Updates to RESTOREFILE implementation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1390 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-06-07 17:38:31 +00:00
parent 255ad5c10d
commit 0258b32d2c
4 changed files with 56 additions and 27 deletions

View File

@ -1251,10 +1251,10 @@ stop_firewall() {
[ -z "$RESTOREFILE" ] && RESTOREFILE=restore
if [ -f /var/lib/shorewall/$RESTOREFILE ]; then
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
echo Restoring Shorewall...
. /var/lib/shorewall/$RESTOREFILE
echo Shorewall restored
/var/lib/shorewall/$RESTOREFILE
echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
my_mutex_off
kill $$
exit 2

View File

@ -117,9 +117,9 @@ drop)
;;
forget)
echo "forget: forget
Deletes /var/lib/shorewall/save and /var/lib/shorewall/restore. Those
files are created by the 'shorewall save' command
echo "forget: forget [ <file name> ]
Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
the file specified by RESTOREFILE in shorewall.conf is removed.
See also \"help save\""
;;
@ -194,18 +194,22 @@ restart)
;;
restore)
echo "restore: restore
Restore Shorewall to its last state saved using the 'save' command
Existing connections are maintained.
echo "restore: restore [ <file name> ]
Restore Shorewall to a state saved using the 'save' command
Existing connections are maintained. The <file name> names a restore file in
/var/lib/shorewall created using "shorewall save"; if no <file name> is given
then Shorewall will be restored from the file specified by the RESTOREFILE
option in shorewall.conf.
See also \"help save\" and \"help forget\""
;;
save)
echo "save: save
echo "save: save [ <file name> ]
The dynamic data is stored in /var/lib/shorewall/save. The state of the
firewall is stored in /var/lib/shorewall/restore for use by the 'shorewall restore'
and 'shorewall -f start' commands.
firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
and 'shorewall -f start' commands. If <file name> is not given then the state is saved
in the file specified by the RESTOREFILE option in shorewall.conf.
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
@ -240,8 +244,9 @@ start)
Start shorewall. Existing connections through shorewall managed
interfaces are untouched. New connections will be allowed only
if they are allowed by the firewall rules or policies.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings
If \"-f\" is specified, the last saved configuraton if any will be restored"
If \"-q\" is specified, less detail is displayed making it easier to spot warnings
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
in shorewall.conf will be restored if that saved configuration exists"
;;
stop)

View File

@ -76,14 +76,17 @@
# listed address(es)
# shorewall allow <address> ... Reenable address(es) previously
# disabled with "drop" or "reject"
# shorewall save Save the list of "rejected" and
# shorewall save [ <file> ] Save the list of "rejected" and
# "dropped" addresses so that it will
# be automatically reinstated the
# next time that Shorewall starts.
# Save the current state so that 'shorewall
# restore' can be used.
#
# shorewall forget Discard the data saved by 'shorewall save'
# shorewall forget [ <file> ] Discard the data saved by 'shorewall save'
#
# shorewall restore [ <file> ] Restore the state of the firewall from
# previously saved information.
#
# shorewall ipaddr [ <address>/<cidr> | <address> <netmask> ]
#
@ -165,6 +168,8 @@ get_config() {
fi
fi
[ -n "$RESTOREFILE" ] || RESTOREFILE=restore
}
#
@ -535,7 +540,7 @@ help()
#
usage() # $1 = exit status
{
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] <command>"
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] [ -f ] <command>"
echo "where <command> is one of:"
echo " add <interface>[:<host>] <zone>"
echo " allow <address> ..."
@ -543,7 +548,7 @@ usage() # $1 = exit status
echo " clear"
echo " delete <interface>[:<host>] <zone>"
echo " drop <address> ..."
echo " forget"
echo " forget [ <file name> ]"
echo " help [ <command > | host | address ]"
echo " hits"
echo " ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
@ -554,8 +559,8 @@ usage() # $1 = exit status
echo " reject <address> ..."
echo " reset"
echo " restart"
echo " restore"
echo " save"
echo " restore [ <file name> ]"
echo " save [ <file name> ]"
echo " show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
echo " start"
echo " stop"
@ -735,11 +740,11 @@ case "$1" in
[ $# -ne 1 ] && usage 1
get_config
if [ -n "$FAST" ]; then
if [ -f /var/lib/shorewall/restore ]; then
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
echo Restoring Shorewall...
. /var/lib/shorewall/restore
/var/lib/shorewall/$RESTOREFILE
date > $STATEDIR/restarted
echo Shorewall restored
echo Shorewall restored from /var/lib/shorewall/$RESTOREFILE
else
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
fi
@ -964,9 +969,10 @@ case "$1" in
save)
[ -n "$debugging" ] && set -x
get_config
case $# in
1)
RESTOREFILE=restore
;;
2)
RESTOREFILE="$2"
@ -1004,9 +1010,9 @@ case "$1" in
mutex_off
;;
forget)
get_config
case $# in
1)
RESTOREFILE=restore
;;
2)
RESTOREFILE="$2"
@ -1016,9 +1022,11 @@ case "$1" in
;;
esac
if [ /var/lib/shorewall/$RESTOREFILE ]; then
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
rm -f /var/lib/shorewall/$RESTOREFILE
echo " /var/lib/shorewall/$RESTOREFILE removed"
elif [ -f /var/lib/shorewall/$RESTOREFILE ]; then
echo " ERROR: /var/lib/shorewall/$RESTOREFILE is not a restore script"
fi
;;
ipcalc)
@ -1057,9 +1065,9 @@ case "$1" in
esac
;;
restore)
get_config
case $# in
1)
RESTOREFILE=restore
;;
2)
RESTOREFILE="$2"

View File

@ -258,6 +258,22 @@ MODULESDIR=
# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
#
# RESTORE SCRIPT
#
# This option determines the script to be run in the following cases:
#
# shorewall -f start
# shorewall restore
# Failure of shorewall start or shorewall restart
#
# The value of the option must be the name of an executable file in the
# directory /var/lib/shorewall. If this option is not set or if it is
# set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is
# assumed.
RESTOREFILE=
################################################################################
# F I R E W A L L O P T I O N S
################################################################################