From 084063e760c9f34c8db0f770418868b4f283f44d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 9 Nov 2006 15:57:58 +0000
Subject: [PATCH] Implement -c option to [re]load

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4818 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    |  4 +++-
 Shorewall/help             | 14 ++++++++++----
 Shorewall/releasenotes.txt | 10 ++++++++++
 Shorewall/shorewall        | 20 ++++++++++++++++----
 4 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index a78137718..a37999c8f 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,4 +1,4 @@
-Changes in 3.3.4
+Changes in 3.3.5
 
 1)  Restore default route when there are no 'balance' providers.
 
@@ -17,6 +17,8 @@ Changes in 3.3.4
 
 8)  Move DNAT/REDIRECT code to lib.base.
 
+9)  Implement -c option to [re]load command.
+
 Changes in 3.3.4
 
 1)  Make exclusion work with "show zones"
diff --git a/Shorewall/help b/Shorewall/help
index 71de30a32..53e34bfd5 100755
--- a/Shorewall/help
+++ b/Shorewall/help
@@ -224,7 +224,7 @@ iprange)
 	;;
 
 load)
-	echo "load: load [ -s ] [ <directory> ] <system>
+	echo "load: load [ -s ] [ -c ] [ <directory> ] <system>
     If <directory> is omitted, then the current working directory is assumed.
 
     Requires that Shorewall Lite be installed on the named <system>.
@@ -236,7 +236,10 @@ load)
     successfully, Shorewall Lite on <system> is started via ssh.
 
     If the -s option is given and Shorewall Lite starts successfully then
-    ssh is used to execute 'shorewall-lite save' on <system>"
+    ssh is used to execute 'shorewall-lite save' on <system>
+
+    If the -c option is given, Shorewall will capture the remote system's
+    capabilities to <directory>/capabilities before compiling"
 	;;
 
 logdrop)
@@ -286,7 +289,7 @@ reset)
 	;;
 
 reload)
-	echo "reload: reload [ <directory> ] <system>
+	echo "reload: reload [ -s ] [ -c ] [ <directory> ] <system>
     If <directory> is omitted, then the current working directory is assumed.
 
     Requires that Shorewall Lite be installed on the named <system>.
@@ -298,7 +301,10 @@ reload)
     successfully, Shorewall Lite on <system> is restarted via ssh.
 
     If the -s option is given and Shorewall Lite restarts successfully then
-    ssh is used to execute 'shorewall-lite save' on <system>"
+    ssh is used to execute 'shorewall-lite save' on <system>
+
+    If the -c option is given, Shorewall will capture the remote system's
+    capabilities to <directory>/capabilities before compiling"
 	;;
 
 restart)
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 30544017d..2ad84917d 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -58,6 +58,16 @@ Other Changes in 3.3.5.
     single file /etc/shorewall/Documentation. The documentation is in
     alphabetical order by file name.
 
+3)  The "shorewall [re]load" command now supports a "-c" option.
+
+    Example:
+
+	shorewall reload -c gateway
+
+    When -c is given, Shorewall will capture the capabilities of the
+    remote system to a file named "capabilities" in the export
+    directory before compiling the configuration.
+
 Migration Considerations:
 
 1)  Shorewall supports the notion of "default actions". A default
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 918da3ce5..48f460380 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -732,7 +732,7 @@ safe_commands() {
 #
 reload_command() # $* = original arguments less the command.
 {
-    local verbose=$(make_verbose) file= finished=0 saveit= result directory system
+    local verbose=$(make_verbose) file= finished=0 saveit= result directory system getcaps=
 
     [ -n "$LITEDIR" ] || { echo "   ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; }
 
@@ -752,6 +752,10 @@ reload_command() # $* = original arguments less the command.
 			    saveit=Yes
 			    option=${option#s}
 			    ;;
+			c*)
+			    getcaps=Yes
+			    option=${option#c}
+			    ;;
 			*)
 			    usage 1
 			    ;;
@@ -781,8 +785,16 @@ reload_command() # $* = original arguments less the command.
 
     file=$(resolve_file $directory/firewall)
 
+    if [ -n "$getcaps" ]; then
+	progress_message "Getting Capabilities on system $system..."
+	if ! ssh root@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \
+	   ! scp root@$system:${LITEDIR}/capabilities $directory; then
+	    echo "   ERROR: Capturing capabilities on system $system failed" >&2 && exit 2
+	fi
+    fi
+
     if shorewall $debugging $verbose compile -e $directory $directory/firewall && \
-	echo "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
+	progress_message "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
 	scp $directory/firewall $directory/firewall.conf root@${system}:${LITEDIR}
     then
 	echo "Copy complete"
@@ -887,13 +899,13 @@ usage() # $1 = exit status
     echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
     echo "   ipdecimal { <address> | <integer> }"
     echo "   iprange <address>-<address>"
-    echo "   load [ -s ] [ <directory> ] <system>"
+    echo "   load [ -s ] [ -c ] [ <directory> ] <system>"
     echo "   logdrop <address> ..."
     echo "   logreject <address> ..."
     echo "   logwatch [<refresh interval>]"
     echo "   refresh"
     echo "   reject <address> ..."
-    echo "   reload [ -s ] [ <directory> ] <system>"
+    echo "   reload [ -s ] [ -c ] [ <directory> ] <system>"
     echo "   reset"
     echo "   restart [ -n ] [ <directory> ]"
     echo "   restore [ -n ] [ <file name> ]"