Add 'reload' command

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4099 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-08-19 13:10:05 +02:00 · 2006-06-14 17:25:37 +00:00
parent fb4ef97840
commit 1a58eafd64
4 changed files with 65 additions and 19 deletions
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -305,6 +305,8 @@

        <member>refresh</member>

+        <member>reload</member>
+
        <member>try</member>

        <member>safe-start</member>
@@ -397,30 +399,20 @@
    </section>

    <section>
-      <title>A simple shell program for remote firewall replacement</title>
+      <title>/sbin/shorewall reload command (Added in 3.2.0 RC4)</title>

-      <para>I use the following <ulink
-      url="ftp://ftp1.shorewall.net/pub/shorewall/contrib/compile">simple
-      shell program</ulink> for compiling firewall scripts and installing them
-      on firewall systems:</para>
+      <para>The reload command allows for easy updating of remote firewall
+      systems. At shorewall.net, I keep my firewall configurations in
+      sub-directories under ~/Configs. The name of the directory corresponds
+      to the DNS name of the system. </para>

-      <blockquote>
-        <programlisting>#/bin/bash
-
-[ $# -eq 1 ] || { echo "Usage: $(basename $0) &lt;system&gt;" &gt;&amp;2; exit 2; }
-
-/sbin/shorewall compile -e . firewall &amp;&amp; scp firewall root@${1}:/usr/share/shorewall-lite/ &amp;&amp; ssh root@${1} 'shorewall-lite restart'</programlisting>
-      </blockquote>
-
-      <para>I install this program in
-      <filename>/usr/local/bin/compile</filename> and I have my configuration
-      directories in ~/Config. So, for example, to recompile the firewall
-      script for the 'gateway' system and install the script on gateway, I do
-      the following:</para>
+      <para>To recompile the firewall script for the system named gateway and
+      to install that script on gateway, I issue the following
+      commands:</para>

      <blockquote>
        <programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
-teastep@wookie:~/Configs/gateway$ <command>compile gateway</command>
+teastep@wookie:~/Configs/gateway$ <command>/sbin/shorewall reload gateway</command>
 Compiling...
 Shorewall configuration compiled to firewall
 firewall                                                                                                                  100%   29KB  29.3KB/s   00:00
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -943,6 +943,38 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>reload (Added in Shorewall 3.2.0 RC4 -- not supported by
+        Shorewall Lite)</term>
+
+        <listitem>
+          <para><command>reload &lt;system&gt;</command></para>
+
+          <para>Allows a non-root user to compile a shorewall script and
+          install it on a remote system (provided that the user has access to
+          the remote system via ssh). The command is equivalent to:</para>
+
+          <simplelist>
+            <member><command>/sbin/shorewall compile -e . firewall
+            &amp;&amp;\</command></member>
+
+            <member><command>scp firewall
+            root@&lt;system&gt;:/usr/share/shorewall-lite/
+            &amp;&amp;\</command></member>
+
+            <member><command>ssh root@&lt;system&gt; '/sbin/shorewall-lite
+            restart'</command></member>
+          </simplelist>
+
+          <para>In other words, the configuration in the current working
+          directory is compiled to a file called <filename>firewall</filename>
+          in that directory. If compilation succeeds, then
+          <filename>firewall</filename> is copied to the remote system using
+          scp. If the copy succeeds, Shorewall Lite on the remote system is
+          restarted via ssh.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>reset</term>