extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-22 21:48:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement -c option to [re]load

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4818 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-09 15:57:58 +00:00
parent bad66d0f1a
commit 084063e760
4 changed files with 39 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -1,4 +1,4 @@
Changes in 3.3.4 Changes in 3.3.5
1) Restore default route when there are no 'balance' providers. 1) Restore default route when there are no 'balance' providers.
@ -17,6 +17,8 @@ Changes in 3.3.4
8) Move DNAT/REDIRECT code to lib.base. 8) Move DNAT/REDIRECT code to lib.base.
9) Implement -c option to [re]load command.
Changes in 3.3.4 Changes in 3.3.4
1) Make exclusion work with "show zones" 1) Make exclusion work with "show zones"

14
Shorewall/help
View File

@ -224,7 +224,7 @@ iprange)
;; ;;
load) load)
echo "load: load [ -s ] [ <directory> ] <system> echo "load: load [ -s ] [ -c ] [ <directory> ] <system>
If <directory> is omitted, then the current working directory is assumed. If <directory> is omitted, then the current working directory is assumed.
Requires that Shorewall Lite be installed on the named <system>. Requires that Shorewall Lite be installed on the named <system>.
@ -236,7 +236,10 @@ load)
successfully, Shorewall Lite on <system> is started via ssh. successfully, Shorewall Lite on <system> is started via ssh.
If the -s option is given and Shorewall Lite starts successfully then If the -s option is given and Shorewall Lite starts successfully then
ssh is used to execute 'shorewall-lite save' on <system>" ssh is used to execute 'shorewall-lite save' on <system>
If the -c option is given, Shorewall will capture the remote system's
capabilities to <directory>/capabilities before compiling"
;; ;;
logdrop) logdrop)
@ -286,7 +289,7 @@ reset)
;; ;;
reload) reload)
echo "reload: reload [ <directory> ] <system> echo "reload: reload [ -s ] [ -c ] [ <directory> ] <system>
If <directory> is omitted, then the current working directory is assumed. If <directory> is omitted, then the current working directory is assumed.
Requires that Shorewall Lite be installed on the named <system>. Requires that Shorewall Lite be installed on the named <system>.
@ -298,7 +301,10 @@ reload)
successfully, Shorewall Lite on <system> is restarted via ssh. successfully, Shorewall Lite on <system> is restarted via ssh.
If the -s option is given and Shorewall Lite restarts successfully then If the -s option is given and Shorewall Lite restarts successfully then
ssh is used to execute 'shorewall-lite save' on <system>" ssh is used to execute 'shorewall-lite save' on <system>
If the -c option is given, Shorewall will capture the remote system's
capabilities to <directory>/capabilities before compiling"
;; ;;
restart) restart)

10
Shorewall/releasenotes.txt
View File

@ -58,6 +58,16 @@ Other Changes in 3.3.5.
single file /etc/shorewall/Documentation. The documentation is in single file /etc/shorewall/Documentation. The documentation is in
alphabetical order by file name. alphabetical order by file name.
3) The "shorewall [re]load" command now supports a "-c" option.
Example:
shorewall reload -c gateway
When -c is given, Shorewall will capture the capabilities of the
remote system to a file named "capabilities" in the export
directory before compiling the configuration.
Migration Considerations: Migration Considerations:
1) Shorewall supports the notion of "default actions". A default 1) Shorewall supports the notion of "default actions". A default

20
Shorewall/shorewall
View File

@ -732,7 +732,7 @@ safe_commands() {
# #
reload_command() # $* = original arguments less the command. reload_command() # $* = original arguments less the command.
{ {
local verbose=$(make_verbose) file= finished=0 saveit= result directory system local verbose=$(make_verbose) file= finished=0 saveit= result directory system getcaps=
[ -n "$LITEDIR" ] || { echo " ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; } [ -n "$LITEDIR" ] || { echo " ERROR: LITEDIR not defined in ${SHAREDIR}/configpath" >&2; exit 2; }
@ -752,6 +752,10 @@ reload_command() # $* = original arguments less the command.
saveit=Yes saveit=Yes
option=${option#s} option=${option#s}
;; ;;
c*)
getcaps=Yes
option=${option#c}
;;
*) *)
usage 1 usage 1
;; ;;
@ -781,8 +785,16 @@ reload_command() # $* = original arguments less the command.
file=$(resolve_file $directory/firewall) file=$(resolve_file $directory/firewall)
if [ -n "$getcaps" ]; then
progress_message "Getting Capabilities on system $system..."
if ! ssh root@${system} "/sbin/shorewall-lite show -f capabilities > ${LITEDIR}/capabilities" || \
! scp root@$system:${LITEDIR}/capabilities $directory; then
echo " ERROR: Capturing capabilities on system $system failed" >&2 && exit 2
fi
fi
if shorewall $debugging $verbose compile -e $directory $directory/firewall && \ if shorewall $debugging $verbose compile -e $directory $directory/firewall && \
echo "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \ progress_message "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \
scp $directory/firewall $directory/firewall.conf root@${system}:${LITEDIR} scp $directory/firewall $directory/firewall.conf root@${system}:${LITEDIR}
then then
echo "Copy complete" echo "Copy complete"
@ -887,13 +899,13 @@ usage() # $1 = exit status
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
echo " ipdecimal { <address> | <integer> }" echo " ipdecimal { <address> | <integer> }"
echo " iprange <address>-<address>" echo " iprange <address>-<address>"
echo " load [ -s ] [ <directory> ] <system>" echo " load [ -s ] [ -c ] [ <directory> ] <system>"
echo " logdrop <address> ..." echo " logdrop <address> ..."
echo " logreject <address> ..." echo " logreject <address> ..."
echo " logwatch [<refresh interval>]" echo " logwatch [<refresh interval>]"
echo " refresh" echo " refresh"
echo " reject <address> ..." echo " reject <address> ..."
echo " reload [ -s ] [ <directory> ] <system>" echo " reload [ -s ] [ -c ] [ <directory> ] <system>"
echo " reset" echo " reset"
echo " restart [ -n ] [ <directory> ]" echo " restart [ -n ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"