Refresh also refreshes traffic control/shaping

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -1,17 +1,6 @@
-Changes since 1.3.10
+Changes since 1.3.11
 
-1. Added TCP flags checking.
+1. Fixed DNAT/REDIRECT bug with excluded sub-zones.
 
-2. Accomodate bash clones like dash and ash
+2. "shorewall refresh" now refreshes the traffic shaping rules
 
-3. Added some comments in the policy chain creation/population logic.
-
-4. Check for fw->fw rules.
-
-5. Allow 'all' in rules.
-
-6. Add reverse GRE rules for PPTP server and clients.
-
-7. Add warning to tcrules file.
-
-8. Add warning to policy file that fw->fw policies aren't allowed.

Shorewall/firewall

@@ -212,6 +212,22 @@ havechain() # $1 = name of chain
     eval test \"\$${1}_exists\" = Yes
 }
 
+#
+# Query NetFilter about the existence of a filter chain
+#
+chain_exists() # $1 = chain name
+{
+    qt iptables -L $1 -n
+}
+	
+#
+# Query NetFilter about the existence of a mangle chain
+#
+mangle_chain_exists() # $1 = chain name
+{
+    qt iptables -t mangle -L $1 -n
+}
+	
 #
 # Ensure that a chain exists (create it if it doesn't)
 #
@@ -1639,10 +1655,7 @@ process_tc_rule()
 #
 # Setup queuing and classes
 #
-setup_tc() {
+setup_tc1() {
-
-    echo "Setting up Traffic Control Rules..."
-
     #
     # Create the TC mangle chains
     #
@@ -1668,6 +1681,13 @@ setup_tc() {
 
 }
 
+setup_tc() {
+
+    echo "Setting up Traffic Control Rules..."
+
+    setup_tc1
+}
+
 #
 # Clear Traffic Shaping
 #
@@ -1692,6 +1712,39 @@ delete_tc()
     done
 }
 
+#
+# Refresh queuing and classes
+#
+refresh_tc() {
+
+    echo "Refreshing Traffic Control Rules..."
+
+    delete_tc
+    
+    if mangle_chain_exists tcpre; then
+        #
+        # Flush the TC mangle chains
+        #
+        run_iptables -t mangle -F tcpre
+        run_iptables -t mangle -F tcout
+        #
+        # Process the TC Rules File
+        #
+        strip_file tcrules
+
+        while read mark sources dests proto ports sports; do
+	    expandv mark sources dests proto ports sports
+	    rule=`echo "$mark $sources $dests $proto $ports $sports"`
+	    process_tc_rule 
+        done < $TMP_DIR/tcrules
+
+	run_user_exit tcstart
+    else
+	setup_tc1
+    fi
+
+}
+
 #
 # Add a NAT rule - Helper function for the rules file processor
 #
@@ -3747,6 +3800,8 @@ refresh_firewall()
 
     determine_zones
 
+    validate_interfaces_file
+
     [ -z "$zones" ] && startup_error "ERROR: No Zones Defined"
 
     determine_interfaces
@@ -3764,19 +3819,16 @@ refresh_firewall()
     #
     refresh_blacklist
 
+    #
+    # Refresh Traffic Control
+    #
+    [ -n "$TC_ENABLED" ] && refresh_tc        
+
     report "Shorewall Refreshed"
 
     rm -rf $TMP_DIR
 }
 
-#
-# Query NetFilter about the existence of a filter chain
-#
-chain_exists() # $1 = chain name
-{
-    qt iptables -L $1 -n
-}
-	
 #
 # Add a host or subnet to a zone
 #

Shorewall/releasenotes.txt

@@ -2,21 +2,7 @@ This is a minor release of Shorewall that has a couple of new features.
 
 New features include:
 
-1) A 'tcpflags' option has been added to entries in
+1) "shorewall refresh" now reloads the traffic shaping rules.
-   /etc/shorewall/interfaces. This option causes Shorewall to make a
-   set of sanity check on TCP packet header flags.
-
-2) It is now allowed to use 'all' in the SOURCE or DEST column in a
-   rule. When used, 'all' must appear by itself (in may not be
-   qualified) and it does not enable intra-zone traffic (e.g., the rule
-   "ACCEPT loc	  all	  tcp 80" does not enable http traffic from
-   'loc' to 'loc').
-
-3) Shorewall's use of the 'echo' command is now compatible with bash
-   clones such as ash and dash.
-
-4) fw->fw policies now generate a startup error. fw->fw rules generate
-   a warning and are ignored.