Tom Eastep wrote:
Patch attached.
Applied and tested with changes (see patch attached), but still doesn't
work. When I make modifications to my /etc/shorewall and then execute
"shorewall compile -c" I am always getting "/var/lib/shorewall/firewall
is up to date -- no compilation required", which is clearly wrong. As
far as the patch goes - I only scanned the lib.* files in
/usr/share/shorewall, but I am sure there are quite a lot of other
references, especially in the perl .pm files.
As an aside, I have a few queries/suggestions:
1. Could you allow multiple owner entries in the OWNER accounting column
the way it is in all other areas?
2. When I get the following message from ifup-local: "WARNING: Optional
Interface tun0 is not usable -- tun0 not Started" should I manually
execute "firewall -V0 up tun0" when I connect to my VPN (this can't be
picked up by the OS as the tun device is a bit "special", so all up/down
events can be controlled with scripts via openvpn)? I have traffic
shaping (incl. ifbX) as well as accounting set up for this device,
though it has to be said that during boot up my tun device is present,
but it does not yet have an ip address.
3. What is the consequence of stopping a device with "firewall down
tun0" for example?
--- a/Shorewall/lib.base
+++ b/Shorewall/lib.base
@@ -292,7 +292,7 @@
fi
if [ -n "$g_shorewalldir" ]; then
- [ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ] ||
CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
+ [ "${CONFIG_PATH%%:*}" == "$g_shorewalldir" ] ||
CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
fi
}
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@@ -582,7 +582,7 @@
determine_ipset_version() {
local setname
- if [ -z "$IPSET" -o $IPSET = ipset ]; then
+ if [ -z "$IPSET" -o $IPSET == ipset ]; then
IPSET=$(mywhich ipset)
[ -n "$IPSET" ] || fatal_error "The ipset utility cannot be located"
fi
@@ -1135,7 +1135,7 @@
esac
if [ $# -gt 0 ]; then
- if [ $1 = dynamic -a $# -gt 1 ]; then
+ if [ $1 == dynamic -a $# -gt 1 ]; then
shift
[ $# -eq 1 ] || usage 1
list_zone $1
@@ -2121,11 +2121,11 @@
qt $g_tool -t nat -L -n && NAT_ENABLED=Yes || NAT_ENABLED=
qt $g_tool -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
- [ "$IP" = ip -o -z "$IP" ] && IP=$(which ip)
+ [ "$IP" == ip -o -z "$IP" ] && IP=$(which ip)
[ -n "$IP" -a -x "$IP" ] || IP=
- [ "$TC" = tc -o -z "$TC" ] && TC=$(which tc)
+ [ "$TC" == tc -o -z "$TC" ] && TC=$(which tc)
[ -n "$TC" -a -x "$TC" ] || TC=
@@ -2534,7 +2534,7 @@
local setting
setting=
- [ "x$2" = "xYes" ] && setting="Available" || setting="Not available"
+ [ "x$2" == "xYes" ] && setting="Available" || setting="Not available"
echo " " $1: $setting
}
@@ -2906,7 +2906,7 @@
valid_address $address || fatal_error "Invalid IP address: $address"
[ -z "$vlsm" ] && usage 2
- [ "x$address" = "x$vlsm" ] && usage 2
+ [ "x$address" == "x$vlsm" ] && usage 2
[ $vlsm -gt 32 ] && fatal_error "Invalid VLSM: /$vlsm"
address=$address/$vlsm
@@ -3345,7 +3345,7 @@
g_nolock=
- if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
+ if [ $# -gt 0 ] && [ "$1" == "nolock" ]; then
g_nolock=nolock
shift
fi
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -34,7 +34,7 @@
ensure_config_path
- if [ "$1" = Yes ]; then
+ if [ "$1" == Yes ]; then
if [ "$(id -u)" -eq 0 ]; then
params=$(find_file params)
else
@@ -65,11 +65,11 @@
ensure_config_path
- if [ -z "$g_export" -a "$(id -u)" = 0 ]; then
+ if [ -z "$g_export" -a "$(id -u)" -eq 0 ]; then
#
# This block is avoided for compile for export and when the user isn't
root
#
- if [ "$3" = Yes ]; then
+ if [ "$3" == Yes ]; then
if [ -n "$LOGFILE" ]; then
if [ -n "$(syslog_circular_buffer)" ]; then
g_logread="logread | tac"
@@ -178,7 +178,7 @@
validate_restorefile RESTOREFILE
- if [ "$2" = Yes ]; then
+ if [ "$2" == Yes ]; then
case $STARTUP_ENABLED in
No|no|NO)
fatal_error "$g_product startup is disabled. To enable
startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf"
@@ -388,8 +388,8 @@
# Perl compiler only takes the output file as a argument
- [ "$1" = debug -o "$1" = trace ] && shift;
- [ "$1" = nolock ] && shift;
+ [ "$1" == debug -o "$1" == trace ] && shift;
+ [ "$1" == nolock ] && shift;
shift
shorewallrc=${g_basedir}/shorewallrc
@@ -408,7 +408,7 @@
[ -n "$g_timestamp" ] && options="$options --timestamp"
[ -n "$g_test" ] && options="$options --test"
[ -n "$g_preview" ] && options="$options --preview"
- [ "$g_debugging" = trace ] && options="$options --debug"
+ [ "$g_debugging" == trace ] && options="$options --debug"
[ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains"
[ -n "$g_confess" ] && options="$options --confess"
[ -n "$g_update" ] && options="$options --update"
@@ -687,7 +687,7 @@
echo "$file is up to date -- no compilation required"
return 0
else
- [ "x$file" = x- ] || progress_message3 "Compiling..."
+ [ "x$file" == x- ] || progress_message3 "Compiling..."
compiler $g_debugging compile $file && run_postcompile $file
fi
@@ -1317,7 +1317,7 @@
if run_it ${VARDIR}/.$command $g_debugging $command && [ -n "$timeout" ];
then
sleep $timeout
- if [ "$command" = "restart" ]; then
+ if [ "$command" == "restart" ]; then
run_it ${VARDIR}/.try restore
else
run_it ${VARDIR}/.$command clear
--- a/Shorewall/lib.common
+++ b/Shorewall/lib.common
@@ -145,7 +145,7 @@
#
# 4.4.8 or later -- no additional exports required
#
- if [ x$1 = xtrace -o x$1 = xdebug ]; then
+ if [ x$1 == xtrace -o x$1 == xdebug ]; then
options="$1 -"
shift;
else
@@ -219,7 +219,7 @@
while [ $# -gt 1 ]; do
shift
- [ "x$e" = "x$1" ] && return 0
+ [ "x$e" == "x$1" ] && return 0
done
return 1
@@ -747,7 +747,7 @@
if [ -f $lockf ]; then
lockpid=`cat ${lockf} 2> /dev/null`
- if [ -z "$lockpid" -o $lockpid = 0 ]; then
+ if [ -z "$lockpid" -o $lockpid -eq 0 ]; then
rm -f ${lockf}
error_message "WARNING: Stale lockfile ${lockf} removed"
elif [ $lockpid -eq $$ ]; then
--- a/Shorewall/lib.core
+++ b/Shorewall/lib.core
@@ -108,7 +108,7 @@
find_device() {
while [ $# -gt 1 ]; do
- [ "x$1" = xdev ] && echo $2 && return
+ [ "x$1" == xdev ] && echo $2 && return
shift
done
}
@@ -119,7 +119,7 @@
find_gateway() {
while [ $# -gt 1 ]; do
- [ "x$1" = xvia ] && echo $2 && return
+ [ "x$1" == xvia ] && echo $2 && return
shift
done
}
@@ -130,7 +130,7 @@
find_mtu() {
while [ $# -gt 1 ]; do
- [ "x$1" = xmtu ] && echo $2 && return
+ [ "x$1" == xmtu ] && echo $2 && return
shift
done
}
@@ -142,7 +142,7 @@
find_peer() {
while [ $# -gt 1 ]; do
- [ "x$1" = xpeer ] && echo ${2%/*} && return
+ [ "x$1" == xpeer ] && echo ${2%/*} && return
shift
done
}
@@ -160,7 +160,7 @@
#
find_default_interface() {
$IP -$g_family route list | while read first rest; do
- [ "$first" = default ] && echo $(find_device $rest) && return
+ [ "$first" == default ] && echo $(find_device $rest) && return
done
}
@@ -196,12 +196,12 @@
multicast|broadcast|prohibit|nat|throw|nexthop)
;;
[2-3]*)
- [ "$address" = "${address%/*}" ] &&
address="${address}/${mask}"
+ [ "$address" == "${address%/*}" ] &&
address="${address}/${mask}"
echo $address
;;
*)
if [ $g_family -eq 4 ]; then
- [ "$address" = "${address%/*}" ] &&
address="${address}/${mask}"
+ [ "$address" == "${address%/*}" ] &&
address="${address}/${mask}"
echo $address
fi
;;
@@ -263,7 +263,7 @@
if [ -n "$output" ]; then
mtu=$(find_mtu $output)
if [ -n "$mtu" ]; then
- [ $mtu = 1500 ] || echo mtu $(($mtu + 100))
+ [ $mtu -eq 1500 ] || echo mtu $(($mtu + 100))
fi
fi
@@ -373,7 +373,7 @@
replace_default_route $1
- if [ $result = 1 ]; then
+ if [ $result -eq 1 ]; then
#
# We didn't restore a default route with metric 0
#
@@ -640,7 +640,7 @@
if [ "$1" != lo ]; then
if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)"
!= 0.0.0.0 ]; then
- [ "$COMMAND" = enable ] || run_isusable_exit $1
+ [ "$COMMAND" == enable ] || run_isusable_exit $1
status=$?
else
status=1
@@ -663,7 +663,7 @@
#
find_weight() {
while [ $# -gt 1 ]; do
- [ "x$1" = xweight ] && echo $2 && return
+ [ "x$1" == xweight ] && echo $2 && return
shift
done
}
@@ -682,7 +682,7 @@
default)
;;
*)
- if [ "$addr" = "$1" -o "$addr/32" = "$1" ]; then
+ if [ "$addr" == "$1" -o "$addr/32" == "$1" ]; then
echo $(find_device $rest)
fi
;;
@@ -728,7 +728,7 @@
multicast|broadcast|prohibit|nat|throw|nexthop)
;;
*)
- [ "$address" = "${address%/*}" ] && address="${address}/32"
+ [ "$address" == "${address%/*}" ] && address="${address}/32"
echo $address
;;
esac
@@ -952,7 +952,7 @@
run_ip route replace table $2 $route
else
dev=$(find_device $route)
- [ "$dev" = "$3" ] && run_ip route delete default table $2
+ [ "$dev" == "$3" ] && run_ip route delete default table $2
fi
fi
}
@@ -1046,7 +1046,7 @@
if [ "$1" != lo ]; then
if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)"
!= :: ]; then
- [ "$COMMAND" = enable ] || run_isusable_exit $1
+ [ "$COMMAND" == enable ] || run_isusable_exit $1
status=$?
else
status=1
@@ -1283,7 +1283,7 @@
gateway=$1
dev=$(find_device $route)
- [ "$dev" = "$3" ] && run_ip route delete default table $2
+ [ "$dev" == "$3" ] && run_ip route delete default table $2
}
#
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
