~ubuntu-branches/ubuntu/utopic/ufw/utopic
» Revision
76
: .pc/0006-check-for-newer-py3.patch/tests/check-requirements
« back to all changes in this revision
Viewing changes to .pc/0006-check-for-newer-py3.patch/tests/check-requirements
- browse files at revision 76
- compare with another revision
- download diff
- download tarball
- view history from revision 76
- Committer: Package Import Robot
- Author(s): Jamie Strandboge
- Date: 2014-05-16 15:08:08 UTC
- Revision ID: package-import@ubuntu.com-20140516150808-y2sq0yazwz2k8myz
Tags: 0.34~rc-0ubuntu3
* debian/patches/0005-lp573461.patch: adjust man page for libvirt
(LP: #573461)
* debian/patches/0006-check-for-newer-py3.patch: tests/check-requirements
updated for newer python3
(LP: #573461)
* debian/patches/0006-check-for-newer-py3.patch: tests/check-requirements
updated for newer python3
- files added:
- .pc/0005-lp573461.patch
- .pc/0005-lp573461.patch/doc
- .pc/0006-check-for-newer-py3.patch
- .pc/0006-check-for-newer-py3.patch/tests
- files modified:
- .pc/applied-patches
added
removed
.pc/0006-check-for-newer-py3.patch/tests/check-requirements
1
#!/bin/sh
2
#
3
# check-requirements: verify all the required iptables functionality is
4
# available
5
#
6
# Copyright 2008-2013 Canonical Ltd.
7
#
8
# This program is free software: you can redistribute it and/or modify
9
# it under the terms of the GNU General Public License version 3,
10
# as published by the Free Software Foundation.
11
#
12
# This program is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
# GNU General Public License for more details.
16
#
17
# You should have received a copy of the GNU General Public License
18
# along with this program. If not, see <http://www.gnu.org/licenses/>.
19
#
20
set -e
21
22
chain="ufw-check-requirements"
23
error=""
24
error_runtime=""
25
26
runcmd() {
27
runtime="no"
28
if [ "$1" = "runtime" ]; then
29
runtime="yes"
30
shift 1
31
fi
32
local output ret=0
33
# make sure to always return success below because of set -e
34
output=$( "$@" 2>&1 ) || ret=$?
35
if [ $ret -eq 0 ]; then
36
echo pass
37
else
38
if [ "$runtime" = "yes" ]; then
39
echo "FAIL (no runtime support)"
40
echo "error was: $output"
41
error_runtime="yes"
42
else
43
echo FAIL
44
echo "error was: $output"
45
error="yes"
46
fi
47
fi
48
}
49
50
# check python
51
found_python="no"
52
echo -n "Has python: "
53
for exe in python2.7 python2.6 python2.5 python3.2 python; do
54
if ! which $exe >/dev/null 2>&1; then
55
continue
56
fi
57
v=`$exe --version 2>&1 | cut -f 2 -d ' '`
58
if echo "$v" | grep -q "^2.[567]"; then
59
echo "pass (binary: $exe, version: $v, py2)"
60
found_python="yes"
61
break
62
elif echo "$v" | grep -q "^3.[2]"; then
63
echo "pass (binary: $exe, version: $v, py3)"
64
found_python="yes"
65
break
66
fi
67
done
68
if [ "$found_python" != "yes" ]; then
69
echo "ERROR: could not find valid python" >&2
70
error="yes"
71
fi
72
73
74
# check binaries
75
for i in "" 6; do
76
exe="iptables"
77
if [ "$i" = "6" ]; then
78
exe="ip6tables"
79
fi
80
81
echo -n "Has $exe: "
82
if ! which $exe >/dev/null 2>&1; then
83
echo "ERROR: could not find '$exe'" >&2
84
error="yes"
85
else
86
echo "pass"
87
fi
88
done
89
90
if [ -n "$error" ]; then
91
exit 1
92
fi
93
echo ""
94
95
# check /proc
96
for i in /proc/net/dev /proc/net/if_inet6; do
97
echo -n "Has $i: "
98
if [ ! -e "$i" ]; then
99
echo "no"
100
error="yes"
101
else
102
echo "pass"
103
fi
104
done
105
if [ -n "$error" ]; then
106
exit 1
107
fi
108
echo ""
109
110
echo "This script will now attempt to create various rules using the iptables"
111
echo "and ip6tables commands. This may result in module autoloading (eg, for"
112
echo "IPv6)."
113
if [ "$1" != "-f" ]; then
114
echo -n "Proceed with checks (Y/n)? "
115
read ans
116
if [ "$ans" = "n" ] || [ "$ans" = "N" ] || [ "$ans" = "no" ]; then
117
echo "Aborting"
118
exit 1
119
fi
120
fi
121
122
# check modules
123
for i in "" 6; do
124
exe="iptables"
125
c="${chain}"
126
ipv="4"
127
if [ "$i" = "6" ]; then
128
exe="ip6tables"
129
c="${chain}6"
130
ipv="6"
131
fi
132
133
if [ "$i" = "6" ]; then
134
echo "== IPv6 =="
135
else
136
echo "== IPv4 =="
137
fi
138
139
echo -n "Creating '$c'... "
140
$exe -N "$c" || {
141
echo "ERROR: could not create '$c'. Aborting" >&2
142
error="yes"
143
break
144
}
145
echo "done"
146
147
# set up a RETURN rule right at the top, so we don't open anything up when
148
# running the script. Isn't attached to INPUT, but better safe than sorry.
149
echo -n "Inserting RETURN at top of '$c'... "
150
$exe -I "$c" -j RETURN || {
151
echo "ERROR: could insert RETURN rule into '$c'. Aborting" >&2
152
error="yes"
153
break
154
}
155
echo "done"
156
157
echo -n "TCP: "
158
runcmd $exe -A $c -p tcp -j ACCEPT
159
160
echo -n "UDP: "
161
runcmd $exe -A $c -p udp -j ACCEPT
162
163
echo -n "destination port: "
164
runcmd $exe -A $c -p tcp --dport 22 -j ACCEPT
165
166
echo -n "source port: "
167
runcmd $exe -A $c -p tcp --sport 22 -j ACCEPT
168
169
for j in ACCEPT DROP REJECT LOG; do
170
echo -n "$j: "
171
runcmd $exe -A $c -p tcp --sport 23 -j $j
172
done
173
174
echo -n "hashlimit: "
175
runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT
176
177
echo -n "limit: "
178
runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT
179
180
for j in NEW RELATED ESTABLISHED INVALID; do
181
echo -n "ctstate ($j): "
182
runcmd $exe -A $c -m conntrack --ctstate $j
183
done
184
185
echo -n "ctstate (new, recent set): "
186
runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set
187
188
echo -n "ctstate (new, recent update): "
189
runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT
190
191
echo -n "ctstate (new, limit): "
192
runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT
193
194
echo -n "interface (input): "
195
runcmd $exe -A $c -i eth0 -j ACCEPT
196
197
echo -n "interface (output): "
198
runcmd $exe -A $c -o eth0 -j ACCEPT
199
200
echo -n "multiport: "
201
runcmd $exe -A $c -p tcp -m multiport --dports 80,443,8080:8090 -j ACCEPT
202
203
echo -n "comment: "
204
runcmd $exe -A $c -m comment --comment 'dapp_Samba'
205
206
if [ -z "$i" ]; then
207
for j in LOCAL MULTICAST BROADCAST; do
208
echo -n "addrtype ($j): "
209
runcmd $exe -A $c -m addrtype --dst-type $j -j RETURN
210
done
211
212
for j in destination-unreachable source-quench time-exceeded parameter-problem echo-request; do
213
echo -n "icmp ($j): "
214
runcmd $exe -A $c -p icmp --icmp-type $j -j ACCEPT
215
done
216
else
217
for j in destination-unreachable packet-too-big time-exceeded parameter-problem echo-request; do
218
echo -n "icmpv6 ($j): "
219
runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -j ACCEPT
220
done
221
222
for j in neighbor-solicitation neighbor-advertisement router-solicitation router-advertisement; do
223
echo -n "icmpv6 with hl ($j): "
224
runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -m hl --hl-eq 255 -j ACCEPT
225
done
226
227
echo -n "ipv6 rt: "
228
runcmd $exe -A $c -m rt --rt-type 0 -j ACCEPT
229
fi
230
231
echo ""
232
done
233
234
# cleanup
235
for i in "" 6; do
236
exe="iptables"
237
c="${chain}"
238
if [ "$i" = "6" ]; then
239
exe="ip6tables"
240
c="${chain}6"
241
fi
242
$exe -F $c >/dev/null 2>&1 || {
243
if [ -z "$error" ]; then
244
echo "ERROR: could not flush '$c'" >&2
245
error="yes"
246
fi
247
}
248
$exe -X $c >/dev/null 2>&1 || {
249
if [ -z "$error" ]; then
250
error="yes"
251
echo "ERROR: could not remove '$c'" >&2
252
fi
253
}
254
done
255
256
if [ -n "$error" ] || [ -n "$error_runtime" ]; then
257
if [ -n "$error" ]; then
258
echo "FAIL: check your kernel and that you have iptables >= 1.4.0"
259
fi
260
if [ -n "$error_runtime" ]; then
261
echo "FAIL: check your kernel and iptables for additional runtime support"
262
fi
263
exit 1
264
fi
265
echo "All tests passed"
266
exit 0
267
Loggerhead is a web-based interface for Breezy
Version: 2.0.1