--- firewall-init-2.1/firewall.init.orig Mon Nov 11 10:48:08 2002 +++ firewall-init-2.1/firewall.init Mon Mar 29 09:16:27 2004 @@ -23,6 +23,12 @@ [ -f /sbin/ipchains ] || exit 0 +syntax_error () +{ + echo $2: "$(nls "$1")" + echo "$3" +} + ipv4_forward_set () { # Turn IP forwarding on or off. We do this before bringing up the @@ -97,48 +103,150 @@ for CHAIN in ${FILES}; do if [ -s ${CHAIN} ]; then grep -v '^#' ${CHAIN} | grep -v '^$' | \ - while read POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS ; do + while read LINE; do + #POLICY PROTO SADDR SPORT DADDR DPORT IFACE OPTIONS + LINE2=`echo $LINE` + POLICY=${LINE2%% *} + LINE2=${LINE2#$POLICY}; LINE2=${LINE2# } case "${POLICY}" in - [Nn][Oo][Nn][Ee]) + [Nn][Oo][Nn][Ee]) POLICY='' ;; - *) + *) POLICY="-j ${POLICY}" ;; esac + PROTO=${LINE2%% *} + LINE2=${LINE2#$PROTO}; LINE2=${LINE2# } + case "${PROTO}" in + [Aa][Nn][Yy]) + PROTO='' + ;; + !) + PROTO2=${LINE2%% *} + LINE2=${LINE2#$PROTO2}; LINE2=${LINE2# } + PROTO="-p ! ${PROTO2}" + ;; + *) + PROTO="-p ${PROTO}" + esac + SADDR=${LINE2%% *} + LINE2=${LINE2#$SADDR}; LINE2=${LINE2# } + case "${SADDR}" in + !) + SADDR2=${LINE2%% *} + LINE2=${LINE2#$SADDR2}; LINE2=${LINE2# } + SADDR="! ${SADDR2}" + ;; + esac + SPORT=${LINE2%% *} + LINE2=${LINE2#$SPORT}; LINE2=${LINE2# } + DADDR='' case "${SPORT}" in 0:65535|[Aa][Nn][Yy]) SPORT='' ;; + */*|*.*.*.*) + DADDR="${SPORT}" + SPORT='' + ;; + !) + SPORT2=${LINE2%% *} + LINE2=${LINE2#$SPORT2}; LINE2=${LINE2# } + case "${SPORT2}" in + */*|*.*.*.*) + DADDR="! ${SPORT2}" + SPORT='' + ;; + *) + if [ -z "$PROTO" ]; then + syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE" + else + SPORT="! ${SPORT2}" + fi + esac + ;; + *) + if [ -z "$PROTO" ]; then + syntax_error "Source port is illegal in line:" "$CHAIN" "$LINE" + fi + esac + if [ -z "${DADDR}" ]; then + DADDR=${LINE2%% *} + LINE2=${LINE2#$DADDR}; LINE2=${LINE2# } + fi + case "${DADDR}" in + !) + DADDR2=${LINE2%% *} + LINE2=${LINE2#$DADDR2}; LINE2=${LINE2# } + DADDR="! ${DADDR2}" + ;; esac + DPORT=${LINE2%% *} + LINE2=${LINE2#$DPORT}; LINE2=${LINE2# } + IFACE='' case "${DPORT}" in 0:65535|[Aa][Nn][Yy]) DPORT='' ;; + eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*) + IFACE="${DPORT}" + DPORT='' + ;; + !) + DPORT2=${LINE2%% *} + LINE2=${LINE2#$DPORT2}; LINE2=${LINE2# } + case "${DPORT2}" in + eth[+0-9]*|lo|ppp[+0-9]*|tunl[+0-9]*) + IFACE="! ${DPORT2}" + DPORT='' + ;; + *) + if [ -z "$PROTO" ]; then + syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE" + else + DPORT="! ${DPORT2}" + fi + esac + ;; + *) + if [ -z "$PROTO" ]; then + syntax_error "Destination port is illegal in line:" "$CHAIN" "$LINE" + fi esac + if [ -z "${IFACE}" ]; then + IFACE=${LINE2%% *} + LINE2=${LINE2#$IFACE}; LINE2=${LINE2# } + fi case "${IFACE}" in [Aa][Nn][Yy]) IFACE='' ;; + !) + IFACE2=${LINE2%% *} + LINE2=${LINE2#$IFACE2}; LINE2=${LINE2# } + IFACE="-i ! ${IFACE2}" + ;; *) IFACE="-i ${IFACE}" ;; esac - /sbin/ipchains -A ${CHAIN} -p ${PROTO} ${IFACE} \ + OPTIONS=$LINE2 + /sbin/ipchains -A ${CHAIN} ${PROTO} ${IFACE} \ -s ${SADDR} ${SPORT} -d ${DADDR} ${DPORT} ${POLICY} ${OPTIONS} 2>> /tmp/.firewall done fi done for MODNAME in ${MASQ_MODS}; do - insmod ${MODNAME} > /dev/null 2> /dev/null + insmod ${MODNAME} > /dev/null 2> /dev/null done if [ -s /tmp/.firewall ]; then grep -v '^Try' < /tmp/.firewall | logger -t 'firewall' -p user.notice deltext fail - echo 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!' + echo $(nls 'PROBLEMS SETTING UP FIREWALL. CHECK /var/log/messages!') else deltext ok @@ -155,7 +263,7 @@ /sbin/ipchains -X for MODNAME in ${MASQ_MODS}; do - rmmod ${MODNAME} > /dev/null 2> /dev/null + rmmod ${MODNAME} > /dev/null 2> /dev/null done deltext