From 73372ed4e6b573c4a1078b771df4f6623fc79927 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 28 Jan 2014 20:48:24 +0100 Subject: [PATCH] firewall: Move scripts from /var/ipfire/firewall/bin to /usr/lib/firewall. --- config/firewall/rules.pl | 2 +- config/rootfiles/common/configroot | 3 --- config/rootfiles/common/stage2 | 3 +++ lfs/configroot | 11 +++-------- lfs/stage2 | 7 +++++++ src/misc-progs/firewallctrl.c | 2 +- 6 files changed, 15 insertions(+), 13 deletions(-) diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index f26ae5f39..43807647c 100755 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -45,7 +45,7 @@ my @DPROT=(); my @p2ps=(); require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; -require "${General::swroot}/firewall/bin/firewall-lib.pl"; +require "/usr/lib/firewall/firewall-lib.pl"; my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index b1097cd89..f50937016 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -50,9 +50,6 @@ var/ipfire/extrahd #var/ipfire/extrahd/scan #var/ipfire/extrahd/settings var/ipfire/firewall -#var/ipfire/firewall/bin -#var/ipfire/firewall/bin/firewall-lib.pl -#var/ipfire/firewall/bin/rules.pl #var/ipfire/firewall/config #var/ipfire/firewall/dmz #var/ipfire/firewall/input diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 4286cec99..a79662416 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -66,6 +66,9 @@ root/ipfire #usr/bin/perl #usr/include #usr/lib +usr/lib/firewall +usr/lib/firewall/firewall-lib.pl +usr/lib/firewall/rules.pl #usr/lib/libgcc_s.so usr/lib/libgcc_s.so.1 #usr/lib/libstdc++.la diff --git a/lfs/configroot b/lfs/configroot index 98e7af320..8250a77f6 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -51,7 +51,7 @@ $(TARGET) : # Create all directories for i in addon-lang auth backup ca certs connscheduler crls ddns dhcp dhcpc dns dnsforward \ - ethernet extrahd/bin fwlogs fwhosts firewall firewall/bin isdn key langs logging mac main \ + ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \ menu.d modem net-traffic net-traffic/templates nfs optionsfw \ ovpn patches pakfire portfw ppp private proxy/advanced/cre \ proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ @@ -99,13 +99,11 @@ $(TARGET) : cp $(DIR_SRC)/config/cfgroot/useragents $(CONFIG_ROOT)/proxy/advanced cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans cp $(DIR_SRC)/langs/list $(CONFIG_ROOT)/langs/ - cp $(DIR_SRC)/config/firewall/rules.pl $(CONFIG_ROOT)/firewall/bin/rules.pl cp $(DIR_SRC)/config/firewall/convert-xtaccess /usr/sbin/convert-xtaccess cp $(DIR_SRC)/config/firewall/convert-outgoingfw /usr/sbin/convert-outgoingfw cp $(DIR_SRC)/config/firewall/convert-dmz /usr/sbin/convert-dmz cp $(DIR_SRC)/config/firewall/convert-portfw /usr/sbin/convert-portfw cp $(DIR_SRC)/config/firewall/p2protocols $(CONFIG_ROOT)/firewall/p2protocols - cp $(DIR_SRC)/config/firewall/firewall-lib.pl $(CONFIG_ROOT)/firewall/bin/firewall-lib.pl cp $(DIR_SRC)/config/firewall/firewall-policy /usr/sbin/firewall-policy cp $(DIR_SRC)/config/fwhosts/icmp-types $(CONFIG_ROOT)/fwhosts/icmp-types cp $(DIR_SRC)/config/fwhosts/customservices $(CONFIG_ROOT)/fwhosts/customservices @@ -132,13 +130,10 @@ $(TARGET) : echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings - - # set rules.pl executable - chmod 755 $(CONFIG_ROOT)/firewall/bin/rules.pl - + # set converters executable chmod 755 /usr/sbin/convert-* - + # Modify variables in header.pl sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \ -e "s+VERSION+$(VERSION)+g" \ diff --git a/lfs/stage2 b/lfs/stage2 index 3d64f6839..956f58953 100644 --- a/lfs/stage2 +++ b/lfs/stage2 @@ -101,6 +101,13 @@ $(TARGET) : # Move script to correct place. mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/ + # Install firewall scripts. + mkdir -pv /usr/lib/firewall + install -m 755 $(DIR_SRC)/config/firewall/rules.pl \ + /usr/lib/firewall/rules.pl + install -m 644 $(DIR_SRC)/config/firewall/firewall-lib.pl \ + /usr/lib/firewall/firewall-lib.pl + # Nobody user -mkdir -p /home/nobody chown -R nobody:nobody /home/nobody diff --git a/src/misc-progs/firewallctrl.c b/src/misc-progs/firewallctrl.c index 97de2715f..0f176597d 100644 --- a/src/misc-progs/firewallctrl.c +++ b/src/misc-progs/firewallctrl.c @@ -13,7 +13,7 @@ int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); - int retval = safe_system("/var/ipfire/firewall/bin/rules.pl"); + int retval = safe_system("/usr/lib/firewall/rules.pl"); /* If rules.pl has been successfully executed, the indicator * file is removed. */ -- 2.39.2