Implement -c option to [re]load

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4818 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-14 19:54:06 +01:00 · 2006-11-09 15:57:58 +00:00 · 2006-11-09 15:57:58 +00:00 · 084063e760
commit 084063e760
parent bad66d0f1a
4 changed files with 39 additions and 9 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,4 +1,4 @@
-Changes in 3.3.4
+Changes in 3.3.5

 1)  Restore default route when there are no 'balance' providers.

@ -17,6 +17,8 @@ Changes in 3.3.4

 8)  Move DNAT/REDIRECT code to lib.base.

+9)  Implement -c option to [re]load command.
+
 Changes in 3.3.4

 1)  Make exclusion work with "show zones"
--- a/Shorewall/help
+++ b/Shorewall/help
@ -224,7 +224,7 @@ iprange)
 	;;

 load)
-	echo "load: load [ -s ] [ <directory> ] <system>
+	echo "load: load [ -s ] [ -c ] [ <directory> ] <system>
    If <directory> is omitted, then the current working directory is assumed.

    Requires that Shorewall Lite be installed on the named <system>.
@ -236,7 +236,10 @@ load)
    successfully, Shorewall Lite on <system> is started via ssh.

    If the -s option is given and Shorewall Lite starts successfully then
-    ssh is used to execute 'shorewall-lite save' on <system>"
+    ssh is used to execute 'shorewall-lite save' on <system>
+
+    If the -c option is given, Shorewall will capture the remote system's
+    capabilities to <directory>/capabilities before compiling"
 	;;

 logdrop)
@ -286,7 +289,7 @@ reset)
 	;;

 reload)
-	echo "reload: reload [ <directory> ] <system>
+	echo "reload: reload [ -s ] [ -c ] [ <directory> ] <system>
    If <directory> is omitted, then the current working directory is assumed.

    Requires that Shorewall Lite be installed on the named <system>.
@ -298,7 +301,10 @@ reload)
    successfully, Shorewall Lite on <system> is restarted via ssh.

    If the -s option is given and Shorewall Lite restarts successfully then
-    ssh is used to execute 'shorewall-lite save' on <system>"
+    ssh is used to execute 'shorewall-lite save' on <system>
+
+    If the -c option is given, Shorewall will capture the remote system's
+    capabilities to <directory>/capabilities before compiling"
 	;;

 restart)
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -58,6 +58,16 @@ Other Changes in 3.3.5.
    single file /etc/shorewall/Documentation. The documentation is in
    alphabetical order by file name.

+3)  The "shorewall [re]load" command now supports a "-c" option.
+
+    Example:
+
+	shorewall reload -c gateway
+
+    When -c is given, Shorewall will capture the capabilities of the
+    remote system to a file named "capabilities" in the export
+    directory before compiling the configuration.
+
 Migration Considerations:

 1)  Shorewall supports the notion of "default actions". A default
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -732,7 +732,7 @@ safe_commands() {
 #
 reload_command() # $* = original arguments less the command.
 {
-    local verbose=$(make_verbose) file= finished=0 saveit= result directory system
+    local verbose=$(make_verbose) file= finished=0 saveit= result directory system getcaps=

    [ -n "$LITEDIR" ] || { echo "   ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; }

@ -752,6 +752,10 @@ reload_command() # $* = original arguments less the command.
 			    saveit=Yes
 			    option=${option#s}
 			    ;;
+			c*)
+			    getcaps=Yes
+			    option=${option#c}
+			    ;;
 			*)
 			    usage 1
 			    ;;
@ -781,8 +785,16 @@ reload_command() # $* = original arguments less the command.

    file=$(resolve_file $directory/firewall)

+    if [ -n "$getcaps" ]; then
+	progress_message "Getting Capabilities on system $system..."
+	if ! ssh root@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \
+	   ! scp root@$system:${LITEDIR}/capabilities $directory; then
+	    echo "   ERROR: Capturing capabilities on system $system failed" >&2 && exit 2
+	fi
+    fi
+
    if shorewall $debugging $verbose compile -e $directory $directory/firewall && \
-	echo "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
+	progress_message "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
 	scp $directory/firewall $directory/firewall.conf root@${system}:${LITEDIR}
    then
 	echo "Copy complete"
@ -887,13 +899,13 @@ usage() # $1 = exit status
    echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
    echo "   ipdecimal { <address> | <integer> }"
    echo "   iprange <address>-<address>"
-    echo "   load [ -s ] [ <directory> ] <system>"
+    echo "   load [ -s ] [ -c ] [ <directory> ] <system>"
    echo "   logdrop <address> ..."
    echo "   logreject <address> ..."
    echo "   logwatch [<refresh interval>]"
    echo "   refresh"
    echo "   reject <address> ..."
-    echo "   reload [ -s ] [ <directory> ] <system>"
+    echo "   reload [ -s ] [ -c ] [ <directory> ] <system>"
    echo "   reset"
    echo "   restart [ -n ] [ <directory> ]"
    echo "   restore [ -n ] [ <file name> ]"