]>
Commit | Line | Data |
---|---|---|
5c831dc9 | 1 | --- firewall-init-2.1/firewall.init.orig Mon Nov 11 10:48:08 2002 |
2 | +++ firewall-init-2.1/firewall.init Mon Mar 29 09:16:27 2004 | |
3 | @@ -23,6 +23,12 @@ | |
4 | ||
5 | [ -f /sbin/ipchains ] || exit 0 | |
6 | ||
7 | +syntax_error () | |
8 | +{ | |
9 | + echo $2: "$(nls "$1")" | |
10 | + echo "$3" | |
11 | +} | |
12 | + | |
13 | ipv4_forward_set () | |
14 | { | |
15 | # Turn IP forwarding on or off. We do this before bringing up the | |
16 | @@ -97,48 +103,150 @@ | |
17 | for CHAIN in ${FILES}; do | |
18 | if [ -s ${CHAIN} ]; then | |
19 | grep -v '^#' ${CHAIN} | grep -v '^$' | \ | |
20 | - while read POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS ; do | |
21 | + while read LINE; do | |
22 | + #POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS | |
23 | + LINE2=`echo $LINE` | |
24 | + POLICY=${LINE2%% *} | |
25 | + LINE2=${LINE2#$POLICY}; LINE2=${LINE2# } | |
26 | case "${POLICY}" in | |
27 | - [Nn][Oo][Nn][Ee]) | |
28 | + [Nn][Oo][Nn][Ee]) | |
29 | POLICY='' | |
30 | ;; | |
31 | - *) | |
32 | + *) | |
33 | POLICY="-j ${POLICY}" | |
34 | ;; | |
35 | esac | |
36 | + PROTO=${LINE2%% *} | |
37 | + LINE2=${LINE2#$PROTO}; LINE2=${LINE2# } | |
38 | + case "${PROTO}" in | |
39 | + [Aa][Nn][Yy]) | |
40 | + PROTO='' | |
41 | + ;; | |
42 | + !) | |
43 | + PROTO2=${LINE2%% *} | |
44 | + LINE2=${LINE2#$PROTO2}; LINE2=${LINE2# } | |
45 | + PROTO="-p ! ${PROTO2}" | |
46 | + ;; | |
47 | + *) | |
48 | + PROTO="-p ${PROTO}" | |
49 | + esac | |
50 | + SADDR=${LINE2%% *} | |
51 | + LINE2=${LINE2#$SADDR}; LINE2=${LINE2# } | |
52 | + case "${SADDR}" in | |
53 | + !) | |
54 | + SADDR2=${LINE2%% *} | |
55 | + LINE2=${LINE2#$SADDR2}; LINE2=${LINE2# } | |
56 | + SADDR="! ${SADDR2}" | |
57 | + ;; | |
58 | + esac | |
59 | + SPORT=${LINE2%% *} | |
60 | + LINE2=${LINE2#$SPORT}; LINE2=${LINE2# } | |
61 | + DADDR='' | |
62 | case "${SPORT}" in | |
63 | 0:65535|[Aa][Nn][Yy]) | |
64 | SPORT='' | |
65 | ;; | |
66 | + */*|*.*.*.*) | |
67 | + DADDR="${SPORT}" | |
68 | + SPORT='' | |
69 | + ;; | |
70 | + !) | |
71 | + SPORT2=${LINE2%% *} | |
72 | + LINE2=${LINE2#$SPORT2}; LINE2=${LINE2# } | |
73 | + case "${SPORT2}" in | |
74 | + */*|*.*.*.*) | |
75 | + DADDR="! ${SPORT2}" | |
76 | + SPORT='' | |
77 | + ;; | |
78 | + *) | |
79 | + if [ -z "$PROTO" ]; then | |
80 | + syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE" | |
81 | + else | |
82 | + SPORT="! ${SPORT2}" | |
83 | + fi | |
84 | + esac | |
85 | + ;; | |
86 | + *) | |
87 | + if [ -z "$PROTO" ]; then | |
88 | + syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE" | |
89 | + fi | |
90 | + esac | |
91 | + if [ -z "${DADDR}" ]; then | |
92 | + DADDR=${LINE2%% *} | |
93 | + LINE2=${LINE2#$DADDR}; LINE2=${LINE2# } | |
94 | + fi | |
95 | + case "${DADDR}" in | |
96 | + !) | |
97 | + DADDR2=${LINE2%% *} | |
98 | + LINE2=${LINE2#$DADDR2}; LINE2=${LINE2# } | |
99 | + DADDR="! ${DADDR2}" | |
100 | + ;; | |
101 | esac | |
102 | + DPORT=${LINE2%% *} | |
103 | + LINE2=${LINE2#$DPORT}; LINE2=${LINE2# } | |
104 | + IFACE='' | |
105 | case "${DPORT}" in | |
106 | 0:65535|[Aa][Nn][Yy]) | |
107 | DPORT='' | |
108 | ;; | |
109 | + eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*) | |
110 | + IFACE="${DPORT}" | |
111 | + DPORT='' | |
112 | + ;; | |
113 | + !) | |
114 | + DPORT2=${LINE2%% *} | |
115 | + LINE2=${LINE2#$DPORT2}; LINE2=${LINE2# } | |
116 | + case "${DPORT2}" in | |
117 | + eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*) | |
118 | + IFACE="! ${DPORT2}" | |
119 | + DPORT='' | |
120 | + ;; | |
121 | + *) | |
122 | + if [ -z "$PROTO" ]; then | |
123 | + syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE" | |
124 | + else | |
125 | + DPORT="! ${DPORT2}" | |
126 | + fi | |
127 | + esac | |
128 | + ;; | |
129 | + *) | |
130 | + if [ -z "$PROTO" ]; then | |
131 | + syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE" | |
132 | + fi | |
133 | esac | |
134 | + if [ -z "${IFACE}" ]; then | |
135 | + IFACE=${LINE2%% *} | |
136 | + LINE2=${LINE2#$IFACE}; LINE2=${LINE2# } | |
137 | + fi | |
138 | case "${IFACE}" in | |
139 | [Aa][Nn][Yy]) | |
140 | IFACE='' | |
141 | ;; | |
142 | + !) | |
143 | + IFACE2=${LINE2%% *} | |
144 | + LINE2=${LINE2#$IFACE2}; LINE2=${LINE2# } | |
145 | + IFACE="-i ! ${IFACE2}" | |
146 | + ;; | |
147 | *) | |
148 | IFACE="-i ${IFACE}" | |
149 | ;; | |
150 | esac | |
151 | - /sbin/ipchains -A ${CHAIN} -p ${PROTO} ${IFACE} \ | |
152 | + OPTIONS=$LINE2 | |
153 | + /sbin/ipchains -A ${CHAIN} ${PROTO} ${IFACE} \ | |
154 | -s ${SADDR} ${SPORT} -d ${DADDR} ${DPORT} ${POLICY} ${OPTIONS} 2>> /tmp/.firewall | |
155 | done | |
156 | fi | |
157 | done | |
158 | ||
159 | for MODNAME in ${MASQ_MODS}; do | |
160 | - insmod ${MODNAME} > /dev/null 2> /dev/null | |
161 | + insmod ${MODNAME} > /dev/null 2> /dev/null | |
162 | done | |
163 | ||
164 | if [ -s /tmp/.firewall ]; then | |
165 | grep -v '^Try' < /tmp/.firewall | logger -t 'firewall' -p user.notice | |
166 | deltext | |
167 | fail | |
168 | - echo 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!' | |
169 | + echo $(nls 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!') | |
170 | else | |
171 | deltext | |
172 | ok | |
173 | @@ -155,7 +263,7 @@ | |
174 | /sbin/ipchains -X | |
175 | ||
176 | for MODNAME in ${MASQ_MODS}; do | |
177 | - rmmod ${MODNAME} > /dev/null 2> /dev/null | |
178 | + rmmod ${MODNAME} > /dev/null 2> /dev/null | |
179 | done | |
180 | ||
181 | deltext |