mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-23 16:13:18 +01:00
Updates to RESTOREFILE implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1390 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
255ad5c10d
commit
0258b32d2c
@ -1251,10 +1251,10 @@ stop_firewall() {
|
||||
|
||||
[ -z "$RESTOREFILE" ] && RESTOREFILE=restore
|
||||
|
||||
if [ -f /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
echo Restoring Shorewall...
|
||||
. /var/lib/shorewall/$RESTOREFILE
|
||||
echo Shorewall restored
|
||||
/var/lib/shorewall/$RESTOREFILE
|
||||
echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
|
||||
my_mutex_off
|
||||
kill $$
|
||||
exit 2
|
||||
|
@ -117,9 +117,9 @@ drop)
|
||||
;;
|
||||
|
||||
forget)
|
||||
echo "forget: forget
|
||||
Deletes /var/lib/shorewall/save and /var/lib/shorewall/restore. Those
|
||||
files are created by the 'shorewall save' command
|
||||
echo "forget: forget [ <file name> ]
|
||||
Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
|
||||
the file specified by RESTOREFILE in shorewall.conf is removed.
|
||||
|
||||
See also \"help save\""
|
||||
;;
|
||||
@ -194,18 +194,22 @@ restart)
|
||||
;;
|
||||
|
||||
restore)
|
||||
echo "restore: restore
|
||||
Restore Shorewall to its last state saved using the 'save' command
|
||||
Existing connections are maintained.
|
||||
echo "restore: restore [ <file name> ]
|
||||
Restore Shorewall to a state saved using the 'save' command
|
||||
Existing connections are maintained. The <file name> names a restore file in
|
||||
/var/lib/shorewall created using "shorewall save"; if no <file name> is given
|
||||
then Shorewall will be restored from the file specified by the RESTOREFILE
|
||||
option in shorewall.conf.
|
||||
|
||||
See also \"help save\" and \"help forget\""
|
||||
;;
|
||||
|
||||
save)
|
||||
echo "save: save
|
||||
echo "save: save [ <file name> ]
|
||||
The dynamic data is stored in /var/lib/shorewall/save. The state of the
|
||||
firewall is stored in /var/lib/shorewall/restore for use by the 'shorewall restore'
|
||||
and 'shorewall -f start' commands.
|
||||
firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
|
||||
and 'shorewall -f start' commands. If <file name> is not given then the state is saved
|
||||
in the file specified by the RESTOREFILE option in shorewall.conf.
|
||||
|
||||
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
|
||||
|
||||
@ -240,8 +244,9 @@ start)
|
||||
Start shorewall. Existing connections through shorewall managed
|
||||
interfaces are untouched. New connections will be allowed only
|
||||
if they are allowed by the firewall rules or policies.
|
||||
If \"-q\" is specified, less detain is displayed making it easier to spot warnings
|
||||
If \"-f\" is specified, the last saved configuraton if any will be restored"
|
||||
If \"-q\" is specified, less detail is displayed making it easier to spot warnings
|
||||
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
|
||||
in shorewall.conf will be restored if that saved configuration exists"
|
||||
;;
|
||||
|
||||
stop)
|
||||
|
@ -76,14 +76,17 @@
|
||||
# listed address(es)
|
||||
# shorewall allow <address> ... Reenable address(es) previously
|
||||
# disabled with "drop" or "reject"
|
||||
# shorewall save Save the list of "rejected" and
|
||||
# shorewall save [ <file> ] Save the list of "rejected" and
|
||||
# "dropped" addresses so that it will
|
||||
# be automatically reinstated the
|
||||
# next time that Shorewall starts.
|
||||
# Save the current state so that 'shorewall
|
||||
# restore' can be used.
|
||||
#
|
||||
# shorewall forget Discard the data saved by 'shorewall save'
|
||||
# shorewall forget [ <file> ] Discard the data saved by 'shorewall save'
|
||||
#
|
||||
# shorewall restore [ <file> ] Restore the state of the firewall from
|
||||
# previously saved information.
|
||||
#
|
||||
# shorewall ipaddr [ <address>/<cidr> | <address> <netmask> ]
|
||||
#
|
||||
@ -165,6 +168,8 @@ get_config() {
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -n "$RESTOREFILE" ] || RESTOREFILE=restore
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -535,7 +540,7 @@ help()
|
||||
#
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] <command>"
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] [ -f ] <command>"
|
||||
echo "where <command> is one of:"
|
||||
echo " add <interface>[:<host>] <zone>"
|
||||
echo " allow <address> ..."
|
||||
@ -543,7 +548,7 @@ usage() # $1 = exit status
|
||||
echo " clear"
|
||||
echo " delete <interface>[:<host>] <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " forget"
|
||||
echo " forget [ <file name> ]"
|
||||
echo " help [ <command > | host | address ]"
|
||||
echo " hits"
|
||||
echo " ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
|
||||
@ -554,8 +559,8 @@ usage() # $1 = exit status
|
||||
echo " reject <address> ..."
|
||||
echo " reset"
|
||||
echo " restart"
|
||||
echo " restore"
|
||||
echo " save"
|
||||
echo " restore [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
|
||||
echo " start"
|
||||
echo " stop"
|
||||
@ -735,11 +740,11 @@ case "$1" in
|
||||
[ $# -ne 1 ] && usage 1
|
||||
get_config
|
||||
if [ -n "$FAST" ]; then
|
||||
if [ -f /var/lib/shorewall/restore ]; then
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
echo Restoring Shorewall...
|
||||
. /var/lib/shorewall/restore
|
||||
/var/lib/shorewall/$RESTOREFILE
|
||||
date > $STATEDIR/restarted
|
||||
echo Shorewall restored
|
||||
echo Shorewall restored from /var/lib/shorewall/$RESTOREFILE
|
||||
else
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
|
||||
fi
|
||||
@ -964,9 +969,10 @@ case "$1" in
|
||||
save)
|
||||
[ -n "$debugging" ] && set -x
|
||||
|
||||
get_config
|
||||
|
||||
case $# in
|
||||
1)
|
||||
RESTOREFILE=restore
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
@ -1004,9 +1010,9 @@ case "$1" in
|
||||
mutex_off
|
||||
;;
|
||||
forget)
|
||||
get_config
|
||||
case $# in
|
||||
1)
|
||||
RESTOREFILE=restore
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
@ -1016,9 +1022,11 @@ case "$1" in
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
rm -f /var/lib/shorewall/$RESTOREFILE
|
||||
echo " /var/lib/shorewall/$RESTOREFILE removed"
|
||||
elif [ -f /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
echo " ERROR: /var/lib/shorewall/$RESTOREFILE is not a restore script"
|
||||
fi
|
||||
;;
|
||||
ipcalc)
|
||||
@ -1057,9 +1065,9 @@ case "$1" in
|
||||
esac
|
||||
;;
|
||||
restore)
|
||||
get_config
|
||||
case $# in
|
||||
1)
|
||||
RESTOREFILE=restore
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
|
@ -258,6 +258,22 @@ MODULESDIR=
|
||||
# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
|
||||
|
||||
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
||||
|
||||
#
|
||||
# RESTORE SCRIPT
|
||||
#
|
||||
# This option determines the script to be run in the following cases:
|
||||
#
|
||||
# shorewall -f start
|
||||
# shorewall restore
|
||||
# Failure of shorewall start or shorewall restart
|
||||
#
|
||||
# The value of the option must be the name of an executable file in the
|
||||
# directory /var/lib/shorewall. If this option is not set or if it is
|
||||
# set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is
|
||||
# assumed.
|
||||
|
||||
RESTOREFILE=
|
||||
################################################################################
|
||||
# F I R E W A L L O P T I O N S
|
||||
################################################################################
|
||||
|
Loading…
Reference in New Issue
Block a user