summaryrefslogtreecommitdiff
path: root/flx/init-scripts/files/0.4.0-Update-executable-path.patch
blob: d0b5147f49c72597a82d51132aae8da71605de5e (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

From 157a3fc396557f4bf40c6730c9df51d3c0803418 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Mon, 27 May 2013 22:36:39 +0200
Subject: [PATCH 9/9] Update executable path

---
 sbin/init.d/firewall | 75 +++++++++++++++++++++++++---------------------------
 sbin/init.d/monitor  |  2 +-
 2 files changed, 37 insertions(+), 40 deletions(-)

diff --git a/sbin/init.d/firewall b/sbin/init.d/firewall
index b15866c..a9e2939 100755
--- a/sbin/init.d/firewall
+++ b/sbin/init.d/firewall
@@ -14,9 +14,6 @@ option	nat		boolean_option
 option	conntrack	option_conntrack
 option	modprobe	multiple_option
 
-IPTABLES=/sbin/iptables
-IPRESTORE=/sbin/iptables-restore
-
 conntrack_args=( )
 
 function do_help {
@@ -123,20 +120,20 @@ function flush_rules {
 
     # filter chain has a default policy set to DROP
     for chain in INPUT OUTPUT FORWARD; do
-	$IPTABLES -t filter -P $chain DROP
+	/sbin/iptables -t filter -P $chain DROP
     done
 
     # flush all rules in all tables
     for table in mangle filter ${opt_stateful:+${opt_nat:+nat}}; do
-	$IPTABLES -t $table -F
-	$IPTABLES -t $table -X
+	/sbin/iptables -t $table -F
+	/sbin/iptables -t $table -X
     done
 
     # other chains have a default policy set to ACCEPT
     for table in mangle ${opt_stateful:+${opt_nat:+nat}}; do
-	chains=$($IPTABLES -t $table -L | grep "^Chain " | cut -f2 -d' ')
+	chains=$(/sbin/iptables -t $table -L | grep "^Chain " | cut -f2 -d' ')
 	for chain in $chains; do
-	    $IPTABLES -t $table -P $chain ACCEPT
+	    /sbin/iptables -t $table -P $chain ACCEPT
 	done
     done
 
@@ -162,7 +159,7 @@ function disable_forwarding {
 # system.
 function load_policy {
     [ -n "$1" ] || return 1
-    if ! [ -r "$opt_confdir/$1" ] || ! $IPRESTORE < "$opt_confdir/$1"; then
+    if ! [ -r "$opt_confdir/$1" ] || ! /sbin/iptables-restore < "$opt_confdir/$1"; then
 	flush_rules
 	return 1
     fi
@@ -196,27 +193,27 @@ function block_on_error {
     echo "Firewall: CRITICAL! cannot load any policy file !"
     # we'll block external traffic and enable internal one in this case
     echo "Firewall: Changing policy to block external traffic..."
-    $IPTABLES -t filter -P INPUT DROP
-    $IPTABLES -t filter -P OUTPUT DROP
-    $IPTABLES -t filter -P FORWARD DROP
-    $IPTABLES -t filter -F
+    /sbin/iptables -t filter -P INPUT DROP
+    /sbin/iptables -t filter -P OUTPUT DROP
+    /sbin/iptables -t filter -P FORWARD DROP
+    /sbin/iptables -t filter -F
 
-    $IPTABLES -t filter -A INPUT -i lo -j ACCEPT
-    $IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT
-    [ -n "$opt_stateful" ] && $IPTABLES -t filter -A INPUT -m state --state ESTABLISHED -j ACCEPT
-    [ -n "$opt_stateful" ] && $IPTABLES -t filter -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
+    /sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
+    /sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT
+    [ -n "$opt_stateful" ] && /sbin/iptables -t filter -A INPUT -m state --state ESTABLISHED -j ACCEPT
+    [ -n "$opt_stateful" ] && /sbin/iptables -t filter -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
 
-    $IPTABLES -t mangle -P PREROUTING ACCEPT
-    $IPTABLES -t mangle -P INPUT ACCEPT
-    $IPTABLES -t mangle -P FORWARD DROP
-    $IPTABLES -t mangle -P POSTROUTING ACCEPT
-    $IPTABLES -t mangle -P OUTPUT ACCEPT
-    $IPTABLES -t mangle -F
+    /sbin/iptables -t mangle -P PREROUTING ACCEPT
+    /sbin/iptables -t mangle -P INPUT ACCEPT
+    /sbin/iptables -t mangle -P FORWARD DROP
+    /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+    /sbin/iptables -t mangle -P OUTPUT ACCEPT
+    /sbin/iptables -t mangle -F
 
-    $IPTABLES -t mangle -A PREROUTING -i lo -j ACCEPT
-    $IPTABLES -t mangle -A INPUT -i lo -j ACCEPT
-    $IPTABLES -t mangle -A POSTROUTING -o lo -j ACCEPT
-    $IPTABLES -t mangle -A OUTPUT -o lo -j ACCEPT
+    /sbin/iptables -t mangle -A PREROUTING -i lo -j ACCEPT
+    /sbin/iptables -t mangle -A INPUT -i lo -j ACCEPT
+    /sbin/iptables -t mangle -A POSTROUTING -o lo -j ACCEPT
+    /sbin/iptables -t mangle -A OUTPUT -o lo -j ACCEPT
     disable_forwarding
     echo
     echo "################################################################"
@@ -339,7 +336,7 @@ function do_start {
 	# filter chain has a default policy set to ACCEPT if "no filter" is used
 	echo -n "Firewall: setting default policy to ACCEPT... "
 	for chain in INPUT OUTPUT FORWARD; do
-	    $IPTABLES -t filter -P $chain ACCEPT
+	    /sbin/iptables -t filter -P $chain ACCEPT
 	done
 	echo "OK."
 	if [ -n "$opt_forward" ]; then
@@ -451,17 +448,17 @@ function do_block {
     fi
 
     echo -n "Firewall: Changing policy to block all external traffic... "
-    $IPTABLES -t filter -A INPUT -i lo -j ACCEPT
-    $IPTABLES -t filter -A OUTPUT -o lo -j ACCEPT
-    $IPTABLES -t mangle -P PREROUTING DROP
-    $IPTABLES -t mangle -P INPUT DROP
-    $IPTABLES -t mangle -P FORWARD DROP
-    $IPTABLES -t mangle -P POSTROUTING DROP
-    $IPTABLES -t mangle -P OUTPUT DROP
-    $IPTABLES -t mangle -A PREROUTING -i lo -j ACCEPT
-    $IPTABLES -t mangle -A INPUT -i lo -j ACCEPT
-    $IPTABLES -t mangle -A POSTROUTING -o lo -j ACCEPT
-    $IPTABLES -t mangle -A OUTPUT -o lo -j ACCEPT
+    /sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
+    /sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT
+    /sbin/iptables -t mangle -P PREROUTING DROP
+    /sbin/iptables -t mangle -P INPUT DROP
+    /sbin/iptables -t mangle -P FORWARD DROP
+    /sbin/iptables -t mangle -P POSTROUTING DROP
+    /sbin/iptables -t mangle -P OUTPUT DROP
+    /sbin/iptables -t mangle -A PREROUTING -i lo -j ACCEPT
+    /sbin/iptables -t mangle -A INPUT -i lo -j ACCEPT
+    /sbin/iptables -t mangle -A POSTROUTING -o lo -j ACCEPT
+    /sbin/iptables -t mangle -A OUTPUT -o lo -j ACCEPT
     echo "OK."
     return 0
 }
diff --git a/sbin/init.d/monitor b/sbin/init.d/monitor
index 59cbb16..0942336 100755
--- a/sbin/init.d/monitor
+++ b/sbin/init.d/monitor
@@ -7,7 +7,7 @@ option check_interval		standard_option 60
 option facility			standard_option
 option try_restart              boolean_option
 option html			standard_option
-option bin			reserved_option /opt/exosec/bin/monitor
+option bin			reserved_option /usr/sbin/monitor
 option cmdline			reserved_option \
        '$bin -p $pidfile ${opt_html:+--html $opt_html} ${opt_facility:+--syslog $opt_facility} ${opt_try_restart:+--restart}'
 option pidfile			reserved_option /var/run/monitor.pid
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 04:01:21 +0000