📄 shorewall

📁 sharewall is very good
💻
📖 第 1 页 / 共 3 页
字号:
上一页 1 23
    local file    file=     local finished    finished=0     local directory     local target    local compiler    compiler=    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    compiler="-C $2"			    option=			    shift			    ;;			*)			    fatal_error "Unrecognized option \"$option\""			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	1)	    directory="."	    target=$1	    ;;	2)	    directory=$1	    target=$2	    ;;	*)	    fatal_error "ERROR: Invalid command syntax (\"man shorewall\" for help)"	    ;;    esac    case $target in	*:*)	    ;;	*)	    target=$target:	    ;;    esac    file=$(resolve_file $directory/firewall)    if shorewall $debugging $verbose compile -e $compiler $directory $directory/firewall && \	echo "Copying $file and ${file}.conf to ${target#*@}..." && \	scp $directory/firewall $directory/firewall.conf $target    then	save=$(find_file save);	[ -f $save ] && progress_message3 "Copying $save to ${target#*}..." && rcp_command $save $target	progress_message3 "Copy complete"    fi}## Give Usage Information#usage() # $1 = exit status{    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"    echo "where <command> is one of:"    echo "   add <interface>[:<host-list>] ... <zone>"    echo "   allow <address> ..."    echo "   check [ -e ] [ -C {shell|perl} ] [ <directory> ]"    echo "   clear [ -f ]"    echo "   compile [ -e ] [ -C {shell|perl} ] [ <directory name> ] <path name>"    echo "   delete <interface>[:<host-list>] ... <zone>"    echo "   drop <address> ..."    echo "   dump [ -x ]"    echo "   export [ -C {shell|perl} ] [ <directory1> ] [<user>@]<system>[:<directory2>]"    echo "   forget [ <file name> ]"    echo "   help"    echo "   hits [ -t ]"    echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"    echo "   ipdecimal { <address> | <integer> }"    echo "   iprange <address>-<address>"    echo "   load [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>"    echo "   logdrop <address> ..."    echo "   logreject <address> ..."    echo "   logwatch [<refresh interval>]"    echo "   refresh [ -C {shell|perl} ] [ <chain>... ]"    echo "   reject <address> ..."    echo "   reload [ -s ] [ -c ] [ -r <root user> ] [ -C {shell|perl} ] [ <directory> ] <system>"    echo "   reset [ <chain> ... ]"    echo "   restart [ -n ] [ -p ] [ -f ] [ -C {shell|perl} ] [ <directory> ]"    echo "   restore [ -n ] [ <file name> ]"    echo "   save [ <file name> ]"    echo "   show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"    echo "   start [ -f ] [ -n ] [ -p ] [ -C {shell|perl} ] [ <directory> ]"    echo "   stop [ -f ]"    echo "   status"    echo "   try [ -C {shell|perl} ] <directory> [ <timeout> ]"    echo "   version [ -a ]"    echo "   safe-start [ -C {shell|perl} ] [ <directory> ]"    echo "   safe-restart [ -C {shell|perl} ] [ <directory> ]"    echo    exit $1}## Execution begins here#debugging=if [ $# -gt 0 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then    debugging=$1    shiftfinolock=if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then    nolock=nolock    shiftfiSHOREWALL_DIR=IPT_OPTIONS="-nv"FAST=VERBOSE_OFFSET=0USE_VERBOSITY=NOROUTES=PURGE=EXPORT=export TIMESTAMP=noroutes=finished=0while [ $finished -eq 0 ]; do    [ $# -eq 0 ] && usage 1    option=$1    case $option in	-)	    finished=1	    ;;	-*)	    option=${option#-}	    while [ -n "$option" ]; do		case $option in		    c)			[ $# -eq 1 ] && usage 1			if [ ! -d $2 ]; then			    if [ -e $2 ]; then				echo "$2 is not a directory" >&2 && exit 2			    else				echo "Directory $2 does not exist" >&2 && exit 2			    fi			fi			SHOREWALL_DIR=$(resolve_file $2)			option=			shift			;;		    e*)			EXPORT=Yes			option=${option#e}			;;		    x*)			IPT_OPTIONS="-xnv"			option=${option#x}			;;		    q*)			VERBOSE_OFFSET=$(($VERBOSE_OFFSET - 1 ))			option=${option#q}			;;		    f*)			FAST=Yes			option=${option#f}			;;		    v*)			option=${option#v}			case $option in 			    -1*)				USE_VERBOSITY=-1				option=${option#-1}				;;			    0*)				USE_VERBOSITY=0				option=${option#0}				;;			    1*)				USE_VERBOSITY=1				option=${option#1}				;;			    2*)				USE_VERBOSITY=2				option=${option#2}				;;			    *)				VERBOSE_OFFSET=$(($VERBOSE_OFFSET + 1 ))				USE_VERBOSITY=				;;			esac			;;		    n*)			NOROUTES=Yes			option=${option#n}			;;		    t*)			TIMESTAMP=Yes			option=${option#t}			;;		    -)			finished=1			option=			;;		    *)			usage 1			;;		esac	    done	    shift	    ;;	*)	    finished=1            ;;    esacdoneversion_command() {    local finished    finished=0    local all    all=    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			a*)			    all=Yes			    option=${option#a}			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    [ $# -gt 0 ] && usage 1    echo $version    if [ -n "$all" ]; then	if [ -f /usr/share/shorewall-shell/version ]; then	    echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"	fi	if [ -f /usr/share/shorewall-perl/version ]; then	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"	fi    fi}if [ $# -eq 0 ]; then    usage 1fi[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIRPATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbinMUTEX_TIMEOUT=SHAREDIR=/usr/share/shorewallCONFDIR=/etc/shorewallexport PRODUCT="Shorewall"[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir[ -n "${VARDIR:=/var/lib/shorewall}" ]FIREWALL=$SHAREDIR/firewallLIBRARIES="$SHAREDIR/lib.base $SHAREDIR/lib.cli"VERSION_FILE=$SHAREDIR/versionREFRESHCHAINS=for library in $LIBRARIES; do    if [ -f $library ]; then	. $library    else	echo "$library does not exist!" >&2	exit 2    fidoneif [ ! -f $FIREWALL ]; then    echo "   ERROR: Shorewall is not properly installed" >&2    if [ -L $FIREWALL ]; then	echo "	     $FIREWALL is a symbolic link to a" >&2	echo "	     non-existant file" >&2    else	echo "	     The file $FIREWALL does not exist" >&2    fi    exit 2fiif [ -f $VERSION_FILE ]; then    version=$(cat $VERSION_FILE)else    echo "   ERROR: Shorewall is not properly installed" >&2    echo "	 The file $VERSION_FILE does not exist"  >&2    exit 1fibanner="Shorewall-$version Status at $HOSTNAME -"case $(echo -e) in    -e*)	RING_BELL="echo \a"	ECHO_E="echo"	;;    *)	RING_BELL="echo -e \a"	ECHO_E="echo -e"	;;esaccase $(echo -n "Testing") in    -n*)	ECHO_N=	;;    *)	ECHO_N=-n	;;esacCOMMAND=$1case "$COMMAND" in    start)	get_config Yes Yes	shift	start_command $@	;;    stop|clear)	get_config	if [ "x$2" = x-s ]; then	    shift        else	    if [ "x$2" = x-f -o "$FAST_STOP" ]; then		[ -x ${VARDIR}/.restore ] && FIREWALL=${VARDIR}/.restore		if [ "x$2" = x-f ]; then		    shift		fi	    fi	fi	[ $# -ne 1 ] && usage 1	export NOROUTES	mutex_on	$SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND	mutex_off	;;    reset)	get_config	export NOROUTES	shift	mutex_on	$SHOREWALL_SHELL $FIREWALL $debugging $nolock reset $@	mutex_off	;;    compile)	get_config Yes	shift	compile_command $@	;;    restart)	get_config Yes Yes	shift	restart_command $@	;;    refresh)	get_config Yes Yes	shift	refresh_command $@	;;    check)	get_config Yes	shift	check_command $@	;;    add|delete)	[ $# -lt 3 ] && usage 1	get_config	mutex_on	$SHOREWALL_SHELL $FIREWALL $debugging $nolock $@	mutex_off	;;    show|list)	get_config Yes No Yes    	shift    	show_command $@	;;    load|reload)	get_config Yes	shift	reload_command $@	;;    export)	get_config Yes	shift	export_command $@	;;    status)	[ $# -eq 1 ] || usage 1	get_config	echo "Shorewall-$version Status at $HOSTNAME - $(date)"	echo	if shorewall_is_started ; then	    echo "Shorewall is running"	    status=0	else	    echo "Shorewall is stopped"	    status=4	fi	if [ -f ${VARDIR}/state ]; then	    state="$(cat ${VARDIR}/state)"	    case $state in		Stopped*|Clear*)		    status=3		    ;;	    esac	else	    state=Unknown	fi	echo "State:$state"	echo	exit $status	;;    dump)	get_config Yes No Yes    	shift    	dump_command $@	;;    hits)	get_config Yes No Yes	[ -n "$debugging" ] && set -x	shift	hits_command $@	;;    version)	shift	version_command $@	;;    try)	get_config Yes	shift	try_command $@	;;    logwatch)	get_config Yes Yes Yes	banner="Shorewall-$version Logwatch at $HOSTNAME -"	logwatch_command $@	;;    drop)	get_config	[ -n "$debugging" ] && set -x	[ $# -eq 1 ] && usage 1	if shorewall_is_started ; then	    [ -n "$nolock" ] || mutex_on	    block DROP Dropped $*	    [ -n "$nolock" ] || mutex_off	else	    fatal_error "Shorewall is not started"	fi	;;    logdrop)	get_config	[ -n "$debugging" ] && set -x	[ $# -eq 1 ] && usage 1	if shorewall_is_started ; then	    [ -n "$nolock" ] || mutex_on	    block logdrop Dropped $*	    [ -n "$nolock" ] || mutex_off	else	    fatal_error "Shorewall is not started"	fi	;;    reject|logreject)	get_config	[ -n "$debugging" ] && set -x	[ $# -eq 1 ] && usage 1	if shorewall_is_started ; then	    [ -n "$nolock" ] || mutex_on	    block $COMMAND Rejected $*	    [ -n "$nolock" ] || mutex_off	else	    fatal_error "Shorewall is not started"	fi	;;    allow)	get_config	allow_command $@	;;    save)	get_config	[ -n "$debugging" ] && set -x	case $# in	1)	    ;;	2)	    RESTOREFILE="$2"	    validate_restorefile '<restore file>'	    ;;	*)	    usage 1	    ;;	esac	RESTOREPATH=${VARDIR}/$RESTOREFILE	[ -n "$nolock" ] || mutex_on	save_config	result=$?	[ -n "$nolock" ] || mutex_off	exit $result	;;    forget)	get_config	case $# in	1)	    ;;	2)	    RESTOREFILE="$2"	    validate_restorefile '<restore file>'	    ;;	*)	    usage 1	    ;;	esac	RESTOREPATH=${VARDIR}/$RESTOREFILE	if [ -x $RESTOREPATH ]; then	    if [ -x ${RESTOREPATH}-ipsets ]; then		rm -f ${RESTOREPATH}-ipsets		echo "    ${RESTOREPATH}-ipsets removed"	    fi	    rm -f $RESTOREPATH	    rm -f ${RESTOREPATH}-iptables	    echo "    $RESTOREPATH removed"	elif [ -f $RESTOREPATH ]; then	    echo "   $RESTOREPATH exists and is not a saved Shorewall configuration"	fi	rm -f ${VARDIR}/save	;;    ipcalc)    	[ -n "$debugging" ] && set -x	if [ $# -eq 2 ]; then	    address=${2%/*}	    vlsm=${2#*/}	elif [ $# -eq 3 ]; then	    address=$2	    vlsm=$(ip_vlsm $3)	else	    usage 1	fi	valid_address $address || fatal_error "Invalid IP address: $address"	[ -z "$vlsm" ] && exit 2	[ "x$address" = "x$vlsm" ] && usage 2	[ $vlsm -gt 32 ] && echo "Invalid VLSM: /$vlsm" >&2 && exit 2	address=$address/$vlsm	                                   echo "   CIDR=$address"	temp=$(ip_netmask $address);       echo "   NETMASK=$(encodeaddr $temp)"	temp=$(ip_network $address);       echo "   NETWORK=$temp"	temp=$(broadcastaddress $address); echo "   BROADCAST=$temp"	;;    iprange)	[ -n "$debugging" ] && set -x	case $2 in	    *.*.*.*-*.*.*.*)		for address in ${2%-*} ${2#*-}; do		    valid_address $address || fatal_error "Invalid IP address: $address"		done		ip_range $2		;;	    *)		usage 1		;;	esac	;;    ipdecimal)	[ -n "$debugging" ] && set -x	[ $# -eq 2 ] || usage 1	case $2 in	    *.*.*.*)		valid_address $2 || fatal_error "Invalid IP address: $2"		echo "   $(decodeaddr $2)"		;;	    *)		echo "   $(encodeaddr $2)"		;;	esac	;;    restore)	get_config	shift	restore_command $@        ;;    call)	get_config	[ -n "$debugging" ] && set -x	#	# Undocumented way to call functions in ${SHAREDIR}/functions directly	#	shift	$@	;;    help)	shift	usage	;;    safe-restart|safe-start)	get_config Yes	shift	safe_commands $@	;;    *)	usage 1	;;esac
上一页 1 23
💿 文件大小 203 K
👤 上传用户 zhangpeng
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#sharewall #good #very #is
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -