Add '-n' option to the 'try' command and add to help text

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2687 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/help

@@ -207,10 +207,11 @@ reset)
 	;;
 
 restart)
-	echo "restart: [ -q ] restart [ <configuration-directory> ]
+	echo "restart: [ -q ] [ -n ] restart [ <configuration-directory> ]
     Restart is the same as a shorewall stop && shorewall start.
     Existing connections are maintained.
-    If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
+    If \"-q\" is specified, less detain is displayed making it easier to spot warnings
+    If \"-n\" is specified, no changes to routing will be made"
 	;;
 
 safe-restart)
@@ -227,13 +228,15 @@ safe-start)
     ;;
 
 restore)
-	echo "restore: restore [ <file name> ]
+	echo "restore: restore [ -n ] [ <file name> ]
     Restore Shorewall to a state saved using the 'save' command
     Existing connections are maintained. The <file name> names a restore file in
     /var/lib/shorewall created using "shorewall save"; if no <file name> is given
     then Shorewall will be restored from the file specified by the RESTOREFILE
     option in shorewall.conf.
 
+    If \"-n\" is specified, no changes to routing will be made.
+
     See also \"help save\" and \"help forget\""
 	;;
 
@@ -279,22 +282,25 @@ show)
 	;;
 
 start)
-	echo "start: [ -q ] [ -f ] start [ <configuration-directory> ]
+	echo "start: [ -q ] [ -f ] [ -n ] start [ <configuration-directory> ]
     Start shorewall.  Existing connections through shorewall managed
     interfaces are untouched.  New connections will be allowed only
     if they are allowed by the firewall rules or policies.
     If \"-q\" is specified, less detail is displayed making it easier to spot warnings
     If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
     in shorewall.conf will be restored if that saved configuration exists. In that
-    case, a <configuration-directory> may not be specified".
+    case, a <configuration-directory> may not be specified.
+    If \"-n\" is specified, no changes to routing will be made".
 	;;
 
 stop)
-	echo "stop: stop
+	echo "stop: [ -n ] stop
     Stops the firewall.  All existing connections, except those
     listed in /etc/shorewall/routestopped, are taken down.
     The only new traffic permitted through the firewall
-    is from systems listed in /etc/shorewall/routestopped."
+    is from systems listed in /etc/shorewall/routestopped.
+
+    If \"-n\" is specified, no changes to routing will be made"
 	;;
 
 status)
@@ -327,12 +333,15 @@ trace)
 	;;
 
 try)
-	echo "try: try <configuration-directory> [ <timeout> ]
+	echo "try: try [ -n ] <configuration-directory> [ <timeout> ]
     Restart shorewall using the specified configuration.  If an error
     occurs during the restart, then another shorewall restart is performed
     using the default configuration.  If a timeout is specified then
     the restart is always performed after the timeout occurs and uses
-    the default configuration."
+    the default configuration.
+
+    The \"-n\" option will be passed down to the underlying commands (see
+    'start', 'stop', 'restart' and 'restore')"
 	;;
 
 version)

Shorewall/hosts

@@ -21,7 +21,8 @@
 #	are defined in /etc/shorewall/zones determines the order in
 #	which the records in this file are interpreted.
 #
-#	ZONE	- The name of a zone defined in /etc/shorewall/zones
+#	ZONE	- The name of a zone defined in /etc/shorewall/zones. You may
+#		  not list the firewall zone in this column.
 #
 #	HOST(S)	- The name of an interface  defined in the
 #		  /etc/shorewall/interfaces file followed by a colon (":") and

Shorewall/interfaces

@@ -8,8 +8,9 @@
 #
 # Columns are:
 #
-#	ZONE		Zone for this interface. Must match the short name
-#			of a zone defined in /etc/shorewall/zones.
+#	ZONE		Zone for this interface. Must match the name of a
+#			zone defined in /etc/shorewall/zones. You may not
+#			list the firewall zone in this column.
 #
 #			If the interface serves multiple zones that will be
 #			defined in the /etc/shorewall/hosts file, you should

Shorewall/proxyarp

@@ -9,9 +9,7 @@
 #
 #	ADDRESS		IP Address
 #
-#	INTERFACE	Local interface where system is connected. If the
-#			local interface is obvious from the subnetting,
-#			you may enter "-" in this column.
+#	INTERFACE	Local interface where system is connected.
 #
 #	EXTERNAL	External Interface to be used to access this system
 #

Shorewall/releasenotes.txt

@@ -27,6 +27,14 @@ New Features in 2.5.6:
 	   rm -rf /usr/share/shorewall-*.bkout
 	   rm -rf /var/lib/shorewall-*.bkout
 
+2)  A new '-n' option has been added to the "start", "restart",
+    "restore",  "stop" and "try" commands. This option instructs
+    Shorewall to not alter the routing in any way.
+
+    This option is useful when you have a multi-ISP environment because
+    it prevents the route cache from being flushed which preserves the
+    mapping of end-point address pairs to routes.
+
 Problems Corrected in 2.5.5:
 
 1)  The install script now installs the correct Makefile. Previously,

Shorewall/shorewall

@@ -592,6 +592,7 @@ IPT_OPTIONS="-nv"
 FAST=
 VERBOSE=
 NOROUTES=
+noroutes=
 
 done=0
 
@@ -1067,15 +1068,16 @@ case "$1" in
 	[ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\""
 	[ $# -lt 2 -o $# -gt 3 ] && usage 1
 	[ -n "$QUIET" ] && QUIET=-q
+	[ -n "$NOROUTES" ] && NOROUTES=-n
 	if ! $0 $debugging $QUIET -c $2 restart; then
 	    if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
-		$0 $QUIET start
+		$0 $QUIET $NOROUTES start
 	    fi
 	elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
-	    $0 $QUIET start
+	    $0 $QUIET $NOROUTES start
 	elif [ $# -eq 3 ]; then
 	    sleep $3
-	    $0 $QUIET restart
+	    $0 $QUIET $NOROUTES restart
 	fi
 	;;
     logwatch)
@@ -1285,6 +1287,7 @@ case "$1" in
 	    # the command is safe-start but the firewall is already running
 	    $0 nolock $debugging start
 	    ret=$?
+	    mutex_off
 	    exit 0
 	fi