extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement the 'savesets' command

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-03-17 10:03:12 -07:00
parent fdc36747ad
commit 0c11870e46
8 changed files with 131 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall-core/lib.cli
View File

@ -375,7 +375,18 @@ savesets() {
supported=$(run_it ${VARDIR}/firewall help | fgrep savesets ) supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
[ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets [ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${g_restorepath}-ipsets
}
#
# Proactive save of the current ipset contents
#
savesets1() {
local supported
supported=$(run_it ${VARDIR}/firewall help | fgrep savesets )
[ -n "$supported" ] && run_it ${VARDIR}/firewall savesets ${VARDIR}/ipsets.save && progress_message3 "The ipsets have been saved to ${VARDIR}/ipsets.save"
} }
# #
@ -3823,6 +3834,7 @@ usage() # $1 = exit status
echo " restore [ -n ] [ -p ] [ -C ] [ <file name> ]" echo " restore [ -n ] [ -p ] [ -C ] [ <file name> ]"
echo " run <command> [ <parameter> ... ]" echo " run <command> [ <parameter> ... ]"
echo " save [ -C ] [ <file name> ]" echo " save [ -C ] [ <file name> ]"
echo " savesets"
echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]" echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
echo " [ show | list | ls ] [ -f ] capabilities" echo " [ show | list | ls ] [ -f ] capabilities"
echo " [ show | list | ls ] arptables" echo " [ show | list | ls ] arptables"
@ -4220,6 +4232,12 @@ shorewall_cli() {
shift shift
noiptrace_command $@ noiptrace_command $@
;; ;;
savesets)
[ $# -eq 1 ] || usage 1
get_config
[ -n "$g_debugging" ] && set -x
savesets1
;;
*) *)
if [ -z "$g_lite" ]; then if [ -z "$g_lite" ]; then
compiler_command $@ compiler_command $@

25
Shorewall-lite/manpages/shorewall-lite.xml
View File

@ -374,6 +374,17 @@
<arg choice="opt"><replaceable>filename</replaceable></arg> <arg choice="opt"><replaceable>filename</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall-lite</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>savesets</option></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall-lite</command> <command>shorewall-lite</command>
@ -1002,6 +1013,20 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">savesets</emphasis></term>
<listitem>
<para>Added in shorewall 4.6.8. Performs the same action as the
<command>stop</command> command with respect to saving ipsets (see
the SAVE_IPSETS option in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
This command may be used to proactively save your ipset contents in
the event that a system failure occurs prior to issuing a
<command>stop</command> command.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">show</emphasis></term> <term><emphasis role="bold">show</emphasis></term>

13
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -8048,7 +8048,7 @@ sub create_save_ipsets() {
if ( @ipsets || @{$globals{SAVED_IPSETS}} || ( $config{SAVE_IPSETS} && have_ipset_rules ) ) { if ( @ipsets || @{$globals{SAVED_IPSETS}} || ( $config{SAVE_IPSETS} && have_ipset_rules ) ) {
emit( ' local file' , emit( ' local file' ,
'', '',
' file=$1' ' file=${1:-${VARDIR}/save.ipsets}'
); );
if ( @ipsets ) { if ( @ipsets ) {
@ -8074,7 +8074,9 @@ sub create_save_ipsets() {
emit( '', emit( '',
" for set in \$(\$IPSET save | grep '$select' | cut -d' ' -f2); do" , " for set in \$(\$IPSET save | grep '$select' | cut -d' ' -f2); do" ,
" \$IPSET save \$set >> \$file" , " \$IPSET save \$set >> \$file" ,
" done" ); " done" ,
'',
);
} else { } else {
emit ( '' , emit ( '' ,
' if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' , ' if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then' ,
@ -8091,7 +8093,9 @@ sub create_save_ipsets() {
' fi' ); ' fi' );
} }
emit("}\n" ); emit( " return 0",
'',
"}\n" );
} elsif ( @ipsets || $globals{SAVED_IPSETS} ) { } elsif ( @ipsets || $globals{SAVED_IPSETS} ) {
emit( '' , emit( '' ,
' rm -f ${VARDIR}/ipsets.tmp' , ' rm -f ${VARDIR}/ipsets.tmp' ,
@ -8113,10 +8117,13 @@ sub create_save_ipsets() {
emit( '' , emit( '' ,
" grep -qE -- \"(-N|^create )\" \${VARDIR}/ipsets.tmp && cat \${VARDIR}/ipsets.tmp >> \$file\n" , " grep -qE -- \"(-N|^create )\" \${VARDIR}/ipsets.tmp && cat \${VARDIR}/ipsets.tmp >> \$file\n" ,
'' , '' ,
' return 0',
'' ,
"}\n" ); "}\n" );
} }
} elsif ( $config{SAVE_IPSETS} ) { } elsif ( $config{SAVE_IPSETS} ) {
emit( ' error_message "WARNING: No ipsets were saved"', emit( ' error_message "WARNING: No ipsets were saved"',
' return 1',
"}\n" ); "}\n" );
} else { } else {
emit( ' true', emit( ' true',

1
Shorewall/Perl/prog.footer
View File

@ -407,6 +407,7 @@ case "$COMMAND" in
savesets) savesets)
if [ $# -eq 2 ]; then if [ $# -eq 2 ]; then
save_ipsets $2 save_ipsets $2
status=$?
else else
usage 2 usage 2
fi fi

1
Shorewall/lib.cli-std
View File

@ -1691,6 +1691,7 @@ usage() # $1 = exit status
echo " safe-restart [ -t <timeout> ] [ <directory> ]" echo " safe-restart [ -t <timeout> ] [ <directory> ]"
echo " safe-start [ -t <timeout> ] [ <directory> ]" echo " safe-start [ -t <timeout> ] [ <directory> ]"
echo " save [ -C ] [ <file name> ]" echo " save [ -C ] [ <file name> ]"
echo " savesets"
echo " [ show | list | ls ] [ -x ] [ -t {filter|mangle|nat|raw|rawpost} ] [ {chain [<chain> [ <chain> ... ]" echo " [ show | list | ls ] [ -x ] [ -t {filter|mangle|nat|raw|rawpost} ] [ {chain [<chain> [ <chain> ... ]"
echo " [ show | list | ls ] actions" echo " [ show | list | ls ] actions"
echo " [ show | list | ls ] [ -x ] {bl|blacklists}" echo " [ show | list | ls ] [ -x ] {bl|blacklists}"

25
Shorewall/manpages/shorewall.xml
View File

@ -554,6 +554,17 @@
<arg choice="opt"><replaceable>filename</replaceable></arg> <arg choice="opt"><replaceable>filename</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>savesets</option></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall</command> <command>shorewall</command>
@ -1658,6 +1669,20 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">savesets</emphasis></term>
<listitem>
<para>Added in shorewall 4.6.8. Performs the same action as the
<command>stop</command> command with respect to saving ipsets (see
the SAVE_IPSETS option in <ulink
url="/manpages/shorewall.conf.html">shorewall.conf</ulink> (5)).
This command may be used to proactively save your ipset contents in
the event that a system failure occurs prior to issuing a
<command>stop</command> command.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">show</emphasis></term> <term><emphasis role="bold">show</emphasis></term>

25
Shorewall6-lite/manpages/shorewall6-lite.xml
View File

@ -396,6 +396,17 @@
<arg choice="opt"><replaceable>filename</replaceable></arg> <arg choice="opt"><replaceable>filename</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall6-lite</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>savesets</option></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6-lite</command> <command>shorewall6-lite</command>
@ -1032,6 +1043,20 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">savesets</emphasis></term>
<listitem>
<para>Added in shorewall 4.6.8. Performs the same action as the
<command>stop</command> command with respect to saving ipsets (see
the SAVE_IPSETS option in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5)).
This command may be used to proactively save your ipset contents in
the event that a system failure occurs prior to issuing a
<command>stop</command> command.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">show</emphasis></term> <term><emphasis role="bold">show</emphasis></term>

25
Shorewall6/manpages/shorewall6.xml
View File

@ -512,6 +512,17 @@
<arg choice="opt"><replaceable>filename</replaceable></arg> <arg choice="opt"><replaceable>filename</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall6</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>savesets</option></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall6</command> <command>shorewall6</command>
@ -1561,6 +1572,20 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">savesets</emphasis></term>
<listitem>
<para>Added in shorewall 4.6.8. Performs the same action as the
<command>stop</command> command with respect to saving ipsets (see
the SAVE_IPSETS option in <ulink
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5)).
This command may be used to proactively save your ipset contents in
the event that a system failure occurs prior to issuing a
<command>stop</command> command.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">show</emphasis></term> <term><emphasis role="bold">show</emphasis></term>