Updates to RESTOREFILE implementation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1390 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/firewall

@@ -1251,10 +1251,10 @@ stop_firewall() {
 
 	    [ -z "$RESTOREFILE" ] && RESTOREFILE=restore
 	    
-	    if [ -f /var/lib/shorewall/$RESTOREFILE ]; then
+	    if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
 		echo Restoring Shorewall...
-		. /var/lib/shorewall/$RESTOREFILE
+		/var/lib/shorewall/$RESTOREFILE
-		echo Shorewall restored
+		echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
 		my_mutex_off
 		kill $$
 		exit 2

Shorewall2/help

@@ -117,9 +117,9 @@ drop)
 	;;
 
 forget)
-	echo "forget: forget
+	echo "forget: forget [ <file name> ]
-    Deletes /var/lib/shorewall/save and /var/lib/shorewall/restore. Those
+    Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
-    files are created by the 'shorewall save' command
+    the file specified by RESTOREFILE in shorewall.conf is removed.
 
     See also \"help save\""
 	;;
@@ -194,18 +194,22 @@ restart)
 	;;
 
 restore)
-	echo "restore: restore
+	echo "restore: restore [ <file name> ]
-    Restore Shorewall to its last state saved using the 'save' command
+    Restore Shorewall to a state saved using the 'save' command
-    Existing connections are maintained.
+    Existing connections are maintained. The <file name> names a restore file in 
+    /var/lib/shorewall created using "shorewall save"; if no <file name> is given 
+    then Shorewall will be restored from the file specified by the RESTOREFILE
+    option in shorewall.conf.
 
     See also \"help save\" and \"help forget\""
 	;;
 
 save)
-	echo "save: save
+	echo "save: save [ <file name> ]
     The dynamic data is stored in /var/lib/shorewall/save. The state of the 
-    firewall is stored in /var/lib/shorewall/restore for use by the 'shorewall restore'
+    firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
-    and 'shorewall -f start' commands.
+    and 'shorewall -f start' commands. If <file name> is not given then the state is saved
+    in the file specified by the RESTOREFILE option in shorewall.conf.
 
     Shorewall allow, drop, rejct and save implement dynamic blacklisting.
 
@@ -240,8 +244,9 @@ start)
     Start shorewall.  Existing connections through shorewall managed
     interfaces are untouched.  New connections will be allowed only
     if they are allowed by the firewall rules or policies.
-    If \"-q\" is specified, less detain is displayed making it easier to spot warnings
+    If \"-q\" is specified, less detail is displayed making it easier to spot warnings
-    If \"-f\" is specified, the last saved configuraton if any will be restored"
+    If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
+    in shorewall.conf will be restored if that saved configuration exists"
 	;;
 
 stop)

Shorewall2/shorewall

@@ -76,14 +76,17 @@
 #						   listed address(es)
 #	   shorewall allow <address> ...	   Reenable address(es) previously
 #						   disabled with "drop" or "reject"
-#	   shorewall save			   Save the list of "rejected" and
+#	   shorewall save [ <file> ]		   Save the list of "rejected" and
 #						   "dropped" addresses so that it will
 #						   be automatically reinstated the
 #						   next time that Shorewall starts.
 #                                                  Save the current state so that 'shorewall
 #                                                  restore' can be used.
 #
-#          shorewall forget                        Discard the data saved by 'shorewall save'
+#          shorewall forget [ <file> ]             Discard the data saved by 'shorewall save'
+#
+#          shorewall restore [ <file> ]            Restore the state of the firewall from
+#                                                  previously saved information.
 #
 #          shorewall ipaddr [ <address>/<cidr> | <address> <netmask> ]
 #
@@ -165,6 +168,8 @@ get_config() {
 	fi
     fi
 
+    [ -n "$RESTOREFILE" ] || RESTOREFILE=restore
+
 }
 
 #
@@ -535,7 +540,7 @@ help()
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] [ -f ] <command>"
     echo "where <command> is one of:"
     echo "   add <interface>[:<host>] <zone>"
     echo "   allow <address> ..."
@@ -543,7 +548,7 @@ usage() # $1 = exit status
     echo "   clear"
     echo "   delete <interface>[:<host>] <zone>"
     echo "   drop <address> ..."
-    echo "   forget"
+    echo "   forget [ <file name> ]"
     echo "   help [ <command > | host | address ]"
     echo "   hits"
     echo "   ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
@@ -554,8 +559,8 @@ usage() # $1 = exit status
     echo "   reject <address> ..."
     echo "   reset"
     echo "   restart"
-    echo "   restore"
+    echo "   restore [ <file name> ]"
-    echo "   save"
+    echo "   save [ <file name> ]"
     echo "   show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
     echo "   start"
     echo "   stop"
@@ -735,11 +740,11 @@ case "$1" in
 	[ $# -ne 1 ] && usage 1
 	get_config
 	if [ -n "$FAST" ]; then
-	    if [ -f /var/lib/shorewall/restore ]; then
+	    if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
 		echo Restoring Shorewall...
-		. /var/lib/shorewall/restore
+		/var/lib/shorewall/$RESTOREFILE
 		date > $STATEDIR/restarted
-		echo Shorewall restored
+		echo Shorewall restored from /var/lib/shorewall/$RESTOREFILE
 	    else
 		exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
 	    fi
@@ -964,9 +969,10 @@ case "$1" in
     save)
     	[ -n "$debugging" ] && set -x
 
+	get_config
+
 	case $# in
 	1)
-	    RESTOREFILE=restore
 	    ;;
 	2)
 	    RESTOREFILE="$2"
@@ -1004,9 +1010,9 @@ case "$1" in
 	mutex_off
 	;;
     forget)
+	get_config
 	case $# in
 	1)
-	    RESTOREFILE=restore
 	    ;;
 	2)
 	    RESTOREFILE="$2"
@@ -1016,9 +1022,11 @@ case "$1" in
 	    ;;
 	esac
 
-	if [ /var/lib/shorewall/$RESTOREFILE ]; then
+	if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
 	    rm -f /var/lib/shorewall/$RESTOREFILE
 	    echo "    /var/lib/shorewall/$RESTOREFILE removed"
+	elif [ -f /var/lib/shorewall/$RESTOREFILE ]; then
+	    echo "   ERROR: /var/lib/shorewall/$RESTOREFILE is not a restore script"
 	fi
 	;;
     ipcalc)
@@ -1057,9 +1065,9 @@ case "$1" in
 	esac
 	;;
     restore)
+	get_config
 	case $# in
 	1)
-	    RESTOREFILE=restore
 	    ;;
 	2)
 	    RESTOREFILE="$2"

Shorewall2/shorewall.conf

@@ -258,6 +258,22 @@ MODULESDIR=
 # CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
 
 CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+
+#
+# RESTORE SCRIPT
+#
+# This option determines the script to be run in the following cases:
+#
+#	shorewall -f start
+#	shorewall restore
+#	Failure of shorewall start or shorewall restart
+#
+# The value of the option must be the name of an executable file in the
+# directory /var/lib/shorewall. If this option is not set or if it is
+# set to the empty value (RESTOREFILE="") then RESTOREFILE=restore is
+# assumed.
+
+RESTOREFILE=
 ################################################################################
 #                       F I R E W A L L   O P T I O N S
 ################################################################################