shorewall-lite: update to the latest release in the 4.2 series: 4.2.11.

It also includes the following changes:
  * use the shorewall "restore" action (very quick) if available in
    the initscript's restart action
  * modify the 110-MODULESDIR.patch to include /lib/modules/$(uname
    -r) in the module search path
  * include an iface hotplug action to reload the ruleset on
    interface transitions

Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
SVN-Revision: 18737

diff --git a/net/shorewall-lite/Makefile b/net/shorewall-lite/Makefile
index 5ba209d5e2e789a15b77340d7e03dbee539f3a30..1cb68241336eb8aaa75788210346b2ecc2ae69db 100644 (file)
--- a/net/shorewall-lite/Makefile
+++ b/net/shorewall-lite/Makefile
@@ -8,18 +8,18 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shorewall-lite
-PKG_VERSION:=4.0.12
+PKG_VERSION:=4.2.11
 PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-       http://www1.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-       http://slovakia.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-       http://shorewall.de/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-       http://www.shorewall.com.au/4.0/shorewall-$(PKG_VERSION)/ \
-       http://shorewall.infohiiway.com/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-       http://www.shorewall.com.ar/pub/shorewall/shorewall/4.0/shorewall-$(PKG_VERSION)/
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+       http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+       http://slovakia.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+       http://shorewall.de/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+       http://www.shorewall.com.au/4.2/shorewall-$(PKG_VERSION)/ \
+       http://shorewall.infohiiway.com/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+       http://www.shorewall.com.ar/pub/shorewall/shorewall/4.2/shorewall-$(PKG_VERSION)/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_MD5SUM:=ab82b03f987f69536d305db40dc7692c
+PKG_MD5SUM:=cb34824f076fdff6b7457d85e124ea74
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -50,9 +50,11 @@ endef
 define Package/shorewall-lite/install
        $(INSTALL_DIR) $(1)/sbin
        $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
        $(INSTALL_DIR) $(1)/etc/shorewall-lite
        $(INSTALL_DIR) $(1)/usr/share
        $(INSTALL_BIN) ./files/shorewall-lite.init $(1)/etc/init.d/shorewall-lite
+       $(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall-lite
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/shorewall-lite $(1)/sbin
        $(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall-lite $(1)/usr/share
        $(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall-lite

diff --git a/net/shorewall-lite/files/hotplug_iface b/net/shorewall-lite/files/hotplug_iface
new file mode 100644 (file)
index 0000000..acb9950
--- /dev/null
+++ b/net/shorewall-lite/files/hotplug_iface
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+[ ifup = "$ACTION" ] && {
+       /etc/init.d/shorewall-lite restart
+}
+
+[ ifdown = "$ACTION" ] && {
+       # might need to restore some routing
+       /etc/init.d/shorewall-lite restart
+}

diff --git a/net/shorewall-lite/files/shorewall-lite.init b/net/shorewall-lite/files/shorewall-lite.init
index 4194158495f6f99cf6f722d996062c95a0aa0b44..fb081f3c5ce0df00d2c33581415f86cadbee8e80 100644 (file)
--- a/net/shorewall-lite/files/shorewall-lite.init
+++ b/net/shorewall-lite/files/shorewall-lite.init
@@ -12,5 +12,9 @@ stop() {
 }
 
 restart() {
-       /sbin/shorewall-lite -qq restart
+       if [ -f /etc/shorewall-lite/state/restore ] ; then
+               /sbin/shorewall-lite -qq restore
+       else
+               /sbin/shorewall-lite -qq restart
+       fi
 }

diff --git a/net/shorewall-lite/patches/110-MODULESDIR.patch b/net/shorewall-lite/patches/110-MODULESDIR.patch
index 46f3f9c020b44383a3902ceafb7e18958a13b5a6..ddb6253e332aa850fce4dc634ae127f05fed2649 100644 (file)
--- a/net/shorewall-lite/patches/110-MODULESDIR.patch
+++ b/net/shorewall-lite/patches/110-MODULESDIR.patch
@@ -1,20 +1,20 @@
 --- a/lib.base
 +++ b/lib.base
-@@ -251,7 +251,7 @@
+@@ -267,7 +267,7 @@ reload_kernel_modules() {
  
-     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
+     [ -z "$MODULESDIR" ] && \
+       uname=$(uname -r) && \
+-      MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
++      MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname
  
--    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
-+    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
      MODULES=$(lsmod | cut -d ' ' -f1)
  
-     for directory in $(split $MODULESDIR); do
-@@ -283,7 +283,7 @@
-     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
+@@ -306,7 +306,7 @@ load_kernel_modules() # $1 = Yes, if we 
  
      [ -z "$MODULESDIR" ] && \
--      MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
-+      MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
+       uname=$(uname -r) && \
+-      MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
++      MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname
  
      for directory in $(split $MODULESDIR); do
        [ -d $directory ] && moduledirectories="$moduledirectories $directory"