Attachment #883888 for bug #923441

Lines 134-140 if [ -z "$vendor" ]; then Link Here

(-)Shorewall-core.orig/configure (-2 / +2 lines)
134	*)	134	*)
135	if [ -f /etc/debian_version ]; then	135	if [ -f /etc/debian_version ]; then
136	params[HOST]=debian	136	params[HOST]=debian
137	ls -l /sbin/init \| fgrep -q systemd && rcfile=shorewallrc.debian.systemd \|\| rcfile=shorewallrc.debian.sysvinit	137	ls -l /sbin/init \| grep -F -q systemd && rcfile=shorewallrc.debian.systemd \|\| rcfile=shorewallrc.debian.sysvinit
138	elif [ -f /etc/altlinux-release ] ; then	138	elif [ -f /etc/altlinux-release ] ; then
139	params[HOST]=alt	139	params[HOST]=alt
140	elif [ -f /etc/redhat-release ]; then	140	elif [ -f /etc/redhat-release ]; then
Lines 163-169 else Link Here
163	if [ $vendor = linux ]; then	163	if [ $vendor = linux ]; then
164	rcfile=shorewallrc.default;	164	rcfile=shorewallrc.default;
165	elif [ $vendor = debian -a -f /etc/debian_version ]; then	165	elif [ $vendor = debian -a -f /etc/debian_version ]; then
166	ls -l /sbin/init \| fgrep -q systemd && rcfile=shorewallrc.debian.systemd \|\| rcfile=shorewallrc.debian.sysvinit	166	ls -l /sbin/init \| grep -F -q systemd && rcfile=shorewallrc.debian.systemd \|\| rcfile=shorewallrc.debian.sysvinit
167	else	167	else
168	rcfile=shorewallrc.$vendor	168	rcfile=shorewallrc.$vendor
169	fi	169	fi





    qt tc -s filter ls root dev $1 && tc -s filter ls root dev $device | grep -v '^$'
    tc filter show dev $1
    tc class show dev $1 | grep -F 'leaf ' | grep -F -v ' hfsc' | sed 's/^.*leaf //;s/ .*//' | while read class; do
	if [ -n "$class" ]; then
	    echo
	    echo Node $class

savesets() {
    local supported

    supported=$(run_it $g_firewall help | grep -F savesets )

    [ -n "$supported" ] && run_it $g_firewall savesets ${g_restorepath}-ipsets 
}

savesets1() {
    local supported

    supported=$(run_it $g_firewall help | grep -F savesets )

    [ -n "$supported" ] && run_it $g_firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"
}

    local junk
    local setname

    $IPSETN -L | grep -E "^Name: ${1}(_.+)?$" | while read junk setname; do echo $setname; done
}

list_zone() {

    determine_ipset_version

    if [ $g_family -eq 4 ]; then
	sets=$($IPSETN -L | grep -E "^$1(_.+)?");
     else
	sets=$($IPSETN -L | grep -E "^6_$1(_.+)?")
    fi

    [ -n "$sets" ] || sets=$(find_sets $1)

    $IP -s -$g_family xfrm policy | spd_filter

    heading "PFKEY SAD"
    $IP -s -$g_family xfrm state | grep -E -v '[[:space:]]+(auth-trunc|enc )' # Don't divulge the keys
}

show_ipsec_command() {

	    if chain_exists dynamic; then
		g_ipt_options="$g_ipt_options --line-numbers"
		$g_tool -t filter -L dynamic $g_ipt_options  | head -n2
		$g_tool -t filter -L dynamic $g_ipt_options  | grep -F ACCEPT | $output_filter
	    fi
	    ;;
	ipsec)


	if [ -n "$hnames" ]; then
	    for hname in $hnames; do
		iptaccount -l $hname | grep -E '^IP:|^Show'
		echo
	    done
	else


	if $TC filter add basic help 2>&1 | grep -q ^Usage; then
	    BASIC_FILTER=Yes
	    $TC filter add basic help 2>&1 | grep -E -q match && BASIC_EMATCH=Yes
	fi

	if $TC action add connmark help 2>&1 | grep -q ^Usage; then

    if [ $COMMAND = 'blacklist!' ]; then
	timeout='timeout 0'
    else
	echo "$@" | grep -F -q ' timeout ' || timeout="timeout $g_dbltimeout"
    fi

    if $IPSET -A $g_blacklistipset $@ $timeout -exist; then

		#
		# First look for it here
		#
		if type $1 2> /dev/null | grep -F -q 'is a function'; then
		    #
		    # It's a shell function -- call it
		    #
		    $@
		elif type $1 2> /dev/null | grep -F -q 'is a shell function'; then
		    #
		    # It's a shell function -- call it
		    #

Lines 639-645 find_first_interface_address_if_any() # Link Here

(-)Shorewall-core.orig/lib.common (-2 / +2 lines)
639	#Determines if the passed interface is a loopback interface	639	#Determines if the passed interface is a loopback interface
640	#	640	#
641	loopback_interface() { #$1 = Interface name	641	loopback_interface() { #$1 = Interface name
642	[ "$1" = lo ] \|\| $IP link show $1 \| fgrep -q LOOPBACK	642	[ "$1" = lo ] \|\| $IP link show $1 \| grep -F -q LOOPBACK
643	}	643	}
644		644
645	#	645	#
Lines 648-654 loopback_interface() { #$1 = Interface n Link Here
648	find_loopback_interfaces() {	648	find_loopback_interfaces() {
649	local interfaces	649	local interfaces
650		650
651	[ -x "$IP" ] && interfaces=$($IP link show \| fgrep LOOPBACK \| sed 's/://g' \| cut -d ' ' -f 2)	651	[ -x "$IP" ] && interfaces=$($IP link show \| grep -F LOOPBACK \| sed 's/://g' \| cut -d ' ' -f 2)
652		652
653	[ -n "$interfaces" ] && echo $interfaces \|\| echo lo	653	[ -n "$interfaces" ] && echo $interfaces \|\| echo lo
654	}	654	}

Return to bug 923441

Lines 252-258 show_one_classifier() { Link Here

(-)Shorewall-core.orig/lib.cli (-13 / +13 lines)
252		252
253	qt tc -s filter ls root dev $1 && tc -s filter ls root dev $device \| grep -v '^$'	253	qt tc -s filter ls root dev $1 && tc -s filter ls root dev $device \| grep -v '^$'
254	tc filter show dev $1	254	tc filter show dev $1
255	tc class show dev $1 \| fgrep 'leaf ' \| fgrep -v ' hfsc' \| sed 's/^.leaf //;s/ .//' \| while read class; do	255	tc class show dev $1 \| grep -F 'leaf ' \| grep -F -v ' hfsc' \| sed 's/^.leaf //;s/ .//' \| while read class; do
256	if [ -n "$class" ]; then	256	if [ -n "$class" ]; then
257	echo	257	echo
258	echo Node $class	258	echo Node $class
Lines 426-432 resolve_arptables() { Link Here
426	savesets() {	426	savesets() {
427	local supported	427	local supported
428		428
429	supported=$(run_it $g_firewall help \| fgrep savesets )	429	supported=$(run_it $g_firewall help \| grep -F savesets )
430		430
431	[ -n "$supported" ] && run_it $g_firewall savesets ${g_restorepath}-ipsets	431	[ -n "$supported" ] && run_it $g_firewall savesets ${g_restorepath}-ipsets
432	}	432	}
Lines 437-443 savesets() { Link Here
437	savesets1() {	437	savesets1() {
438	local supported	438	local supported
439		439
440	supported=$(run_it $g_firewall help \| fgrep savesets )	440	supported=$(run_it $g_firewall help \| grep -F savesets )
441		441
442	[ -n "$supported" ] && run_it $g_firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"	442	[ -n "$supported" ] && run_it $g_firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"
443	}	443	}
Lines 696-702 find_sets() { Link Here
696	local junk	696	local junk
697	local setname	697	local setname
698		698
699	$IPSETN -L \| egrep "^Name: ${1}(_.+)?$" \| while read junk setname; do echo $setname; done	699	$IPSETN -L \| grep -E "^Name: ${1}(_.+)?$" \| while read junk setname; do echo $setname; done
700	}	700	}
701		701
702	list_zone() {	702	list_zone() {
Lines 707-715 list_zone() { Link Here
707	determine_ipset_version	707	determine_ipset_version
708		708
709	if [ $g_family -eq 4 ]; then	709	if [ $g_family -eq 4 ]; then
710	sets=$($IPSETN -L \| egrep "^$1(_.+)?");	710	sets=$($IPSETN -L \| grep -E "^$1(_.+)?");
711	else	711	else
712	sets=$($IPSETN -L \| egrep "^6_$1(_.+)?")	712	sets=$($IPSETN -L \| grep -E "^6_$1(_.+)?")
713	fi	713	fi
714		714
715	[ -n "$sets" ] \|\| sets=$(find_sets $1)	715	[ -n "$sets" ] \|\| sets=$(find_sets $1)
Lines 1207-1213 show_ipsec() { Link Here
1207	$IP -s -$g_family xfrm policy \| spd_filter	1207	$IP -s -$g_family xfrm policy \| spd_filter
1208		1208
1209	heading "PFKEY SAD"	1209	heading "PFKEY SAD"
1210	$IP -s -$g_family xfrm state \| egrep -v '[[:space:]]+(auth-trunc\|enc )' # Don't divulge the keys	1210	$IP -s -$g_family xfrm state \| grep -E -v '[[:space:]]+(auth-trunc\|enc )' # Don't divulge the keys
1211	}	1211	}
1212		1212
1213	show_ipsec_command() {	1213	show_ipsec_command() {
Lines 1533-1539 show_command() { Link Here
1533	if chain_exists dynamic; then	1533	if chain_exists dynamic; then
1534	g_ipt_options="$g_ipt_options --line-numbers"	1534	g_ipt_options="$g_ipt_options --line-numbers"
1535	$g_tool -t filter -L dynamic $g_ipt_options \| head -n2	1535	$g_tool -t filter -L dynamic $g_ipt_options \| head -n2
1536	$g_tool -t filter -L dynamic $g_ipt_options \| fgrep ACCEPT \| $output_filter	1536	$g_tool -t filter -L dynamic $g_ipt_options \| grep -F ACCEPT \| $output_filter
1537	fi	1537	fi
1538	;;	1538	;;
1539	ipsec)	1539	ipsec)
Lines 1625-1631 perip_accounting() { Link Here
1625		1625
1626	if [ -n "$hnames" ]; then	1626	if [ -n "$hnames" ]; then
1627	for hname in $hnames; do	1627	for hname in $hnames; do
1628	iptaccount -l $hname \| egrep '^IP:\|^Show'	1628	iptaccount -l $hname \| grep -E '^IP:\|^Show'
1629	echo	1629	echo
1630	done	1630	done
1631	else	1631	else
Lines 3253-3259 determine_capabilities() { Link Here
3253		3253
3254	if $TC filter add basic help 2>&1 \| grep -q ^Usage; then	3254	if $TC filter add basic help 2>&1 \| grep -q ^Usage; then
3255	BASIC_FILTER=Yes	3255	BASIC_FILTER=Yes
3256	$TC filter add basic help 2>&1 \| egrep -q match && BASIC_EMATCH=Yes	3256	$TC filter add basic help 2>&1 \| grep -E -q match && BASIC_EMATCH=Yes
3257	fi	3257	fi
3258		3258
3259	if $TC action add connmark help 2>&1 \| grep -q ^Usage; then	3259	if $TC action add connmark help 2>&1 \| grep -q ^Usage; then
Lines 3674-3680 blacklist_command() { Link Here
3674	if [ $COMMAND = 'blacklist!' ]; then	3674	if [ $COMMAND = 'blacklist!' ]; then
3675	timeout='timeout 0'	3675	timeout='timeout 0'
3676	else	3676	else
3677	echo "$@" \| fgrep -q ' timeout ' \|\| timeout="timeout $g_dbltimeout"	3677	echo "$@" \| grep -F -q ' timeout ' \|\| timeout="timeout $g_dbltimeout"
3678	fi	3678	fi
3679		3679
3680	if $IPSET -A $g_blacklistipset $@ $timeout -exist; then	3680	if $IPSET -A $g_blacklistipset $@ $timeout -exist; then
Lines 4932-4943 shorewall_cli() { Link Here
4932	#	4932	#
4933	# First look for it here	4933	# First look for it here
4934	#	4934	#
4935	if type $1 2> /dev/null \| fgrep -q 'is a function'; then	4935	if type $1 2> /dev/null \| grep -F -q 'is a function'; then
4936	#	4936	#
4937	# It's a shell function -- call it	4937	# It's a shell function -- call it
4938	#	4938	#
4939	$@	4939	$@
4940	elif type $1 2> /dev/null \| fgrep -q 'is a shell function'; then	4940	elif type $1 2> /dev/null \| grep -F -q 'is a shell function'; then
4941	#	4941	#
4942	# It's a shell function -- call it	4942	# It's a shell function -- call it
4943	#	4943	#