diff options
| author | Pascal Rigaux <pixel@mandriva.com> | 2002-08-22 22:35:51 +0000 |
|---|---|---|
| committer | Pascal Rigaux <pixel@mandriva.com> | 2002-08-22 22:35:51 +0000 |
| commit | e9a69372aed3b1b5fa3cd2d721e39da132471195 (patch) | |
| tree | 46676d04b64bbeff4dbfb390b0f02e2836095974 | |
| parent | cff09a0be9dd5ceb63b3a304f483f62e40be8f0f (diff) | |
| download | drakx-backup-do-not-use-e9a69372aed3b1b5fa3cd2d721e39da132471195.tar drakx-backup-do-not-use-e9a69372aed3b1b5fa3cd2d721e39da132471195.tar.gz drakx-backup-do-not-use-e9a69372aed3b1b5fa3cd2d721e39da132471195.tar.bz2 drakx-backup-do-not-use-e9a69372aed3b1b5fa3cd2d721e39da132471195.tar.xz drakx-backup-do-not-use-e9a69372aed3b1b5fa3cd2d721e39da132471195.zip | |
use shorewall (need testing)
| -rwxr-xr-x | perl-install/standalone/drakgw | 109 |
1 files changed, 23 insertions, 86 deletions
diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw index b31721dae..6362d11fa 100755 --- a/perl-install/standalone/drakgw +++ b/perl-install/standalone/drakgw @@ -30,6 +30,7 @@ use network; use log; use c; use network::netconnect; +use network::shorewall; $::isInstall and die "Not supported during install.\n"; @@ -50,8 +51,8 @@ my $rc_firewall_drakgw = "/etc/rc.d/rc.firewall.inet_sharing"; my $rc_firewall_24 = "/etc/rc.d/rc.firewall.inet_sharing-2.4"; my $dhcpd_conf = "/etc/dhcpd.conf"; my $cups_conf = "/etc/cups/cupsd.conf"; -my $drakgw_setup = "/etc/sysconfig/inet_sharing"; +my $shorewall = network::shorewall::read(); my $in = 'interactive'->vnew('su', 'default'); @@ -88,23 +89,19 @@ sub start_daemons () sys("/etc/rc.d/init.d/network restart"); $netmon_need_start and system("$netmon --connect --force --quiet >/dev/null"); - sys("sh $rc_firewall_generic"); + sys("/etc/init.d/shorewall start"); - sys("/etc/rc.d/init.d/$_ start"), sys("/sbin/chkconfig --level 345 $_ on") foreach 'named', 'dhcpd'; + sys("/etc/rc.d/init.d/$_ start"), sys("/sbin/chkconfig --level 345 $_ on") foreach 'named', 'dhcpd', 'shorewall'; sys("/etc/rc.d/init.d/cups start") if $cups_used; - - substInFile { s/^INET_SHARING.*\n//; $_ .= "INET_SHARING=enabled\n" if eof } $drakgw_setup; } sub stop_daemons () { standalone::explanations("Stopping daemons"); - system("/etc/rc.d/init.d/dhcpd status >/dev/null") == 0 and sys("/etc/rc.d/init.d/dhcpd stop"); - system("/etc/rc.d/init.d/named status >/dev/null 2>/dev/null") == 0 and sys("/etc/rc.d/init.d/named stop"); - sys("/sbin/iptables -t nat -F"); + foreach (qw(dhcpd named shorewall)) { + system("/etc/rc.d/init.d/$_ status >/dev/null 2>/dev/null") == 0 and sys("/etc/rc.d/init.d/$_ stop"); + } sys("/sbin/chkconfig --level 345 $_ off") foreach 'named', 'dhcpd'; - - substInFile { s/^INET_SHARING.*\n//; $_ .= "INET_SHARING=disabled\n" if eof } $drakgw_setup; } sub fatal_quit ($) @@ -120,16 +117,15 @@ log::l("[drakgw] kernel_version $kernel_version"); $kernel_version eq '2.4' or fatal_quit(_("Sorry, we support only 2.4 kernels.")); - begin: #- ********************************** #- * 0th step: verify if we are already set up -if (-f $drakgw_setup) { +if ($shorewall && $shorewall->{masquerade}) { $::Wizard_no_previous = 1; - if (grep(/enabled/, cat_($drakgw_setup))) { + if (!$shorewall->{disabled}) { my $r = $in->ask_from_list_(_("Internet Connection Sharing currently enabled"), _("The setup of Internet connection sharing has already been done. It's currently enabled. @@ -153,7 +149,7 @@ What would you like to do?"), quit_global($in, 0); } } - elsif (grep(/disabled/, cat_($drakgw_setup))) + else { my $r = $in->ask_from_list_(_("Internet Connection Sharing currently disabled"), _("The setup of Internet connection sharing has already been done. @@ -179,10 +175,6 @@ What would you like to do?"), quit_global($in, 0); } } - else { - log::l("[drakgw] Warning, unrecognized config file, ignoring"); - renamef($drakgw_setup, "$drakgw_setup.unrecognized"); - } } @@ -314,13 +306,7 @@ foreach (grep { $_ ne $device } @configured_devices) #- test for potential conflict with previous firewall config - -system('modprobe iptable_nat'); -if (-f '/etc/sysconfig/iptables' || -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8) { - $in->ask_okcancel(_("Firewalling configuration detected!"), - _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; -} - +network::shorewall::check_iptables($in) or goto step_detectsetup; #- ********************************** #- * 2nd step: configure @@ -366,64 +352,14 @@ if (grep { !-e $rpm2file{$_} } keys %rpm2file) { } } +put_in_hash($shorewall ||= {}, { + disabled => 0, + net_interface => $card_netconnect, + if_(@cards > 1, loc_interface => [ grep { $_ ne $device } @cards ]), + masquerade => { interface => $device, subnet => "$lan_address.0/24" }, +}); -#- setup the masquerading configuration -standalone::explanations("Modifying firewalling configuration"); -if (!-f $rc_firewall_generic) { - output($rc_firewall_generic, "#!/bin/sh -# -# Automatically generated by drakgw -[ -x $rc_firewall_drakgw ] && $rc_firewall_drakgw -"); - chmod 0700, $rc_firewall_generic; -} -elsif (!grep(/drakgw/, cat_($rc_firewall_generic))) { - outpend($rc_firewall_generic, " -# Automatically added by drakgw -[ -x $rc_firewall_drakgw ] && $rc_firewall_drakgw - -"); -} - -output($rc_firewall_drakgw, sprintf(<<'EOF', $rc_firewall_24, $rc_firewall_24)); -#!/bin/sh -KERNELMAJ=`uname -r | sed -e 's,\..*,,'` -KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` - -if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -eq 4 ]; then - [ -x %s ] && %s -fi -EOF - -chmod 0700, $rc_firewall_drakgw; - - -output($rc_firewall_24, qq(#!/bin/sh -# Load the NAT module (this pulls in all the others). -modprobe iptable_nat - -# Turn on IP forwarding -echo 1 > /proc/sys/net/ipv4/ip_forward - -# In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING) -# which says to MASQUERADE the connection (-j MASQUERADE). -/sbin/iptables -t nat -A POSTROUTING -s $lan_address.0/24 -j MASQUERADE - -# Allows forwarding specifically to our LAN -/sbin/iptables -A FORWARD -s $lan_address.0/24 -j ACCEPT - -# Allow dhcp requests -/sbin/iptables -A INPUT -i $device -p udp --sport bootpc --dport bootps -j ACCEPT -/sbin/iptables -A INPUT -i $device -p tcp --sport bootpc --dport bootps -j ACCEPT -/sbin/iptables -A INPUT -i $device -p udp --sport bootps --dport bootpc -j ACCEPT -/sbin/iptables -A INPUT -i $device -p tcp --sport bootps --dport bootpc -j ACCEPT - -# Allow dns requests -/sbin/iptables -A INPUT -i $device -p udp --dport domain -j ACCEPT -/sbin/iptables -A INPUT -i $device -p tcp --dport domain -j ACCEPT -)); -chmod 0700, $rc_firewall_24; - +network::shorewall::write($shorewall); #- be sure that FORWARD_IPV4 is enabled in /etc/sysconfig/network @@ -534,7 +470,6 @@ if (-f $cups_conf) { #- start the daemons -substInFile { s/^INTERFACE.*\n//; $_ .= "INTERFACE=$device\n" if eof } $drakgw_setup; start_daemons(); @@ -563,9 +498,11 @@ sub pur_gtk_mode { require Gtk; init Gtk; - my $setup_state = grep(/disabled/, cat_($drakgw_setup)) ? _("The setup has already been done, but it's currently disabled.") : - grep(/enabled/, cat_($drakgw_setup)) ? _("The setup has already been done, and it's currently enabled.") : - _("No Internet Connection Sharing has ever been configured."); + my $setup_state = $shorewall && $shorewall->{masquerade} ? + ($shorewall->{disabled} ? + _("The setup has already been done, but it's currently disabled.") : + _("The setup has already been done, and it's currently enabled.")) : + _("No Internet Connection Sharing has ever been configured."); my $window1 = $::isEmbedded ? new Gtk::Plug ($::XID) : new Gtk::Window -toplevel; $window1->signal_connect(delete_event => sub { Gtk->exit(0) }); |