'shorewall check' now checks the masq file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2592 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-20 09:47:51 +02:00 · 2005-08-30 15:54:29 +00:00 · 2005-08-30 15:54:29 +00:00 · 124af9a046
commit 124af9a046
parent e783315471
4 changed files with 44 additions and 25 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,6 +4,8 @@ Changes in 2.5.4

 2) Fix some ghastly bugs in macros.

+3) "shorewall check" now checks the masq file.
+
 Changes in 2.5.3

 1) Allow exclusion lists in /etc/shorewall/tcrules.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3681,6 +3681,9 @@ check_config() {
    process_actions2
    process_actions3

+    masq=$(find_file masq)
+    [ -f $masq ] && setup_masq $masq
+
    rm -rf $TMP_DIR
    [ -n "$RESTOREBASE" ] && rm -f $RESTOREBASE

@ -6672,6 +6675,8 @@ setup_masq()
 	case $destnets in
 	    !*)
 		destnets=${destnets#!}
+		
+		if [ $COMMAND != check ]; then
 		    build_exclusion_chain newchain nat "$nomasq" "$destnets"

 		    if [ -n "$networks" ]; then
@ -6682,6 +6687,9 @@ setup_masq()
 		    else
 			addnatrule $chain -j $newchain
 		    fi
+		else
+		    networks=
+		fi

 		chain=$newchain
 		destnets=0.0.0.0/0
@ -6693,6 +6701,7 @@ setup_masq()
 		;;
 	    *)
 		if [ -n "$nomasq" ]; then
+		    if [ $COMMAND != check ]; then
 			build_exclusion_chain newchain nat $nomasq
 		    
 			if [ -n "$networks" ]; then
@ -6706,6 +6715,7 @@ setup_masq()
 				addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $newchain
 			    done
 			fi
+		    fi

 		    chain=$newchain
 		    networks=
@ -6755,9 +6765,11 @@ setup_masq()

 	if [ -n "$networks" ]; then
 	    for network in $networks; do
+		if [ $COMMAND != check ]; then
 		    for destnet in $(separate_list $destnets); do
 			addnatrule $chain $(both_ip_ranges $network $destnet) $proto $ports $policy -j $target $addrlist
 		    done
+		fi

 		if [ -n "$addresses" ]; then
 		    progress_message "   To $destination $displayproto from $network through ${interface} using $addresses"
@ -6766,9 +6778,11 @@ setup_masq()
 		fi
 	    done
 	else
+	    if [ $COMMAND != check ]; then
 		for destnet in $(separate_list $destnets); do
 		    addnatrule $chain $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist
 		done
+	    fi
 	
 	    if [ -n "$addresses" ]; then
 		progress_message "   To $destination $displayproto from $source through ${interface} using $addresses"
@ -6783,7 +6797,7 @@ setup_masq()

    if [ -n "$NAT_ENABLED" ]; then
 	echo "Masqueraded Networks and Hosts:"
-	[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring Masquerading/SNAT..."
+	[ -n "$RETAIN_ALIASES" -o $COMMAND = check ] || save_progress_message "Restoring Masquerading/SNAT..."
    fi

    while read fullinterface networks addresses proto ports ipsec; do
--- a/Shorewall/help
+++ b/Shorewall/help
@ -74,7 +74,7 @@ allow)
 check)
 	echo "check: check [ <configuration-directory> ]
   Performs a cursory validation of the zones, interfaces, hosts,
-   rules and policy files.  Use this if you are unsure of any edits
+   rules, policy and masq files.  Use this if you are unsure of any edits
   you have made to the shorewall configuration.  See the try command
   examples for a recommended way to make changes."
 	;;
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -29,6 +29,9 @@ New Features in Shorewall 2.5.4

    Now, $1 = these, $2 = are and $3 = parameters

+2)  The "shorewall check" command now checks the /etc/shorewall/masq
+    file.
+
 Problems Corrected in 2.5.3:

 1)  The Netfilter 'raw' table is now cleared during "shorewall stop",