summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuillaume Cottenceau <gc@mandriva.com>2002-04-09 08:50:36 +0000
committerGuillaume Cottenceau <gc@mandriva.com>2002-04-09 08:50:36 +0000
commit21821ebbb28f714e4f12d71eff0357e498fdb111 (patch)
treefa9ab1959a19e226b38377aaa483628bbc48644f
parentb6ab813177bf359fc0d84c9baa11dcbca769c20f (diff)
downloaddrakx-backup-do-not-use-21821ebbb28f714e4f12d71eff0357e498fdb111.tar
drakx-backup-do-not-use-21821ebbb28f714e4f12d71eff0357e498fdb111.tar.gz
drakx-backup-do-not-use-21821ebbb28f714e4f12d71eff0357e498fdb111.tar.bz2
drakx-backup-do-not-use-21821ebbb28f714e4f12d71eff0357e498fdb111.tar.xz
drakx-backup-do-not-use-21821ebbb28f714e4f12d71eff0357e498fdb111.zip
time to remove ipchains/2.2 stuff since now ipchains and iptables
packages conflict
-rwxr-xr-xperl-install/standalone/drakgw155
1 files changed, 18 insertions, 137 deletions
diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw
index 5252ef10d..cc35a1dc2 100755
--- a/perl-install/standalone/drakgw
+++ b/perl-install/standalone/drakgw
@@ -48,18 +48,12 @@ my $sysconf_network = "/etc/sysconfig/network";
my $sysconf_dhcpd = "/etc/sysconfig/dhcpd";
my $rc_firewall_generic = "/etc/rc.d/rc.firewall";
my $rc_firewall_drakgw = "/etc/rc.d/rc.firewall.inet_sharing";
-my $rc_firewall_22 = "/etc/rc.d/rc.firewall.inet_sharing-2.2";
my $rc_firewall_24 = "/etc/rc.d/rc.firewall.inet_sharing-2.4";
my $dhcpd_conf = "/etc/dhcpd.conf";
my $cups_conf = "/etc/cups/cupsd.conf";
my $drakgw_setup = "/etc/sysconfig/inet_sharing";
-my ($kernel_version) = c::kernel_version() =~ /(...)/;
-log::l("[drakgw] kernel_version $kernel_version");
-
-$kernel_version eq '2.2' || $kernel_version eq '2.4' or die "Only for 2.2 or 2.4 kernels.\n";
-
my $in = 'interactive'->vnew('su', 'default');
!$::isEmbedded && $in->isa('interactive_gtk') and $::isWizard=1;
@@ -108,11 +102,7 @@ sub stop_daemons ()
standalone::explanations("Stopping daemons");
system("/etc/rc.d/init.d/dhcpd status >/dev/null") == 0 and sys("/etc/rc.d/init.d/dhcpd stop");
system("/etc/rc.d/init.d/named status >/dev/null 2>/dev/null") == 0 and sys("/etc/rc.d/init.d/named stop");
- if ($kernel_version eq "2.2") {
- sys("/sbin/ipchains -F");
- } else {
- sys("/sbin/iptables -t nat -F");
- }
+ sys("/sbin/iptables -t nat -F");
sys("/sbin/chkconfig --level 345 $_ off") foreach 'named', 'dhcpd';
substInFile { s/^INET_SHARING.*\n//; $_ .= "INET_SHARING=disabled\n" if eof } $drakgw_setup;
@@ -126,6 +116,12 @@ sub fatal_quit ($)
quit_global($in, -1);
}
+my ($kernel_version) = c::kernel_version() =~ /(...)/;
+log::l("[drakgw] kernel_version $kernel_version");
+
+$kernel_version eq '2.4' or fatal_quit(_("Sorry, we support only 2.4 kernels."));
+
+
begin:
#- **********************************
@@ -146,7 +142,7 @@ What would you like to do?"),
my $wait_disabl = $in->wait_message('', _("Disabling servers..."));
stop_daemons();
}
- foreach ($dhcpd_conf, $rc_firewall_22, $rc_firewall_24) {
+ foreach ($dhcpd_conf, $rc_firewall_24) {
renamef($_, "$_.drakgwdisable") or die "Could not rename $_ to $_.drakgwdisable"
}
log::l("[drakgw] Disabled");
@@ -167,7 +163,7 @@ It's currently disabled.
What would you like to do?"),
[ __("enable"), __("reconfigure"), __("dismiss") ]);
if ($r eq "enable") {
- foreach ($dhcpd_conf, $rc_firewall_22, $rc_firewall_24) {
+ foreach ($dhcpd_conf, $rc_firewall_24) {
rename($_, "$_.old") if -f $_;
rename("$_.drakgwdisable", $_) or die "Could not find configuration. Please reconfigure.";
}
@@ -320,17 +316,10 @@ foreach (grep { $_ ne $device } @configured_devices)
#- test for potential conflict with previous firewall config
-if ($kernel_version eq '2.2') {
- if (-f '/etc/sysconfig/ipchains' || -x '/sbin/ipchains' && listlength(`/sbin/ipchains -nL`) > 3) {
- $in->ask_okcancel(_("Firewalling configuration detected!"),
- _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup;
- }
-} else {
- system('modprobe iptable_nat');
- if (-f '/etc/sysconfig/iptables' || -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8) {
- $in->ask_okcancel(_("Firewalling configuration detected!"),
- _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup;
- }
+system('modprobe iptable_nat');
+if (-f '/etc/sysconfig/iptables' || -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8) {
+ $in->ask_okcancel(_("Firewalling configuration detected!"),
+ _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup;
}
@@ -362,8 +351,7 @@ ONBOOT=yes
#- install and setup the RPM packages
my $rpms_to_install;
-my %rpm2file = ( ipchains => '/sbin/ipchains',
- iptables => '/sbin/iptables',
+my %rpm2file = ( iptables => '/sbin/iptables',
'dhcp-server' => '/usr/sbin/dhcpd',
bind => '/usr/sbin/named',
'caching-nameserver' => '/var/named/named.local');
@@ -402,9 +390,6 @@ output($rc_firewall_drakgw, q(#!/bin/sh
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
-if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -eq 2 ]; then
- [ -x ) . $rc_firewall_22 . ' ] && ' . $rc_firewall_22 . q(
-fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -eq 4 ]; then
[ -x ) . $rc_firewall_24 . ' ] && ' . $rc_firewall_24 . q(
fi
@@ -413,114 +398,6 @@ fi
chmod 0700, $rc_firewall_drakgw;
-output($rc_firewall_22,
-qq(#!/bin/sh
-#
-# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS
-#
-# Load all required IP MASQ modules
-#
-# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
-# are shown below but are commented out from loading.
-
-# Needed to initially load modules
-#
-/sbin/depmod -a
-
-# Supports the proper masquerading of FTP file transfers using the PORT method
-#
-/sbin/modprobe ip_masq_ftp
-
-# Supports the masquerading of RealAudio over UDP. Without this module,
-# RealAudio WILL function but in TCP mode. This can cause a reduction
-# in sound quality
-#
-/sbin/modprobe ip_masq_raudio
-
-# Supports the masquerading of IRC DCC file transfers
-#
-/sbin/modprobe ip_masq_irc
-
-
-# Supports the masquerading of Quake and QuakeWorld by default. This modules is
-# for for multiple users behind the Linux MASQ server. If you are going to play
-# Quake I, II, and III, use the second example.
-#
-# NOTE: If you get ERRORs loading the QUAKE module, you are running an old
-# ----- kernel that has bugs in it. Please upgrade to the newest kernel.
-#
-#Quake I / QuakeWorld (ports 26000 and 27000)
-#/sbin/modprobe ip_masq_quake
-#
-#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
-/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
-
-
-# Supports the masquerading of the CuSeeme video conferencing software
-#
-/sbin/modprobe ip_masq_cuseeme
-
-#Supports the masquerading of the VDO-live video conferencing software
-#
-/sbin/modprobe ip_masq_vdolive
-
-
-#CRITICAL: Enable IP forwarding since it is disabled by default since
-#
-# Redhat Users: you may try changing the options in /etc/sysconfig/network from:
-#
-# FORWARD_IPV4=false
-# to
-# FORWARD_IPV4=true
-#
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
-
-# Dynamic IP users:
-#
-# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following
-# option. This enables dynamic-ip address hacking in IP MASQ, making the life
-# with Diald and similar programs much easier.
-#
-#echo 1 > /proc/sys/net/ipv4/ip_dynaddr
-
-
-# MASQ timeouts
-#
-# 2 hrs timeout for TCP session timeouts
-# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
-# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
-#
-/sbin/ipchains -M -S 7200 10 160
-
-
-# DHCP: For people who receive their external IP address from either DHCP or BOOTP
-# such as ADSL or Cablemodem users, it is necessary to use the following
-# before the deny command. The "bootp_client_net_if_name" should be replaced
-# the name of the link that the DHCP/BOOTP server will put an address on to?
-# This will be something like "eth0", "eth1", etc.
-#
-# This example is currently commented out.
-#
-#
-#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp
-
-# Enable simple IP forwarding and Masquerading
-#
-# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
-# network with a 255.255.255.0 or a "24" bit subnet mask.
-#
-# Please change this network number and subnet mask to match your internal LAN setup
-#
-/sbin/ipchains -P forward DENY
-/sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ
-
-# Let incoming packets arrive to our interface, in case there are some firewall rules to come
-/sbin/ipchains -A input -i $device -j ACCEPT
-));
-chmod 0700, $rc_firewall_22;
-
-
output($rc_firewall_24, qq(#!/bin/sh
# Load the NAT module (this pulls in all the others).
modprobe iptable_nat
@@ -734,6 +611,10 @@ Click on Configure to launch the setup wizard.", $setup_state));
#-------------------------------------------------
#- $Log$
+#- Revision 1.61 2002/04/09 08:50:36 gc
+#- time to remove ipchains/2.2 stuff since now ipchains and iptables
+#- packages conflict
+#-
#- Revision 1.60 2002/03/07 13:10:06 gc
#- - call net_monitor to disable internet
#- connection before network-restart