shorewall-lite: update to the latest release in the 4.2 series: 4.2.11.

It also includes the following changes: * use the shorewall "restore" action (very quick) if available in the initscript's restart action * modify the 110-MODULESDIR.patch to include /lib/modules/$(uname -r) in the module search path * include an iface hotplug action to reload the ruleset on interface transitions Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca> git-svn-id: svn://svn.openwrt.org/openwrt/packages@18737 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-11 02:09:19 +00:00 · 2009-12-11 02:09:19 +00:00 · 382031c5c2
commit 382031c5c2
parent 958e64e2a0
4 changed files with 41 additions and 23 deletions
--- a/net/shorewall-lite/Makefile
+++ b/net/shorewall-lite/Makefile
@ -8,18 +8,18 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=shorewall-lite
-PKG_VERSION:=4.0.12
+PKG_VERSION:=4.2.11
 PKG_RELEASE:=1

-PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-	http://www1.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-	http://slovakia.shorewall.net/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-	http://shorewall.de/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-	http://www.shorewall.com.au/4.0/shorewall-$(PKG_VERSION)/ \
-	http://shorewall.infohiiway.com/pub/shorewall/4.0/shorewall-$(PKG_VERSION)/ \
-	http://www.shorewall.com.ar/pub/shorewall/shorewall/4.0/shorewall-$(PKG_VERSION)/
+PKG_SOURCE_URL:=http://www.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+	http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+	http://slovakia.shorewall.net/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+	http://shorewall.de/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+	http://www.shorewall.com.au/4.2/shorewall-$(PKG_VERSION)/ \
+	http://shorewall.infohiiway.com/pub/shorewall/4.2/shorewall-$(PKG_VERSION)/ \
+	http://www.shorewall.com.ar/pub/shorewall/shorewall/4.2/shorewall-$(PKG_VERSION)/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_MD5SUM:=ab82b03f987f69536d305db40dc7692c
+PKG_MD5SUM:=cb34824f076fdff6b7457d85e124ea74

 include $(INCLUDE_DIR)/package.mk

@ -50,9 +50,11 @@ endef
 define Package/shorewall-lite/install
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_DIR) $(1)/etc/shorewall-lite
 	$(INSTALL_DIR) $(1)/usr/share
 	$(INSTALL_BIN) ./files/shorewall-lite.init $(1)/etc/init.d/shorewall-lite
+	$(INSTALL_BIN) ./files/hotplug_iface $(1)/etc/hotplug.d/iface/05-shorewall-lite
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/shorewall-lite $(1)/sbin
 	$(CP) $(PKG_INSTALL_DIR)/usr/share/shorewall-lite $(1)/usr/share
 	$(INSTALL_BIN) ./files/hostname $(1)/usr/share/shorewall-lite
--- a/net/shorewall-lite/files/hotplug_iface
+++ b/net/shorewall-lite/files/hotplug_iface
@ -0,0 +1,12 @@
+#!/bin/sh
+
+# should restart shorewall when an interface comes up
+
+[ ifup = "$ACTION" ] && {
+	/etc/init.d/shorewall-lite restart
+}
+
+[ ifdown = "$ACTION" ] && {
+	# might need to restore some routing
+	/etc/init.d/shorewall-lite restart
+}
--- a/net/shorewall-lite/files/shorewall-lite.init
+++ b/net/shorewall-lite/files/shorewall-lite.init
@ -12,5 +12,9 @@ stop() {
 }

 restart() {
-	/sbin/shorewall-lite -qq restart
+	if [ -f /etc/shorewall-lite/state/restore ] ; then
+		/sbin/shorewall-lite -qq restore
+	else
+		/sbin/shorewall-lite -qq restart
+	fi
 }
--- a/net/shorewall-lite/patches/110-MODULESDIR.patch
+++ b/net/shorewall-lite/patches/110-MODULESDIR.patch
@ -1,20 +1,20 @@
 --- a/lib.base
 +++ b/lib.base
-@@ -251,7 +251,7 @@
- 
-     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
- 
-    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
-+    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
-     MODULES=$(lsmod | cut -d ' ' -f1)
- 
-     for directory in $(split $MODULESDIR); do
-@@ -283,7 +283,7 @@
-     [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
+@@ -267,7 +267,7 @@ reload_kernel_modules() {
 
     [ -z "$MODULESDIR" ] && \
-	MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter
-+	MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)
+ 	uname=$(uname -r) && \
+-	MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
+	MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname
+ 
+     MODULES=$(lsmod | cut -d ' ' -f1)
+ 
+@@ -306,7 +306,7 @@ load_kernel_modules() # $1 = Yes, if we 
+ 
+     [ -z "$MODULESDIR" ] && \
+ 	uname=$(uname -r) && \
+-	MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
+	MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset:/lib/modules/$uname
 
     for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"