Rating@Mail.ru
IPB
Etersoft - from Windows to Linux
Etersoft
решения для перехода
с Windows на Linux
Дружественные сайты: alv.me и Rus-Linux.net

Здравствуйте, гость ( Вход | Регистрация ) Поиск · 

Профиль
Фотография
Опции
Опции
О себе
yamah не указал(а) ничего о себе.
Личная информация
yamah
Свой человек
35 от роду
Мужской
Россия
Дата рождения: Янв-11-1982
Интересы
Linux, фантастика, фэнтази, игры, программирование Qt
Другая информация
Операционная система: Rosa Fresh, Debian, RELS
JID: yamah@jabber.org
Город: Барнаул
Статистика
Регистрация: 28-April 07
Просмотров профиля: 18653*
Последнее посещение: 1st November 2017 - в 19:19
Часовой пояс: Dec 17 2017, в 12:03
1100 сообщений (0.28 за день)
Контактная информация
AIM Нет данных
Yahoo Нет данных
ICQ 249296932
MSN Нет данных
Contact E-mail скрыт
* Просмотры профиля обновляются каждый час

yamah

Участники


Темы
Сообщения
Друзья
Содержимое
26 Oct 2017
Добрый день.

Есть шлюз на два провайдера (пусть будут X и Y с шлюза IP XXX.XXX.XXX.XX1 и YYY.YYY.YYY.YY1 соответсвенно.
Из внетренней интернет есть. Из инета, но не из подсетей провайдеров с подключениями по обоим интерфейсам нормальное Даже при пробросе портов. Из подсети провайдера X нормально подключаюсь к XXX.XXX.XXX.XX1, так же и из подсети Y есть подключения YYY.YYY.YYY.YY1.
Но не работает подключение из сети провайдера X к адресу YYY.YYY.YYY.YY1. и наоборот.
Похоже, я что-то забыл указать. Что именно?

Код скрипта файервола
Код
#!/bin/bash

CONFDIR="/etc/firewall"
VAR_DATA=( "" )
VARPORTS=""

NET_IF=( "" )
NET_IP=( "" )
NET_MASK=( "" )
NET_PREF=( "" )
NET_NET_IP=( "" )
NET_NET=( "" )
INET_IF=( "" )
INET_IP=( "" )
INET_MASK=( "" )
INET_PREF=( "" )
INET_NET_IP=( "" )
INET_NET=( "" )

func_read_array_from_file ()
{
    VAR_DATA=( "" )
    ind=0
    while read line
#    for line in `cat $1 | grep -v "#" | awk -F' //' '{print $1}'`
        do
            if [ "$line" != "" ]
                then
                    VAR_DATA[$ind]=$line
                    ind=$[$ind+1]
            fi
        done < <(cat $1 | grep -v "#" | awk -F' //' '{print $1}')
}

func_readports ()
{
VARPORTS=""
    while read line
      do
        VARPORTS=`func_mport $line $VARPORTS`
      done < <(cat "$1")
}

func_read_array ()
{
    func_read_array_from_file "$CONFDIR/$1"
}

func_read_netif ()
{
while read line
    do
        case $(echo $line | awk -F'=' '{print $1}') in
            "IPADDR")
                IFIPADDR=$(echo $line | awk -F'=' '{print $2}')
                ;;
            "PREFIX")
                IFPREFIX=$(echo $line | awk -F'=' '{print $2}')
                ;;
        esac
    done < <(cat /etc/sysconfig/network-scripts/ifcfg-$1)
}

func_make_array ()
{
    IFIPADDR=""
    IFPREFIX=""
    di=0
    i=0
    j=0
    while [ "$di" -lt  "${#VAR_DATA[@]}" ]
        do
            IFIPADDR=""
            IFPREFIX=""
            ETH=$(echo ${VAR_DATA[$di]} |  awk -F' ' '{print $2}')
            func_read_netif $ETH
            if [ "$(ifconfig | grep $ETH)" != "" ]
                then
                    if [ "$(echo ${VAR_DATA[$di]} | awk -F': ' '{print $1}')"  == "LOCAL" ]
                        then
                            NET_IF[$i]=$ETH
                            NET_IP[$i]=$IFIPADDR
                            NET_PREF[$i]=$IFPREFIX
                            NET_MASK[$i]=`func_net_mask $IFPREFIX`
                            NET_NET_IP[$i]=`func_net_ip $IFIPADDR $IFPREFIX`
                            NET_NET[$i]="${NET_NET_IP[$i]}/${NET_PREF[$i]}"
                            i=$[$i+1]
                    elif [ "$(echo ${VAR_DATA[$di]} | awk -F': ' '{print $1}')"  == "GLOBAL" ]
                        then
                            INET_IF[$j]=$ETH
                            INET_IP[$j]=$IFIPADDR
                            INET_PREF[$j]=$IFPREFIX
                            INET_MASK[$j]=`func_net_mask $IFPREFIX`
                            INET_NET_IP[$j]=`func_net_ip $IFIPADDR $IFPREFIX`
                            INET_NET[$j]="${INET_NET_IP[$j]}/${INET_PREF[$j]}"
                            j=$[$j+1]
                    fi
            fi
            di=$[$di+1]
        done
}

func_net_mask ()
{
VNET_PREF=$1
echo $VNET_PREF
MASK=$(( 256 - $(( 2 ** $(( $(( 32 - $VNET_PREF)) % 8 ))))))
if [ "$(($VNET_PREF % 8))" != "0"  ]
    then
        case $((${VNET_PREF} / 8)) in
                "0")
                    AT="$MASK.0.0.0"
                    ;;
                "1")
                    AT="255.$MASK.0.0"
                    ;;
                "2")
                    AT]="255.255.$MASK.0"
                    ;;
                "3")
                    AT="255.255.255.$MASK"
                    ;;
        esac
    else    
        case $((${VNET_PREF} / 8)) in
                "1")
                    AT="255.0.0.0"
                    ;;
                "2")
                    AT]="255.255.0.0"
                    ;;
                "3")
                    AT="255.255.255.0"
                    ;;
        esac
fi
#       done
    echo $AT
}

func_net_ip ()
{
    LANIP=$1
    NET_PREF=$2
    AT=( "" )
    i=0
    PIP0=$(echo $LANIP | awk -F'.' '{print $1}')
    PIP1=$(echo $LANIP | awk -F'.' '{print $2}')
    PIP2=$(echo $LANIP | awk -F'.' '{print $3}')
    PIP3=$(echo $LANIP | awk -F'.' '{print $4}')
    PBT=$(( 2 ** $(( $NET_PREF / 8 * 8 + 8 - $NET_PREF ))))
    case $(( $NET_PREF / 8 )) in
        "0")
            NIP=$(($PIP0 / $PBT * $PBT))
            AT="$NIP.0.0.0"
            ;;
        "1")
            NIP=$(($PIP1 / $PBT * $PBT))
            AT="$PIP0.$NIP.0.0"
            ;;
        "2")
            NIP=$(($PIP2 / $PBT * $PBT))
            AT]="$PIP0.$PIP1.$NIP.0"
            ;;
        "3")
            NIP=$(($PIP3 / $PBT * $PBT))
            AT="$PIP0.$PIP1.$PIP2.$NIP"
            ;;
    esac
    echo $AT
}

func_mail_acc ()
{
        echo "Mail for $1: $2"
        SERVIP="mail/$1/$2.lst"
        func_read_array $SERVIP
        for NET in ${NET_NET[*]}
            do
                TEMPPARAM=$(echo ${VAR_DATA[*]})
                func_cyclet $NET "$TEMPPARAM" $3
            done
}

func_adm_out ()
{
        echo "Доступ админам извне"
        func_read_array "adm_out_host.lst"
        index=0
        while [ "$index" -lt  "${#VAR_DATA[@]}" ]
            do
                for PTK in "TCP" "UDP"
                    do
                        for ITT in "FORWARD" "INPUT"
                            do
                                func_iptam $ITT $PTK ${VAR_DATA[$index]} $UNPRIVPORTS
                                func_iptam $ITT $PTK ${VAR_DATA[$index]} $BASEPORTS
                            done
                    done
                let "index = $index + 1"
            done
}

func_fwgw ()
{
        iptables -A OUTPUT -p tcp -m tcp -o $2 --dport $1 --sport $UNPRIVPORTS -j ACCEPT
        iptables -A INPUT -p tcp -m tcp -i $2 --dport $UNPRIVPORTS --sport $1 -j ACCEPT ! --syn
}

func_iptaf ()
{
        iptables -A $1 -s $2 -d $3 -p $4 --sport $5 --dport $5 -j ACCEPT
}

func_iptafm ()
{
        #echo "iptables -A $1 -s $2 -d $3 -p $4 -m multiport --dports $5 -j ACCEPT"
        iptables -A $1 -s $2 -d $3 -p $4 -m multiport --dports $5 -j ACCEPT
}

func_iptamp ()
{
        iptables -A $1 -p $2 -d $3 -p $4 -m multiport --dports $5 -j ACCEPT
        iptables -A $1 -p $2 -s $3 -p $4 -m multiport --sports $5 -j ACCEPT
}

func_iptam ()
{
        iptables -A $1 -p $2 -d $3 -m multiport --dports $4 -j ACCEPT
        iptables -A $1 -p $2 -s $3 -m multiport --sports $4 -j ACCEPT
}
func_cyclet ()
{
        TEMPARR=( `echo "$2"` )
        jindex=0
        while [ "$jindex" -lt "${#TEMPARR[@]}" ]
            do
                func_iptafm "FORWARD" $1 ${TEMPARR[$jindex]} "TCP" $3
                let "jindex = $jindex + 1"
        done
}

func_cyclet_port ()
{
        TEMPNET=( `echo "$2"` )
        TEMPIP=( `echo "$3"` )
        jindex=0
        while [ "$jindex" -lt "${#TEMPIP[@]}" ]
            do
                func_iptafm "$1" ${TEMPNET[$jindex]} ${TEMPIP[$jindex]} $4 $5
                let "jindex = $jindex + 1"
        done
}

func_cyclets_port ()
{
        TEMPNET=( `echo "$2"` )
        TEMPIP=( `echo "$3"` )
        jindex=0
        while [ "$jindex" -lt "${#TEMPIP[@]}" ]
            do
                func_iptaf "$1" ${TEMPNET[$jindex]} ${TEMPIP[$jindex]} $4 $5
                let "jindex = $jindex + 1"
        done
}

func_dns_getway ()
{
        TEMPNET=( `echo "$1"` )
        jindex=0
        while [ "$jindex" -lt "${#TEMPNET[@]}" ]
            do
              func_iptafm "FORWARD" $TEMPNET ${VAR_DATA[$index]} "UDP" "53"
              iptables -A FORWARD -p UDP -s ${VAR_DATA[$index]} -d $TEMPNET --sport 53 -m state --state ESTABLISHED -j ACCEPT
              func_iptafm "FORWARD" $TEMPNET ${VAR_DATA[$index]} "TCP" "53"
              let "jindex = $jindex + 1"
            done            
}

func_free_getway ()
{
        iptables -A INPUT -s "$1" -i "$2" -j ACCEPT
        iptables -A FORWARD -s "$1" -p TCP -j ACCEPT
        iptables -A FORWARD -s "$1" -p UDP -j ACCEPT
}

func_open_port ()
{
        TP=$1
        TIPA=( `echo $2` )
        TNETA=( `echo $3` )
        TIFA=( `echo $4` )
        if [ -e "$CONFDIR/open_ports/tcp_$TP.lst" ]
          then
            func_readports "$CONFDIR/open_ports/tcp_$TP.lst"
            func_cyclet_port "INPUT" $TNETA $TIPA "TCP" $VARPORTS
          else
            func_cyclet_port "INPUT" $TNETA $TIPA "TCP" "22,80,443"
        fi
        if [ -e "$CONFDIR/open_ports/udp_$TP.lst" ]
          then
            func_readports "$CONFDIR/open_ports/udp_$TP.lst"
            func_cyclet_port "INPUT" $TNETA $TIPA  "UDP" $VARPORTS
        fi
        if [ -e "$CONFDIR/open_ports/tcp-udp_$TP.lst" ]
          then
            func_readports "$CONFDIR/open_ports/tcp-udp_$TP.lst"
            func_cyclet_port "INPUT" $TNETA $TIPA "TCP" $VARPORTS
            func_cyclet_port "INPUT" $TNETA $TIPA "UDP" $VARPORTS
        fi
        if [ -e "$CONFDIR/open_ports/services_$TP.lst" ]
          then
              while read line
                do
                  case $line in
                    "ssh")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 22
                        ;;
                    "http")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 80
                        ;;
                    "https")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 443
                        ;;
                    "pop3")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 110
                        ;;
                    "smtp")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 25
                        ;;
                    "imap")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 143
                        ;;
                    "pop3s")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 995
                        ;;
                    "smtps")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 465
                        ;;
                    "imaps")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 993
                        ;;
                    "svn")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 3690
                        ;;
                    "rsync")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 837
                        ;;
                    "mysql")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 3306
                        ;;
                    "squid")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 3128
                        ;;
                    "ldap")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 389
                        ;;
                    "ldaps")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 636
                        ;;
                    "kasswd5")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 464
                        ;;
                    "kerberos-adm")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 749
                        ;;
                    "cups")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" 631
                        ;;
                    "smb")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" "135,136,137,138,139,445"
                        func_cyclet_port "INPUT" $TNETA $TIPA "UDP" "135,136,137,138,139,445"
                        func_cyclet_port "OUTPUT" $TNETA $TIPA "TCP" "135,136,137,138,139,445"
                        func_cyclet_port "OUTPUT" $TNETA $TIPA "UDP" "135,136,137,138,139,445"
                        ;;
                    "nfs")
                        func_cyclet_port "INPUT" $TNETA $TIPA "TCP" "111,875,892,2049,32769,32803"
                        func_cyclet_port "INPUT" $TNETA $TIPA "UDP" "111,875,892,2049,32769,32803"
                        ;;
                    "xmpp")
                        jindex=0
                        while [ "$jindex" -lt "${#TIPA[@]}" ]
                           do
                            iptables -A OUTPUT -p tcp -m tcp -s $TIPA -d $TNETA -m multiport --dports 5222,5269 -j ACCEPT
                            iptables -A INPUT -p tcp -m tcp -s $TNETA -d $TIPA -m multiport --sports 5222,5269 -j ACCEPT
                            let "jindex = $jindex + 1"
                           done
                        ;;
                    "dns")
                        func_cyclets_port "INPUT" $TNETA $TIPA "TCP" "53"
                        func_cyclets_port "INPUT" $TNETA $TIPA "UDP" "53"
                        ;;
                    "dhcp")
                         if [ $TP == "local" ]
                            then
                              index=0
                              while [ "$index" -lt ${#TIFA[@]} ]
                                do
                                  iptables -t filter -A INPUT -i ${TIFA[$index]} -p udp -s 0.0.0.0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
                                  iptables -t filter -A OUTPUT -o ${TIFA[$index]} -p udp -s 0.0.0.0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
                                  iptables -t filter -A OUTPUT -o ${TIFA[$index]} -p udp -s ${TIPA[$index]} --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
                                  iptables -t filter -A INPUT -i ${TIFA[$index]} -p udp -s 0.0.0.0 --sport 68 -d ${TIPA[$index]} --dport 67 -j ACCEPT
                                  iptables -t filter -A OUTPUT -o ${TIFA[$index]} -p udp -s ${TIPA[$index]} --sport 67 -d ${TNETA[$index]} --dport 68 -j ACCEPT
                                  iptables -t filter -A INPUT -i ${TIFA[$index]} -p udp -s ${TNETA[$index]} --sport 68 -d ${TIPA[$index]} --dport 67 -j ACCEPT
                                  index=$[$index+1]
                                done
                         fi
                        ;;
                    "ntp")
                        func_cyclet_port "INPUT" $TNETA $TIPA "UDP" "123"
                        ;;
                    "vpn")
                          echo ""
                        ;;
                  esac
              done < <(cat "$CONFDIR/open_ports/services_$TP.lst")  
        fi          
}

func_specserv ()
{
        FUNCONFDIR=$1;
        ACC_ACC=( "" )
        ACC_ACC_PRT=( "" )
        ACC_ACC_PTK=( "" )
        FUIP=( `echo $2` )
        index=0
        while read line
          do
            echo "Читаю:" $FUNCONFDIR/$line
            func_read_array $FUNCONFDIR/$line
            jndex=0
            while [ "$jndex" -lt  "${#VAR_DATA[@]}" ]
                  do
                    if [ "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $2}')" == "" -a "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" == "" ]
                      then
                        ACC_ACC[$index]=${VAR_DATA[$jndex]}
                        ACC_ACC_PRT[$index]="80,443"
                        ACC_ACC_PTK[$index]="TCP"
                      else
                        ACC_ACC[$index]="$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $1}')"
                        if [ "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $2}')" == "" ]
                          then
                              ACC_ACC_PRT[$index]="80,443"
                          else
                              ACC_ACC_PRT[$index]="$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $2}')"
                        fi
                        if [ "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" == "" -o "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" != "TCP" -o "$(echo $line | awk -F':' '{print $3}')" != "tcp"  -o "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" != "UDP" -o "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" != "udp" -o "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" != "TCP/UDP" -o "$(echo ${VAR_DATA[$jndex]} | awk -F':' '{print $3}')" != "tcp/udp" ]
                          then
                          ACC_ACC_PTK[$index]="TCP"
                          else
                            ACC_ACC_PTK[$index]="$(echo ${VAR_DATA[$jndex]} | awk - F':' '{print $3}')"
                        fi
                    fi
                let "index = $index + 1"
                let "jndex = $jndex + 1"
              done
          done < <(ls -1 "$CONFDIR/$FUNCONFDIR")
          for LFUIP in ${FUIP[*]}
          do
            index=0
            while [ "$index" -lt ${#ACC_ACC[@]} ]
              do
                if [ "$ACC_ACC_PTK[$index]" == "TCP/UDP" -o "$ACC_ACC_PTK[$index]" == "tcp/udp" ]
                  then
                    func_iptafm "FORWARD" $LFUIP ${ACC_ACC[$index]} "TCP" ${ACC_ACC_PRT[$index]}
                    func_iptafm "FORWARD" $LFUIP ${ACC_ACC[$index]} "UDP" ${ACC_ACC_PRT[$index]}
                  else
                    func_iptafm "FORWARD" $LFUIP ${ACC_ACC[$index]} ${ACC_ACC_PTK[$index]} ${ACC_ACC_PRT[$index]}
                fi
                let "index = $index + 1"
              done
          done
}

func_get_params ()
{
# Константы

        S_INET_NET="0/0"
        BASEPORTS="20,21,22,25,43,70,79,80,110,123,143,210,443"
        CLOSEPORTS="630,640,783,3310,10000"
        NETSERVISPORTS="53,67,68,113"
        PRIVPORT="1:1023"
        UNPRIVPORTS="1024:65535"
        TORRENTSPORTS="49160:49300"
        MAILPORTS="25,110,143,465,993,995"
        IMPORTS="5190,5222,5223,5269,5280"
        SERVISPORTS="2049,3306,10000"
        RDPPORTS="3389"
        VNCPORTS="5900:5906,"
        XPORTS="6000:6063"
        NFSPORTS="111,2049"
        SAMBAPORTS="135:139,445"
        SKYPEPORT="39592,13840,50179"

        ELCOM="80.247.96.235"

# Интерфейсы

ROUTESCONFFILE="/etc/sysconfig/network-scripts/multiroutes.cfg"

func_read_array_from_file $ROUTESCONFFILE
func_make_array

i=0
while [ "$i" -lt "${#NET_IF[@]}" ]
    do
        N=$N"$(echo "LAN" ${NET_IF[$i]} ${NET_IP[$i]} ${NET_MASK[$i]} \(${NET_PREF[$i]}\) ${NET_NET_IP[$i]} "\n")"
        i=$[$i+1]
    done

j=0
while [ "$j" -lt "${#INET_IF[@]}" ]
    do
        I=$I"$(echo "WAN" ${INET_IF[$j]} ${INET_IP[$j]} ${INET_MASK[$j]} \(${INET_PREF[$j]}\) ${INET_NET_IP[$j]} "\n")"
        j=$[$j+1]
    done

(echo -e "TYPE" "INTERFACE" "IP" "MASK" "PREFIX" "NET" "\n"; echo -e  $I "\n" $N "\n" | sort -k 2.1 ) | column -t

        i=0
        while [ "$i" -lt "${#INET_IF[@]}" ]
          do
            INET_NET_A[$i]=$S_INET_NET
            i=$[$i+1]
          done
}

func_mport ()
{
  MPORT=$2
  if [ "$MPORT" != "" ]
    then
        MPORT="$MPORT,$1"
    else
        MPORT=$1
  fi
  echo $MPORT
}

func_modpr ()
{
        modprobe iptable_nat
        modprobe ip_nat_ftp
        modprobe ip_conntrack_ftp
        modprobe ipt_LOG

        echo "1" > /proc/sys/net/ipv4/ip_forward
}

fstart ()
{
        echo "Starting firewall"
        iptables -F
        iptables -t nat -F
        iptables -t mangle -F
        iptables -t nat -F PREROUTING
        iptables -t nat -F POSTROUTING

        iptables -X
        iptables -t nat -X
        iptables -t mangle -X

        iptables -t mangle -N out-marking
        iptables -t mangle -N in-marking

        iptables -F INPUT
        iptables -F FORWARD
        iptables -F OUTPUT

        iptables -P FORWARD DROP
        iptables -P INPUT DROP
        iptables -P OUTPUT DROP

        iptables -A INPUT   -m state --state INVALID -j DROP
        iptables -A FORWARD -m state --state INVALID -j DROP

        iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset

        iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
        iptables -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP

        iptables -A INPUT -p UDP -s 0/0 --destination-port 137 -j DROP
        iptables -A INPUT -p UDP -s 0/0 --destination-port 138 -j DROP
        iptables -A INPUT -p UDP -s 0/0 --destination-port 113 -j REJECT
        iptables -A INPUT -p UDP -s 0/0 --source-port 67 --destination-port 68 -j ACCEPT  

        iptables -A INPUT --fragment -p ICMP -j DROP
        iptables -A OUTPUT --fragment -p ICMP -j DROP

        iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
        iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
        iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
        iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
        iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
        iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
        iptables -A INPUT -p tcp --tcp-option 64 -j DROP
        iptables -A INPUT -p tcp --tcp-option 128 -j DROP

for HWNETIF in ${INET_IF[*]}
    do
        iptables -A OUTPUT -p tcp -m tcp -o $HWNETIF --dport 23 --sport $UNPRIVPORTS -j ACCEPT
        iptables -A INPUT -p tcp -m tcp -i $HWNETIF --dport $UNPRIVPORTS --sport 23 -j ACCEPT ! --syn
        iptables -A INPUT -p tcp -m tcp -i $HWNETIF --dport $XPORTS -j DROP --syn
        iptables -A INPUT -p icmp -m icmp -i $HWNETIF --icmp-type parameter-problem -j ACCEPT
        iptables -A OUTPUT -p icmp -m icmp -o $HWNETIF --icmp-type parameter-problem -j ACCEPT
        iptables -A INPUT -p tcp -m tcp -m multiport -i $HWNETIF -j DROP --destination-ports $CLOSEPORTS
    done

for HWNETIF in ${NET_IF[*]} ${INET_IF[*]}
    do  
        iptables -A INPUT -p icmp -m icmp -i $HWNETIF --icmp-type source-quench -j ACCEPT
        iptables -A OUTPUT -p icmp -m icmp -o $HWNETIF --icmp-type source-quench -j ACCEPT
    done

        iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

        iptables -A INPUT -i lo -j ACCEPT
        iptables -A OUTPUT -o lo -j ACCEPT

        iptables -A INPUT -p ALL -s 127.0.0.1 -i lo -j ACCEPT
        iptables -A OUTPUT -p ALL -d 127.0.0.1 -o lo -j ACCEPT
        iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT

for IP in ${NET_IP[*]} ${INET_IP[*]}
    do
        iptables -A INPUT -p ALL -s $IP -i lo -j ACCEPT
        iptables -A OUTPUT -p ALL -s $IP -j ACCEPT
    done
    
# Помечаем пакеты
    iptables -t mangle -A PREROUTING -m connmark ! --mark 0x0/0x3 -j out-marking
for HWNETIF in ${NET_IF[*]}
    do
        iptables -t mangle -A out-marking -i $HWNETIF -j CONNMARK --restore-mark --mask 0x3
    done
    index=0;
    iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW -j in-marking
for HWNETIF in ${INET_IF[*]}
    do
        let "index = $index + 1"
        iptables -t mangle -A in-marking -i $HWNETIF -j CONNMARK --set-xmark 0x$index/0x3
    done
    
# Открытые порты из Глобала
        func_open_port "global" "${INET_IP[*]}" "${INET_NET_A[*]}" "{$INET_IF[*]}"

# Для почты
        while read mline
          do
#           mline=$mline
            if [ -e "$CONFDIR/mail/$mline/pop3.lst" -o -e  "$CONFDIR/mail/$mline/imap.lst" -a -e "$CONFDIR/mail/$mline/smtp.lst" ]
                then
                    if [ -e "$CONFDIR/mail/$mline/pop3.lst" ]
                        then
                            func_mail_acc $mline pop3 "110,995"
                    fi
                    if [ -e "$CONFDIR/mail/$mline/imap.lst" ]
                        then
                            func_mail_acc $mline imap "143,993"
                    fi
                    func_mail_acc $mline smtp "25,465,587"
                 else
                    echo "Проверте настройки pop3, imap и smtp для $mline"
            fi
          done < <(ls -1 "$CONFDIR/mail")

# Открытые порты из локалки
        func_open_port "local" "${NET_IP[*]}" "${NET_NET[*]}" "${NET_IF[*]}"
# Разрешаем только ответы DNS и DHCP сервера  на запросы
        echo "DNS провайдера"
        func_read_array dns.lst
        index=0
        while [ "$index" -lt  "${#NET_NET[@]}" ]
            do
                func_dns_getway "${NET_NET[$index]}"
                let "index = $index + 1"
            done

# Доступ админам наружу
echo "Свободный шлюз"
for TIFST in ${NET_IF[*]}
    do
        func_read_array free_getway/$TIFST.lst
        index=0
        while [ "$index" -lt  "${#VAR_DATA[@]}" ]
            do
                func_free_getway "${VAR_DATA[$index]}" "$TIFST"
                let "index = $index + 1"
        done
    done
# Сисадмину доступ
        func_adm_out

# Разрешен исходящий пинг, ограничен входящий.
        echo "Системные службы"
        iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT
        iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
        iptables -A OUTPUT -p icmp --icmp-type echo-reply -m icmp  -j ACCEPT
        iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT
        iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
        iptables -A INPUT -p icmp -j ACCEPT
        iptables -A FORWARD -p icmp -j ACCEPT
        iptables -A OUTPUT -p icmp -j ACCEPT
        for TIFST in ${INET_IF[*]}
            do
# Разрешены исходящие AUTH-запросы, входящие запрещены.
                func_fwgw 113 $TIFST
                iptables -A INPUT -p tcp -m tcp -i $TIFST --dport 113 -j DROP
# Разрешаем finger, whois, gorper, wais. Traceroute только исходящий.
                func_fwgw $UNPRIVPORTS $TIFST
                func_fwgw 79 $TIFST
                func_fwgw 43 $TIFST
                func_fwgw 70 $TIFST
                func_fwgw 210 $TIFST
                iptables -A INPUT -p tcp -m tcp -i $TIFST --dport $UNPRIVPORTS --sport 20 -j ACCEPT
                iptables -A OUTPUT -p tcp -m tcp -o $TIFST --dport 20 --sport $UNPRIVPORTS -j ACCEPT ! --syn
            done          
# Перебрасываем порты
        echo "Переброс портов"
        func_read_array port_fw.lst
        index=0
        while [ "$index" -lt  "${#VAR_DATA[@]}" ]
            do
                ACCPORTINP=$(echo ${VAR_DATA[$index]} | awk -F':' '{print $1}')
                ACCIADDDES=$(echo ${VAR_DATA[$index]} | awk -F':' '{print $2}')
                ACCPORTDES=$(echo ${VAR_DATA[$index]} | awk -F':' '{print $3}')
                for INETIP in ${INET_IP[*]}
                    do
                        iptables -t nat -A PREROUTING -d $INETIP -p TCP --dport $ACCPORTINP -j DNAT --to-destination $ACCIADDDES:$ACCPORTDES
                        iptables -A FORWARD -p TCP -d $ACCIADDDES --dport $ACCPORTDES -j ACCEPT
                    done
                let "index = $index + 1"
        done
}
fnat ()
{
# Включаем NAT
echo "NAT"
index=0
while [ "$index" -lt "${#INET_IF[@]}" ]
    do
        iptables -t mangle -A PREROUTING -i ${INET_IF[$index]} -j TTL --ttl-set 64
        iptables -t nat -A POSTROUTING -o ${INET_IF[$index]} -j SNAT --to-source ${INET_IP[$index]}
        iptables -t nat -A POSTROUTING -o ${INET_IF[$index]} -j MASQUERADE

        iptables -t mangle -A PREROUTING -i eth3 -j TTL --ttl-set 64
        iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source ${INET_IP[$index]}
        iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE


        let "index = $index + 1"
    done

}

fblock ()
{
# Блокировка Домена
        echo "Блокировка домена"
        if [ -e "$CONFDIR/black_list.lst" ]
          then
              func_read_array black_list.lst
              index=0
              while [ "$index" -lt  "${#VAR_DATA[@]}" ]
                  do
                    iptables -A INPUT -p all -s ${VAR_DATA[$index]} -j DROP
                    iptables -A OUTPUT -p all -d ${VAR_DATA[$index]}  -j DROP
                    iptables -A FORWARD -p all -s ${VAR_DATA[$index]}  -j DROP
                    iptables -A FORWARD -p all -d ${VAR_DATA[$index]}  -j DROP
                  done
        fi
}

fstop ()
{
        echo "Stopping firewall"
        iptables -F
        iptables -X
        iptables -F -t nat
        iptables -X -t nat

        iptables -P INPUT ACCEPT
        iptables -P OUTPUT ACCEPT
        iptables -P FORWARD ACCEPT
}

fstatus ()
{
    iptables -L
}

fsave ()
{
      iptables-save > /etc/sysconfig/iptables
}

frestore ()
{
      iptables-restore < /etc/sysconfig/iptables
}

case "$1" in
    start)
          func_get_params
          func_modpr
          fstart
          fblock
          fnat
          ;;
    stop)    
          fstop
          ;;
    pause)    
          fstop
          func_get_params
          fnat
          ;;
    restart)
          fstop
          func_get_params
          fstart
          fblock
          fnat
          ;;
    status)
          fstatus
          ;;
    save)
          fsave
          ;;
    restore)
          func_modpr
          fstop
          frestore
          ;;
    *)
          echo "Usage /etc/init.d/firewall {start|stop|status|pause|restart|save|restore}"
          exit 1
          ;;
esac
    
exit 0

Роуты
Код
213.180.204.11 via YYY.YYY.YYY.193 dev eth2
31.13.60.76 via XXX.XXX.XXX.233 dev eth1
80.247.97.18 via XXX.XXX.XXX.233 dev eth1
87.250.250.199 via YYY.YYY.YYY.193 dev eth2
213.180.204.25 via XXX.XXX.XXX.233 dev eth1
77.88.21.253 via YYY.YYY.YYY.193 dev eth2
92.38.2.37 via XXX.XXX.XXX.233 dev eth1
93.88.162.106 via XXX.XXX.XXX.233 dev eth1
93.88.162.107 via YYY.YYY.YYY.193 dev eth2
213.180.193.124 via YYY.YYY.YYY.193 dev eth2
173.194.32.161 via YYY.YYY.YYY.193 dev eth2
173.194.32.160 via XXX.XXX.XXX.233 dev eth1
173.194.32.163 via YYY.YYY.YYY.193 dev eth2
173.194.32.162 via XXX.XXX.XXX.233 dev eth1
173.194.32.165 via YYY.YYY.YYY.193 dev eth2
173.194.32.164 via XXX.XXX.XXX.233 dev eth1
93.158.134.124 via XXX.XXX.XXX.233 dev eth1
173.194.32.167 via YYY.YYY.YYY.193 dev eth2
173.194.32.166 via XXX.XXX.XXX.233 dev eth1
173.194.32.169 via YYY.YYY.YYY.193 dev eth2
173.194.32.168 via XXX.XXX.XXX.233 dev eth1
213.180.204.37 via YYY.YYY.YYY.193 dev eth2
87.250.250.253 via XXX.XXX.XXX.233 dev eth1
178.187.233.138 via XXX.XXX.XXX.233 dev eth1
213.180.204.53 via YYY.YYY.YYY.193 dev eth2
93.88.162.77 via XXX.XXX.XXX.233 dev eth1
93.88.162.78 via YYY.YYY.YYY.193 dev eth2
217.229.79.46 via XXX.XXX.XXX.233 dev eth1
195.49.68.2 via YYY.YYY.YYY.193 dev eth2
93.88.162.48 via XXX.XXX.XXX.233 dev eth1
93.88.162.49 via YYY.YYY.YYY.193 dev eth2
93.158.134.25 via XXX.XXX.XXX.233 dev eth1
213.180.193.38 via YYY.YYY.YYY.193 dev eth2
213.180.193.37 via XXX.XXX.XXX.233 dev eth1
93.158.134.11 via YYY.YYY.YYY.193 dev eth2
80.247.96.65 via XXX.XXX.XXX.233 dev eth1
213.180.193.53 via XXX.XXX.XXX.233 dev eth1
77.88.21.178 via XXX.XXX.XXX.233 dev eth1
93.88.162.20 via YYY.YYY.YYY.193 dev eth2
213.180.193.11 via XXX.XXX.XXX.233 dev eth1
80.247.96.125 via XXX.XXX.XXX.233 dev eth1
87.250.250.186 via YYY.YYY.YYY.193 dev eth2
87.250.251.178 via XXX.XXX.XXX.233 dev eth1
213.180.193.25 via YYY.YYY.YYY.193 dev eth2
93.158.134.38 via XXX.XXX.XXX.233 dev eth1
93.158.134.37 via YYY.YYY.YYY.193 dev eth2
178.63.3.88 via XXX.XXX.XXX.233 dev eth1
93.88.162.251 via XXX.XXX.XXX.233 dev eth1
77.88.21.124 via XXX.XXX.XXX.233 dev eth1
93.158.134.199 via XXX.XXX.XXX.233 dev eth1
212.47.252.243 via YYY.YYY.YYY.193 dev eth2
93.158.134.253 via YYY.YYY.YYY.193 dev eth2
213.180.193.199 via YYY.YYY.YYY.193 dev eth2
93.88.162.223 via YYY.YYY.YYY.193 dev eth2
10.0.1.6 via XXX.XXX.XXX.233 dev eth1
93.88.162.222 via XXX.XXX.XXX.233 dev eth1
10.0.1.2 via XXX.XXX.XXX.233 dev eth1
87.250.250.124 via YYY.YYY.YYY.193 dev eth2
10.0.2.6 via YYY.YYY.YYY.193 dev eth2
93.88.162.193 via XXX.XXX.XXX.233 dev eth1
93.88.162.194 via YYY.YYY.YYY.193 dev eth2
10.0.2.2 via YYY.YYY.YYY.193 dev eth2
213.180.204.186 via XXX.XXX.XXX.233 dev eth1
213.180.204.178 via YYY.YYY.YYY.193 dev eth2
93.91.172.2 via YYY.YYY.YYY.193 dev eth2
87.250.250.11 via YYY.YYY.YYY.193 dev eth2
77.88.21.38 via XXX.XXX.XXX.233 dev eth1
213.180.204.199 via XXX.XXX.XXX.233 dev eth1
87.250.251.11 via XXX.XXX.XXX.233 dev eth1
93.88.162.164 via XXX.XXX.XXX.233 dev eth1
93.88.162.165 via YYY.YYY.YYY.193 dev eth2
213.180.193.178 via XXX.XXX.XXX.233 dev eth1
87.250.250.25 via YYY.YYY.YYY.193 dev eth2
87.250.251.37 via XXX.XXX.XXX.233 dev eth1
77.88.21.11 via XXX.XXX.XXX.233 dev eth1
87.250.250.38 via YYY.YYY.YYY.193 dev eth2
93.158.134.178 via YYY.YYY.YYY.193 dev eth2
93.88.162.135 via XXX.XXX.XXX.233 dev eth1
213.180.204.252 via XXX.XXX.XXX.233 dev eth1
80.247.96.235 via XXX.XXX.XXX.233 dev eth1
93.88.162.136 via YYY.YYY.YYY.193 dev eth2
XXX.XXX.XXX.232/29 dev eth1  proto kernel  scope link  src XXX.XXX.XXX.235
YYY.YYY.YYY.192/26 dev eth2  proto kernel  scope link  src YYY.YYY.YYY.232
80.247.96.0/24 via XXX.XXX.XXX.233 dev eth1
10.0.0.0/24 dev eth3  proto kernel  scope link  src 10.0.0.1
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.5
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
169.254.0.0/16 dev eth2  scope link  metric 1004
169.254.0.0/16 dev eth3  scope link  metric 1005
default equalize
        nexthop via XXX.XXX.XXX.233  dev eth1 weight 1
        nexthop via YYY.YYY.YYY.193  dev eth2 weight 1


Рулесы
Код
0:      from all lookup local
32758:  from YYY.YYY.YYY.YY1 lookup Y
32759:  from all fwmark 0x2/0x3 lookup Y
32760:  from XXX.XXX.XXX.XX1 lookup X
32761:  from all fwmark 0x1/0x3 lookup X
32762:  from YYY.YYY.YYY.YY1 lookup Y
32763:  from all fwmark 0x2/0x3 lookup Y
32764:  from XXX.XXX.XXX.XX1 lookup X
32765:  from all fwmark 0x1/0x3 lookup X
32766:  from all lookup main
32767:  from all lookup default
20 Jan 2017
Решил сделать загрузочную флэшку с поддержкой Legacy и EFI.
Сделал соответсвующее разбиение:
Код
Device        Start      End  Sectors  Size Type
/dev/sdk1      2048     6143     4096    2M BIOS boot
/dev/sdk2      6144   137215   131072   64M EFI System
/dev/sdk3    137216   399359   262144  128M Linux filesystem
/dev/sdk4    399360 17176575 16777216    8G Linux filesystem
/dev/sdk5  17176576 59119615 41943040   20G Linux filesystem
/dev/sdk6  59119616 60626910  1507295  736M Linux filesystem


Поставил в третий раздел Grub2 Legacy.
Загружается, выполняет grub.conf

Стал ставить Grub2-EFI.
Находясь в каталоге /usr/lib/grub/x86_64-efi, собрал образ
Код
grub2-efi-mkimage -c /media/disk/boot/efi/EFI/BOOT/grub2-efi/grub.cfg -O x86_64-efi -o /media/disk/boot/efi/EFI/BOOT/grub2-efi/grub.efi -d /usr/lib/grub/x86_64-efi -p /grub2 \
$(find . -name '*.mod' -and -not -name "minix*" -and -not -name "affs*" -and -not -name "afs*" -and -not -name "bfs*" -and -not -name "md4*" -and -not -name "*amiga*" -and -not -name "sfs"| tr '\n' ' ' | sed -e 's/\.mod//g')

Модули, которые включил:
Код
find . -name '*.mod' -and -not -name "minix*" -and -not -name "affs*" -and -not -name "afs*" -and -not -name "bfs*" -and -not -name "md4*" -and -not -name "*amiga*" -and -not -name "sfs"| tr '\n' ' ' | sed -e 's/\.mod//g'
./acpi ./adler32 ./ahci ./all_video ./aout ./appleldr ./at_keyboard ./ata ./backtrace ./bitmap ./bitmap_scale ./blocklist ./boot ./bsd ./btrfs ./bufio ./cat ./chain ./cmp ./configfile ./cpio ./cpio_be ./cpuid ./crc64 ./crypto ./cryptodisk \
./cs5536 ./date ./datehook ./datetime ./diskfilter ./dm_nv ./echo ./efi_gop ./efi_uga ./efifwsetup ./efinet ./ehci ./elf ./emuusb ./exfat ./exfctest ./ext2 ./extcmd ./fat ./fixvideo ./font ./fshelp ./functional_test ./gcry_arcfour ./gcry_blowfish \
./gcry_camellia ./gcry_cast5 ./gcry_crc ./gcry_des ./gcry_md4 ./gcry_md5 ./gcry_rfc2268 ./gcry_rijndael ./gcry_rmd160 ./gcry_seed ./gcry_serpent ./gcry_sha1 ./gcry_sha256 ./gcry_sha512 ./gcry_tiger ./gcry_twofish ./gcry_whirlpool \
./geli ./gettext ./gfxmenu ./gfxterm ./gptsync ./gzio ./halt ./hashsum ./hdparm ./hello ./help ./hexdump ./hfs ./hfsplus ./http ./iorw ./iso9660 ./jfs ./jpeg ./keylayouts ./keystatus ./ldm ./linux ./linuxefi ./loadbios ./loadenv ./loopback \
./ls ./lsacpi ./lsefimmap ./lsefisystab ./lsmmap ./lspci ./lssal ./luks ./lvm ./lzopio ./mdraid09 ./mdraid09_be ./mdraid1x ./memdisk ./memrw ./minicmd ./mmap ./msdospart ./multiboot ./multiboot2 ./net ./newc ./nilfs2 ./normal ./ntfs \
./ntfscomp ./odc ./ohci ./part_acorn ./part_apple ./part_bsd ./part_dvh ./part_gpt ./part_msdos ./part_plan ./part_sun ./part_sunpc ./parttool ./password ./password_pbkdf2 ./pata ./pbkdf2 ./play ./png ./priority_queue ./probe ./raid5rec \
./raid6rec ./read ./reboot ./regexp ./reiserfs ./relocator ./romfs ./scsi ./search ./search_fs_file ./search_fs_uuid ./search_label ./serial ./setjmp ./setpci ./sfs ./sleep ./squash4 ./tar ./terminal ./terminfo ./test ./test_blockarg ./testload ./tftp \
./tga ./time ./trig ./true ./udf ./ufs1 ./ufs2 ./uhci ./usb ./usb_keyboard ./usbms ./usbserial_common ./usbserial_ftdi ./usbserial_pl2303 ./usbtest ./video ./video_bochs ./video_cirrus ./video_fb ./videoinfo ./videotest ./xfs ./xnu ./xnu_uuid \
./xzio ./zfs ./zfscrypt ./zfsinfo


Содержимое файла /media/disk/boot/efi/EFI/BOOT/grub2-efi/grub.cfg
Код
search.fs_uuid a0624e8b-faf1-4282-9455-5794fbc0a43e root hd0,gpt3
set prefix=($root)/grub2
configfile $prefix/grub.cfg

UUID - раздела, где находится каталог grub2
Код
/dev/sdk3: LABEL="Boot" UUID="a0624e8b-faf1-4282-9455-5794fbc0a43e" TYPE="ext3" PARTLABEL="Linux filesystem" PARTUUID="ffb4c58b-5661-4fb7-872b-193805eae2cd"

Что нахожится в разделе:
Код
mount | grep sdk && pwd && ls -l
/dev/sdk4 on /media/disk type ext4 (rw,relatime,data=ordered)
/dev/sdk3 on /media/disk/boot type ext3 (rw,relatime,data=ordered)
/dev/sdk2 on /media/disk/boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/media/disk/boot
итого 29
drwxr-xr-x 3 root root 16384 янв  1  1970 efi/
drwxr-xr-x 6 root root  1024 янв 20 19:32 grub2/
drwx------ 2 root root 12288 янв 20 16:26 lost+found/


Все это я установил командой
Код
grub2-efi-install --target=x86_64-efi --bootloader-id=grub --efi-directory=/media/disk/boot/efi --boot-directory=/media/disk/boot --removable /dev/sdk


В UEFI-режиме флэшка загружается. Но Grub2 выдает ошибку "prefix not set" две строки и зависает. На клавиатуру не откликается.

В связи с этим у меня два вопроса:
1. Как заставить Grub2 находить нужный раздел с рабочим каталогом GRUB2?
2. Какие модули можно, или даже нужно еще выкинуть?
18 Jan 2017
Была необходимость собрать программу Trojita? с помощью QMake в QT-Creator. В оригинале сборка идет с помощью CMake.
По структуре pro-файлов trojita (0.2 с чем-то версии) из примеров Qt, сделал pro-файлы для текущей версии (0.7). В исходные коды не лез.
Оба варианта проекта открыл Qt-Creator и там же собрал в режиме релиз. Оба собрались, оба запускаются. В обоих случаях компилируются одинаковый набор статических и динамических библиотек, и исполняемый файл (qmake-ом не собирается только второй исполняемый файл, но его нужность у меня под сомнением). И все бы ничего, но бинарных файлов cmake и qmake сборок в разы отличается в пользу первого. Разница в размерах идет уже на этапе создания объектных файлов.

Попытался из makefile-а удалить все строки на mkspec-и qt. Собралось с теми же размерами.

Или я что-то лишнее задаю в pro-файле? Или qmake сам что-то лишнее в makefile пишет?

Во вложении Cmake-файл проекта, diff-файл версии c qmake-проектом, Makefile-ы вариантов проекта cmake и qmake для libImap.
Прикрепленные файлы
Прикрепленный файл  Trojita_Imap.tar.bz2 ( 74.75 килобайт ) Кол-во скачиваний: 1
 
Добрый день!

Для сборки программ в Qt под Windows нужен правильно собранный Qt.
Чтобы собрать Qt нужны OpenSSL, MuSQL и либы ICU и BOOST.
Чтобы все это собрать нужен правильно собранный компилятор.
Компиляторы в доступности есть только два Visual C и MinGW. Первый слишком жирный, чтобы его было возможно поставить на несколько машин, к тому же проприетарный. Сборок второго для архитектуры x86_64 мало, а те, что есть не смогут собрать MySQL. Тут остается собрать самому.

Застрял на сборке всего GCC.

Использую msys64 и x86_64-6.2.0-release-win32-seh-rt_v5-rev1
Исходники:
binutils-2.27
cloog-parma-0.16.1
cloog-ppl-0.15.11
gcc-master
gmp-6.1.1
libiconv-1.14
mingw-w64-v5.0.0
mpc-1.0.3
mpfr-3.1.5
ppl-1.2
zlib-1.2.8
iconv-1.14
Собрал все, что необходимо для сборки GCC
Код
ZLib
cd $ZLib_Source_with_Patchs:  zlib/01-zlib-1.2.7-1-buildsys.mingw.patch, zlib/02-no-undefined.mingw.patch, zlib/03-dont-put-sodir-into-L.mingw.patch, zlib/04-wrong-w8-check.mingw.patch, zlib/05-fix-a-typo.mingw.patch, zlib/013-fix-largefile-support.patch
./configure --prefix=/d/mbuild/prerequaries/shared &>congfig.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

LibIconv
cd $ZLib_Source_with_Patchs: libiconv/0001-compile-relocatable-in-gnulib.mingw.patch, libiconv/0002-fix-cr-for-awk-in-configure.all.patch
mkdie build && cd build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/prerequaries/shared --enable-shared --disable-static CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include" CPPFLAGS="-s -O2" LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib" &>config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

GMP
cd $GMP_Source
mkdie build && cd build
../configure --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --enable-cxx CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include" CPPFLAGS='-s -O2 -fexceptions' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

PPL
cd $PPL_Source
mkdie build && cd build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --enable-nls  --enable-threads --disable-debugging --with-gmp=/d/mbuild/requaries/shared --with-cflags='-s -O2' --with-cxxflags='-s -O2' CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

CLOOG-PPL
cd $CLOOG-PPL_Source
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --with-ppl=/d/mbuild/requaries/shared --with-gmp=/d/mbuild/requaries/shared CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

MPFR
cd $MPFR_Source
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --with-gmp=/d/mbuild/requaries/shared CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

MPC
cd $MPC_Source
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --with-gmp=/d/mbuild/requaries/shared --with-mpfr=/d/mbuild/requaries/shared CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

ISL
cd $ISL_Source_with_Patches: isl/isl-0.14.1-no-undefined.patch
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --with-gmp=/d/mbuild/requaries/shared CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

MinGW-W64_headers
cd Path_to/mingw-w64-mingw-w64-v5/mingw-w64-headers
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/runtime/w32api/shared --enable-sdk=all --enable-secure-api CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

MinGW-W64_CRT
cd Path_to/mingw-w64-mingw-w64-v5/mingw-w64-crt
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/runtime/runtime/shared --disable-lib32 --enable-lib64 --enable-wildcard CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

WinPThreads-v5
cd Path_to/mingw-w64-mingw-w64-v5/mingw-w64-libraries/winpthreads
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/runtime/winpthreads/shared --enable-shared --disable-static CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

BinUtils NoMUltilibs
cd BinUtils_Source with patchs: patches/0001-enable-gold-on.mingw32.patch, patches/0002-check-for-unusual-file-harder.patch, patches/0008-fix-libiberty-makefile.mingw.patch, patches/0009-fix-libiberty-configure.mingw.patch, patches/0110-binutils-mingw-gnu-print.patch, patches/9ac47a4.diff, patches/27aaeda.diff, patches/a93d5cb.diff, patches/fixes-a-problem-recognizing-libraries-created-by-VS.patch
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/bin/binutils/shared --with-sysroot=/d/mbuild/runtime/shared --disable-multilib --enable-lto --enable-plugins --enable-gold --enable-install-libiberty --with-libiconv-prefix=/d/mbuild/requaries/shared --enable-shared --disable-static --disable-rpath --enable-nls CFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include -I/d/mbuild/runtime/shared/include" CXXFLAGS="-s -O2 -pipe -I/mingw64/opt/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include -I/d/mbuild/runtime/shared/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/mingw64/opt/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib -L/d/mbuild/runtime/shared/lib" &> config.my.log
mingw32-make.exe -j4 &>make.my.log
mingw32-make.exe install &>install.my.log

GCC NoMUltilibs
cd BinUtils_Source with patchs: patches/gcc-4.7-stdthreads.patch, patches/gcc-5.1-iconv.patch, patches/gcc-4.8-libstdc++export.patch, patches/gcc-4.8.2-build-more-gnattools.mingw.patch, patches/gcc-4.8.2-fix-for-windows-not-minding-non-existant-parent-dirs.patch, patches/gcc-4.8.2-windows-lrealpath-no-force-lowercase-nor-backslash.patch, patches/gcc-4.9.1-enable-shared-gnat-implib.mingw.patch, patches/gcc-5.1.0-make-xmmintrin-header-cplusplus-compatible.patch, patches/gcc-5.2-fix-mingw-pch.patch, patches/gcc-5-dwarf-regression.patch, patches/gcc-5.1.0-fix-libatomic-building-for-threads=win32.patch, patches/gcc-6-ktietz-libgomp.patch, patches/gcc-6.1-disable-weak-refs.patch
mkdie build && build
../configure  --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --prefix=/d/mbuild/release/shared --with-sysroot=/mingw64 --disable-multilib --enable-languages=c,c++,objc,obj-c++,fortran,lto --enable-libstdcxx-time=yes --enable-threads=win32 --enable-libgomp --enable-libatomic --enable-lto --enable-graphite --enable-checking=release --enable-fully-dynamic-string --enable-version-specific-runtime-libs --enable-libstdcxx-filesystem-ts=yes --disable-isl-version-check --disable-libstdcxx-pch --disable-libstdcxx-debug --enable-bootstrap --disable-rpath --disable-win32-registry --disable-werror --disable-symvers --with-gnu-as --with-gnu-ld --with-arch=nocona --with-tune=core2 --with-libiconv --with-system-zlib --with-gmp=/d/mbuild/requaries/shared --with-mpc=/d/mbuild/requaries/shared --with-mpfr=/d/mbuild/requaries/shared --with-ppl=/d/mbuild/requaries/shared --disable-ppl-version-check --with-cloog=/d/mbuild/requaries/shared --disable-cloog-version-check --with-isl=/d/mbuild/requaries/shared --with-pkgversion="x86_64-win32-yamah-rev1, Built by MinGW-W64 project" --with-bugurl=http://sourceforge.net/projects/mingw-w64 --enable-shared --disable-static  --with-dwarf2 --enable-nls CFLAGS="-s -O2 -pipe -I/d/mbuild/runtime/shared/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include -I/mingw64/opt/include" CXXFLAGS="-s -O2 -pipe -I/d/mbuild/runtime/shared/include -I/d/mbuild/prerequaries/shared/include -I/d/mbuild/requaries/shared/include -I/mingw64/opt/include" CPPFLAGS='-s -O2' LDFLAGS="-pipe -L/d/mbuild/runtime/shared/lib -L/d/mbuild/prerequaries/shared/lib -L/d/mbuild/requaries/shared/lib -L/mingw64/opt/lib" &> config.my.log
mingw32-make.exe -j4 BOOT_CFLAGS='-s -O2' BOOT_CPPFLAGS='-s -O2' all-gcc &>make-gcc.my.log
mingw32-make.exe install-gcc &>install-gcc.my.log



Сложил все собранные программы в /d/mbuild/release/shared. Хеадеры W32API и winRT сложил в /d/mbuild/release/shared/x86_64-w64-mingw32/
Однако, сборка всего gcc вылетает с ошибками.
Код
../../../../../libstdc++-v3/src/filesystem/dir.cc: In function 'std::experimental::filesystem::v1::__cxx11::_Dir {anonymous}::open_dir(const std::experimental::filesystem::v1::__cxx11::path&, std::experimental::filesystem::v1::directory_options, std::error_code*)':
../../../../../libstdc++-v3/src/filesystem/dir.cc:91:40: error: cannot convert '_WDIR*' to 'DIR*' in initialization
     if (DIR* dirp = ::opendir(p.c_str()))
                                        ^
../../../../../libstdc++-v3/src/filesystem/dir.cc: In constructor 'std::experimental::filesystem::v1::__cxx11::recursive_directory_iterator::recursive_directory_iterator(const std::experimental::filesystem::v1::__cxx11::path&, std::experimental::filesystem::v1::directory_options, std::error_code*)':
../../../../../libstdc++-v3/src/filesystem/dir.cc:249:38: error: cannot convert '_WDIR*' to 'DIR*' in initialization
   if (DIR* dirp = ::opendir(p.c_str()))
                                      ^
../../../../../libstdc++-v3/src/filesystem/path.cc: In member function 'std::pair<const std::__cxx11::basic_string<wchar_t>*, long long unsigned int> std::experimental::filesystem::v1::__cxx11::path::_M_find_extension() const':
../../../../../libstdc++-v3/src/filesystem/path.cc:302:10: error: cannot convert 'const string_type* {aka const std::__cxx11::basic_string<wchar_t>*}' to 'const string* {aka const std::__cxx11::basic_string<char>*}' in assignment
     s = &_M_pathname;
          ^~~~~~~~~~~

и подобные.
Полный лог сборки GCC в make-all.my.log во вложении. Прикрепленный файл  log.7z ( 30.06 килобайт ) Кол-во скачиваний: 1


Как побороть ошибку?
12 Apr 2016
Добрый день.

Нужно чтобы при старте ситемы автоматом запускался модуль gpio_sunxi и после его запуска выполнялись команды по заданию значения в GPIO.

Если я правильно понимаю, Модуль должен как-то задаваться в каком-то файле /etc/modprobe.d, Скорее всего в новом файле. Но я не знаю правильного синтаксиса этого файла.
Потом /ietc/rc.d/init.d долже быть скрипт, с параметрами стоп и старт и соответсвующие командя для него.

Я правильно понял решение задачи?
Просмотры


31 Jul 2017 - 16:20


23 Jan 2013 - 17:29


25 Oct 2011 - 17:27


30 Aug 2011 - 12:14


18 Feb 2011 - 15:39


9 Feb 2011 - 20:00


14 Nov 2010 - 20:19


3 Aug 2010 - 18:41


28 Jul 2010 - 3:58


25 Jul 2010 - 3:01


Друзья

886 сообщений
15th January 2010 - в 20:40

196 сообщений
5th May 2013 - в 09:36

1 сообщений
2nd December 2008 - в 16:34

6 сообщений
23rd August 2010 - в 04:54
Просмотр всех друзей
RSS Текстовая версия Сейчас: 17th December 2017 - в 09:03




Rating@Mail.ru