|
||||||
local name="$1"
|
|
||||||
shift
|
|
||||||
|
|
||||||
if [ "$1" = ":" ]
|
|
||||||
then
|
|
||||||
eval $name=":"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
unalias $1 >/dev/null 2>&1
|
|
||||||
local cmd=
|
|
||||||
IFS= read cmd <<-EOF
|
|
||||||
$(which $1 2> /dev/null)
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [ $? -gt 0 -o ! -x "${cmd}" ]
|
|
||||||
then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
shift
|
|
||||||
|
|
||||||
if [ $# -eq 0 ]
|
|
||||||
then
|
|
||||||
eval $name="'${cmd}'"
|
|
||||||
else
|
|
||||||
eval $name="'${cmd} ${@}'"
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
common_require_cmd() {
|
|
||||||
local progname= var= val= block=1
|
|
||||||
|
|
||||||
progname="$1"
|
|
||||||
shift
|
|
||||||
|
|
||||||
if [ "$1" = "-n" ]
|
|
||||||
then
|
|
||||||
block=0
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
var="$1"
|
|
||||||
shift
|
|
||||||
|
|
||||||
eval val=\$\{${var}\} || return 2
|
|
||||||
if [ "${val}" ]
|
|
||||||
then
|
|
||||||
local cmd="${val/ */}"
|
|
||||||
if [ "$cmd" != ":" -a ! -x "$cmd" ]
|
|
||||||
then
|
|
||||||
echo >&2
|
|
||||||
if [ $block -eq 0 ]
|
|
||||||
then
|
|
||||||
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
|
|
||||||
echo >&2 "please add or correct $var in firehol-defaults.conf"
|
|
||||||
val=""
|
|
||||||
else
|
|
||||||
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
|
|
||||||
echo >&2 "please add or correct $var in firehol-defaults.conf"
|
|
||||||
return 2
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# link-balancer calls itself; export our findings so
|
|
||||||
# we do not repeat all of the lookups
|
|
||||||
eval export "$var"
|
|
||||||
return 0
|
|
||||||
elif [ $block -eq 0 ]
|
|
||||||
then
|
|
||||||
eval set -- "$@"
|
|
||||||
for cmd in "$@"
|
|
||||||
do
|
|
||||||
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $# -eq 0 ]
|
|
||||||
then
|
|
||||||
eval set -- "\$NEED_${var}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo >&2
|
|
||||||
echo >&2 "ERROR: $progname REQUIRES ONE OF THESE COMMANDS:"
|
|
||||||
echo >&2
|
|
||||||
echo >&2 " ${@}"
|
|
||||||
echo >&2
|
|
||||||
echo >&2 " You have requested the use of a $progname"
|
|
||||||
echo >&2 " feature that requires certain external programs"
|
|
||||||
echo >&2 " to be installed in the running system."
|
|
||||||
echo >&2
|
|
||||||
echo >&2 " Please consult your Linux distribution manual to"
|
|
||||||
echo >&2 " install the package(s) that provide these external"
|
|
||||||
echo >&2 " programs and retry."
|
|
||||||
echo >&2
|
|
||||||
echo >&2 " Note that you need an operational 'which' command"
|
|
||||||
echo >&2 " for $progname to find all the external programs it"
|
|
||||||
echo >&2 " needs. Check it yourself. Run:"
|
|
||||||
echo >&2
|
|
||||||
for x in "${@}"
|
|
||||||
do
|
|
||||||
echo >&2 " which $x"
|
|
||||||
done
|
|
||||||
|
|
||||||
return 2
|
|
||||||
}
|
|
||||||
|
|
||||||
int_common_which_all() {
|
|
||||||
local cmd_var="$1"
|
|
||||||
|
|
||||||
eval set -- "$2"
|
|
||||||
for cmd in "$@"
|
|
||||||
do
|
|
||||||
which_cmd $cmd_var $cmd && break
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# Where required = Y, if a command is not found, FireHOL will refuse to run.
|
|
||||||
# Where required = N, the command only required when it is actually used
|
|
||||||
#
|
|
||||||
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
|
|
||||||
# be used. Otherwise, if the script has been configured with ./configure
|
|
||||||
# the detected versions will be used. If the script has not been configured
|
|
||||||
# then the list of possible commands is autodetected.
|
|
||||||
common_load_commands() {
|
|
||||||
local progname="$1"
|
|
||||||
shift
|
|
||||||
local AUTOCONF_RUN="$1"
|
|
||||||
shift
|
|
||||||
|
|
||||||
while IFS="|" read required cmd_var autoconf possibles
|
|
||||||
do
|
|
||||||
if [ "$AUTOCONF_RUN" = "Y" ]
|
|
||||||
then
|
|
||||||
case "$autoconf" in
|
|
||||||
"@"*) autoconf=""; ;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
eval set_in_defaults=\"\$$cmd_var\"
|
|
||||||
if [ "$set_in_defaults" ]
|
|
||||||
then
|
|
||||||
:
|
|
||||||
elif [ "$AUTOCONF_RUN" = "Y" -a ! -z "$autoconf" ]
|
|
||||||
then
|
|
||||||
eval $cmd_var=\"$autoconf\"
|
|
||||||
else
|
|
||||||
dirname="${0%/*}"
|
|
||||||
if [ "$dirname" = "$0" ]; then dirname="."; fi
|
|
||||||
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH:$dirname" int_common_which_all $cmd_var "$possibles"
|
|
||||||
fi
|
|
||||||
if [ "$required" = "Y" ]
|
|
||||||
then
|
|
||||||
common_require_cmd $progname $cmd_var $possibles || return
|
|
||||||
else
|
|
||||||
common_require_cmd $progname -n $cmd_var $possibles || return
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
common_require_root() {
|
|
||||||
if [ "${UID}" != 0 ]
|
|
||||||
then
|
|
||||||
echo >&2
|
|
||||||
echo >&2 "ERROR:"
|
|
||||||
echo >&2 "Only user root can run ${1}"
|
|
||||||
echo >&2
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
common_disable_localization() {
|
|
||||||
export LC_ALL=C
|
|
||||||
}
|
|
||||||
|
|
||||||
common_private_umask() {
|
|
||||||
# Make sure our generated files cannot be accessed by anyone else.
|
|
||||||
umask 077
|
|
||||||
}
|
|
||||||
|
|
||||||
common_public_umask() {
|
|
||||||
# let everyone read our status info
|
|
||||||
umask 022
|
|
||||||
}
|
|
||||||
|
|
||||||
common_setup_terminal() {
|
|
||||||
# Are stdout/stderr on the terminal? If not, then fail
|
|
||||||
test -t 2 || return 1
|
|
||||||
test -t 1 || return 1
|
|
||||||
|
|
||||||
if [ ! -z "$TPUT_CMD" ]
|
|
||||||
then
|
|
||||||
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
|
|
||||||
then
|
|
||||||
# Enable colors
|
|
||||||
COLOR_RESET="\e[0m"
|
|
||||||
COLOR_BLACK="\e[30m"
|
|
||||||
COLOR_RED="\e[31m"
|
|
||||||
COLOR_GREEN="\e[32m"
|
|
||||||
COLOR_YELLOW="\e[33m"
|
|
||||||
COLOR_BLUE="\e[34m"
|
|
||||||
COLOR_PURPLE="\e[35m"
|
|
||||||
COLOR_CYAN="\e[36m"
|
|
||||||
COLOR_WHITE="\e[37m"
|
|
||||||
COLOR_BGBLACK="\e[40m"
|
|
||||||
COLOR_BGRED="\e[41m"
|
|
||||||
COLOR_BGGREEN="\e[42m"
|
|
||||||
COLOR_BGYELLOW="\e[43m"
|
|
||||||
COLOR_BGBLUE="\e[44m"
|
|
||||||
COLOR_BGPURPLE="\e[45m"
|
|
||||||
COLOR_BGCYAN="\e[46m"
|
|
||||||
COLOR_BGWHITE="\e[47m"
|
|
||||||
COLOR_BOLD="\e[1m"
|
|
||||||
COLOR_DIM="\e[2m"
|
|
||||||
COLOR_UNDERLINED="\e[4m"
|
|
||||||
COLOR_BLINK="\e[5m"
|
|
||||||
COLOR_INVERTED="\e[7m"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
89
sbin/install.config.in.in
Normal file
89
sbin/install.config.in.in
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
VERSION=@PACKAGE_VERSION@
|
||||||
|
|
||||||
|
DATAROOTDIR="@datarootdir_POST@"
|
||||||
|
SYSCONFDIR="@sysconfdir_POST@"
|
||||||
|
LOCALSTATEDIR="@localstatedir_POST@"
|
||||||
|
|
||||||
|
# Default directories (file "${FIREHOL_CONFIG_DIR}/firehol.defaults" overrides)
|
||||||
|
FIREHOL_CONFIG_DIR="$SYSCONFDIR/firehol"
|
||||||
|
FIREHOL_SERVICES_DIR="$SYSCONFDIR/firehol/services"
|
||||||
|
FIREHOL_SHARE_DIR="$DATAROOTDIR/firehol"
|
||||||
|
FIREHOL_SPOOL_DIR="$LOCALSTATEDIR/spool/firehol"
|
||||||
|
FIREHOL_RUN_DIR="$LOCALSTATEDIR/run/firehol"
|
||||||
|
|
||||||
|
ENABLE_IPV4=@IPV4_ENABLED@
|
||||||
|
ENABLE_IPV6=@IPV6_ENABLED@
|
||||||
|
|
||||||
|
BRIDGE_CMD="@BRIDGE@"
|
||||||
|
CAT_CMD="@CAT@"
|
||||||
|
CHMOD_CMD="@CHMOD@"
|
||||||
|
CHOWN_CMD="@CHOWN@"
|
||||||
|
CP_CMD="@CP@"
|
||||||
|
CURL_CMD="@CURL@"
|
||||||
|
CUT_CMD="@CUT@"
|
||||||
|
DATE_CMD="@DATE@"
|
||||||
|
DIFF_CMD="@DIFF@"
|
||||||
|
DIRNAME_CMD="@DIRNAME@"
|
||||||
|
EGREP_CMD="@EGREP@"
|
||||||
|
ENV_CMD="@ENV@"
|
||||||
|
EXPR_CMD="@EXPR@"
|
||||||
|
FIND_CMD="@FIND@"
|
||||||
|
FLOCK_CMD="@FLOCK@"
|
||||||
|
FOLD_CMD="@FOLD@"
|
||||||
|
FUNZIP_CMD="@FUNZIP@"
|
||||||
|
JQ_CMD="@JQ@"
|
||||||
|
GAWK_CMD="@GAWK@"
|
||||||
|
GIT_CMD="@GIT@"
|
||||||
|
GREP_CMD="@GREP@"
|
||||||
|
HEAD_CMD="@HEAD@"
|
||||||
|
HOSTNAME_CMD="@HOSTNAMECMD@"
|
||||||
|
IP6TABLES_CMD="@IP6TABLES@"
|
||||||
|
IP6TABLES_RESTORE_CMD="@IP6TABLES_RESTORE@"
|
||||||
|
IP6TABLES_SAVE_CMD="@IP6TABLES_SAVE@"
|
||||||
|
IP_CMD="@IP@"
|
||||||
|
IPRANGE_CMD="@IPRANGE@"
|
||||||
|
IPSET_CMD="@IPSET@"
|
||||||
|
IPTABLES_CMD="@IPTABLES@"
|
||||||
|
IPTABLES_RESTORE_CMD="@IPTABLES_RESTORE@"
|
||||||
|
IPTABLES_SAVE_CMD="@IPTABLES_SAVE@"
|
||||||
|
JQ_CMD="@JQ@"
|
||||||
|
LN_CMD="@LN@"
|
||||||
|
LOGGER_CMD="@LOGGER@"
|
||||||
|
LS_CMD="@LS@"
|
||||||
|
LSMOD_CMD="@LSMOD@"
|
||||||
|
MKDIR_CMD="@MKDIR@"
|
||||||
|
MKTEMP_CMD="@MKTEMP@"
|
||||||
|
MODPROBE_CMD="@MODPROBE@"
|
||||||
|
MORE_CMD="@MORE@"
|
||||||
|
MV_CMD="@MV@"
|
||||||
|
NEATO_CMD="@NEATO@"
|
||||||
|
NFACCT_CMD="@NFACCT@"
|
||||||
|
PING6_CMD="@PING6@"
|
||||||
|
PING_CMD="@PING@"
|
||||||
|
RENICE_CMD="@RENICE@"
|
||||||
|
RMMOD_CMD="@RMMOD@"
|
||||||
|
RM_CMD="@RM@"
|
||||||
|
SCREEN_CMD="@SCREEN@"
|
||||||
|
SED_CMD="@SED@"
|
||||||
|
SEQ_CMD="@SEQ@"
|
||||||
|
SH_CMD="@SH@"
|
||||||
|
SLEEP_CMD="@SLEEP@"
|
||||||
|
SORT_CMD="@SORT@"
|
||||||
|
SS_CMD="@SS@"
|
||||||
|
STTY_CMD="@STTY@"
|
||||||
|
SYSCTL_CMD="@SYSCTL@"
|
||||||
|
TAIL_CMD="@TAIL@"
|
||||||
|
TAR_CMD="@TAR@"
|
||||||
|
TCPDUMP_CMD="@TCPDUMP@"
|
||||||
|
TC_CMD="@TC@"
|
||||||
|
TOUCH_CMD="@TOUCH@"
|
||||||
|
TPUT_CMD="@TPUT@"
|
||||||
|
TRACEROUTE_CMD="@TRACEROUTE@"
|
||||||
|
TR_CMD="@TR@"
|
||||||
|
UNAME_CMD="@UNAME@"
|
||||||
|
UNIQ_CMD="@UNIQ@"
|
||||||
|
UNZIP_CMD="@UNZIP@"
|
||||||
|
WC_CMD="@WC@"
|
||||||
|
WGET_CMD="@WGET@"
|
||||||
|
WHOIS_CMD="@WHOIS@"
|
||||||
|
ZCAT_CMD="@ZCAT@"
|
@ -25,31 +25,28 @@
|
|||||||
# See the file COPYING for details.
|
# See the file COPYING for details.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION='$Id$'
|
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||||
PROGRAM_FILE="${0}"
|
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||||
PROGRAM_DIR="${0%/*}"
|
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
then
|
||||||
|
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||||
|
else
|
||||||
|
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||||
|
fi
|
||||||
PROGRAM_PWD="${PWD}"
|
PROGRAM_PWD="${PWD}"
|
||||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||||
|
|
||||||
# Start defaults before configure
|
for functions_file in install.config functions.common
|
||||||
prefix_POST=/usr
|
|
||||||
sysconfdir_POST=/etc
|
|
||||||
localstatedir_POST=/var
|
|
||||||
libdir_POST=$PROGRAM_DIR
|
|
||||||
# End defaults before configure
|
|
||||||
for functions_file in $libdir_POST/functions.common.sh
|
|
||||||
do
|
do
|
||||||
if [ -r $functions_file ]
|
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||||
then
|
then
|
||||||
source $functions_file
|
source "$PROGRAM_DIR/$functions_file"
|
||||||
else
|
else
|
||||||
1>&2 echo "Cannot access $functions_file"
|
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
|
||||||
common_disable_localization || exit
|
common_disable_localization || exit
|
||||||
common_private_umask || exit
|
common_private_umask || exit
|
||||||
common_require_root || exit
|
common_require_root || exit
|
||||||
@ -63,7 +60,7 @@ if [ "$LB_DEBUGGING" ]; then set -v; set -x; fi
|
|||||||
# link-balancer temporary directory.
|
# link-balancer temporary directory.
|
||||||
# every instance of link-balancer creates a random directory
|
# every instance of link-balancer creates a random directory
|
||||||
# within this one.
|
# within this one.
|
||||||
LB_RUN_DIR="/var/run/link-balancer"
|
LB_RUN_DIR="$LOCALSTATEDIR/run/link-balancer"
|
||||||
|
|
||||||
# If this is set to 1, no checks will be made if the gateways are available.
|
# If this is set to 1, no checks will be made if the gateways are available.
|
||||||
# All gateways will be assumed active, if their interfaces are found
|
# All gateways will be assumed active, if their interfaces are found
|
||||||
@ -112,44 +109,6 @@ fi
|
|||||||
# temporary variable (default LB_DEFAULT_IPV=4)
|
# temporary variable (default LB_DEFAULT_IPV=4)
|
||||||
LB_IPV=
|
LB_IPV=
|
||||||
|
|
||||||
# Load commands link-balancer will need.
|
|
||||||
|
|
||||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
|
||||||
Y|IP_CMD|@IP@|ip
|
|
||||||
Y|DIFF_CMD|@DIFF@|diff
|
|
||||||
Y|FLOCK_CMD|@FLOCK@|flock
|
|
||||||
Y|GREP_CMD|@GREP@|grep
|
|
||||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
|
||||||
Y|CUT_CMD|@CUT@|cut
|
|
||||||
Y|CAT_CMD|@CAT@|cat
|
|
||||||
Y|SED_CMD|@SED@|sed
|
|
||||||
Y|TR_CMD|@TR@|tr
|
|
||||||
Y|LN_CMD|@LN@|ln
|
|
||||||
Y|LS_CMD|@LS@|ls
|
|
||||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
|
||||||
Y|TOUCH_CMD|@TOUCH@|touch
|
|
||||||
Y|LOGGER_CMD|@LOGGER@|logger
|
|
||||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
|
||||||
Y|CHOWN_CMD|@CHOWN@|chown
|
|
||||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
|
||||||
Y|RM_CMD|@RM@|rm
|
|
||||||
Y|PING_CMD|@PING@|ping
|
|
||||||
Y|PING6_CMD|@PING6@|ping6 'ping -6'
|
|
||||||
Y|TRACEROUTE_CMD|@TRACEROUTE@|traceroute
|
|
||||||
Y|SORT_CMD|@SORT@|sort
|
|
||||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
|
||||||
Y|ENV_CMD|@ENV@|env
|
|
||||||
N|WHOIS_CMD|@WHOIS@|whois
|
|
||||||
N|JQ_CMD|@JQ@|jq
|
|
||||||
N|HEAD_CMD|@HEAD@|head
|
|
||||||
N|TPUT_CMD|@TPUT@|tput
|
|
||||||
N|WGET_CMD|@WGET@|wget
|
|
||||||
N|SCREEN_CMD|@SCREEN@|screen
|
|
||||||
Y|IPRANGE_CMD|@IPRANGE@|iprange
|
|
||||||
!
|
|
||||||
status=$?
|
|
||||||
test $status -eq 0 || exit $status
|
|
||||||
|
|
||||||
RUNNING_ON_TERMINAL=0
|
RUNNING_ON_TERMINAL=0
|
||||||
if [ "z$1" = "z-nc" ]
|
if [ "z$1" = "z-nc" ]
|
||||||
then
|
then
|
||||||
@ -209,7 +168,7 @@ declare -A MARKS_MASKS='([connmark]="0x0000003f" [usermark]="0x00001fc0" )'
|
|||||||
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
declare -A MARKS_MAX='([connmark]="63" [usermark]="127" )'
|
||||||
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
declare -A MARKS_SHIFT='([connmark]="0" [usermark]="6" )'
|
||||||
|
|
||||||
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-/var/spool/firehol}"
|
FIREHOL_SPOOL_DIR="${FIREHOL_SPOOL_DIR-$LOCALSTATEDIR/spool/firehol}"
|
||||||
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
if [ -f "${FIREHOL_SPOOL_DIR}/marks.conf" ]
|
||||||
then
|
then
|
||||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
||||||
@ -1888,7 +1847,7 @@ policy
|
|||||||
# You can also have all the IPs in separate files:
|
# You can also have all the IPs in separate files:
|
||||||
# Run:
|
# Run:
|
||||||
#
|
#
|
||||||
# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$sysconfdir_POST/firehol/PROVIDER1_IPS
|
# ${PROGRAM_FILE} asips ONE_IP_OF_YOUR_PROVIDER_1 >$SYSCONFDIR/firehol/PROVIDER1_IPS
|
||||||
#
|
#
|
||||||
# Then:
|
# Then:
|
||||||
rules dst loadfile PROVIDER1_IPS table dsl1
|
rules dst loadfile PROVIDER1_IPS table dsl1
|
@ -56,7 +56,7 @@
|
|||||||
# - update a kernel ipset, having the same name
|
# - update a kernel ipset, having the same name
|
||||||
#
|
#
|
||||||
# 5. It can commit all successfully updated files to a git repository.
|
# 5. It can commit all successfully updated files to a git repository.
|
||||||
# Just do 'git init' in $sysconfdir_POST/firehol/ipsets to enable it.
|
# Just do 'git init' in $SYSCONFDIR/firehol/ipsets to enable it.
|
||||||
# If it is called with -g it will also push the committed changes
|
# If it is called with -g it will also push the committed changes
|
||||||
# to a remote git server (to have this done by cron, please set
|
# to a remote git server (to have this done by cron, please set
|
||||||
# git to automatically push changes without human action).
|
# git to automatically push changes without human action).
|
||||||
@ -80,31 +80,28 @@
|
|||||||
|
|
||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
VERSION='$Id$'
|
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||||
PROGRAM_FILE="${0}"
|
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||||
PROGRAM_DIR="${0%/*}"
|
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
then
|
||||||
|
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||||
|
else
|
||||||
|
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||||
|
fi
|
||||||
PROGRAM_PWD="${PWD}"
|
PROGRAM_PWD="${PWD}"
|
||||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||||
|
|
||||||
# Start defaults before configure
|
for functions_file in install.config functions.common
|
||||||
prefix_POST=/usr
|
|
||||||
sysconfdir_POST=/etc
|
|
||||||
localstatedir_POST=/var
|
|
||||||
libdir_POST=$PROGRAM_DIR
|
|
||||||
# End defaults before configure
|
|
||||||
for functions_file in $libdir_POST/functions.common.sh
|
|
||||||
do
|
do
|
||||||
if [ -r $functions_file ]
|
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||||
then
|
then
|
||||||
source $functions_file
|
source "$PROGRAM_DIR/$functions_file"
|
||||||
else
|
else
|
||||||
1>&2 echo "Cannot access $functions_file"
|
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
|
||||||
common_disable_localization || exit
|
common_disable_localization || exit
|
||||||
common_private_umask || exit
|
common_private_umask || exit
|
||||||
|
|
||||||
@ -115,49 +112,6 @@ then
|
|||||||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
|
||||||
Y|IPRANGE_CMD|@IPRANGE@|iprange
|
|
||||||
Y|DIRNAME_CMD|@DIRNAME@|dirname
|
|
||||||
Y|TAIL_CMD|@TAIL@|tail
|
|
||||||
Y|RENICE_CMD|@RENICE@|renice :
|
|
||||||
Y|ZCAT_CMD|@ZCAT@|zcat gzcat "gzip -dc"
|
|
||||||
Y|DATE_CMD|@DATE@|date
|
|
||||||
Y|DIFF_CMD|@DIFF@|diff
|
|
||||||
Y|FLOCK_CMD|@FLOCK@|flock
|
|
||||||
Y|GREP_CMD|@GREP@|grep
|
|
||||||
Y|EGREP_CMD|@EGREP@|egrep 'grep -E'
|
|
||||||
Y|CUT_CMD|@CUT@|cut
|
|
||||||
Y|CAT_CMD|@CAT@|cat
|
|
||||||
Y|SED_CMD|@SED@|sed
|
|
||||||
Y|TR_CMD|@TR@|tr
|
|
||||||
Y|LN_CMD|@LN@|ln
|
|
||||||
Y|LS_CMD|@LS@|ls
|
|
||||||
Y|TOUCH_CMD|@TOUCH@|touch
|
|
||||||
Y|LOGGER_CMD|@LOGGER@|logger
|
|
||||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
|
||||||
Y|CHOWN_CMD|@CHOWN@|chown
|
|
||||||
Y|CHMOD_CMD|@CHMOD@|chmod
|
|
||||||
Y|RM_CMD|@RM@|rm
|
|
||||||
Y|SORT_CMD|@SORT@|sort
|
|
||||||
Y|GAWK_CMD|@GAWK@|gawk awk
|
|
||||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
|
||||||
N|TPUT_CMD|@TPUT@|tput
|
|
||||||
Y|FOLD_CMD|@FOLD@|fold
|
|
||||||
Y|CURL_CMD|@CURL@|curl
|
|
||||||
Y|FIND_CMD|@FIND@|find
|
|
||||||
Y|WC_CMD|@WC@|wc
|
|
||||||
Y|MV_CMD|@MV@|mv
|
|
||||||
Y|CP_CMD|@CP@|cp
|
|
||||||
Y|TAR_CMD|@TAR@|tar
|
|
||||||
Y|IPSET_CMD|@IPSET@|ipset
|
|
||||||
N|UNZIP_CMD|@UNZIP@|unzip
|
|
||||||
N|FUNZIP_CMD|@FUNZIP@|funzip
|
|
||||||
N|JQ_CMD|@JQ@|jq
|
|
||||||
N|GIT_CMD|@GIT@|git
|
|
||||||
!
|
|
||||||
status=$?
|
|
||||||
test $status -eq 0 || exit $status
|
|
||||||
|
|
||||||
RUNNING_ON_TERMINAL=0
|
RUNNING_ON_TERMINAL=0
|
||||||
if [ "z$1" = "z-nc" ]
|
if [ "z$1" = "z-nc" ]
|
||||||
then
|
then
|
||||||
@ -311,12 +265,13 @@ ipset_verbose() {
|
|||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
# find a working iprange command
|
# find a working iprange command
|
||||||
|
|
||||||
|
HAVE_IPRANGE=${IPRANGE_CMD}
|
||||||
if [ ! -z "${IPRANGE_CMD}" ]
|
if [ ! -z "${IPRANGE_CMD}" ]
|
||||||
then
|
then
|
||||||
${IPRANGE_CMD} --has-reduce 2>/dev/null || IPRANGE_CMD=
|
${IPRANGE_CMD} --has-reduce 2>/dev/null || HAVE_IPRANGE=
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${IPRANGE_CMD}" ]
|
if [ -z "$HAVE_IPRANGE" ]
|
||||||
then
|
then
|
||||||
error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed."
|
error "Cannot find a working iprange command. It should be part of FireHOL but it is not installed."
|
||||||
exit 1
|
exit 1
|
||||||
@ -325,16 +280,13 @@ fi
|
|||||||
# -----------------------------------------------------------------------------
|
# -----------------------------------------------------------------------------
|
||||||
# CONFIGURATION
|
# CONFIGURATION
|
||||||
|
|
||||||
FIREHOL_SHARE_DIR="${FIREHOL_SHARE_DIR-/usr/share/firehol}"
|
|
||||||
FIREHOL_CONFIG_DIR="${FIREHOL_CONFIG_DIR-$sysconfdir_POST/firehol}"
|
|
||||||
|
|
||||||
if [ "${UID}" = "0" -o -z "${UID}" ]
|
if [ "${UID}" = "0" -o -z "${UID}" ]
|
||||||
then
|
then
|
||||||
BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}"
|
BASE_DIR="${BASE_DIR-${FIREHOL_CONFIG_DIR}/ipsets}"
|
||||||
CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}"
|
CONFIG_FILE="${CONFIG_FILE-${FIREHOL_CONFIG_DIR}/update-ipsets.conf}"
|
||||||
RUN_PARENT_DIR="${RUN_PARENT_DIR-/var/run}"
|
RUN_PARENT_DIR="${RUN_PARENT_DIR-$LOCALSTATEDIR/run}"
|
||||||
CACHE_DIR="${CACHE_DIR-/var/cache/update-ipsets}"
|
CACHE_DIR="${CACHE_DIR-$LOCALSTATEDIR/cache/update-ipsets}"
|
||||||
LIB_DIR="${LIB_DIR-/var/lib/update-ipsets}"
|
LIB_DIR="${LIB_DIR-$LOCALSTATEDIR/lib/update-ipsets}"
|
||||||
IPSETS_APPLY=1
|
IPSETS_APPLY=1
|
||||||
else
|
else
|
||||||
$MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1
|
$MKDIR_CMD -p "${HOME}/.update-ipsets" || exit 1
|
@ -25,31 +25,28 @@
|
|||||||
# See the file COPYING for details.
|
# See the file COPYING for details.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION='$Id$'
|
PROGRAM_FILE="$(/bin/readlink $0)"
|
||||||
PROGRAM_FILE="${0}"
|
PROGRAM_FILE="${PROGRAM_FILE:-$0}"
|
||||||
PROGRAM_DIR="${0%/*}"
|
if [ -d "${FIREHOL_OVERRIDE_PROGRAM_DIR}" ]
|
||||||
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
|
then
|
||||||
|
PROGRAM_DIR="${FIREHOL_OVERRIDE_PROGRAM_DIR}"
|
||||||
|
else
|
||||||
|
PROGRAM_DIR="$(/usr/bin/dirname "$PROGRAM_FILE")"
|
||||||
|
fi
|
||||||
PROGRAM_PWD="${PWD}"
|
PROGRAM_PWD="${PWD}"
|
||||||
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
|
||||||
|
|
||||||
# Start defaults before configure
|
for functions_file in install.config functions.common
|
||||||
prefix_POST=/usr
|
|
||||||
sysconfdir_POST=/etc
|
|
||||||
localstatedir_POST=/var
|
|
||||||
libdir_POST=$PROGRAM_DIR
|
|
||||||
# End defaults before configure
|
|
||||||
for functions_file in $libdir_POST/functions.common.sh
|
|
||||||
do
|
do
|
||||||
if [ -r $functions_file ]
|
if [ -r "$PROGRAM_DIR/$functions_file" ]
|
||||||
then
|
then
|
||||||
source $functions_file
|
source "$PROGRAM_DIR/$functions_file"
|
||||||
else
|
else
|
||||||
1>&2 echo "Cannot access $functions_file"
|
1>&2 echo "Cannot access $PROGRAM_DIR/$functions_file"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
|
|
||||||
common_disable_localization || exit
|
common_disable_localization || exit
|
||||||
|
|
||||||
marksreset() { :; }
|
marksreset() { :; }
|
||||||
@ -59,22 +56,6 @@ then
|
|||||||
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
|
|
||||||
Y|IP_CMD|@IP@|ip
|
|
||||||
Y|BRIDGE_CMD|@BRIDGE@|bridge
|
|
||||||
Y|GREP_CMD|@GREP@|grep
|
|
||||||
Y|FIND_CMD|@FIND@|find
|
|
||||||
Y|SH_CMD|@SH@|sh bash ksh
|
|
||||||
Y|CUT_CMD|@CUT@|cut
|
|
||||||
Y|CAT_CMD|@CAT@|cat
|
|
||||||
Y|SED_CMD|@SED@|sed
|
|
||||||
Y|TR_CMD|@TR@|tr
|
|
||||||
Y|SLEEP_CMD|@SLEEP@|sleep
|
|
||||||
Y|MKDIR_CMD|@MKDIR@|mkdir
|
|
||||||
Y|RM_CMD|@RM@|rm
|
|
||||||
Y|MKTEMP_CMD|@MKTEMP@|mktemp
|
|
||||||
N|NEATO_CMD|@NEATO@|neato
|
|
||||||
!
|
|
||||||
status=$?
|
status=$?
|
||||||
test $status -eq 0 || exit $status
|
test $status -eq 0 || exit $status
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Disable IPV4
|
# Disable IPV4
|
||||||
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||||
ENABLE_IPV4=0
|
ENABLE_IPV4=0
|
||||||
END-DEFAULTS
|
END-DEFAULTS
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Disable IPV6
|
# Disable IPV6
|
||||||
cat - >> /etc/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
cat - >> $MYTMP/firehol/firehol-defaults.conf <<-END-DEFAULTS
|
||||||
ENABLE_IPV6=0
|
ENABLE_IPV6=0
|
||||||
END-DEFAULTS
|
END-DEFAULTS
|
||||||
|
@ -40,6 +40,14 @@ then
|
|||||||
haderror="Y"
|
haderror="Y"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! -f ../sbin/install.config.in ]
|
||||||
|
then
|
||||||
|
echo "../sbin/install.config.in missing: run configure"
|
||||||
|
echo ""
|
||||||
|
haderror="Y"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ "$haderror" -o $# -lt 1 ]
|
if [ "$haderror" -o $# -lt 1 ]
|
||||||
then
|
then
|
||||||
if [ "$haderror" ]
|
if [ "$haderror" ]
|
||||||
@ -54,23 +62,6 @@ then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# First set up our namespace so we can write where we need to
|
|
||||||
mount -t tmpfs tmpfs /etc/firehol || exit 1
|
|
||||||
mkdir /var/run/firehol || exit 1
|
|
||||||
mkdir /var/spool/firehol || exit 1
|
|
||||||
mkdir /var/run/firehol/webdir || exit 1
|
|
||||||
|
|
||||||
# Check the files are gone
|
|
||||||
if [ -f /etc/firehol/firehol.conf \
|
|
||||||
-o -f /etc/firehol/firehol-defaults.conf \
|
|
||||||
-o -f /etc/firehol/fireqos.conf \
|
|
||||||
-o -f /etc/firehol/link-balancer.conf \
|
|
||||||
-o -d /etc/firehol/services ]
|
|
||||||
then
|
|
||||||
echo "Namespace switch failed! Aborting!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -r /proc/net/ip_tables_names ]
|
if [ ! -r /proc/net/ip_tables_names ]
|
||||||
then
|
then
|
||||||
echo "Faking /proc/net/ip_tables_names"
|
echo "Faking /proc/net/ip_tables_names"
|
||||||
@ -88,8 +79,7 @@ then
|
|||||||
echo >&2
|
echo >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
export MYTMP
|
||||||
ETCSAVE=/etc/firehol.save$$
|
|
||||||
|
|
||||||
myexit() {
|
myexit() {
|
||||||
rm -f /var/run/firehol.lck
|
rm -f /var/run/firehol.lck
|
||||||
@ -104,6 +94,12 @@ trap myexit 0
|
|||||||
TESTDIR=`pwd`/
|
TESTDIR=`pwd`/
|
||||||
export TESTDIR
|
export TESTDIR
|
||||||
|
|
||||||
|
# Force the programs to find our special configuration
|
||||||
|
export FIREHOL_OVERRIDE_PROGRAM_DIR=$MYTMP/prog
|
||||||
|
mkdir -p "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||||
|
sed -e "s#[@].*POST[@]#$MYTMP#" ../sbin/install.config.in > "$FIREHOL_OVERRIDE_PROGRAM_DIR/install.config"
|
||||||
|
cp ../sbin/functions.* "$FIREHOL_OVERRIDE_PROGRAM_DIR"
|
||||||
|
|
||||||
kcov=`which kcov 2> /dev/null`
|
kcov=`which kcov 2> /dev/null`
|
||||||
if [ "$kcov" ]
|
if [ "$kcov" ]
|
||||||
then
|
then
|
||||||
@ -256,7 +252,7 @@ do
|
|||||||
then
|
then
|
||||||
echo "Cannot determine program for $conf"
|
echo "Cannot determine program for $conf"
|
||||||
else
|
else
|
||||||
script=../sbin/${program}.in
|
script=../sbin/${program}
|
||||||
export script
|
export script
|
||||||
total=$((total + 1))
|
total=$((total + 1))
|
||||||
|
|
||||||
@ -266,8 +262,8 @@ do
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Define our configuration directory exactly as we want it
|
# Define our configuration directory exactly as we want it
|
||||||
# note: we are running in a namespace with /etc/firehol as a tmpfs
|
rm -rf $MYTMP/firehol
|
||||||
rm -rf /etc/firehol/*
|
mkdir $MYTMP/firehol
|
||||||
|
|
||||||
# Default special cases:
|
# Default special cases:
|
||||||
# - egrep because /sbin/egrep makes use of PATH to find 'grep -E'
|
# - egrep because /sbin/egrep makes use of PATH to find 'grep -E'
|
||||||
@ -276,7 +272,7 @@ do
|
|||||||
# - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc.
|
# - LB_RUN_DIR + FIREQOS_LOCK_FILE + FIREQOS_DIR + RUN_PARENT_DIR etc.
|
||||||
# keep within our mounts
|
# keep within our mounts
|
||||||
# - PATH reset to ensure it is off (some programs reset it)
|
# - PATH reset to ensure it is off (some programs reset it)
|
||||||
cat > /etc/firehol/firehol-defaults.conf <<-!
|
cat > $MYTMP/firehol/firehol-defaults.conf <<-!
|
||||||
EGREP_CMD='/bin/grep -E'
|
EGREP_CMD='/bin/grep -E'
|
||||||
LOGGER_CMD='/bin/echo logger:'
|
LOGGER_CMD='/bin/echo logger:'
|
||||||
LB_RUN_DIR=/var/run/firehol/link-balancer
|
LB_RUN_DIR=/var/run/firehol/link-balancer
|
||||||
@ -296,7 +292,7 @@ do
|
|||||||
"$pre_sh" "$conf"
|
"$pre_sh" "$conf"
|
||||||
else
|
else
|
||||||
# Or just take the defaults
|
# Or just take the defaults
|
||||||
mkdir -p /etc/firehol/services
|
mkdir -p $MYTMP/firehol/services
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Run the script
|
# Run the script
|
||||||
@ -313,7 +309,7 @@ do
|
|||||||
status=$?
|
status=$?
|
||||||
;;
|
;;
|
||||||
link-balancer|update-ipsets)
|
link-balancer|update-ipsets)
|
||||||
cp "$conf" /etc/firehol/${program}.conf
|
cp "$conf" $MYTMP/firehol/${program}.conf
|
||||||
$kcov "$script" > "$runlog" 2>&1 < /dev/null
|
$kcov "$script" > "$runlog" 2>&1 < /dev/null
|
||||||
status=$?
|
status=$?
|
||||||
;;
|
;;
|
||||||
@ -332,7 +328,7 @@ do
|
|||||||
then
|
then
|
||||||
errors=$((errors + 1))
|
errors=$((errors + 1))
|
||||||
echo "Unexpected run error - check $runlog"
|
echo "Unexpected run error - check $runlog"
|
||||||
elif grep -q '\.in: line [0-9]*:' "$runlog"
|
elif grep -q ': line [0-9]*:' "$runlog"
|
||||||
then
|
then
|
||||||
errors=$((errors + 1))
|
errors=$((errors + 1))
|
||||||
echo "Unexpected runtime errors - check $runlog"
|
echo "Unexpected runtime errors - check $runlog"
|
||||||
|
Loading…
Reference in New Issue
Block a user