[Astlinux-commits] SF.net SVN: astlinux: [1586] trunk/package/arno-fw

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1586
          http://astlinux.svn.sourceforge.net/astlinux/?rev=1586&view=rev
Author:   dhartman
Date:     2008-02-16 23:28:34 -0800 (Sat, 16 Feb 2008)

Log Message:
-----------
arno fw fixes

Modified Paths:
--------------
    trunk/package/arno-fw/arnofw.mk
    trunk/package/arno-fw/arnofw.wrapper

Removed Paths:
-------------
    trunk/package/arno-fw/arno-iptables-firewall
    trunk/package/arno-fw/arno-iptables-firewall.conf

Deleted: trunk/package/arno-fw/arno-iptables-firewall
===================================================================

Deleted: trunk/package/arno-fw/arno-iptables-firewall.conf
===================================================================

Modified: trunk/package/arno-fw/arnofw.mk
===================================================================

--- trunk/package/arno-fw/arnofw.mk	2008-02-15 19:20:31 UTC (rev 1585)
+++ trunk/package/arno-fw/arnofw.mk	2008-02-17 07:28:34 UTC (rev 1586)
@@ -3,7 +3,7 @@
 # Arno's IPtables Firewall Script
 #
 #############################################################
-ARNOFW_VER:=1.8.8l
+ARNOFW_VER:=1.8.8m
 ARNOFW_ROOT:=arno-iptables-firewall
 ARNOFW_SOURCE:=$(ARNOFW_ROOT)_$(ARNOFW_VER).tar.gz
 ARNOFW_SITE:=http://rocky.eld.leidenuniv.nl/iptables-firewall
@@ -13,7 +13,7 @@
 ARNOFW_TARGET_BINARY:=/usr/sbin/arno-iptables-firewall
 ARNOFW_CONFIG_DIR:=/etc/arno-iptables-firewall
 ARNOFW_CONFIG:=$(ARNOFW_CONFIG_DIR)/firewall.conf
-ARNOFW_CONFIG_SHIM:=$(ARNOFW_CONFIG_DIR)/firewall.shim
+ARNOFW_CONFIG_SHIM:=$(ARNOFW_CONFIG_DIR)/astlinux.shim
 ARNOFW_PLUGIN_DIR:=$(ARNOFW_CONFIG_DIR)/plugins
 
 $(DL_DIR)/$(ARNOFW_SOURCE):
@@ -22,10 +22,8 @@
 $(ARNOFW_DIR)/.unpacked: $(DL_DIR)/$(ARNOFW_SOURCE)
 	$(ARNOFW_CAT) $(DL_DIR)/$(ARNOFW_SOURCE) \
 		| tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
-ifeq ($(ARNOFW_VER),1.8.8l)
+ifeq ($(ARNOFW_VER),1.8.8m)
 	$(WGET) -P $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR) \
-		$(ARNOFW_SITE)/plugins/sip-voip/sip-voip.conf \
-		$(ARNOFW_SITE)/plugins/sip-voip/50sip-voip.plugin \
 		$(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/60hfsc.plugin \
 		$(ARNOFW_SITE)/plugins/hfsc-traffic-shaper/hfsc.conf
 endif
@@ -45,9 +43,6 @@
 		$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_DIR)
 	$(INSTALL) -D -m 0755 $(ARNOFW_DIR)/$(ARNOFW_BINARY) \
 		$(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
-	$(SED) \
-		's:^CONFIG_FILE=("[^"].*"|.*$$):CONFIG_FILE="$(ARNOFW_CONFIG_SHIM)":' \
-		$(TARGET_DIR)/$(ARNOFW_TARGET_BINARY)
 	$(INSTALL) -D -m 0644 package/arno-fw/arnofw.wrapper \
 		$(TARGET_DIR)/stat$(ARNOFW_CONFIG_SHIM)
 	$(INSTALL) -D -m 0644 $(ARNOFW_DIR)$(ARNOFW_CONFIG) \
@@ -55,6 +50,8 @@
 	$(SED) 's:^IPTABLES="[^"]*":IPTABLES="$(IPTABLES_BIN)":' \
 		-e 's:^(INT_IF|EXT_IF|MODEM_IF|INTERNET_NET|NAT)=:#&:' \
 		$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
+	$(SED) 's:^LOCAL_CONFIG_FILE="":LOCAL_CONFIG_FILE="$(ARNOFW_CONFIG_SHIM)":' \
+		$(TARGET_DIR)/stat$(ARNOFW_CONFIG)
 	$(INSTALL) -D -m 0755 $(ARNOFW_DIR)$(ARNOFW_CONFIG_DIR)/custom-rules \
 		$(TARGET_DIR)/stat$(ARNOFW_CONFIG_DIR)
 	$(INSTALL) -D -m 0444 $(ARNOFW_DIR)$(ARNOFW_PLUGIN_DIR)/*.plugin \

Modified: trunk/package/arno-fw/arnofw.wrapper
===================================================================
--- trunk/package/arno-fw/arnofw.wrapper	2008-02-15 19:20:31 UTC (rev 1585)
+++ trunk/package/arno-fw/arnofw.wrapper	2008-02-17 07:28:34 UTC (rev 1586)
@@ -1,20 +1,20 @@
 #
-# This is an ugly shim to first load /etc/rc.conf, then
-# /etc/arno-iptables-firewall/firewall.conf, then map values
-# from the former to override values in the latter.
+# In this shim, we're invoked after /etc/arno-iptables-firewall/firewall.conf
+# has been read.  We then read /etc/rc.conf, and paste in variables from
+# the latter file that should override whatever values were configured in
+# firewall.conf.  Reason being that it should be easy to swap between
+# arno-iptables-firewall and astfw (and back again) with fewer values to
+# reconfigure.
 #
 # You could argue that this will be confusing, and I wouldn't disagree.
 #
 # Ideally, we should have the values in /etc/rc.conf and firewall.conf
-# converge... and possibly finalize on a single firewall project.
+# converge... and possibly finalize on a single firewall project for
+# AstLinux.
 #
 
 . /etc/rc.conf
 
-REAL_CONFIG_FILE="`dirname $CONFIG_FILE`/firewall.conf"
-
-. $REAL_CONFIG_FILE
-
 #
 # the attrocious logic below is to make sure that if INTIF='' and INT2IF=''
 # and INT3IF='', then INT_IF='' as well (and not a string of spaces).
@@ -28,16 +28,18 @@
 done
 
 EXT_IF=""
-for intf in $EXTIF EXT2IF; do
+for intf in $EXTIF $EXT2IF; do
   EXT_IF="$EXT_IF${EXT_IF:+ }$intf"
 done
 
 INTERNAL_NET=""
-for pair in ${INTIP:+$INTIP/$INTMN} ${INT2IP:+$INT2IP/$INT2NM} \
+for pair in ${INTIP:+$INTIP/$INTNM} ${INT2IP:+$INT2IP/$INT2NM} \
 	${INT3IP:+$INT3IP/$INT3NM}; do
   INTERNAL_NET="$INTERNAL_NET${INTERNAL_NET:+ }$pair"
 done
 
+NAT_INTERNAL_NET="$INTERNAL_NET"
+
 MODEM_IF=""
 
 NAT=1


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


