+--- firewall-init-2.1/firewall.init.orig Mon Nov 11 10:48:08 2002
++++ firewall-init-2.1/firewall.init Mon Mar 29 09:16:27 2004
+@@ -23,6 +23,12 @@
+
+ [ -f /sbin/ipchains ] || exit 0
+
++syntax_error ()
++{
++ echo $2: "$(nls "$1")"
++ echo "$3"
++}
++
+ ipv4_forward_set ()
+ {
+ # Turn IP forwarding on or off. We do this before bringing up the
+@@ -97,48 +103,150 @@
+ for CHAIN in ${FILES}; do
+ if [ -s ${CHAIN} ]; then
+ grep -v '^#' ${CHAIN} | grep -v '^$' | \
+- while read POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS ; do
++ while read LINE; do
++ #POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS
++ LINE2=`echo $LINE`
++ POLICY=${LINE2%% *}
++ LINE2=${LINE2#$POLICY}; LINE2=${LINE2# }
+ case "${POLICY}" in
+- [Nn][Oo][Nn][Ee])
++ [Nn][Oo][Nn][Ee])
+ POLICY=''
+ ;;
+- *)
++ *)
+ POLICY="-j ${POLICY}"
+ ;;
+ esac
++ PROTO=${LINE2%% *}
++ LINE2=${LINE2#$PROTO}; LINE2=${LINE2# }
++ case "${PROTO}" in
++ [Aa][Nn][Yy])
++ PROTO=''
++ ;;
++ !)
++ PROTO2=${LINE2%% *}
++ LINE2=${LINE2#$PROTO2}; LINE2=${LINE2# }
++ PROTO="-p ! ${PROTO2}"
++ ;;
++ *)
++ PROTO="-p ${PROTO}"
++ esac
++ SADDR=${LINE2%% *}
++ LINE2=${LINE2#$SADDR}; LINE2=${LINE2# }
++ case "${SADDR}" in
++ !)
++ SADDR2=${LINE2%% *}
++ LINE2=${LINE2#$SADDR2}; LINE2=${LINE2# }
++ SADDR="! ${SADDR2}"
++ ;;
++ esac
++ SPORT=${LINE2%% *}
++ LINE2=${LINE2#$SPORT}; LINE2=${LINE2# }
++ DADDR=''
+ case "${SPORT}" in
+ 0:65535|[Aa][Nn][Yy])
+ SPORT=''
+ ;;
++ */*|*.*.*.*)
++ DADDR="${SPORT}"
++ SPORT=''
++ ;;
++ !)
++ SPORT2=${LINE2%% *}
++ LINE2=${LINE2#$SPORT2}; LINE2=${LINE2# }
++ case "${SPORT2}" in
++ */*|*.*.*.*)
++ DADDR="! ${SPORT2}"
++ SPORT=''
++ ;;
++ *)
++ if [ -z "$PROTO" ]; then
++ syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
++ else
++ SPORT="! ${SPORT2}"
++ fi
++ esac
++ ;;
++ *)
++ if [ -z "$PROTO" ]; then
++ syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE"
++ fi
++ esac
++ if [ -z "${DADDR}" ]; then
++ DADDR=${LINE2%% *}
++ LINE2=${LINE2#$DADDR}; LINE2=${LINE2# }
++ fi
++ case "${DADDR}" in
++ !)
++ DADDR2=${LINE2%% *}
++ LINE2=${LINE2#$DADDR2}; LINE2=${LINE2# }
++ DADDR="! ${DADDR2}"
++ ;;
+ esac
++ DPORT=${LINE2%% *}
++ LINE2=${LINE2#$DPORT}; LINE2=${LINE2# }
++ IFACE=''
+ case "${DPORT}" in
+ 0:65535|[Aa][Nn][Yy])
+ DPORT=''
+ ;;
++ eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*)
++ IFACE="${DPORT}"
++ DPORT=''
++ ;;
++ !)
++ DPORT2=${LINE2%% *}
++ LINE2=${LINE2#$DPORT2}; LINE2=${LINE2# }
++ case "${DPORT2}" in
++ eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*)
++ IFACE="! ${DPORT2}"
++ DPORT=''
++ ;;
++ *)
++ if [ -z "$PROTO" ]; then
++ syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
++ else
++ DPORT="! ${DPORT2}"
++ fi
++ esac
++ ;;
++ *)
++ if [ -z "$PROTO" ]; then
++ syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE"
++ fi
+ esac
++ if [ -z "${IFACE}" ]; then
++ IFACE=${LINE2%% *}
++ LINE2=${LINE2#$IFACE}; LINE2=${LINE2# }
++ fi
+ case "${IFACE}" in
+ [Aa][Nn][Yy])
+ IFACE=''
+ ;;
++ !)
++ IFACE2=${LINE2%% *}
++ LINE2=${LINE2#$IFACE2}; LINE2=${LINE2# }
++ IFACE="-i ! ${IFACE2}"
++ ;;
+ *)
+ IFACE="-i ${IFACE}"
+ ;;
+ esac
+- /sbin/ipchains -A ${CHAIN} -p ${PROTO} ${IFACE} \
++ OPTIONS=$LINE2
++ /sbin/ipchains -A ${CHAIN} ${PROTO} ${IFACE} \
+ -s ${SADDR} ${SPORT} -d ${DADDR} ${DPORT} ${POLICY} ${OPTIONS} 2>> /tmp/.firewall
+ done
+ fi
+ done
+
+ for MODNAME in ${MASQ_MODS}; do
+- insmod ${MODNAME} > /dev/null 2> /dev/null
++ insmod ${MODNAME} > /dev/null 2> /dev/null
+ done
+
+ if [ -s /tmp/.firewall ]; then
+ grep -v '^Try' < /tmp/.firewall | logger -t 'firewall' -p user.notice
+ deltext
+ fail
+- echo 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!'
++ echo $(nls 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!')
+ else
+ deltext
+ ok
+@@ -155,7 +263,7 @@
+ /sbin/ipchains -X
+
+ for MODNAME in ${MASQ_MODS}; do
+- rmmod ${MODNAME} > /dev/null 2> /dev/null
++ rmmod ${MODNAME} > /dev/null 2> /dev/null
+ done
+
+ deltext
projects / packages / firewall-init-ipchains.git / commitdiff